Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
It's funny.  Laugh. Spam

'Spamalot' Subscribers to Get Spam ... a Lot 123

CrazyWingman writes "It looks like the list of e-mail addresses subscribed to the lists for the Broadway show 'Spamalot' has been nabbed by spammers. The New York Times is reporting that the list was posted on a page that could be found by looking at the source of other Spamalot webpages. All I have to say is that I hope the creators of the Spamalot website have been sacked."
This discussion has been archived. No new comments can be posted.

'Spamalot' Subscribers to Get Spam ... a Lot

Comments Filter:
  • Boy... (Score:5, Funny)

    by Rolling_Go ( 859757 ) <holycrapbatman@hotmail.com> on Saturday March 12, 2005 @01:37PM (#11920745)
    Who didn't see THAT one coming?
    • Re:Boy... (Score:2, Funny)

      by Anonymous Coward
      You missed the joke here, that was :
      - "Who expected that ?"
      - "NOBODY expects the Spanish Inquisition !"
      • Re:Boy... (Score:3, Funny)

        by Pig Hogger ( 10379 )
        - "NOBODY expects the Spanish Inquisition !"
        Er, you got it wrong. it's:
        - "NOBODY expects the Spammish Inquisition !"
    • Re:Boy... (Score:2, Informative)

      by macmastery ( 600662 )
      Actually, this reporter contacted me for this story. When I heard that site had a problem, I went to check it out for myself. What I found was that the contact form action URL [montypythonsspamalot.com] entered on its own would display all of the nearly 20,000 name, postal and email addresses.

      The bug I saw in action is fixed now, but if you select the whole contents of the page, there is still some strange if innocuous text showing there.

      Since I used a unique email address for this site, I have been checking to see if I got any spa
  • by AtariAmarok ( 451306 ) on Saturday March 12, 2005 @01:37PM (#11920751)
    That does it. I'm going to sign up at www.freemoneyalot.com If it works like www.spamalot.com does, I'll be on the gravy train!
  • Camelot! (Score:4, Funny)

    by blackholepcs ( 773728 ) on Saturday March 12, 2005 @01:38PM (#11920758) Journal
    It's only a model.
  • by GPLDAN ( 732269 ) on Saturday March 12, 2005 @01:38PM (#11920760)
    It's a bitch. Is this poetic or ironic justice?
    • it's neither, but i'd say t'is rather funny
      • Re:Ahhhh.... irony (Score:4, Interesting)

        by brilinux ( 255400 ) on Saturday March 12, 2005 @02:07PM (#11920972) Journal
        I actually saw Spamalot on Monday, and I must say that it was rather funny. It opens this coming week, I believe, and I recommend that anyone who is not French, Finnish, Jewish, or Gay goes to see it, or, if (s)he is a member of one of those groups, that (s)he have a very good sence of humour. It was quite a good show, though, and a lot of fun to see.

        And, John Lithgow was sitting five rows in front of me. He has a bald spot on the back of his head.

        • "And, John Lithgow was sitting five rows in front of me. He has a bald spot on the back of his head." Yeah, I'm glad someone *finally* pointed that out.
        • I just saw it last friday (one week ago) and I thought it was great. It's well worth going. But, beware, people are trying to mark up the tickets like crazy.

          I also recommend, if you like Indian food, to go to Utsav in the theater district. It was friggin awesome. Get the Murg Vindaloo and order the Sterling Cabernet with it. It's a great combo, if you don't mind your food making you sweat :)

          Anyway, great show for Holy Grail fans :)

          T
        • If it's like the movie, why wouldn't the French like it? The only French-reference I remember there, the French win: that's the taunting Arthur et al get from the French guy in the castle ("You don't frighten us, English pig-dogs! Go and boil your bottoms, son of a silly person! Ah don' wanna talk to you no more, you empty-headed animal food-trough wiper! Ah fart in your general direction! Your mother was a hamster, and your father smelt of elderberries!") And eventually they have to beat a
        • No, It is Irony that Parent got modded up Interesting. Or wait, It would be irony if he got modded up informative... Because of the John Lithgow comment.

          Its late, Im tired, and I had a joke that sounded a lot better in my head. Good night slashdot.

