Earlier today, I posted about how Barack Obama’s website allows users to build their own fundraising campaigns and community blogs. To be sure, it’s a great way to encourage grassroots participation — but it can also be a recipe for disaster if you don’t execute properly.
It was revealed today that a user on the Obama site — ostensibly a supporter of his rival Hillary Clinton — used a JavaScript exploit to redirect the entire community section of his site to Clinton’s campaign website. Apparently, users can drop code — completely unfettered — into their own personal sites, giving them the ability to create any number of malicious behaviors. Already, people have suggested how to deposit malware and spyware onto the site.
I think the Obama campaign should pester their staffer, Facebook co-founder Chris Hughes to help them fix this problem and to anticipate other exploits. After all, Facebook has built a whole suite of code restrictions around its platform in order to prevent just these sorts of attacks.
Welcome to our community! If you like what you see, you may want to subscribe to our RSS feed!
{ 1 comment… read it below or add one }
Jewel 05.02.08 at 12:17 pm
There are a lot of guys making millions a year off simple javascript exploits and the use of Iframes to do BlackHat. The “advances” in the web move to keep up with those looking for holes.