A blog by the Brick Factory The Brick Factory

Time's Person of the Year Poll Has Been Hacked

Time Magazine is running a poll on their website in conjunction with their annual naming of the Time Person of the Year.  Twenty five finalists are presented, and  users are encouraged to rank each person on a ten point scale.  Following in a time honored tradition, supporters of scientist Douglas Melton have apparently hacked the poll, as Melton currently has an average ranking of twelve on the ten point scale.   Well done.

hack

Update: Melton’s average ranking has now dropped to a more resonable ten, probably due to Time finding and fixing the problem, or the Melton supporters realizing they’d gone to far and covering their tracks a bit.  Note Obama’s number is also suspiciously high. 

Update 2: One of our developers here, Brandon Savage, weighs in on how the poll was probably hacked:

“I took a look at the process of voting with a very basic set of tools on Firefox: Firebug and LiveHTTPHeaders. What I found is that when you submit the rating, it calls another page and passes a key, the rating, and the poll information through the URL to the page, like so:

http://www.timepolls.com/contentpolls/Vote.do?key=eba3a55e955bc93ade4fc820649cde04&rating=9&id=1857552&pollName=poy2008

Theoretically, then, you could hit this page as many times as you wanted with any rating you wanted, and drive up a candidates’ score. Though one would expect that Time would have figured that anyone could game the system, it’s easy for a programmer to forget that what they don’t intend for public viewing may still be visible, and that they always need to check to ensure that the data they expect is the data they are getting.”