          --------------------
          http://www.freeminimacs.com/?r=15622556 [freeminimacs.com]
          http://www.surfjunky.com/?r=Silentnite/ [surfjunky.com]
  • Reg-free link (Score:5, Informative)

    by Shachaf ( 781326 ) on Saturday March 12, 2005 @01:39PM (#11920770)
    Registration free link [nytimes.com]
    Generated using the New York Times Link Generator [blogspace.com].
    • And the funny thing is, that it is incidents like this that cause people like me to not want to register with sites like the Times, precisely to prevent accidental disclosure of any information.

      And yes, I know that you can lie on the forms, but my attitude is, why encourage sites to use registration by lying?
      • And the funny thing is, that it is incidents like this that cause people like me to not want to register with sites like the Times, precisely to prevent accidental disclosure of any information.

        That, from wowbagger (69688).

        I agree that you should be careful where you register. The NYTimes has never abused my information, just as /. has never abused my information. Those of you that hate the NYTimes because they require a free registration look a little odd to me when you post under an account registe

        • This is perfectly in keeping with my point. For the risk of logging into Slashdot, I gain several advantages over not logging in - the ability to post messages with more chance of them being read, the ability to filter stories, etc.

          The only data Slashdot has on me is my preferred nickname, my Slashdot password, and an email.

          The worst that could happen were Slashdot's database comprimised is the revelation of my Slashdot password and my email - so I would have to change one password and I might see a margi
  • Ripped! (Score:5, Informative)

    by Anonymous Coward on Saturday March 12, 2005 @01:40PM (#11920771)
    "Spamalot" fans who signed up for a newsletter on the Broadway musical's official Web site may end up getting, well, spammed a lot. "Movin' Out" devotees may have the same problem. A security glitch - now fixed - exposed the names and postal and e-mail addresses of more than 31,000 people to savvy computer users.

    Up until Thursday evening, when a reporter from The New York Times pointed out the problem to the Web sites' developer, visiting a specific address on the shows' sites produced a long page with mailing-list data. The security hole was not obvious to casual Web surfers because the address was buried in the site's code. But it could have been discovered by someone deliberately seeking the list data, or by a kind of program used by spammers to scour the Web for new e-mail addresses to bombard.

    Both montypythonsspamalot.com, where 19,000 people had signed up for a newsletter, and movinoutonbroadway.com, where 14,000 had, were built by Mark Stevenson, a designer in Croton-on-Hudson, N.Y.

    Mr. Stevenson said he had hired a programmer, whom he would not identify, to add the list sign-up function to the sites. He said that the amount of resources put into security on the sites had seemed adequate, but "in retrospect, this was not enough, and we need to do more." He said that a message would be sent to the list with a warning about fraudulent e-mail messages.

    Mark Wilkie, a software engineer who maintains Web sites for Gawker Media, said the ability to view the data must have been built into the sign-up software, but it was not clear why someone would do this. "Security-wise, it's a horrible thing to do," he said.

    Aaron Meier, a spokesman for Monty Python's "Spamalot," said yesterday that the show would have no comment.

    When told by e-mail message about the breach, several people who had signed up for the "Spamalot" list said they were unsurprised, given the state of Internet security and the aggressiveness of spammers. Several noted that there was something appropriately Pythonesque about the incident. After all, Internet historians say that the use of the word spam to refer to junk e-mail messages has its roots in a 1970 Monty Python sketch, in which all conversation in a cafe is drowned out by a group of Vikings chanting the word over and over. The sketch and its song about Spam, the meat product, were adapted for the new musical.

    "Are you sure they didn't do it on purpose?" joked one list subscriber, Matthew J. H. Baya of Ellsworth, Me. "Talk about guerrilla marketing."
  • sacked (Score:5, Funny)

    by SuperBanana ( 662181 ) on Saturday March 12, 2005 @01:45PM (#11920810)
    All I have to say is that I hope the creators of the Spamalot website have been sacked

    The cREators would like to announce that the previous creato

    NO CARRIER

    The c re a tors of

    NO CARRIER

  • by Faust7 ( 314817 ) on Saturday March 12, 2005 @01:49PM (#11920834) Homepage
    Mr. Stevenson said he had hired a programmer, whom he would not identify, to add the list sign-up function to the sites.

    But why? It's not like we'd want to bludgeon, or bitchslap, or ambush, or lynch the programmer.
  • by Picass0 ( 147474 ) on Saturday March 12, 2005 @01:50PM (#11920845) Homepage Journal
    No, relli!

