Re: Lieberman Campaign Says Web Site Hacked

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 8/8/06, Drsolly <drsollyp () drsolly com> wrote:
> > "Voters cannot go to our Web site. They cannot access information," Smith
> > said. "It is a deliberate attempt to disenfranchise voters.
>
> I feel *so* disenfranchised.


this link was over on FD:

http://www.dailykos.com/story/2006/8/8/144119/5628


Quick Update/Summary: The site is setup on a single vulnerable server,
with, apparently, no backup plan. At best, completely incompetent. At
worst, downright Rovian. But since another site is running fine, on
the same server, it's downright bizarre that they couldn't fix Joe's
site in the last 18+ hours - it's obviously not a bandwidth (DoS or
limitation) issue. It appears the party line is that the site was
affected by a "SQL Injection" attack. Whether this was done via the
open and non-firewalled MySQL port on the single linux server, or via
poor form validation, we'll never know (if it was done at all).
Regardless, there is no reason the database can't be cleaned up,
restored or otherwise fixed, in 18 hours, as Matt Stoller points out.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.