Design Flaw in Rudy Giuliani’s Official Website

Campaign of Rudy Giuliani, strong contender for Republican President post, quickly fixed its official site to correct a design vulnerability which could have give access to hackers to compromise personal details submitted by volunteers, as reported on March 26, 2007 by Washingtonpost.

The flaw that affected Giuliani's Website, http://www.JoinRudy2008.com could have uncovered secret details stored in the databases of the campaign. The site couldn't stop commands, which can direct it to inappropriately display secret information, a well-known hacking tack called "structured query language injection" (SQL injection), as reported on March 27, 2007 by SMH.

The Website has various security levels to identify infringements and ensure identity of any user is not threatened. Nevertheless, no personal data was stolen, said spokesperson Maria Comella, as published on March 26, 2007 by WCBSTV.

The Associated Press informed the campaign of Giuliani about the flaw in Website. The campaign then fixed it within a few hours. The new site was launched in the third week of March and Giuliani said that any American could visit the site to know his record and be a part of his campaign.

Giuliani Partners, the business firm of Rudy Giuliani, provides cybersecurity consulting service under an alliance with Ernst & Young till 2004. After that, Rudy embarked on his political journey. George Will, one of the best columnist, journalist, and author in US dailies, has described his eight-year tenure as Mayor of the New York City as the most successful period of conservative governance in the country in the past 50 years, according to JoinRudy2008.

Marc Maiffret, researcher, eEye Digital Security Inc., checked Giuliani's site at the Associated Press' request and said that anyone who is aware of the security could have identified these flaws in seconds.

SQL injection flaws have been involved in large-scale intrusions in Web World. This technique is one of the most critical web security issues composed by the cybersecurity research organization SANS Institute, and is a subject of cautions by the US Computer Emergency Readiness Team, a part of Homeland Security Department.

The FTC (Federal Trade Commission) sued the fashion company Guess? Inc. in 2003 over charges of its inability to protect the customers' credit information as the company's Website had the same design vulnerability. The rules of FTC are not applicable to presidential candidates, so no such legal action was taken against Giuliani campaign.

Related article: Document shell-code – Favorite Target Of Hackers

» SPAMfighter News - 3/31/2007