    She was Karving her initials on the moose with the sharpened end of an interspace toothbrush given to her by Svenge- her brother-in-law- an Oslo dentist and star of many Norwegian movies: "The Hot Hands of and Oslo Dentist," "Fillings of Passion," and "The Huge Molars of Horst Nordfink"...

    • Møøses' noses wiped by BJORN IRKESTOM-SLATER WALKER

      Large møøse on the left
      half side of the screen
      in the third scene from
      the end, given a thorough
      grounding in Latin,
      French and "O" Level
      Geography by BO BENN

      Suggestives poses for the
      møøse suggested by VIC ROTTER

      Antler-care by LIV THATCHER

  • "To be spammed..." (Score:5, Informative)

    by ornil ( 33732 ) on Saturday March 12, 2005 @01:52PM (#11920864)
    If you RTFA, you'd notice that in fact the mailing list subscribers were not spammed. Whoever noticed the security hole was not a spammer, reported it, and the hole was plugged. So, yes, maybe it's funny, but they really were not spammed, which spoils the story.
    • by Saeed al-Sahaf ( 665390 ) on Saturday March 12, 2005 @02:10PM (#11920996) Homepage
      This is Slashdot. We don't need no stinking FACTS!
    • by Guido von Guido ( 548827 ) on Saturday March 12, 2005 @02:19PM (#11921050)
      The article doesn't say whether or not anyone grabbed the actual mailing list. This is something they could presumably check by looking through the web logs. If the addresses were harvested by somebody's spam bot, I would assume they were added to the spammer's address database. I'm not sure it would have been obvious to anyone that they had been spammed because they had subscribed to the Spamalot mailing list. Anyway, my general assumption is that all spammers out there already have my email address. With effective spam filtering, it's only a minor nuisance.
      • I'm not sure it would have been obvious to anyone that they had been spammed because they had subscribed to the Spamalot mailing list.

        It would be obvious to anyone like me who uses a unique e-mail address for each purpose. Since I didn't sign up for Spamalot, I don't know if it was harvested or now.

        • by rsmith-mac ( 639075 ) on Saturday March 12, 2005 @03:26PM (#11921513)
          Actually, David Gallagher(the reporter who wrote this story) contacted me and some other unknown number of people who were on the list and had used tagged addresses(he apparently went through the list himself looking for contacts for this story), asking if we had received any spam on that address. Interestingly enough, he was the first person to contact me on that address at all, I hadn't received any spam or any email from Spamalot previously in the couple of months I've been on the list. It doesn't appear that it was harvested, though it could just be that no one has used the addresses yet.

          If it was harvested though, it opens up an interesting issue since the exposed data included names and physical addresses to go with the email addresses.
      • GvG: At least two people on the list signed up for it using 'tagged' addresses that had not been used elsewhere, then received spam at those addresses. One of them was me. This led to some poking around, the discovery of the security hole and the writing of the story.
    • To be spammed, or not to be spammed: that is the question: Whether 'tis nobler in the mind to suffer The promises of outrageous fortune, Or to take arms against a sea of spam, And by opposing end them? To die: to sleep; No more; and by a sleep to say we end The spam and the thousand unnatural emails That promise is heir to, 'tis a consummation Devoutly to be wish'd. To die, to sleep; To sleep: perchance to dream: ay, there's the rub; For in that sleep of death what spam may come When we have shuffled off th
  • Ironic (Score:3, Funny)

    by dg41 ( 743918 ) on Saturday March 12, 2005 @01:53PM (#11920866)
    ::instart Fark.com "Ironic" tag here::
  • by Saeed al-Sahaf ( 665390 ) on Saturday March 12, 2005 @01:53PM (#11920868) Homepage
    From the story:

    Both montypythonsspamalot.com, where 19,000 people had signed up for a newsletter, and movinoutonbroadway.com, where 14,000 had, were built by Mark Stevenson, a designer in Croton-on-Hudson, N.Y.

    Mr. Stevenson said he had hired a programmer, whom he would not identify, to add the list sign-up function to the sites. He said that the amount of resources put into security on the sites had seemed adequate, but "in retrospect, this was not enough, and we need to do more."

    Why would they use some obviously "home grown" half assed mailing list code when there are perfictly good and fairly sold apps out there like Mailman or EZmlm? Sounds like the "designer" hired some friend, prob. som kid who just learned about web scripting...

