On Monday morning Republican Texas Sen. Ted Cruz announced his bid for president. As the first of many to wade into the fight, he was also the first to face the Internet. Lo and behold, some stuff went down.
First of all, Ted Cruz opponents have scooped up numerous domain names in an attempt to divert people away from the senator’s true site, TedCruz.org. TedCruzForAmerica.com, which was purchased Monday, redirects to Healthcare.gov. Meanwhile TedCruz.com shows a black background and reads, “SUPPORT PRESIDENT OBAMA. IMMIGRATION REFORM NOW!”
On the true TedCruz.org, Twitter denizens quickly started pointing out that the site’s donation page didn’t default to standard encryption. The Cruz campaign told Vox that “The donate form embedded on TedCruz.org has SSL. All donations are and have always been secure.” But since the landing page itself wasn’t secure, visitors wouldn’t know if the later donation steps were encrypted, and also could have been subjected to attacks before they entered the secure area.
here's the source code for tedcruz,org's donation page: just an form on an unencrypted page EASY to hack pic.twitter.com/dULb6LRuB7— Matthew Martin (@hyperplanes) March 23, 2015
Twitter account @PwnAllTheThings also noticed that TedCruz.org was listing the scam parody site nigerian-prince.com as an alternate domain on its security certificate. Though it seems strange at first, the situation was caused by the Cruz campaign’s use of CloudFlare (a content delivery network). No one had uploaded an identity certificate to TedCruz.org, so CloudFlare assigned one to the site, which was also used by ngerian-prince.com, automatically. CloudFlare CEO Matthew Prince told Ars Technica, “The Cruz campaign didn’t do anything wrong.”
A remark Cruz made in 2013 about the Affordable Care Act website neatly connects multiple campaign tech snafus (surfaced by Parker Higgins): “You may have noticed that all the Nigerian email scammers have become a lot less active lately. They all have been hired to run the Obamacare website.” OK, maybe it doesn't quite work, but all the elements are there ... for some reason.
Cruz’s staffers resolved the two issues within a few hours.
But that still leaves the small matter of the burning American flag campaign logo.