What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly perform the same function as the real sites, but otherwise do not share common code/technology and are essentially known sacrificial sites with security bugs intentionally placed in them?
We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this: “These websites are so easy to hack we couldn’t give them to adult hackers — they’d be laughed off the stage,” said Jake Braun, a former White House liaison for the Department of Homeland Security. Is he talking about the replicas and got quoted out of context? Or is he playing up the insecurity of the actual sites – without evidence – for a good sound bite? I know my guess. Again why put these “replica websites” in the village to begin with when the reporting is inevitably going to be alarmist and needs to be walked back? Last year we saw similar headlines about voting machines, wherein “hacked” turned out to mean someone ran a Nessus scan and they weren’t fully patched. From: Dailydave <[email protected]> On Behalf Of Kevin T. Neely Sent: Thursday, August 16, 2018 12:48 PM To: [email protected] Cc: [email protected] Subject: Re: [Dailydave] Voting Village at Defcon Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According to the village's Twitter account, she changed the vote tallys from a replica of the site. https://twitter.com/VotingVillageDC<https://twitter.com/VotingVillageDC> It would be nice if the media reported on the recommendations that come from the findings, but we all know that's not how the media operates. K On Mon, Aug 13, 2018 at 12:34 PM Dave Aitel <[email protected]<mailto:[email protected]>> wrote: https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/<https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/> So I don't know a ton about the details of voting machines, but I'm pretty sure what happened at the DEFCON voting village is not being represented at all accurately in the media, and I'm curious why nobody in the community is pushing back on it, specifically I think we have a duty not to be used as a bludgeon in various uncouth political wars. I don't think an 11yo hacked into anything close to a replica of the Florida Election site. I think they followed a script to hit up a sample vulnerable web page with SQLi. Does anyone have more information on what exactly went down? -dave _______________________________________________ Dailydave mailing list [email protected]<mailto:[email protected]> https://lists.immunityinc.com/mailman/listinfo/dailydave<https://lists.immunityinc.com/mailman/listinfo/dailydave> -- In Vino Veritas
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
