Users redirected to Clinton’s site
Last modified on Tuesday, 22 April 2008 09:04
Over the weekend Democratic Presidential contender Senator Barack Obama’s campaign Website was hacked and visitors to the Obama site were redirected to his rival’s site, Senator Hillary Clinton. Apparently, a cross-site scripting vulnerability in the social networking section of Obama’s campaign site was exploited, according to researchers.
Anti-fraud company, Netcraft Ltd. Indicated that a user identified only as "Mox" admitted the hack in the Community Blogs section on the Obama site this past Sunday. Cross-site scripting vulnerabilities, which are often exploited by identity thieves and phishers, allow attackers to add malicious code into legitimate pages. Mox claims that the cross-site scripting bug has now been patched.
The Obama camp was not happy with the Mox behavior and the “all is well” comment, however. Supporters of Obama can create their own blogs and read others’ postings in The Community Blogs section of the Obama site. Users must register on the site to access Community Blogs, but vulnerabilities still remain on the site. The additional vulnerabilities caught by Netcraft apparently haven’t eliminated all of the risk.
A 22-year-old security researcher who co-manages an online archive of cross-site scripting attacks on vulnerable sites, Dimitris Pagkalos, claims Obama's site still has two unpatched bugs. Pagkalos also claims that bugs could be used to infect Obama supporters and site visitors with malware, unsolicited adware or identity-stealing spyware.
The Pennsylvania Democratic Party Presidential Primary is this week, and the statistics indicate just a few percentage points difference between Obama and Clinton. Tampering with either candidate’s site or interrupting traffic flow could have a big effect on the availability of information for undecided voters who might be seeking information from that candidate’s Website. Let’s hope both of these Presidential candidates have now brought in the big IT guns to address and fix vulnerabilities on their Websites.