Threat Intelligence

How Secure are our Voting Systems for November 2018?

100%
0%

Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.

Learn more about how to defend election security systems by downloading Anomali's whitepaper, Cybersecurity Challenges for State and Local Governments. Join the community by downloading your free STIX/TAXII solution today.

Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
10/22/2018 | 2:02:33 PM
Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
So the biggest falicy is that the reports of failed attacks somehow "Proves" that the election systems are safe.

It does not.

All it proves is that we saw some failed attacks. And if you think about it, if the attacks are successful, they are going to erase their footprints, so how would you know?

So here, we can just borrow from Quality Assurance over the last 50 years. In Quality Control, we know that the number of defects that escape a factory into the field and become customer issues is directly proportional to the number of defects found in the factory. That's why everyone is so concerned about zero defects in the factory.

Applying that to security of the election infrastructure, all these failed attacks are actually proof that the likelihood that there have been successful attacks is increasing. Thus we should not be assured and complacent. This is actually evidence that we need to be more vigilant and figure out what we aren't doing that we aren't catching the attacks that have been succeeding.
briannajones
50%
50%
briannajones,
User Rank: Apprentice
10/30/2018 | 12:51:48 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
i agree
doctor91
50%
50%
doctor91,
User Rank: Apprentice
11/9/2018 | 8:00:11 AM
Re: Lack of Proof is NOT Lack of Attacks -- its proof of a growing problem
De mon coté c'est bien sécurisé
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19270
PUBLISHED: 2018-11-14
In yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7, an out-of-bounds user space access in the read handler of the yurex USB device driver could be used by local attackers to crash the kernel or potentially escalate privileges.
CVE-2018-19271
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SQL Injection via the main.php searchH parameter.
CVE-2018-19277
PUBLISHED: 2018-11-14
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
CVE-2018-19186
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter.
CVE-2018-19187
PUBLISHED: 2018-11-14
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement.