Hackers use XSS flaw to attack Barack Obama's web site

XSS scripting flaws are a common weakness in many websites.  From a web development standpoint, secure designs and programming techniques are essential.  It is always important to keep IE and all other browsers on the latest version and security patches.  This is especially important, as phishing attacks are increasing and may even appear genuine at times.
 
Hackers use XSS flaw to attack Barack Obama's web site
http://blogs.pcmag.com/securitywatch/2008/04/a_hack_we_can_believe_in.php
http://news.netcraft.com/archives/2008/04/21/hacker_redirects_barack_obamas_site_to_hillaryclintoncom.html

QUOTE: A security weakness in Barack Obama's website has been exploited to redirect visitors to Hillary Clinton's website. Visitors who viewed the Community Blogs section of the site were instead presented with Clinton's website as a result of a cross-site scripting vulnerability.

The Obama hack used a cross-site scripting flaw in the site to redirect users from Obama's Community Blogs section to HillaryClinton.com. XSS bugs are getting far more attention lately than they had been in the past, perhaps because they are so widespread. And since the answer to them is good programming practices rather than running some security product, they can be difficult to snuff out.

Good overview of XSS redirect issues
http://en.wikipedia.org/wiki/Cross-site_scripting

QUOTE: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.