  • by TPIRman ( 142895 ) on Saturday March 12, 2005 @01:53PM (#11920871)
    ... from a site designer who can't even spell "bandwidth" [montypythonsspamalot.com]? (Or at least spell it twice...)
  • Well, DUH!!!! (Score:1, Redundant)

    by cbdavis ( 114685 )
    Like, what else did you expect from a site named SPAMALOT!!
  • ..here in Camelot. We eat ham and jam and spam a lot.

    I predict that in the future, Shakespeare and Monty Python will be mentioned together a lot.
  • by sp3tt ( 856121 ) <sp3tt AT sp3tt DOT se> on Saturday March 12, 2005 @02:07PM (#11920977)
    SPAM SPAM
    SPAM SPAM
    SPAM SPAM
    SPAM SPAM
    SPAM SPAM
    We aplogize for the spam, the creators of this website have been sacked
    SPAM SPAM
    SPAM SPAM
    SPAM SPAM
    SPAM SPAM
    SPAM SPAM
    We aplogize for the continued spam, the persons responsible for the sacking of the persons just sacked would like to announce that they have been sacked.
  • Mail lists... (Score:2, Interesting)

    by LiNKz ( 257629 ) *
    Recently I noticed on a certain college website, every employee's email address was listed on a type of 'contact' page.

    Every employee.

    It actually was a three column table, on the left side it had the employee's name, next column was for e-mail, and the last for their phone number.

    I was sitting with the Administrator that handles the email servers, when I heard recently there has been an ever more increasing spam flow to all the college email addresses.
  • What if the web designer/programmer was actually someone sleeping in bed with the spammers ? .....

    <programmer> ok, I am going to create the website for Acme Inc. For 3 grand, I can leave a backdoor for you to get all the email addresses
    <spammer> make it 2 grand and 3% cut of all referral fees
    <programmer> deal
    <spammer> deal

    This would get pretty interesting pretty fast ...
  • by jamienk ( 62492 ) on Saturday March 12, 2005 @02:22PM (#11921064)
    From my experience, though, often a web developer's clients push towards unsecure functionality because of cost/time considerations. I've been hired to add functionality to sites' existing shopping carts, for example, and when I've found and reported massive holes (a list of customers, orders, credit cards all accessable from a web page, for one), I've been met with heavy skepicism about the need to fix these holes now.

    "How would anyone find that page?"

    "Maybe we'll get to that once we add the international shipping feature."

    etc. It gets tiring. After a while, you feel unappreciated. I'm not saying that something like this happened here, but at this point, I don't know that it DIDN'T happen...

    My 2 cent American.
    • by Anonymous Coward
      Grow some balls and tell them flat out that you refuse to add features to a product with serious security problems until they are fixed.
  • Titles (Score:1, Redundant)

    by Life2Short ( 593815 )
    Mind you, moose bites can be pretty nasty!
  • by Fnkmaster ( 89084 )
    Those responsible for the sacking of the web developers, shall also be sacked.
  • Arghhh (Score:4, Funny)

    by ewe2 ( 47163 ) <ewetooNO@SPAMgmail.com> on Saturday March 12, 2005 @03:05PM (#11921372) Homepage Journal
    ...bloody vikings!
  • I'm Brian! (Score:1, Funny)

    by Anonymous Coward
    Crap, wrong movie.
  • Is it me or does anyone else have issues with this being called a glitch? Seems like either sloppy work or deliberate. Either way the page that spat out emails and addresses worked as expected it was simply not locked down.
  • This looks like it spits out a search at the bottom of the thank you page.

    http://www.montypythonsspamalot.com/cgi-bin/spamal ot.cgi?email=

    This html is full of artifacts. I would be surprised if they actually hired a web developer and didn't just screw up and use some free script they didn't fully understand.

  • Mr. Stevenson said he had hired a programmer, whom he would not identify, to add the list sign-up function to the sites. He said that the amount of resources put into security on the sites had seemed adequate, but "in retrospect, this was not enough, and we need to do more."

    He had hired a programmer.... *nod*
    And my mother's still a virgin....
    After birthing me yesterday.

  • Mr. Milton, the sole proprietor is an honest man, so I'm told...
  • Why is I that we always hear about attacks on 'this server', 'that server', yet nobody's ever thought of planning a DDoS (Distributed Denial Of Service, read here [grc.com] for more info) Attack on Spammers? Why not? We could potentially get rid of them, make their machines crash... I just don't get why we have to wait for the law to take matters into their incapable hands.

    Not that I'm trying to incite you or anything.

You are in a maze of little twisting passages, all different.

Working...