Obama Supports Hillary !

This is not a April fool Prank , Its true Obama supports Hillary .. It happened ,the change I beleive in.. the change is happened...

What Obama supports Hillary..? you may wonder it cant be.. No it can be , when Obama forget to do input validation in his code.. :) code? What code ? How does Obama releates to Programming? wait wait... Keep read on...


Accessing Barrack Obama site redirected to Hilary Compaign ! you are not beleiving it ? Obama is XSSed.. yeah XSSed..!

Now this one is fixed on the front so heres some evidence ,

Here is the computer world report

and

A picture worths between 999 and 1001 words. A video worths even higher , so heres is youtube video ,






A guy who identifies himself as "MoX" XSSed Obama site to redirect to Hilary site.. How z that he changed down under everything..

What is XSS by the way?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.

What does that mean?

An Exploit can inject HTML based malicious script in any of the input fields , and can take control over of the site or user session based on the attack strength. This input fields includes text box , Text area , mostly the comments section of the sites. This was exactly happened to Mr.Barrack obama site.. the malicious script injected ,redirected the users directly to Hillary campaign and make every one to think down under..

Whats the cause for XSS ?

XSS is mainly due to not validating the user input in the code. yes Mr.Obama had missed to validate it here ..

How it can be avoided?

When security is considered as basic thing as just like what algorithms did to programmers then any security flaws can be avoided.

Security Guru says

More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk

Good programming is not about using Design Patterns and good algorithms as basic requirements it includes secure coding too..

Specific to XSS ..

By validating the user input and escaping the malicious characters which includes characters like < and >

Validate and filter user inputs in the server side ..

Will this impact Mr.Obama campaign ?

Obama failed to validate his users input , So it may have a impact and may not.. But it does has in programming which i can comment, any way i belongs to India and i have nothing to comment about US Elections :)