To recap, Change.gov and BarackObama.com were both found exposing non-encrypted pages that Obama officials use to make post press releases and carry out other administrative tasks. The lack of IP filtering, or at the very least, use of secure sockets layer was surprising, but what was really baffling was the decision to link the admin pages to Google Analytics.
The reason: The service grants unscrupulous employees at Google — not to mention anyone who manages to penetrate Mountain View’s fortress — access to the administrative pages.
A few of the more uninformed, but more vocal, readers (less than .2 percent of those who read the story, by the way) howled in protest. Google Analytics does nothing more than aggregate page visitors, they argued. Surely, there’s no way it could give someone outside the Obama camp access to one of the more popular websites in the .gov domain.
Actually, it does. Here’s how.
The easy solution is to not include Analytics on the administrative pages, assuming your content management system allows that level of control.
RSS Posts Feed
You know, I am thankful that Movable Type does not allow me to do anything nearly that stupid.
Linoge´s last blog post..i emerge victorious!