Re: Voting Village at Defcon

[Dave Aitel <dave.aitel () gmail com>]

https://www.propublica.org/article/defcon-teen-did-not-hack-a-state-election

The whole thing was a sham. I know darktangent is on this list. Something
to think about for next year ...

-dave

On Thu, Aug 23, 2018, 2:12 PM Chris Eng <ceng () veracode com> wrote:

> What even is the point of setting up “replica websites” that are only
> replicas in the sense that they ostensibly perform the same function as the
> real sites, but otherwise do not share common code/technology and are
> essentially known sacrificial sites with security bugs intentionally placed
> in them?
>
>
>
> We know how much of the media operates.  Did this coverage surprise
> anybody?  Especially with quotes like this:
>
>
>
> “These websites are so easy to hack we couldn’t give them to adult hackers
> — they’d be laughed off the stage,” said Jake Braun, a former White House
> liaison for the Department of Homeland Security.
>
>
>
> Is he talking about the replicas and got quoted out of context?  Or is he
> playing up the insecurity of the actual sites – without evidence – for a
> good sound bite?  I know my guess.
>
>
>
> Again why put these “replica websites” in the village to begin with when
> the reporting is inevitably going to be alarmist and needs to be walked
> back?
>
>
>
> Last year we saw similar headlines about voting machines, wherein “hacked”
> turned out to mean someone ran a Nessus scan and they weren’t fully patched.
>
>
>
>
>
>
>
> *From:* Dailydave <dailydave-bounces () lists immunityinc com> *On Behalf Of
> *Kevin T. Neely
> *Sent:* Thursday, August 16, 2018 12:48 PM
> *To:* dave.aitel () gmail com
> *Cc:* dailydave () lists immunityinc com
> *Subject:* Re: [Dailydave] Voting Village at Defcon
>
>
>
> Sure, it's SQLi, but I'm not sure why you'd minimize her effort.
> According to the village's Twitter account, she changed the vote tallys
> from a replica of the site.  https://twitter.com/VotingVillageDC  It
> would be nice if the media reported on the recommendations that come from
> the findings, but we all know that's not how the media operates.
>
>
>
> K
>
>
>
> On Mon, Aug 13, 2018 at 12:34 PM Dave Aitel <dave.aitel () gmail com> wrote:
>
>
> https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/
>
>
>
> So I don't know a ton about the details of voting machines, but I'm pretty
> sure what happened at the DEFCON voting village is not being represented at
> all accurately in the media, and I'm curious why nobody in the community is
> pushing back on it, specifically I think we have a duty not to be used as a
> bludgeon in various uncouth political wars.
>
>
>
> I don't think an 11yo hacked into anything close to a replica of the
> Florida Election site. I think they followed a script to hit up a sample
> vulnerable web page with SQLi.
>
>
>
> Does anyone have more information on what exactly went down?
>
> -dave
>
>
>
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
>
> --
>
> In Vino Veritas
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave