Campaign officials said they have fixed a vulnerability on the website of Republican presidential front-runner Rudy Giuliani that could have allowed attackers to perform SQL injections to expose volunteers' private information.
The website, JoinRudy2008.com, contained a flaw that prevented the blocking of command instructions to display unauthorized information, according to the Associated Press, which notified the campaign on Monday about the issue.
The site was fixed within hours of being alerted, campaign spokeswoman Maria Comella told the news service.
No information was exposed, she said.
Giuliani, who earned national recognition as the mayor of New York City during and after the Sept. 11, 2001 terrorist attacks on the World Trade Center, has placed first in a number of early polls for the GOP presidential nomination.
SQL injections are among the SANS Institute's Top 20 Internet Attack Targets. They have been used more commonly as websites have become more dynamic, yet lack secure code development.
According to the organization, in a worst-case scenario, SQL attacks can be used "to completely compromise the database system and systems around it."
Last summer, the website of U.S. Sen. Joe Lieberman's, I-Ct., fell prey to a DoS attack in the days leading up to the primary election.
Meanwhile, Mike Davidson, the cofounder of Newsvine, said on his website that he posted a message on U.S. Sen. John McCain’s, R-Ariz. MySpace page today saying the presidential candidate had changed his stance to support gay marriage.
Davidson said he was upset that McCain’s campaign used one of his design templates and imagery without giving him credit.
Davidson replaced a sample image with his own message-based image, he said on his website. The file was replaced by 1 p.m. EST today.
Although upset that his template was used without his permission, Davidson said he isn’t politically motivated.
"Before McCain fans comment on this, let me reiterate that this was a prank," he said. "I’m not politically inclined, I’m not anti-McCain, and I’d have a beer with the guy anytime."
Click here to email reporter Dan Kaplan.
Looking for a new job? SC Magazine is your source for the latest IT security employment opportunities. Visit our Jobs page.
