The Inquirer-Home

US election websites wide open

Bush and Kerry security shy
Thu Jul 01 2004, 08:06
WIRED SAID that President George Bush and his protagonist John Kerry have election websites with pitifully inadequate security.

The security analysts who performed scans of the Bush and Kerry campaign sites for Wired professed themselves shocked by the mistakes on the Bush site. They reported that they found more than 30 security faults including some that were basically daft errors. Kerry's site also had some howlers, but not quite as bad as his rival.

One of the researchers, who did not want to be identified because his GFI LANguard scans are illegal under the Patriot Act, said the security problems on the Bush site include some that are critical and could be easily exploited. The fact he could even run the scan without being detected showed a 'complete lack and utter uselessness of their network security'. The Kerry site however stopped the GFI LANguard scan before the researcher could get any data.

Other researchers have said that Kerry's campaign site shows signs of being vulnerable to SQL injection errors, which could mean an attack on his back end.

This is interesting as the Kerry campaign is being advised by the techno guru Apple's Steve Jobs, although his knowledge of SQL programming subtleties might be a little limited.

Both sites were packed with cross-site scripting errors which will allow fun-loving Republican and Democratic hackers to create bogus Web pages that appear to originate from the Bush or Kerry websites.

Both sites also have privacy problems for users, too. The Bush site uses an outfit called Omniture to track visitors to the site and gather as much private data from them as possible on them.

Kerry's site uses a Aquantive tracking system, this will tell him about all the websites you visit. Neither site mentions they are taking information.

Kerry has open source credentials - he is using Apache running on Red Hat. Bush's OS of choice is none other than Vole's IIS 5.0 server.

The Wired story can be found


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?