Blogger Hacks in to BarackObama.com

1026_barackobama_pass_398x206A blogger who prefers to remain anonymous, has successfully hacked into Barack Obama’s campaign site, BarackObama.com. It appears that the blogger did not have any malicious intent by making the hack known to the public, but rather he released the information about the attack in order to bring attention to the site’s lack of database security.

The blogger was able to easily hack in to the site’s databases using a simple SQL injection attack which tricks web applications information from a database “by tweaking existing queries into doing things they weren’t designed to do.” If the term “SQL injection hack” sounds familiar, that is because that is the same method was used in the now famous attach on Heartland Payment Systems where hackers were able to obtain millions of credit card numbers. According to the blogger, all of BarackObama.com’s administrators’ passwords are unencrypted.

It is becoming more and more apparent that even high priority level sites are vulnerable to easy-to-implement SQL injection hacks. Forbes has investigated the blogger’s claims and in the process they have discovered that a simple Google search leads to a Roosevelt University calendar, that is available at donate.BarackObama.com. That page uses a URL parameter for calendar identification that could make it vulnerable to a SQL injection attack if the page was programmed incorrectly.

(Via Forbes)

About the author  ⁄ BrickHouse Security

BrickHouse Security is the industry's premier supplier of security and surveillance solutions. As a recognized authority in GPS tracking, hidden cameras, employee monitoring and compliance, video surveillance and counter surveillance, we help our customers use technology to get the clarity they need. We proudly serve consumers, businesses of all sizes and the law enforcement community. When you need to know, BrickHouse has the answers.

  • http://www.gtricks.com Google Tricks

    Tell me what is safe? Eben BarackObama is hacked. HEHE