I do try not to indulge to much in blatant crowing, megalomania or melodrama. However, I am completely incapable of doing so. Therefore, so my thinking goes, better enjoy the moment whilst you can.
Today was a very normal day. There was nothing out of the ordinary, for which I was very glad, having worked a 14-hour day on Sunday. I had been vaguely aware of the Tories’ #CashGordon campaign, but I hadn’t really taken any notice, being busy and uninterested in elitist Tory toffs. However, as lunch time approached, I saw a growth in Tweets referring to the campaign. It seemed there were problems. Someone was having a party. The picture, put together very accurately by Meg Pickard, gives a run-down of the timeline and events that followed (click the picture to see a larger version).
Whoever put together the #CashGordon website (which appears to have been plagiarised from an American campaign website, but that’s a different story which I will leave to my online comrade Political Scrapbook) didn’t bother to protect the website from cross site scripting (XSS). Unfortunately for them, this meant people could Tweet Javascript and style information and do anything from changing font sizes to redirecting the #CashGordon website to any other online location they wished. Thus, we had everything from general abuse to “Cameron is a ****” in red, 48pt letters, to redirects to the Labour Party website, Rickrolls and porn.
If this wasn’t enough of a fail, the final nail in the #EpicFail coffin was struck when Conservative Party HQ redirected the #CashGordon site to a news article on their own website. It 404′d.
There is still a part of me slightly in awe of the person who first realised the could execute XSS. What an #EpicFail, followed by a CCHQ #facepalm. The Tories clearly couldn’t even walk the plank in the right direction.