Obama Campaign accepts illegal foreign campaign contribution

Page 3 of 4 [ 58 posts ]  Go to page Previous  1, 2, 3, 4  Next

Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

01 Nov 2012, 6:38 pm

Kraichgauer wrote:
So there was a hole in Obama's fund raising site. I hardly think Obama is responsible for every little slip up on that front. As POTUS, I think he has more important things to think about. It's not like he sits and schemes about breaking rules.
And there is a huge difference between you and Savage. Savage is a homophobic bully who denies the existence of Asperger's. He's not worth defending.

-Bill, otherwise known as Kraichgauer


I'm not defending Savage, I'm pointing out that the facts speak for themselves, this problem was reported about repeatedly and nothing was down.

If the Obama campaign had fixed this after it was reported several months ago, I would agree that your explanation is plausible. However considering this was reported on several times back when the Republican Primaries were taking place, I don't think your explanation fits the facts. Now I will be fair and say it could be some upper level official in the Obama campaign that is responsible for this, and Obama might not know about it.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 50,818
Location: Over there

01 Nov 2012, 6:39 pm

The IP address is irrelevant - or do you actually mean to say that an American currently in Pakistan (or anywhere else other than the USA for that matter) is prohibited from contributing online by virtue of his location?
Also, there is no method available in the IP protocol which would allow a location to be unambiguously established given just the IP address - the only information available is a street address of the entity to whom the address has been assigned and that's not always as useful as it appears. For example - Microsoft UK is very definitely based physically in Reading, to the west of London (I know because I've been there) - and yet according to their IP address, they're in Redmond, WA.
(I'm not suggesting the IP isn't in Pakistan - in fact the one used belongs to the Pakistan Education and Research Network - just that the location is irrelevant and not always easily determined from the IP)

The article doesn't give any indication of whether the emailed responses to "Mr. O. Bin Laden" were automatic boilerplate responses and for an automated, on-line transaction of this size they quite probably were, with no actual person being required to read anything - and so the name (and the other funny stuff) is also likely irrelevant.

Street addresses are relevant for snail-mail or physical deliveries, consequently a zip code would be verified only against the state and since 91101 is valid for CA, that too is irrelevant to the case the article tries to make with respect to the city being given as Abbottabad.
Likewise with the phone number. No-one is going to bother looking it up and verifying it and at best, it would be subject to simple format-based verification: correct length, numbers only etc.
I regularly give nonsense numbers to sites requiring one when there is no reason - other than probable sales calls - for them to contact me. Never fails.

Credit card transactions are handled by an external party for security reasons so if there's any screw up with that, they should be investigated. I did trawl through the site's Java code but (as usual) it's obfuscated and there is a lot of it...
I know it's possible to verify a CC number alone as being valid by performing some calculations on it but it's more secure to verify the name and address against the number too. If just the number + from/to dates were verified that's pretty poor security but it appears to be what was used, because it's unlikely for one O. Bin Laden to have a credit card at an address in Abbottabad, CA - therefore someone needs to have a few strong words with the party performing the card verification.
Actually the card details would have to be verified by an external party because in order for full verification to be performed by any site accepting payments, that site would need to be provided with the CC details of... well, everyone.


Also - while it might fit with certain agendas to behave as if Mr. Obama personally reads and verifies every on-line donation, that's not the case.


_________________
Giraffe: a ruminant with a view.


Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

01 Nov 2012, 6:57 pm

Cornflake wrote:
The IP address is irrelevant - or do you actually mean to say that an American currently in Pakistan (or anywhere else other than the USA for that matter) is prohibited from contributing online by virtue of his location?


In and of itself you are correct it wouldn't be relevant, but there are a few key things you are not taking into account, because I doubt you know all that much about retail, I think it is due to simply having no experience in the area.

Cornflake wrote:
Also, there is no method available in the IP protocol which would allow a location to be unambiguously established given just the IP address - the only information available is a street address of the entity to whom the address has been assigned and that's not always as useful as it appears. For example - Microsoft UK is very definitely based physically in Reading, to the west of London (I know because I've been there) - and yet according to their IP address, they're in Redmond, WA.


