Vulnerabilities In Both Principal London Mayoral Election Candidates Websites
SecureTest warns about potentially serious vulnerabilities on the websites of the two principal candidates in today’s London Mayoral election. Both Boris Johnson’s and Ken Livingstone’s campaign websites suffer from cross-scripting (XSS) vulnerabilities that make it possible for hackers to redirect users to their opponents’ websites, or any other site on the web, including malware infected specially created sites.
The cross-site scripting vulnerabilities on both websites are exploited using a simple redirect. In the case of Boris’s site, this is in the search function. Depending on their nature, cross-site scripting vulnerabilities create a means for hackers to insert a script redirecting users to another website entirely, or an ‘iframe’ that forces the site to display the content of a third party site.
Ken Munro, managing director of SecureTest, explained that the picture prank does not involve hacking either site as such. “It just involves sending somebody a link that pulls content off a third-party site as if it came from the first site, which shouldn’t be allowed to happen”.
Similar vulnerabilities were reported on Hillary Clinton and Barrack Obama’s websites in the US about 2 weeks ago. Customers of an Italian online bank were recently attacked in a very similar manner – however, that attack redirected their user names and passwords to a hacker.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.