funsec mailing list archives
RE: Lieberman Campaign Says Web Site Hacked
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Tue, 8 Aug 2006 17:34:14 -0400
The NY Times has the story also and the Lieberman folks are saying it is a big deal because the campaign has lost access to email: http://tinyurl.com/qfz2w The Web site's malfunction disabled campaign e-mail accounts and hampered communications among field offices and with tens of thousands of supporters, Mr. Lieberman's advisers said. They said high traffic and connections to the campaign Web server overwhelmed its allocated bandwidth, the advisers said. They could not say how great the bandwidth was. Dan Geary, the Internet consultant to the Lieberman campaign, said that the site, Joe2006.com, began coming under attack on Monday morning. "Midmorning yesterday, a very rapid, instant number of server queries to the site - not just traffic to the site - completely disabled our network,'' he said. "It's like trying to drink from a fire hose.'' Richard -----Original Message----- From: Dude VanWinkle [mailto:dudevanwinkle () gmail com] Sent: Tuesday, August 08, 2006 5:10 PM To: Drsolly Cc: Richard M. Smith; funsec () linuxbox org Subject: Re: [funsec] Lieberman Campaign Says Web Site Hacked On 8/8/06, Drsolly <drsollyp () drsolly com> wrote:
"Voters cannot go to our Web site. They cannot access information,"
Smith
said. "It is a deliberate attempt to disenfranchise voters.I feel *so* disenfranchised.
this link was over on FD: http://www.dailykos.com/story/2006/8/8/144119/5628 Quick Update/Summary: The site is setup on a single vulnerable server, with, apparently, no backup plan. At best, completely incompetent. At worst, downright Rovian. But since another site is running fine, on the same server, it's downright bizarre that they couldn't fix Joe's site in the last 18+ hours - it's obviously not a bandwidth (DoS or limitation) issue. It appears the party line is that the site was affected by a "SQL Injection" attack. Whether this was done via the open and non-firewalled MySQL port on the single linux server, or via poor form validation, we'll never know (if it was done at all). Regardless, there is no reason the database can't be cleaned up, restored or otherwise fixed, in 18 hours, as Matt Stoller points out. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Lieberman Campaign Says Web Site Hacked Richard M. Smith (Aug 08)
- Re: Lieberman Campaign Says Web Site Hacked Drsolly (Aug 08)
- Re: Lieberman Campaign Says Web Site Hacked Dude VanWinkle (Aug 08)
- RE: Lieberman Campaign Says Web Site Hacked Richard M. Smith (Aug 08)
- Message not available
- Re: [privacy] Lieberman Campaign Says Web Site Hacked Dude VanWinkle (Aug 09)
- Re: Lieberman Campaign Says Web Site Hacked Dude VanWinkle (Aug 08)
- RE: Lieberman Campaign Says Web Site Hacked Richard M. Smith (Aug 08)
- Re: Lieberman Campaign Says Web Site Hacked Drsolly (Aug 08)