While that can happen, in this case I would suspect there was no attempt to hide the real IP address, but again there is more to this than simply the IP.

Cornflake wrote:
(I'm not suggesting the IP isn't in Pakistan - in fact the one used belongs to the Pakistan Education and Research Network - just that the location is irrelevant and not always easily determined from the IP)


Considering where the address was supposedly located (irl not IP), yeah it actually is relevant. It's rather unlikely that the internet in the US would route all the way to pakistan and back when all parties are supposedly in the US, it doesn't make much sense from a networking standpoint, but that isn't the key part.

Cornflake wrote:
The article doesn't give any indication of whether the emailed responses to "Mr. O. Bin Laden" were automatic boilerplate responses and for an automated, on-line transaction of this size they quite probably were, with no actual person being required to read anything - and so the name (and the other funny stuff) is also likely irrelevant.


That is a fair point to make.

Cornflake wrote:
Street addresses are relevant for snail-mail or physical deliveries, consequently a zip code would be verified only against the state and since 91101 is valid for CA, that too is irrelevant to the case the article tries to make with respect to the city being given as Abbottabad.


Well actually, that's where things start to break down. I know when the net goes down for credit cards we actually do have to verify the billing address. Ordinarily this is done online automatically.

Cornflake wrote:
Likewise with the phone number. No-one is going to bother looking it up and verifying it and at best, it would be subject to simple format-based verification: correct length, numbers only etc.


You are correct they don't always ask for that information on sites, however when it comes to an actual sales transaction they actually do want to make sure they get paid.

Cornflake wrote:
I regularly give nonsense numbers to sites requiring one when there is no reason - other than probable sales calls - for them to contact me. Never fails.


Okay, but if you are giving them your credit card information, you probably will be giving them an accurate phone number.

Cornflake wrote:
Credit card transactions are handled by an external party for security reasons so if there's any screw up with that, they should be investigated. I did trawl through the site's Java code but (as usual) it's obfuscated and there is a lot of it...
I know it's possible to verify a CC number alone as being valid by performing some calculations on it but it's more secure to verify the name and address against the number too. If just the number + from/to dates were verified that's pretty poor security but it appears to be what was used, because it's unlikely for one O. Bin Laden to have a credit card at an address in Abbottabad, CA - therefore someone needs to have a few strong words with the party performing the card verification.
Actually the card details would have to be verified by an external party because in order for full verification to be performed by any site accepting payments, that site would need to be provided with the CC details of... well, everyone.


Well there is a key piece of information that Obama was requiring when you went to buy a T-shirt, but not when you were making a campaign donation.

There is a 3 to 4 digit number on your credit card (often on the back of the card), that some sites require you to give when you make an online purchase. Every Republican in the primary had this simple security feature in place, the Obama administration did not.

Cornflake wrote:
Also - while it might fit with certain agendas to behave as if Mr. Obama personally reads and verifies every on-line donation, that's not the case.


That's not what is being suggested Cornflake, the question is why is a basic security feature in place concerning donations at the Romney Campaign, but Obama's campaign isn't taking the same basic security step?



Kraichgauer
Veteran
Veteran

User avatar

Joined: 12 Apr 2010
Gender: Male
Posts: 42,821
Location: Spokane area, Washington state.

01 Nov 2012, 6:59 pm

Inuyasha wrote:
Kraichgauer wrote:
So there was a hole in Obama's fund raising site. I hardly think Obama is responsible for every little slip up on that front. As POTUS, I think he has more important things to think about. It's not like he sits and schemes about breaking rules.
And there is a huge difference between you and Savage. Savage is a homophobic bully who denies the existence of Asperger's. He's not worth defending.

-Bill, otherwise known as Kraichgauer


I'm not defending Savage, I'm pointing out that the facts speak for themselves, this problem was reported about repeatedly and nothing was down.

