Some things never change.
We're reported in the past on hacks of the President's campaign web site barackobama.com, still used for political campaigning: This one on January 26, 2009 served malware to users and this one from April 21, 2008 redirected users to the Hillary Clinton campaign site (note: Friends of Hillary is still taking contributions).
The latest attack uses SQL injection to gain full access to the databases on the barackobama.com server. They use Microsoft Access databases, including the one in the graphic (click it for a full-size image): It's the database of administrators and their passwords, all in plain text. By adding themselves to the database they get to log in as administrator and do whatever they want.
It's not clear who's responsible for this attack and, truth be told, it's just as assertion of an attack. They haven't actually defaced the site or done anything else that would prove that they have the access they claim to have. But the site's history gives credence to the claims. Web sites like this, especially those with discussion forums that allow users to add content, are notorious for vulnerabilities such as these, especially SQL injection. All, or almost all such sites have vulnerabilities. Barackobama.com is just a bigger target than most.
-pcmag
No comments:
Post a Comment