Re: [Dailydave] Voting Village at Defcon
https://www.propublica.org/article/defcon-teen-did-not-hack-a-state-election The whole thing was a sham. I know darktangent is on this list. Something to think about for next year ... -dave On Thu, Aug 23, 2018, 2:12 PM Chris Eng wrote: > What even is the point of setting up “replica websites” that are only > replicas in the sense that they ostensibly perform the same function as the > real sites, but otherwise do not share common code/technology and are > essentially known sacrificial sites with security bugs intentionally placed > in them? > > > > We know how much of the media operates. Did this coverage surprise > anybody? Especially with quotes like this: > > > > “These websites are so easy to hack we couldn’t give them to adult hackers > — they’d be laughed off the stage,” said Jake Braun, a former White House > liaison for the Department of Homeland Security. > > > > Is he talking about the replicas and got quoted out of context? Or is he > playing up the insecurity of the actual sites – without evidence – for a > good sound bite? I know my guess. > > > > Again why put these “replica websites” in the village to begin with when > the reporting is inevitably going to be alarmist and needs to be walked > back? > > > > Last year we saw similar headlines about voting machines, wherein “hacked” > turned out to mean someone ran a Nessus scan and they weren’t fully patched. > > > > > > > > *From:* Dailydave *On Behalf Of > *Kevin T. Neely > *Sent:* Thursday, August 16, 2018 12:48 PM > *To:* dave.ai...@gmail.com > *Cc:* dailydave@lists.immunityinc.com > *Subject:* Re: [Dailydave] Voting Village at Defcon > > > > Sure, it's SQLi, but I'm not sure why you'd minimize her effort. > According to the village's Twitter account, she changed the vote tallys > from a replica of the site. https://twitter.com/VotingVillageDC It > would be nice if the media reported on the recommendations that come from > the findings, but we all know that's not how the media operates. > > > > K > > > > On Mon, Aug 13, 2018 at 12:34 PM Dave Aitel wrote: > > > https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/ > > > > So I don't know a ton about the details of voting machines, but I'm pretty > sure what happened at the DEFCON voting village is not being represented at > all accurately in the media, and I'm curious why nobody in the community is > pushing back on it, specifically I think we have a duty not to be used as a > bludgeon in various uncouth political wars. > > > > I don't think an 11yo hacked into anything close to a replica of the > Florida Election site. I think they followed a script to hit up a sample > vulnerable web page with SQLi. > > > > Does anyone have more information on what exactly went down? > > -dave > > > > > > > > ___ > Dailydave mailing list > Dailydave@lists.immunityinc.com > https://lists.immunityinc.com/mailman/listinfo/dailydave > > > > -- > > In Vino Veritas > ___ Dailydave mailing list Dailydave@lists.immunityinc.com https://lists.immunityinc.com/mailman/listinfo/dailydave
Re: [Dailydave] Voting Village at Defcon
What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly perform the same function as the real sites, but otherwise do not share common code/technology and are essentially known sacrificial sites with security bugs intentionally placed in them? We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this: “These websites are so easy to hack we couldn’t give them to adult hackers — they’d be laughed off the stage,” said Jake Braun, a former White House liaison for the Department of Homeland Security. Is he talking about the replicas and got quoted out of context? Or is he playing up the insecurity of the actual sites – without evidence – for a good sound bite? I know my guess. Again why put these “replica websites” in the village to begin with when the reporting is inevitably going to be alarmist and needs to be walked back? Last year we saw similar headlines about voting machines, wherein “hacked” turned out to mean someone ran a Nessus scan and they weren’t fully patched. From: Dailydave On Behalf Of Kevin T. Neely Sent: Thursday, August 16, 2018 12:48 PM To: dave.ai...@gmail.com Cc: dailydave@lists.immunityinc.com Subject: Re: [Dailydave] Voting Village at Defcon Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According to the village's Twitter account, she changed the vote tallys from a replica of the site. https://twitter.com/VotingVillageDC<https://twitter.com/VotingVillageDC> It would be nice if the media reported on the recommendations that come from the findings, but we all know that's not how the media operates. K On Mon, Aug 13, 2018 at 12:34 PM Dave Aitel mailto:dave.ai...@gmail.com>> wrote: https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/<https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/> So I don't know a ton about the details of voting machines, but I'm pretty sure what happened at the DEFCON voting village is not being represented at all accurately in the media, and I'm curious why nobody in the community is pushing back on it, specifically I think we have a duty not to be used as a bludgeon in various uncouth political wars. I don't think an 11yo hacked into anything close to a replica of the Florida Election site. I think they followed a script to hit up a sample vulnerable web page with SQLi. Does anyone have more information on what exactly went down? -dave ___ Dailydave mailing list Dailydave@lists.immunityinc.com<mailto:Dailydave@lists.immunityinc.com> https://lists.immunityinc.com/mailman/listinfo/dailydave<https://lists.immunityinc.com/mailman/listinfo/dailydave> -- In Vino Veritas ___ Dailydave mailing list Dailydave@lists.immunityinc.com https://lists.immunityinc.com/mailman/listinfo/dailydave
Re: [Dailydave] Voting Village at Defcon
Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According to the village's Twitter account, she changed the vote tallys from a replica of the site. https://twitter.com/VotingVillageDC It would be nice if the media reported on the recommendations that come from the findings, but we all know that's not how the media operates. K On Mon, Aug 13, 2018 at 12:34 PM Dave Aitel wrote: > > https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/ > > So I don't know a ton about the details of voting machines, but I'm pretty > sure what happened at the DEFCON voting village is not being represented at > all accurately in the media, and I'm curious why nobody in the community is > pushing back on it, specifically I think we have a duty not to be used as a > bludgeon in various uncouth political wars. > > I don't think an 11yo hacked into anything close to a replica of the > Florida Election site. I think they followed a script to hit up a sample > vulnerable web page with SQLi. > > Does anyone have more information on what exactly went down? > -dave > > > > ___ > Dailydave mailing list > Dailydave@lists.immunityinc.com > https://lists.immunityinc.com/mailman/listinfo/dailydave > -- In Vino Veritas ___ Dailydave mailing list Dailydave@lists.immunityinc.com https://lists.immunityinc.com/mailman/listinfo/dailydave