If the Obama campaign had fixed this after it was reported several months ago, I would agree that your explanation is plausible. However considering this was reported on several times back when the Republican Primaries were taking place, I don't think your explanation fits the facts. Now I will be fair and say it could be some upper level official in the Obama campaign that is responsible for this, and Obama might not know about it.


I think Cornflake said it all.

-Bill, otherwise known as Kraichgauer



Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

01 Nov 2012, 7:05 pm

Then care to explain why Romney's campaign required the 4 digit code on the back of the card, while the Obama campaign did not (unless you were buying a T-shirt)...

While Cornflake read the article, he doesn't have much experience when it comes to retail or online sales.



Kraichgauer
Veteran
Veteran

User avatar

Joined: 12 Apr 2010
Gender: Male
Posts: 42,821
Location: Spokane area, Washington state.

01 Nov 2012, 7:31 pm

I can't speak intelligibly on the subject, as I'm barely computer literate. i was mostly agreeing with Cornflake on the fact that the President hardly is responsible for reading info on each and every donation - even with a tee shirt.

-Bill, otherwise known as Kraichgauer



Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

01 Nov 2012, 8:15 pm

Again though, all the Republican candidates have had this security feature in place, the Obama campaign has not, even after this was reported several months ago.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 50,818
Location: Over there

01 Nov 2012, 8:17 pm

Inuyasha wrote:
Cornflake wrote:
The IP address is irrelevant - or do you actually mean to say that an American currently in Pakistan (or anywhere else other than the USA for that matter) is prohibited from contributing online by virtue of his location?
In and of itself you are correct it wouldn't be relevant, but there are a few key things you are not taking into account, because I doubt you know all that much about retail, I think it is due to simply having no experience in the area.
What does the IP have to do with anything at all?
An American, with a real Visa card linked to his real name and his real address in the USA - can use his card in an online transaction from anywhere, including Pakistan. Or are there specific restrictions placed by the CC companies on online transactions emanating from certain locations?
He could have likely used his credit card by telephone from Pakistan too - not necessarily for the donation: I just mean making a valid CC payment from somewhere other than his home location.

Quote:
While that can happen, in this case I would suspect there was no attempt to hide the real IP address, but again there is more to this than simply the IP.
What do you mean, "in this case"? Of course there was no attempt made to hide the IP address - because there's really no reason to do that (assuming no CC company restrictions as above).

Quote:
Considering where the address was supposedly located (irl not IP), yeah it actually is relevant. It's rather unlikely that the internet in the US would route all the way to pakistan and back when all parties are supposedly in the US, it doesn't make much sense from a networking standpoint, but that isn't the key part.
It's relevant only if the transaction mechanism attempts - attempts, note - to validate the apparent location of the IP with the card holder's name, address and CC number.
You're making the assumption that anyone cares about the IP and again, if the IP was actually checked - what then? Supposing I tried to use my card (UK, obviously) with a site in California from a PC located at Microsoft UK's place in Reading - would it be valid? If so, why - and if not, why not? Remember that I would be apparently based in Redmond, WA and not the UK.

Quote:
Cornflake wrote:
The article doesn't give any indication of whether the emailed responses to "Mr. O. Bin Laden" were automatic boilerplate responses and for an automated, on-line transaction of this size they quite probably were, with no actual person being required to read anything - and so the name (and the other funny stuff) is also likely irrelevant.
That is a fair point to make.
It's a bit more than that because it demolishes a main part of the article's argument against the way the site is set up.

Quote:
Cornflake wrote:
Street addresses are relevant for snail-mail or physical deliveries, consequently a zip code would be verified only against the state and since 91101 is valid for CA, that too is irrelevant to the case the article tries to make with respect to the city being given as Abbottabad.
Well actually, that's where things start to break down. I know when the net goes down for credit cards we actually do have to verify the billing address. Ordinarily this is done online automatically.
All of my online transactions are verified against my address given at the time of the transaction and I wouldn't expect it to be done any other way because it's another layer of security - if my card is stolen the thief would need to know my address too.
So again - if it's a failure that the provided address wasn't verified against the address associated with that card number - speak to the company handling the verification: it's their failure, not Mr. Obama's.

