Cotton Rohrscheib

The Cotton Club Blog & Podcast

  • Home
  • Bio
    • Resume
  • Blog
    • Faith & Family
    • Marketing & Tech
    • Farm & Business
    • Entertainment
    • Health & Wellness
    • Urban Farming
    • Weekend Projects
  • Media
    • Newsletter
    • Photo Galleries
    • Instagram Feed
    • Video Archives
    • Podcasts
    • Music Playlists
  • Books
  • Connect
    • Rohrscheib Capital
    • Disclaimer
    • Privacy Policy
You are here: Home / Marketing & Tech / XSS Exploits & the Presidential Campaign

XSS Exploits & the Presidential Campaign

April 24, 2008 by Cotton Rohrscheib Leave a Comment

A couple of pretty interesting Cross Site Scripting (XSS) exploits have been launched as of late on presidential candidates Hillary Clinton and Barack Obama’s websites.  Both exploits are unique in that they were highly publicized and pretty well documented online.  It’s probably some good information for developers and hosting companies to take a look at, even if you aren’t developing or hosting a presidential candidates website. Here’s an excerpt from Netcraft’s website:

While Clinton and Obama are battling it out in the political arena, security researchers are continuing to find vulnerabilities in the candidates’ and supporters’ websites. Interestingly, while a typical exploit is to redirect one party’s site to their opponent’s, the reasons for seeking to discover such vulnerabilities are not always politically motivated.

Following the recent cross-site scripting attacks against Barack Obama’s website, Finnish security researcher Harry Sintonen has published an example of a cross-site scripting vulnerability on votehillary.org.

Sintonen’s example submits a POST request to the Vote Hillary website and injects an iframe, causing the site to display the contents of Barack Obama’s website. Unlike the Obama incident, which redirected the user’s web browser, Sintonen’s method retains the votehillary.org URL in the address bar while displaying the opposing website.

Sintonen told Netcraft that he was inspired by the recent Obama attacks and first examined Hillary Clinton’s official website at www.hillaryclinton.com. Sintonen did not find any cross-site scripting vulnerabilities on this site, adding that it looked quite secure, but subsequently found XSS opportunities available on the Vote Hillary website. Sintonen lives in Finland and has no strong interest in US politics.

While the example exploits have so far been relatively benign (limited to redirecting a user to the opponent’s website, for example), future cross-site scripting vulnerabilities found on political candidate sites have plenty of scope to be much more serious. Obama’s and Clinton’s websites both accept monetary contributions towards their campaigns, so cross-site scripting vulnerabilities could be leveraged to steal money and identities from supporters.

Sintonen told Netcraft he informed the webmasters of votehillary.org about this cross-site scripting vulnerability two days ago, but has not yet received a response.

Source: Clinton and Obama XSS Battle Develops – Netcraft

Share this post on:

  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Pinterest (Opens in new window) Pinterest

Related

About Cotton Rohrscheib

The Cotton Club is a monthly podcast hosted by me, Cotton Rohrscheib. I'm a 52 year old entrepreneur w/ ADHD, OCD (and now AARP) that refuses to grow up as I grow old. I have collaborated and invested in hundreds of projects throughout my career in multiple industries such as; technology, healthcare, and agriculture. I also have 25 years experience in the marketing industry as a co-founder of an award-winning advertising agency. I will undoubtedly cover a wide variety of topics on my podcast while sharing some really crazy stories and situations that I've been fortunate to witness firsthand. I also have a book coming out in 2025 titled, "Mistakes were Made"

Please Drop Your Questions or CommentsCancel reply

Let’s Connect

  • Email
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter

Recent Updates

  • EP:032 – Cotton Rohrscheib & Diana DeHart
  • Challenges & Opportunities Going into 2025
  • Find us at the 2025 Arkansas Women in Agriculture Conference in Hot Springs, Arkansas
  • Be Sure to Checkout FBN’s Farmers First™  Crop Nutrition & Adjuvant Lineup for 2025
  • What we all need in Dark Times…

Blog Categories

  • Blog (419)
  • Entertainment (376)
  • Faith & Family (147)
  • Farm & Business (288)
  • Health & Wellness (33)
  • Marketing & Tech (584)
  • Podcasts (31)
  • Urban Farming (20)
  • Weekend Projects (1)

Listen & Subscribe

Blog Archives

Join the Cotton Club!

 

Content Copyright: 2001-2025
Cotton Rohrscheib | Rohrscheib Capital