Even Political Sites Leak
Australia is set to go to the polls later this year for what could be the closest Federal election for some years. Almost all parties and politicians have turned their attention to establishing, consolidating or increasing their online presence, with both major parties (Liberal and Labor) making use of sites such as YouTube to help distribute their message to the Australian people.
This attempt to be more available to the Australian public sometimes backfires, as various politicians, political parties, and agencies have found in the past when their websites have been attacked and defaced or temporarily taken offline. Most have either ignored the attack and replaced the original content (though slowly in some cases), but from time to time people have over-reacted - as was the case when the ACT Chief Minister's site was attacked and defaced.
Even though the Federal Government's NetAlert program has already been criticised by many, it seems that the major political parties are still having some trouble keeping their sites secure. Not long after the announcement of the NetAlert program an enterprising security enthusiast, bsoric, released information on to the populsr sla.ckers.org forums detailing XSS vulnerabilities that had been discovered on the websites for the Liberal and Labor parties.
Two months after the vulnerabilities were first disclosed, it appears that the Liberal party have managed to repair the discovered vulnerability, but the Labor party are still vulnerable to the disclosed issue. Although the presence of one XSS vulnerability does not imply that there are many more, it is considered likely that there are similar vulnerabilities in both sites, just waiting to be found.
8 October 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.