Are you kidding me? The doge.gov website, which is supposed to track Elon Musk’s cuts to the federal government, is about as secure as a toddler’s playpen – and just as useful. I mean, who needs security when you’re trying to be “transparent”, right? (Ha!) According to not one, but two separate people who found the vulnerability and shared it with 404 Media, the website pulls from a database that can be edited by anyone – yes, anyone!
But wait, it gets better – or worse, depending on how you look at it. One coder, because why not, added some “fun” database entries that are now visible on the live site, saying things like “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro“. I mean, I’ve seen better security on an Amazon toy, for crying out loud!
And, because Elon Musk said so, the Department of Government Efficiency is trying to be as transparent as possible – by posting their actions to the DOGE handle on X and to the DOGE website, which was basically a blank page until someone decided to fill it with, well, not much. Now it shows a mirror of the @DOGE X account posts and some stats about the U.S. government’s federal workforce – wow, thrilling stuff!
But, you know, the real experts (ahem) built doge.gov on a Cloudflare Pages site that is not currently hosted on government servers – because who needs government servers when you can have Cloudflare, right? And the database it pulls from? Yeah, that can be written to by third parties – no big deal, what could possibly go wrong? Both sources told 404 Media that they noticed Doge.gov is pulling from a Cloudflare Pages website, where the code that runs it is actually deployed – yeah, because that’s not a security risk at all.
What’s next, I wonder? Will they just put all the government’s secrets on a public notebook and call it a day? I mean, come on, people! If you’re going to do something, do it right, or don’t do it at all – security through obscurity is not a thing, guys! (Or is it?)