Fine Gael has a Valentine’s app on their site that allows you to send a message to anyone’s email from anyone’s email without any kind of verification. You can then put some text into it which again is not checked. So RTÉ’s Newsdesk sent me an email. More genius from the social media muppets in there. See how it can be done with this email I got:
Dots in the email address in case they email again, to check if this is where they collected it from?
Yup 🙂
[…] to anyone looking at their last security fiasco that this is a potential security problem as Mulley outlines on his blog. They allow you to send mail without verification. Oops. Share and […]
How does that in any way demonstrate their ability to run a country? Talk about stupid gimmicky nonsense! As the days go by, my vote is edging closer and closer to labour or the independents – I really feel like FG have totally wasted an enormous opportunity.
The big Data Protection Question is whether or not FG are storing the email addresses and details of the recipients and have a plan/intention to use them for future email campaigns. Note it is only the SENDER who can opt-in or opt-out of future communication.
Damien – if they do email you, I’d be interested to know.
Questions I have:
1) Why do they need to know what part of the country I’m in to send a card through their site? (excessive processing, not relevant to specified purpose)
2) If they are storing both party’s emails, do they realise they won’t be able to do any analysis on what constituencies were influencing what others (only the sender of the email is asked where they are). And if they aren’t doing any analysis, why are they asking the question (see 1 above)
And given that the form will accept any email address for the sender, they have left themselves wide open for that to be abused to send apparent spam or defamatory or upsetting emails which might appear to be from legitmate Fine Gael email accounts.
Damian
You seem to think you have uncovered some elabourate security flaw. You have not ! It is fairly standard. Many media outlets have a similar system. For example, if you want to email a CNN article to a friend it is done the same way. If you are concerned about hate mail I suggest you alter the title of this blog post, which appears to me to be, encouraging hate mail.
Daragh O’Brien
You say “Why do they need to know what part of the country I’m in to send a card through their site?”. The answer is they don’t, the location drop down bar only relates to reiceving updates from Fine Gael, which is optional.
Martin
Martin,
You can’t send it without selecting a location, even if you choose not to receive updates.
Neil
So if I want to send an explicit email to Greg, The Blue Wiggle about the dream I had last night and where I found his tatoos, I can use this service and he might open it thinking it’s fo Ireland’s next government?
Excellent.
Why anonymous hate messages when you can do anonymous love messages ? :))
http://twitpic.com/3zji47
[…] And look – our next government leader thinks this isn’t the most patronising shite of all time, as well as being riddled with insecurities. […]
[…] bloggers have been scrutinising how the parties and their candidates have been using the new media in this […]