News

Obama Campaign Hopes for Better Web Security

Barack Obama's campaign is looking for a Web security expert to help lock down Obama's official site.

By Robert McMillan, IDG News Service (San Francisco Bureau)

June 16, 2008

Two months after their Web site was hacked, the organizers of Barack Obama's presidential campaign are looking for a network security expert to help lock down their Web site.

"Obama for America is looking for a network security expert who wants to play a key role in a historic political campaign," reads the ad, posted to the Barackobama.com Web site.

The requirements are pretty much what you'd read in any e-commerce security help-wanted ad: VPN (virtual private network) and Unix or Linux experience, along with a "deep understanding" of LAMP (Linux, Apache, MySQL and Perl) development. And of course, the successful candidate must be willing to "respond off-hours to high urgency security situations."

Successful candidates will join Obama's Boston team and should expect to find a new job come November.

Security experts said this is the first time they can remember seeing a Web security job advertised for a political campaign. In fact, Internet security has not always been a priority on political Web sites, according to Paul Ferguson, a network architect with computer security company Trend Micro. "Normally, I don't think they've paid much attention to it," he said.

Obama's Web site, built by Facebook cofounder Chris Hughes, has been the model of Web 2.0 campaigning, using social-networking techniques to raise funds and build a broad base of active, Internet-savvy supporters.

But security experts have long warned that powerful Web site features also open new avenues for attack.

With the Internet driving the majority of the campaign's contributions, Web security is probably more important to Obama than it has been to any other presidential candidate. A Web outage could cost his campaign millions of dollars, and a widely publicized privacy breach could put the brakes on his most important source of cash.

"The Obama campaign has got a bigger bull's-eye on them now that they've stitched up the nomination," Ferguson said. "It's worth their time to be more security conscious."

In April, a programming error allowed a Hillary Clinton supporter to redirect part of Obama's Web site to Clinton's, but today's Web attack techniques could lead to much more serious consequences.

"Attacks like SQL injection would be far more of a concern," said Oliver Friedrichs, a director with Symantec Security Response who has written about computer security and the 2008 presidential election. "If I was able to get access to the database that houses their donor information, that would be very concerning."

So-called SQL injection attacks take advantage of programming errors and allow attackers to get unauthorized access to parts of a Web site. They can be used to install malicious software or gain access to sensitive information.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Ponemon Study: How Much Does a Data Breach "Cost"?

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Data Protection: Challenges for the Traveling User

Envision Identity-Based Access Control for the Datacenter

IT Service Management: Metrics That Matter

Configuration Audit and Control for Virtualized Environments

The PCI Data Security Standard

Configuration Audit and Control for Virtualized Environments

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Take our CSO role survey and receive a copy of the results

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

The Case for Business Software Assurance ~ Securing Your Applications

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Revolutionizing Endpoint Security with a Single Agent

Prepare for (ISC)2® Certification With Villanova - Online

Key strategies for C-level executives and security staff

Configuration Assessment: Choosing the Right Solution

ITCi White Paper: Challenges and Opportunities of PCI

Effective Security with a Continuous Approach to ISO 27001 Compliance

Rolling the dice with your security? Take the Self-Assessment Test now

Digital Identity Protection and Data Security Get Personal

Solving Online Credit Fraud Using Device Reputation

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage