Skip to main content

The blog Cannonfire, which closed the case yesterday on the so-called "Weinergate" affair when it demonstrated conclusively how anyone could use a simple technique to publish any picture they wanted to another person's Twitter stream, now reports that yfrog.com has disabled the e-mail service that enables such exploits, thereby acknowledging the existence of a security problem and tacitly acknowledging that it has been abused. In short, it is no longer possible for a reasonable person to believe that Rep. Weiner was not framed by an outside party.

To make a long story much shorter than it deserves: Every Twitter user who uses yfrog to store photos for posts (I'll be cold in my grave before I ever call them "tweets") is given an e-mail address in the form [account_name].xxxxx@yfrog.com, where xxxxx is a short string of alphanumeric characters. Any time an e-mail message with an attached photo is sent to this address, the photo is automatically uploaded to yfrog.com under the recipient's account and posted to the recipient's Twitter feed as a publicly viewable message. Both the yfrog photo and the Twitter post would appear to have been posted by the e-mail recipient, and there would be no apparent connection to the e-mail sender.

The Cannonfire post explained clearly how one would do this, and blogger Joseph Cannon kindly established a Twitter account, @gdowson153, for use in demonstrating how the exploit works. Never one for believing others about something I can easily verify myself, I sent a picture I created to gdowson153.gudom@yfrog.com, the upload address for the gdowson153 account. You can see the picture at yfrog.com here, and the resulting automatic Twitter post here. I never had access to gdowson153's password or any information related to this account other than the above e-mail address. Many others were inspired to try the same technique, resulting in a humorous parade of random images posted to the gdowson153 Twitter account. (For a nice illustrated tour through this exploit, see Dreggas' valuable diary here.)

How might one obtain the secret e-mail address required to upload photos to another person's account? There are a number of possible ways. To a non-technical person, it might not be evident that this address should not be shared. If someone sent a photo to their upload address and CCed someone else in the same message, or forwarded a message from their Sent folder to another party, the address would be visible to anyone receiving the message. A potentially more likely approach, explored by Rachel Maddow's blog yesterday, would be to simply brute-force it. There are approximately 11.9 million possible combinations of five or fewer Latin letters—a lot for a human to work through, to be sure, but computers are very very good at doing repetitive tasks fairly quickly. One could easily set up a spambot to send messages to every possible e-mail address in question until finding the one that works. The whole process could be done in several hours. (Edit: The number of possible "words" that must be tried is apparently much, much smaller than 11.9 million. For details, see this post from the still-hard-to-believe-how-rehabilitated-they-look-today Little Green Footballs blog.)

Shortly after this technique was revealed, it seems, Yfrog disabled the upload e-mail service.

Yfrog has not issued a statement about why this service has been disabled, but I think we can assume it is not a coincidence. Bear in mind that the site's operators would have access to all of their server logs and it should be a fairly trivial task to determine exactly which e-mail account had been used to send each picture uploaded to yfrog using the e-mail service, even if the site itself had not been architected to store this information with each photo as internally visible metadata. If the supposedly incriminating photo had been uploaded to Rep. Weiner's account from an e-mail address he had never used before, this would be immediately apparent.

I look forward to learning the results of the internal investigation that Yfrog is surely conducting or has already conducted. Until then, as is so often the case, we may turn to Occam's razor to help us decide which of a number of competing scenarios to believe.

We could believe that a very motivated right-wing blogger who'd already displayed an unhealthy obsession with Anthony Weiner's personal life might take advantage of a casual technique available to anyone—probably using a throwaway e-mail account and not expecting to be caught—to frame said member of Congress using a photo that, despite being suggestive and certainly harmful to his reputation, is nevertheless impossible to associate with him specifically (unlike, say, certain other photos), aided and abetted by a man who is known to be a serial liar.

Or we could believe that Dan Wolfe and Andrew Breitbart are the ones telling the truth here, and that a member of Congress whose intellect and judgment most of us have long respected experienced a brain failure so colossal in its scope and impact as to cause him to send a suggestive photograph to a college student over a public communication channel on which it would be seen by any and all of his hundreds or thousands of followers, only to completely regain his senses approximately four minutes later.

The choice, dear reader, is yours. When making it, be aware that you may be called upon to account for it in some capacity in the future.

(Edit: Rec List, y'all. Seems like the diaries of mine that make the list are always the ones that make me want to shower after writing them. Also: The mysterious @patriotusa76 makes TheSmokingGun.com. Drip... drip... drip...)

Poll

Who do you believe?

91%1856 votes
8%180 votes

| 2037 votes | Vote | Results

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Meteor Blades, Rebecca, RichM, maxomai, JekyllnHyde, Ed in Montana, Doug in SF, RF, Joe Willy, Radiowalla, MadRuth, murphy, grollen, ogre, copymark, slinkerwink, Ivan, cedubose, Gooserock, saraswati, greenbird, bread, tommurphy, Eman, donna in evanston, Wintermute, SanJoseLady, dsb, frsbdg, polecat, Woody, ZAPatty, Just Saying, expatjourno, niemann, Creosote, silence, cinnamon68, tarminian, nicki37, bronte17, missLotus, 88kathy, susans, magnetics, annrose, Loquatrix, Ian S, CoolOnion, highacidity, Glic, mkfarkus, Paradox13, mrblifil, otto, Katzy, calistan, chimpy, roses, pollbuster, ivote2004, Larry Bailey, slangist, hiley, splashy, wader, Quege, jdmorg, Redfire, suzq, SneakySnu, VexingEyes, edrie, dejavu, hangingchad, TexDem, MA Liberal, mad ramblings of a sane woman, grannyhelen, westyny, duncanidaho, JimWilson, astronautagogo, niteskolar, Jujuree, dwahzon, defluxion10, Calidrissp, raster44, sancerre2001, bwintx, FlyingToaster, JayBat, zerelda, WV Democrat, Kitsap River, tomjones, Black Max, bablhous, Emmy, vacantlook, AaronBa, sebastianguy99, Limelite, bay of arizona, Frank Vyan Walton, wolverinethad, Gowrie Gal, Ohkwai, Dirk McQuigley, davidincleveland, G2geek, paige, ExStr8, jabney, maybeeso in michigan, Bluesee, 3goldens, Tinfoil Hat, ManOnTheBench, blueyedace2, rimstalker, caul, alaprst, SherwoodB, PsychoSavannah, Alice Venturi, willibro, JohnB47, grimjc, kitchen sink think tank, triciawyse, ajsuited, TN yellow dog, dewtx, stagemom, Brooke In Seattle, YucatanMan, eru, Viceroy, jimreyn, Kayakbiker, Overseas, Ice Blue, BayAreaKen, markdd, jane123, Sandino, kaliope, rb608, brentut5, SBandini, Tunk, neroden, LivesInAShoe, Joes Steven, Lisa Lockwood, Pluto, Cory Bantic, Rogneid, DaveVH, peacestpete, Blue Bronc, zozie, bently, begone, lgmcp, Philpm, alrdouglas, SoulCatcher, martini, Paul Ferguson, Showman, redcedar, atdnext, hlee1169, BachFan, Captain Sham, tarheelblue, ravenwind, myboo, vigilant meerkat, sherlyle, 417els, Clytemnestra, Aliosman, Yellow Canary, seefleur, Dvalkure, KenBee, dougymi, tbetz, SherriG, Libby Shaw, Doctor Frog, JVolvo, tommyfocus2003, Dinclusin, dirtfarmer, middleagedhousewife, Cenobyte, IL clb, Clive all hat no horse Rodeo, Dianna, frankzappatista, blueoregon, kurt, djalix976, zedaker, lynneinfla, Statusquomustgo, Bernie68, jkshaw, Temmoku, markthshark, Quicklund, OHdog, NonnyO, cpresley, BentLiberal, DBunn, GoldnI, Thinking Fella, ammasdarling, One Pissed Off Liberal, Noor B, pgm 01, bluicebank, Cali Techie, Buckeye Hamburger, Haningchadus14, Mr K, oklacoma dem, dmh44, tgypsy, ninkasi23, MikeTheLiberal, ColoTim, gtghawaii, FishOutofWater, LillithMc, wildweasels, Nespolo, noofsh, greenchiledem, dclawyer06, bnasley, kingyouth, ca democrat, jedennis, cyncynical, jnhobbs, millwood, Bridge Master, carpunder, owl06, Librarianmom, I am a Patriot, seanarama, homerun, trueblueliberal, TomP, Empower Ink, VA Breeze, JDWolverton, mconvente, Justus, BobBlueMass, weegeeone, wayoutinthestix, scooter in brooklyn, Senor Unoball, Involuntary Exile, bythesea, elwior, Sharon Wraight, Akonitum, KJG52, Its any one guess, mikeconwell, monkeybrainpolitics, Lujane, royce, RandomNonviolence, Jake Williams, envwq, Horsefeathers, mattc129, wyldraven, BYw, allie123, Nica24, palantir, lissablack, Purple Priestess, legendmn, Fiddlegirl, clent, prettygirlxoxoxo, multilee, pileta, artmartin, Ran3dy, McGahee220, cybrestrike, weaponsofmassdeception, LA rupert, ceebee7, The Dead Man, Magick Maven, juca, jaf49, bsmechanic, Mislead, LeftOfYou, Partisan Progressive, Zotz, Daily Activist, jmknapp53, followyourbliss, CaliSista, ZilV, DreamyAJ, 57andFemale, jan0080, Maori, Adept2u, jpmassar, Terranova0, SweetMartha, Larsstephens, Its the Supreme Court Stupid, smileycreek, hachero, David PA, Observerinvancouver, kjoftherock, stunzeed, eb23, luvsathoroughbred, Progressive Pen, Polly Syllabic, alguien, freeport beach PA, lasermoth, Eddie L, pixxer, dlemex, Betty Pinson, DrTerwilliker, elengul, BlueFranco, ericlewis0, science nerd, wwjjd, soaglow, stevenaxelrod, Its a New Day, Actbriniel, bluestatedem84, ciganka, Eric0125, Jane Lew, annieli, I love OCD, Quite Contrary, sabo33, nicethugbert, Meggie, wildlife advocate, BlueJessamine, fisher1028, mikejay611, kevin k, Haf2Read, Ace Nelson, Cinnamon Rollover, thomask, BarackStarObama, Idgie Threadgoode, CherryTheTart, Gabriel D, Vtdblue, rexymeteorite, antimony, pensivelady, Imhotepsings, thejoshuablog, jham710, lol chikinburd, DRo, DEMonrat ankle biter, No one gets out alive, johnnr2, AnnetteK, tweeternik, James Allen, KiB, RhodaA, OldDragon, We Won, Trevin, Eric Nelson, rustypatina, S F Hippie, Joieau, a2nite, Deep Texan, draa, Trotskyrepublican, congenitalefty, IProfess, Th0rn, TexDemAtty, mapamp, peachcreek, Forward is D not R, jan4insight, belinda ridgewood, AspenFern, supercereal, progressivebadger, radical simplicity, My Name Isnt Earl, beefydaddy18, Arahahex, MartyM, ClutchCargo, qannabbos, SoLeftImRight, ObsidianTK, thehoch, Revy, notdarkyet, lunachickie, arizonablue, Maikeru Ronin, etherealfire, monkeybox, bigrivergal, Marjmar, International Progressive, Silvia Nightshade

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site