Giuliani Notes,  President 2008,  Rudy Giuliani

Giuliani Notes: Web Site Flaw Fixed on JoinRudy2008.Com

March 26, 2007 /

giulianimarch26rweb

The Join Rudy Web site at 6:18 PM PDT

AP: Giuliani campaign fixes Web site flaw

Republican presidential front-runner Rudy Giuliani’s campaign hurriedly fixed its official Web site late Monday to remove a dangerous design flaw that could have allowed hackers to expose personal information submitted by volunteers.

The vulnerability affecting Giuliani’s site, http://www.JoinRudy2008.com, could have exposed confidential information stored in the campaign’s databases. The Web site failed to block commands that can instruct it to improperly display sensitive information, a popular hacking technique known as “structured query language injection.”

The campaign fixed the Web site hours after The Associated Press notified it about the problem. No personal information was compromised, spokeswoman Maria Comella said.

“The site has multiple levels of security to detect intrusions and ensure no user’s identity was put at risk,” Comella said.

Oops……but it seems the site has not been put back together.

giulianimarch22hweb

Remember this is not the first time the Giuliani campaign has had a breach of campaign security.

And with the FLAP that California Governor Arnold Schwarzenegger underwent when candid tape recordings were poached from his government web site, one would think that the site designers would be especially viligant in protecting the donor database.

The campaign launched its new site last week. Giuliani described it in e-mails as “the place where any American can go to learn about my record and join our campaign” and urged supporters to tell their friends about the site.

Its privacy policy reassures Internet visitors that the Giuliani campaign “considers your privacy paramount, and we are dedicated to protecting your privacy on the Internet.”

SQL injection vulnerabilities have been implicated in large-scale Web break-ins. The technique is among the most-critical Internet security vulnerabilities compiled by the SANS Institute, a cybersecurity research organization, and is the subject of warnings by the U.S. Computer Emergency Readiness Team, part of the
Homeland Security Department.

“Anybody who knows anything about security could have found these problems in two seconds,” said Marc Maiffret of eEye Digital Security Inc., a researcher who examined Giuliani’s Web site at AP’s request.

giulianijan31a

The Original Web Site

Well, somebody in the Giuliani campaign is reworking the site.

How about a redesign too while you are at it?

Previous:

The Rudy Giuliani Files

Technorati Tags: