A few days ago someone hacked into the Web site of Sen. Barack Obama. The attacker injected malicious code into the social networking section of the site, to exploit a cross-site scripting vulnerability.

Cross-site scripting, or , is used by sites that allow users to input data. But if the inputted code or links are not properly validated, you could be redirected to another possibly dangerous site. Or the attacker could steal your passwords, seize control of your PC, etc.

In Obama’s case, the attack redirected users to the Web site of rival Sen. Hillary . Someone identified as Mox has confessed to the exploit, which has been patched. This type of attack is often used by identity thieves and phishing scammers.

However, several other similar vulnerabilities have been found, and have not been fixed. Security company Symantec said the U.S. presidential candidates were “clueless” about their Web sites’ security. The campaign did not reply to requests for comment on this story.

That on-again off-again botnet attack against CNN’s Web site was on again earlier this week. It appeared to originate in China, from hackers angered by CNN’s coverage of the unrest in Tibet. claims its site was not knocked off the Internet, but was slowed down somewhat.

Speaking of bots, Microsoft says that its monthly distribution of Windows Defender, or Malicious Software Removal Tool (MSRT) through its update page has finally crushed the Trojan.

In the last four months of 2007, MSRT cleaned more than half a million computers, essentially putting Storm’s controllers out of business. But as Microsoft itself noted, the criminals did not disappear. They are probably working on their next exploit.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here:
= > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!