[Dailydave] Voting Village at Defcon
Chris Eng
ceng at Veracode.com
Thu Aug 23 18:12:15 UTC 2018
What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly perform the same function as the real sites, but otherwise do not share common code/technology and are essentially known sacrificial sites with security bugs intentionally placed in them?
We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this:
“These websites are so easy to hack we couldn’t give them to adult hackers — they’d be laughed off the stage,” said Jake Braun, a former White House liaison for the Department of Homeland Security.
Is he talking about the replicas and got quoted out of context? Or is he playing up the insecurity of the actual sites – without evidence – for a good sound bite? I know my guess.
Again why put these “replica websites” in the village to begin with when the reporting is inevitably going to be alarmist and needs to be walked back?
Last year we saw similar headlines about voting machines, wherein “hacked” turned out to mean someone ran a Nessus scan and they weren’t fully patched.
From: Dailydave <dailydave-bounces at lists.immunityinc.com> On Behalf Of Kevin T. Neely
Sent: Thursday, August 16, 2018 12:48 PM
To: dave.aitel at gmail.com
Cc: dailydave at lists.immunityinc.com
Subject: Re: [Dailydave] Voting Village at Defcon
Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According to the village's Twitter account, she changed the vote tallys from a replica of the site. https://twitter.com/VotingVillageDC<https://twitter.com/VotingVillageDC> It would be nice if the media reported on the recommendations that come from the findings, but we all know that's not how the media operates.
K
On Mon, Aug 13, 2018 at 12:34 PM Dave Aitel <dave.aitel at gmail.com<mailto:dave.aitel at gmail.com>> wrote:
https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/<https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/>
So I don't know a ton about the details of voting machines, but I'm pretty sure what happened at the DEFCON voting village is not being represented at all accurately in the media, and I'm curious why nobody in the community is pushing back on it, specifically I think we have a duty not to be used as a bludgeon in various uncouth political wars.
I don't think an 11yo hacked into anything close to a replica of the Florida Election site. I think they followed a script to hit up a sample vulnerable web page with SQLi.
Does anyone have more information on what exactly went down?
-dave
_______________________________________________
Dailydave mailing list
Dailydave at lists.immunityinc.com<mailto:Dailydave at lists.immunityinc.com>
https://lists.immunityinc.com/mailman/listinfo/dailydave<https://lists.immunityinc.com/mailman/listinfo/dailydave>
--
In Vino Veritas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20180823/6926d19e/attachment.html>
More information about the Dailydave
mailing list