SAN JOSE, Calif. (AP) - A simple flaw in the coding of Sen. Barack Obama's
Web site led to a hacking switcheroo of presidential proportions just days
before the important Pennsylvania primary.
Some supporters who tried to visit the community blogs section of Obama's
site started noticing late last week they were being redirected to Sen. Hillary
Rodham Clinton's official campaign site.
Security researchers said a hacker exploited a so-called "cross-site
scripting" vulnerability in Obama's Web site to engineer the ruse.
Netcraft Ltd. said the hacker injected code into certain pages in the
section -- code that was then executed when subsequent visitors tried to view
the community blogs section. The vulnerability has since been fixed.
While the hack appears to have been a prank, researchers said the breach
underscored that candidates risk exposing their supporters to computer viruses
and identity theft if they don't secure their Web sites. For instance, a similar
mechanism could be employed to redirect campaign site users to a site that
steals personal information from visitors.
"With people closely watching the heated contest to determine the next U.S.
president, you can bet that this won't be the last time such attacks happen,"
Symantec Corp. researcher Zulfikar Ramzan wrote on the company's official blog.
Neither campaign responded to e-mail messages seeking comment.
The community blogs feature is working normally again this week. The link
that took visitors to Clinton's site now directs visitors to the appropriate
page, which is populated with blog postings from Obama supporters around the
country.
Copyright 2008 Associated Press. All rights reserved. This material may not be
published, broadcast, rewritten, or redistributed.
|