CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 1st, 2008

Vulnerabilities In Both Principal London Mayoral Election Candidates Websites

SecureTest warns about potentially serious vulnerabilities on the websites of the two principal candidates in today’s London Mayoral election. Both Boris Johnson’s and Ken Livingstone’s campaign websites suffer from cross-scripting (XSS) vulnerabilities that make it possible for hackers to redirect users to their opponents’ websites, or any other site on the web, including malware infected specially created sites.

The cross-site scripting vulnerabilities on both websites are exploited using a simple redirect. In the case of Boris’s site, this is in the search function. Depending on their nature, cross-site scripting vulnerabilities create a means for hackers to insert a script redirecting users to another website entirely, or an ‘iframe’ that forces the site to display the content of a third party site.

Ken Munro, managing director of SecureTest, explained that the picture prank does not involve hacking either site as such. “It just involves sending somebody a link that pulls content off a third-party site as if it came from the first site, which shouldn’t be allowed to happen”.

Similar vulnerabilities were reported on Hillary Clinton and Barrack Obama’s websites in the US about 2 weeks ago. Customers of an Italian online bank were recently attacked in a very similar manner – however, that attack redirected their user names and passwords to a hacker.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Three London Hospitals Networks Shutting Down After Virus Infection
  • Transport For London System Failure Disabled Electronic Oyster Cards For Thousands Of Travelers
  • Remote Attack Could Damage Systems Hardware Beyond Repair
  • Malware Spam With Infected Attachment Spreaded With Fake News About Nuclear Power Plant Explosion Near London
  • More Websites Are Compromised, This Time Avoiding Chinese Websites And Users

    • Posted in Vulnerabilities | Print This Post Print This Post

    This entry was posted on Thursday, May 1st, 2008 at 5:36 am and is filed under Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Vulnerabilities In Both Principal London Mayoral Election Candidates Websites

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « University Of Massachusetts Amherst’s Health Services Network Breached By Hackers
    Staten Island University Hospital Patients Personal Records Stolen In December » »