Comments
How Secure are our Voting Systems for November 2018?
Newest First  |  Oldest First  |  Threaded View
EmmaWilliam
50%
50%
EmmaWilliam,
User Rank: Apprentice
1/29/2019 | 12:13:23 PM
Re: Does not inspire confidence.
The overall communication is excellent...
w88betwin
0%
100%
w88betwin,
User Rank: Apprentice
1/23/2019 | 3:51:13 AM
Re: Does not inspire confidence.
Great!

#W88betwin
#W88
#link_w88
#link_vao_w88betwin

instantassignmenthelp
50%
50%
instantassignmenthelp,
User Rank: Apprentice
1/17/2019 | 4:12:43 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
yep
Pm4zv
100%
0%
Pm4zv,
User Rank: Apprentice
1/6/2019 | 8:43:37 PM
Does not inspire confidence.
The guest's mouth was saying "Yes, we're safer," while his visible body language was "Ummm...NOOOOO!!"

I agree.  I think that not only are the electornic voting systems no more secure than they've been for the past decade or two (at the least), but municipalities are woefully under-concerned and, thusly, woefully under-informed about the issues.

Paper ballots are, in my opinion, the answer.
leslielorenzz
50%
50%
leslielorenzz,
User Rank: Apprentice
1/5/2019 | 8:27:48 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
great
dieumoa199608
50%
50%
dieumoa199608,
User Rank: Apprentice
1/2/2019 | 5:36:10 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
i agree
jeffreyredfieldd
50%
50%
jeffreyredfieldd,
User Rank: Apprentice
11/22/2018 | 4:25:49 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
thanks
doctor91
50%
50%
doctor91,
User Rank: Apprentice
11/9/2018 | 8:00:11 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
De mon coté c'est bien sécurisé
briannajones
50%
50%
briannajones,
User Rank: Apprentice
10/30/2018 | 12:51:48 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
i agree
Some Guy
100%
0%
Some Guy,
User Rank: Moderator
10/22/2018 | 2:02:33 PM
Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
So the biggest falicy is that the reports of failed attacks somehow "Proves" that the election systems are safe.

It does not.

All it proves is that we saw some failed attacks. And if you think about it, if the attacks are successful, they are going to erase their footprints, so how would you know?

So here, we can just borrow from Quality Assurance over the last 50 years. In Quality Control, we know that the number of defects that escape a factory into the field and become customer issues is directly proportional to the number of defects found in the factory. That's why everyone is so concerned about zero defects in the factory.

Applying that to security of the election infrastructure, all these failed attacks are actually proof that the likelihood that there have been successful attacks is increasing. Thus we should not be assured and complacent. This is actually evidence that we need to be more vigilant and figure out what we aren't doing that we aren't catching the attacks that have been succeeding.


Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10014
PUBLISHED: 2019-03-24
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
CVE-2019-10015
PUBLISHED: 2019-03-24
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.
CVE-2019-10017
PUBLISHED: 2019-03-24
CMS Made Simple 2.2.10 has XSS via the advanced_search.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
CVE-2019-10010
PUBLISHED: 2019-03-24
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
CVE-2019-9978
PUBLISHED: 2019-03-24
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.