Quote:
Cornflake wrote:
Likewise with the phone number. No-one is going to bother looking it up and verifying it and at best, it would be subject to simple format-based verification: correct length, numbers only etc.
You are correct they don't always ask for that information on sites, however when it comes to an actual sales transaction they actually do want to make sure they get paid.
They've already been paid via the automatic transaction, in the same way that my online transactions always succeed despite giving a bogus number to avoid callbacks, and that's only on the sites which ask for the number at all. It's not required as part of the transaction.

Quote:
Cornflake wrote:
I regularly give nonsense numbers to sites requiring one when there is no reason - other than probable sales calls - for them to contact me. Never fails.
Okay, but if you are giving them your credit card information, you probably will be giving them an accurate phone number.
Why? That doesn't follow - not least because I just said that I don't give a valid telephone number.

Quote:
There is a 3 to 4 digit number on your credit card (often on the back of the card), that some sites require you to give when you make an online purchase. Every Republican in the primary had this simple security feature in place, the Obama administration did not.
So speak to the company handling the transactions.
Also, you're over-inflating it to say "the Obama administration" when you really mean "the company hired to create the website".

Quote:
Cornflake wrote:
Also - while it might fit with certain agendas to behave as if Mr. Obama personally reads and verifies every on-line donation, that's not the case.
That's not what is being suggested Cornflake, the question is why is a basic security feature in place concerning donations at the Romney Campaign, but Obama's campaign isn't taking the same basic security step?
Like I said, speak to the people responsible for the transaction. Try as you might, you can't make Mr. Obama personally responsible.


_________________
Giraffe: a ruminant with a view.


Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

01 Nov 2012, 8:25 pm

@ Cornflake

Did you bother to read the original article I posted in the original post?

The more recent article was just another example, however the original post demonstrates that this isn't an isolated incident, and that a lot of your "explanations" are rather laughable.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 50,818
Location: Over there

01 Nov 2012, 8:43 pm

Inuyasha wrote:
a lot of your "explanations" are rather accurate.
Fixed that for you. :wink:
Interesting how you've ignored some perfectly simple and valid questions regarding CC transactions generally.


_________________
Giraffe: a ruminant with a view.


Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

01 Nov 2012, 8:55 pm

Actually you're conducting a little "creative editting" also known as a form of plagerism. I don't tamper with the words of what you type up, I think it is only fair that I should expect the same courtesy from you.

Cornflake there is a simply security feature on credit cards, you have a credit card right? Well there should be a 3 to 4 digit number on your credit card, usually found on the back of the card. Many online transactions ask for that number, which functions almost as a PIN.

If you look at the original article, it mentions how an individual was unable to donate money to Romney, but was able to donate to the Obama campaign using a fictious address.

I let you rant about the other article for a while so I could ascertain how much research you actually did concerning this...

The donor in the article you are referring to probably would not have been able to donate to the Romney campaign due to the simple security safeguard.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 50,818
Location: Over there

01 Nov 2012, 9:16 pm

Inuyasha wrote:
Actually you're conducting a little "creative editting" also known as a form of plagerism. I don't tamper with the words of what you type up, I think it is only fair that I should expect the same courtesy from you.
Do please try and not make such a pompous display, there's a good chap - it's a joke and I doubt that was the first time you've seen it used to make a point.
Plus, it's not plagiarism. In the unlikely event I wanted to plagiarise something from you I think the least I would have done is not quote it as being written by you.
plagiarism
n 1: a piece of writing that has been copied from someone else and is presented as being your own work
plagiarise
v 1: take without referencing from someone else's writing or speech; of intellectual property

Also, you're still ignoring my perfectly reasonable and general questions about CC transactions but it's becoming clear why this is so.

Quote:
I let you rant about the other article for a while so I could ascertain how much research you actually did concerning this...
Oh dear, there you go again. I'd rest that massive ego on something soft if I were you - it's probably quite heavy.


