Hacking Time's Most Influential People poll

(Creative Commons licensed image courtesy MarilynJane)

Paul Lamere wrote a great post titled "Inside the precision hack" on his MusicMachinery blog outlining the 4chan hack of Time's influence poll. His interview with Zombocom, a 4chan /b/ denizen. The article is worth reading, as it outlines many of the common errors made in online polling applications. In the end, the most influential person is moot...

We see:

• An easily modified and adapted submission URL
• A total lack of authentication and validation
• A lack of parameter control
• A poorly protected salt once validation and authentication were included
• A poor IP restriction protocol (each candidate could only be voted on once every 13 seconds...but there were many candidates, and it supported negative votes).
• A possible work around from systems using an IPv6 stack
• No banning mechanism

All of these added up into a great opportunity for a dedicated group of people to manipulate the poll. Take a look - Lamere's writeup is great.