As ambitious politicians announce their plans to run for president in 2016, you can be sure that cheeky hackers are gearing up for some good pranks. Who will they hit? Nobody can be sure, but a former developer for the Obama campaign just posted a side-by-side comparison of the security protections on the top four candidates’ websites.
The former Obama campaign developer is Paul Schreiber, who also spent nearly a decade working as a developer for Apple. Schreiber analyzed the websites of Hillary Clinton, Ted Cruz, Rand Paul. None of them are perfect, but Ted Cruz’s website looks particularly vulnerable.
Long story short, Cruz’s campaign did a pretty shitty job with encryption. TedCruz.org is the only website out of the four that’s not built over HTTPS. In fact, if you try to visit https://tedcruz.org, you’ll get a 404 error. (Update 5:15 pm: It looks like the campaign added a redirect so that it works now.) Both the Clinton and Rubio campaign websites default to HTTPS, and the Paul campaign at least works with the encryption standard. Even luddite politicians have been saying for years that all websites should default to HTTPS, so the lack of support seems just silly.
Security is obviously a complex endeavor for any website. Which is to say, Ted Cruz’s website isn’t easily hacked just because it drops the ball on encryption. The lack of HTTPS doesn’t bode well for the Tea Party politician’s infosec prowess, however, especially since it’s widely regarded as a necessary security measure. Some people say you should encrypt everything. But if you’re running for president and don’t want to get hacked, you should at least encrypt your website.
Click through to see the full run down of security on presidential candidates’ websites.
Image via Shutterstock / Ted Cruz
Contact the author at adam@gizmodo.com.
Public PGP key
PGP fingerprint: 91CF B387 7B38 148C DDD6 38D2 6CBC 1E46 1DBF 22