Announcement

Collapse
No announcement yet.

How hackers will rule the World

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How hackers will rule the World

    In a recent study of the new internet based voting system being tested in DC "white hat" hackers found serious security flaws within 36 hours...

    "Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots," Halderman wrote on his blog.

    Along the way, Halderman's team "collected crucial secret data stored on the server," "modified all the ballots that had already been cast to contain write-in votes for candidates we selected," "installed a back door that let us view any ballots that voters cast after our attack," and -- best of all -- "left a 'calling card' on the system's confirmation screen, which voters see after voting."

    [...]

    Testifying before the D.C. Board of Ethics and Elections -- in a virtually empty room, according to news reports -- Halderman dropped this bomb: "While we were in control of these systems we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded."
    Hmm... a four letter master password?!?

    (They shouldn't be even be using passwords for something like this.)

    In related stories, reports of voting machine problems during early voting 2010:

    Voters Complain Of Problems At Polls
    Voter Joyce Ferrara said when they went to vote for Republican Sharron Angle, her Democratic opponent, Sen. Harry Reid's name was already checked.
    Voter reports problem with ballot machine
    Sam Laughinghouse of New Bern said he pushed the button to vote Republican in all races, but the voting machine screen displayed a ballot with all Democrats checked. He cleared the screen and tried again with the same result, he said. Then he asked for and received help from election staff.

    “They pushed it twice and the same thing happened,” Laughinghouse said. “That was four times in a row. The fifth time they pushed it and the Republicans came up and I voted.”
    Hmm... our new hacker overlords must be democrats.
    "If there is one thing I am, it's always right." -Ted Nugent.
    "I honestly believe saying someone is a smart lawyer is damning with faint praise. The smartest people become engineers and scientists." -SU.
    "Yet I still see wisdom in that which Uncle Ted posts." -creek.
    GIVE 'EM HELL, BRIGHAM!

  • #2
    Originally posted by Ted Nugent View Post
    Hmm... a four letter master password?!?

    (They shouldn't be even be using passwords for something like this.)
    That's funny. I would bet money it was "vote".
    "There is no creature more arrogant than a self-righteous libertarian on the web, am I right? Those folks are just intolerable."
    "It's no secret that the great American pastime is no longer baseball. Now it's sanctimony." -- Guy Periwinkle, The Nix.
    "Juilliardk N I ibuprofen Hyu I U unhurt u" - creekster

    Comment


    • #3
      Originally posted by Jeff Lebowski View Post
      That's funny. I would bet money it was "vote".
      My vote is on "root".

      Comment


      • #4
        Sy Hersh on our cyber war with China.

        Comment


        • #5
          I wonder if CougarBoard has changed their view of electronic voting machines now that Dems are in power? I remember posting about how bad I thought they were in 2004 and told that I was an idiot who believed any liberal propaganda.
          Get confident, stupid
          -landpoke

          Comment


          • #6
            Originally posted by HuskyFreeNorthwest View Post
            I wonder if CougarBoard has changed their view of electronic voting machines now that Dems are in power? I remember posting about how bad I thought they were in 2004 and told that I was an idiot who believed any liberal propaganda.
            Get over yourself. Nobody else remembers you posting that.

            Comment


            • #7
              Originally posted by YOhio View Post
              Get over yourself. Nobody else remembers you posting that.
              That hurt my feelings. I hope you are happy.
              Get confident, stupid
              -landpoke

              Comment


              • #8
                Hackers just bring surveillance and security down on the rest of us.
                We all trust our own unorthodoxies.

                Comment


                • #9
                  A friend of mine took a picture of these voting machines sitting in the lobby of his office building in UC...



                  ...overnight.

                  I suggested that maybe he should install pacman on them.
                  "If there is one thing I am, it's always right." -Ted Nugent.
                  "I honestly believe saying someone is a smart lawyer is damning with faint praise. The smartest people become engineers and scientists." -SU.
                  "Yet I still see wisdom in that which Uncle Ted posts." -creek.
                  GIVE 'EM HELL, BRIGHAM!

                  Comment


                  • #10
                    Utah Utes funding cyber terrorism.

                    Comment


                    • #11
                      Originally posted by YOhio View Post
                      LOL... Utes got pwned.
                      "If there is one thing I am, it's always right." -Ted Nugent.
                      "I honestly believe saying someone is a smart lawyer is damning with faint praise. The smartest people become engineers and scientists." -SU.
                      "Yet I still see wisdom in that which Uncle Ted posts." -creek.
                      GIVE 'EM HELL, BRIGHAM!

                      Comment


                      • #12
                        Originally posted by YOhio View Post
                        This quote reminds me of when people say that tithing money doesn't pay for sports at BYU.

                        "The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder," the U. wrote. "No tuition, grant, donation, state or taxpayer funds were used to pay the ransom."
                        Also, interesting how precise the ransom was

                        The university paid $457,059.24 to prevent the release.
                        I assume the amount was probably paid in bitcoins and they are just translating it into dollars. Still, that's a lot of money to lose and it sounds like Utah has some really bad IT security people working there. At work we get drilled on IT security, phishing, etc. to the point that I'm afraid to open almost any external email but there have been a lot fo companies recently hit by ransomware. Garmin was the latest I know of and I think they were able to restore everything without paying the ransom, but their systems were offline for a couple days and caused some havoc in the endurance athlete community.
                        "Discipleship is not a spectator sport. We cannot expect to experience the blessing of faith by standing inactive on the sidelines any more than we can experience the benefits of health by sitting on a sofa watching sporting events on television and giving advice to the athletes. And yet for some, “spectator discipleship” is a preferred if not primary way of worshipping." -Pres. Uchtdorf

                        Comment


                        • #13
                          Originally posted by Moliere View Post
                          Garmin was the latest I know of and I think they were able to restore everything without paying the ransom, but their systems were offline for a couple days and caused some havoc in the endurance athlete community.
                          Garmin hasn’t publicly stated, but it is widely believed they did pay $10 million in ransom.

                          https://www.cshub.com/attacks/articl...ystems-useless

                          Comment


                          • #14
                            Originally posted by chrisrenrut View Post
                            Garmin hasn’t publicly stated, but it is widely believed they did pay $10 million in ransom.

                            https://www.cshub.com/attacks/articl...ystems-useless
                            Interesting. I was thinking they restored their systems and got around paying the ransom.


                            Sent from my iPhone using Tapatalk
                            "Discipleship is not a spectator sport. We cannot expect to experience the blessing of faith by standing inactive on the sidelines any more than we can experience the benefits of health by sitting on a sofa watching sporting events on television and giving advice to the athletes. And yet for some, “spectator discipleship” is a preferred if not primary way of worshipping." -Pres. Uchtdorf

                            Comment


                            • #15
                              Originally posted by Moliere View Post
                              Interesting. I was thinking they restored their systems and got around paying the ransom.


                              Sent from my iPhone using Tapatalk
                              We've been hit twice by ransomware. The first time we restored the system from backup. The second time we told the hackers that was our plan and they cut the price to $7k. So we paid it as it takes 2-3 days to do a restore.

                              Comment

                              Working...
                              X