_________________
Giraffe: a ruminant with a view.


Inuyasha
Veteran
Veteran

User avatar

Joined: 12 Jan 2009
Age: 38
Gender: Male
Posts: 9,745

02 Nov 2012, 1:56 am

Cornflake wrote:
Inuyasha wrote:
Actually you're conducting a little "creative editting" also known as a form of plagerism. I don't tamper with the words of what you type up, I think it is only fair that I should expect the same courtesy from you.
Do please try and not make such a pompous display, there's a good chap - it's a joke and I doubt that was the first time you've seen it used to make a point.
Plus, it's not plagiarism. In the unlikely event I wanted to plagiarise something from you I think the least I would have done is not quote it as being written by you.
plagiarism
n 1: a piece of writing that has been copied from someone else and is presented as being your own work
plagiarise
v 1: take without referencing from someone else's writing or speech; of intellectual property


Plagerism can also mean you saying that someone wrote something and which they didn't, in order to shore up your own case. The Obama Administration pulled a similar stunt during the Drilling Embargo in the Gulf of Mexico.

Cornflake wrote:
Also, you're still ignoring my perfectly reasonable and general questions about CC transactions but it's becoming clear why this is so.


I had already answered the question in case you hadn't realized. Credit Card transactions online often utilize a 3 to 4 digit code which verifies the authenticity of the card. I actually was trying to avoid getting too technical, I will say there is a resource called wikipedia, you should look at it sometime.

When a purchase is made, the credit card user agrees to pay the card issuer. The cardholder indicates consent to pay by signing a receipt with a record of the card details and indicating the amount to be paid or by entering a personal identification number (PIN). Also, many merchants now accept verbal authorizations via telephone and electronic authorization using the Internet, known as a card not present transaction (CNP).

Electronic verification systems allow merchants to verify in a few seconds that the card is valid and the credit card customer has sufficient credit to cover the purchase, allowing the verification to happen at time of purchase. The verification is performed using a credit card payment terminal or point-of-sale (POS) system with a communications link to the merchant's acquiring bank. Data from the card is obtained from a magnetic stripe or chip on the card; the latter system is called Chip and PIN in the United Kingdom and Ireland, and is implemented as an EMV card.

For card not present transactions where the card is not shown (e.g., e-commerce, mail order, and telephone sales), merchants additionally verify that the customer is in physical possession of the card and is the authorized user by asking for additional information such as the security code printed on the back of the card, date of expiry, and billing address.

http://en.wikipedia.org/wiki/Credit_Card

Since in this case the article you are referring to if I remember correctly the donation in question was from a pre-paid throw away card, I'll have to look at the article again. However that kind of a card is not supposed to be used online and should have thrown up red flags left and right because they generally do not have the PIN.

Cornflake wrote:
Quote:
I let you rant about the other article for a while so I could ascertain how much research you actually did concerning this...
Oh dear, there you go again. I'd rest that massive ego on something soft if I were you - it's probably quite heavy.


:roll:

Have you ever worked in retail? If not, then I safely tell you I know more about this topic than you do, since I actually have experience in retail.



Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 50,818
Location: Over there

02 Nov 2012, 8:15 am

Since it was you who elevated the IP address to an importance it doesn't deserve, I am still waiting for an explanation from you about the relevance of an IP address in any online transaction.

Essentially, your whole "case", such as it is, boils down to what appears to be shabby CC verification by the 3rd party used on a website created by... another 3rd party.
Big woop - and it's still not something you can hang on Mr. Obama, his administration, "the left", or any of the other bogeymen you typically wheel out in lieu of cogent argument.


_________________
Giraffe: a ruminant with a view.


Cornflake
Administrator
Administrator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 50,818
Location: Over there

02 Nov 2012, 8:20 am

[Moved from News and Current Events to PPR]


_________________
Giraffe: a ruminant with a view.


thewhitrbbit
Veteran
Veteran

User avatar

Joined: 30 May 2012
Age: 35
Gender: Male
Posts: 3,124

02 Nov 2012, 8:33 am

This reads like everything from the Democratic party nowadays.

Ignore your candidate's wrong doing and try to blame Republicans some how.