What to Expect of 'Spamalot'? A Lot of Spam

pamalot" fans who signed up for a newsletter on the Broadway musical's official Web site may end up getting, well, spammed a lot. "Movin' Out" devotees may have the same problem. A security glitch - now fixed - exposed the names and postal and e-mail addresses of more than 31,000 people to savvy computer users.

	Advertisement

Up until Thursday evening, when a reporter from The New York Times pointed out the problem to the Web sites' developer, visiting a specific address on the shows' sites produced a long page with mailing-list data. The security hole was not obvious to casual Web surfers because the address was buried in the site's code. But it could have been discovered by someone deliberately seeking the list data, or by a kind of program used by spammers to scour the Web for new e-mail addresses to bombard.

Both montypythonsspamalot.com, where 19,000 people had signed up for a newsletter, and movinoutonbroadway.com, where 14,000 had, were built by Mark Stevenson, a designer in Croton-on-Hudson, N.Y.

Mr. Stevenson said he had hired a programmer, whom he would not identify, to add the list sign-up function to the sites. He said that the amount of resources put into security on the sites had seemed adequate, but "in retrospect, this was not enough, and we need to do more." He said that a message would be sent to the list with a warning about fraudulent e-mail messages.

Mark Wilkie, a software engineer who maintains Web sites for Gawker Media, said the ability to view the data must have been built into the sign-up software, but it was not clear why someone would do this. "Security-wise, it's a horrible thing to do," he said.

Aaron Meier, a spokesman for Monty Python's "Spamalot," said yesterday that the show would have no comment.

When told by e-mail message about the breach, several people who had signed up for the "Spamalot" list said they were unsurprised, given the state of Internet security and the aggressiveness of spammers. Several noted that there was something appropriately Pythonesque about the incident. After all, Internet historians say that the use of the word spam to refer to junk e-mail messages has its roots in a 1970 Monty Python sketch, in which all conversation in a cafe is drowned out by a group of Vikings chanting the word over and over. The sketch and its song about Spam, the meat product, were adapted for the new musical.

"Are you sure they didn't do it on purpose?" joked one list subscriber, Matthew J. H. Baya of Ellsworth, Me. "Talk about guerrilla marketing."

Special Offer: Home Delivery of The Times from $2.90/week.