Sometimes the exposure of XSS (Cross Site Scripting) flaws on a website can be comical. True, sometimes they are malicious, but every so often, you see one that simply makes you chuckle. The recent exposure of an XSS flaw on the campaign website for US Presidential hopeful Barack Obama is one of those rare gems to make you giggle.
Cross site Script has been around for sometime, in terms of security, XSS attacks take advantage of code flaws. Imagine clicking on a link to one website and suddenly finding yourself on another. This is a classic XSS attack. Sometimes XSS can be used simply for fun, a gag if you will; other times you can do some shady things with it.
The XSS attack on the Obama website is an example of a gag that was pulled to demonstrate a problem. The “attacker” wanted to point out some code errors, and the best way to do this was to redirect traffic from the Obama website to the website of his rival, Hillary Clinton.
“I’m the one who “hacked” Obama’s website” is the title of the post by Mox from Liverpool, Il.
“First, let me explain why I put hacked in quotation marks. It is because what I did was not hacking in the sense that I burrowed into some dusty served and changed the Obama site and stole all your credit card numbers. All I did was exploit some poorly written HTML code,” Mox explains.
If you missed the attack, as mentioned it was simple. Early Saturday night if you clicked on “Community Blogs” on the Obama site, you were sent to the main page for Clinton’s campaign web portal.
Now, some people saw this and laughed, those would be the sensible people, those familiar with technology and web security. Others panicked and claimed hired guns from the Clinton camp hacked Obama’s site.
YouTube user “Zennie62” is one of those who panicked.
“Someone hacked into the Barack Obama website…Someone has gotten to the code of that section, of that page here, and they changed it. You might watch this and think its funny… [anti-Clinton comments follow] …It isn’t surprising that they would pay someone to come in and attack the Barack Obama website on the eve of the Pennsylvania Primary,” he said.
At the end of the video (http://youtube.com/watch?v=NKjomr1Afq0) he suggests Clinton bow out of the race. Zennie62 is not the only one who had a comment; some of the videos were removed from YouTube for TOS violations. One can only guess at what they had to say.
The XSS flaw was patched later in the evening, early Sunday morning.
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!