Ted Cruz's New Presidential Campaign Donation Website Shares Security Certificate With Nigerian-Prince.com

from the feeling-safe-donating-yet? dept

Update: Yes, as lots of angry people are screaming at us (including with detailed explanations of how incredibly, unbelievably, astoundingly stupid I must be), this is a result of Cruz using Cloudflare, which lumps unrelated domains onto the same HTTPS certificate. And yes, Techdirt.com's certificate is hosted by Cloudflare also, and we share it with other domains as well. Feel free to continue to read the original story below and contribute to how stupid you think I am in the comments...

We're big believers in using HTTPS to secure websites (even if HTTPS certificates have their problems -- it's still better than the alternative). But there are pitfalls in setting up your certificate correctly as newly announced presidential candidate Senator Ted Cruz apparently discovered this morning. Because along with his campaign launch speech (which was widely mocked by the Liberty University students who were forced to attend), he put up a website for donations. And that website didn't default to HTTPS and also listed nigerian-prince.com as an alternate domain on the security certificate, as first noted by the Twitter feed @PwnAllTheThings:
A few hours after this was first noticed, the Cruz campaign appears to have removed nigerian-prince.com from its certificate, but it still raises some questions about just who he has hired to build his websites. I guess that's what happens when even the technologists in your own party openly mock Ted Cruz's ignorance when it comes to technology issues like net neutrality.

Filed Under: donations, https, internet security, nigerian prince, presidential campaign, security, security certificates, ssl, ted cruz, tls


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Justin G. (profile), 23 Mar 2015 @ 1:05pm

    Cloudflare Certificates

    From the image, you can see that the certificate is issued to CloudFlare. This is the way that CloudFlare has set up their infrastructure so that they don't need a unique public IPv4 address for every single one of their customers.

    Techdirt also site behind Cloudflare and has more than a dozen alternate names to various website hidden within the SSL certificate.

    In my opinion, there is no security issue here. Just an unfortunate, yet amusing coincidence that Cloudflare paired these 2 domains together.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.