[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Presidential Candidates' Websites Vulnerable

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
From: "Marek Isalski" <Marek.Isalski@xxxxxxxxxxxxxxxxxx>
Date: Thu, 01 Jul 2004 10:12:50 +0100

For those who didn't catch it on The Inquirer already, it sounds like not even 
the would-be presidents of the US can afford decent security: 
http://www.theinquirer.net/?article=16939

"site shows signs of being vulnerable to SQL injection errors" and "packed with 
cross-site scripting errors"... Has Donnie been doing overtime? :)

Most amusing comment given the still raging Win/Linux debate on this list: 
"Kerry has open source credentials - he is using Apache running on Red Hat.  
Bush's OS of choice is none other than Vole's IIS 5.0 server." 

Most worrying comment: both sites use visitor trackers (something I always feel 
is a sign that the site's owners feel that invasion of privacy is less 
important than commercial success).  Maybe one day we'll just do away with 
elections and go by the Google PageRank of the candidates' websites?

Marek


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:13.linux
Next by Date: Re: [Full-Disclosure] DSL router Prestige 650HW-31
Previous by thread: [Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:13.linux
Next by thread: RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Index(es):
- Date
- Thread