Anyone fancy hacking the London Mayorial Elections??

notmeatall3

Inactive User
Joined
Apr 30, 2006
Messages
1,283
Reaction score
22
Location
z'ha'dum
Ethical hackers have discovered potentially serious vulnerabilities on the websites of the two principal candidates in today's London Mayoral election.

Both Boris Johnson’s and Ken Livingstone's campaign websites suffer from ‘cross-scripting’ (XSS) vulnerabilities that make it possible for hackers to redirect users to their opponents' websites, or any other site on the web, penetration testing firm SecureTest warns.


An unexpected endorsement
For example, it is simple to have a picture of Boris appear on Ken’s web site or vice versa, as can be seen by following from this Ken shot on Boris’s site link here. The cross-site scripting vulnerabilities on Boris and Ken’s sites are exploited using a simple redirect. In the case of Boris’s site, this is in the search function.


Ken Munro, managing director of SecureTest, explained that the picture prank does not involve hacking either site as such. "It just involves sending somebody a link that pulls content off a third-party site as if it came from the first site, which shouldn't be allowed to happen," he told El Reg.

SecureTest's team of ethical penetration testers found these weaknesses after reading reports of similar vulnerabilities on Hillary Clinton and Barrack Obama’s websites in the US.

Munro said: "This is a classic internet prank that could have very damaging consequences. It is entertaining to direct potential Ken voters to Boris’s website or vice versa. What would happen, however, if some prankster redirected traffic to a pornographic website, or one which downloaded damaging spyware onto a user's computer?

Depending on their nature, cross-site scripting vulnerabilities create a means for hackers to insert a script redirecting users to another website entirely, or an 'iframe' that forces the site to display the content of a third party site. Customers of an Italian online bank were recently attacked in a very similar manner - however, that attack redirected their usernames and passwords to a hacker. ®
 

Manny

Member ++
Joined
Apr 11, 2008
Messages
487
Reaction score
3
Location
U.K.
hacking? dont even know how to use a keyboard lol
 

wonko

Inactive User
Joined
Jul 5, 2005
Messages
972
Reaction score
12
isnt hacking political websites covered under the new (ish) anti everything fun laws?
ie u could get in seriously deep stuff if caught lol
 

notmeatall3

Inactive User
Joined
Apr 30, 2006
Messages
1,283
Reaction score
22
Location
z'ha'dum
isnt hacking political websites covered under the new (ish) anti everything fun laws?
ie u could get in seriously deep stuff if caught lol

It might be a little dodgie. :specsavers: I didn't see anything if u didn't
 

Munkey

DW Regular
Joined
Jan 27, 2006
Messages
5,849
Reaction score
179
I think you get a fun in the sun holiday in guantanamo bay for your efforts LOL. 10 years back you'd have made the local paper as a hero and NASA would have hired you.
 
TEST
Top