Miscellaneous news items that don't warrant their own thread

[Ibanez]

A colleague of mine is at DEFCON and told me about this.

https://www.axios.com/def-con-las-vegas ... 9ec40.html

At this year's DEF CON, a cybersecurity conference in Las Vegas this week, children between 8 and 16 years old will race to hack state elections websites with voter registrations — or, at least, a fairly good replica thereof.

Why it matters: The testing systems replicate vulnerabilities used to hack the real websites across the country.

•"Unfortunately, we're at a place where tampering with elections could be child's play," said Nico Sell, founder of DEF CON's "r00tz" children's program.

The intrigue: At last year's DEF CON, hackers given access to a variety of voting machines took less than five minutes to figure out how to hack them. State websites are obviously different but the recent vulnerabilities used by hackers are less complicated.

[Baldy]

A colleague of mine is at DEFCON and told me about this.

https://www.axios.com/def-con-las-vegas ... 9ec40.html

At this year's DEF CON, a cybersecurity conference in Las Vegas this week, children between 8 and 16 years old will race to hack state elections websites with voter registrations — or, at least, a fairly good replica thereof.

Why it matters: The testing systems replicate vulnerabilities used to hack the real websites across the country.

•"Unfortunately, we're at a place where tampering with elections could be child's play," said Nico Sell, founder of DEF CON's "r00tz" children's program.

The intrigue: At last year's DEF CON, hackers given access to a variety of voting machines took less than five minutes to figure out how to hack them. State websites are obviously different but the recent vulnerabilities used by hackers are less complicated.

Georgia has some of the oldest voting machines in the country...they run off freaking Windows 2000. Those machines don't even see a network, but the people at DEFCON will fail to say anything about that.

[Ibanez]

A colleague of mine is at DEFCON and told me about this.

https://www.axios.com/def-con-las-vegas ... 9ec40.html

Georgia has some of the oldest voting machines in the country...they run off freaking Windows 2000. Those machines don't even see a network, but the people at DEFCON will fail to say anything about that.

So? It's a computer program. Computers and their OS are vulnerable to viruses and malware. You don't need the internet to directly hack a machine. It's been proven that anyone with skill can walk into the a ballot box, use a cartridge which will send malware and implant a device that allows an attacker to have remote control of that machine - and send that malware to other machines. Thinking you need the internet to hack is naive.

1) Being on network isn't the point. You can still hack it, albeit it would have to be done locally. In fact, most voting machines aren't connected to the internet. That doesn't mean someone can install malware on one and disseminate it to the rest.

2) Those cards or cartridges that get put into the voting machine before you cast your ballot, they have files on them which are inputted at a different facility - most likely a computer with internet access.

There have been plenty of cases in the past 20 years of people hacking into voting machines, changing tabulations and not leaving any trace they were there.

Besides, Georgia uses the AccuVote TS and OS which is easily hackable. Don't think for a second you're safe just because you aren't networked to other machines or the internet.


http://www.foxnews.com/tech/2011/09/30/ ... or-26.html


Besides - are you upset that cyber security professionals, developers, CISO, etc... at DEF CON are concerned about a known vulnerability?

[Baldy]

Georgia has some of the oldest voting machines in the country...they run off freaking Windows 2000. Those machines don't even see a network, but the people at DEFCON will fail to say anything about that.

So? It's a computer program. Computers and their OS are vulnerable to viruses and malware. You don't need the internet to directly hack a machine. It's been proven that anyone with skill can walk into the a ballot box, use a cartridge which will send malware and implant a device that allows an attacker to have remote control of that machine - and send that malware to other machines. Thinking you need the internet to hack is naive.

1) Being on network isn't the point. You can still hack it, albeit it would have to be done locally. In fact, most voting machines aren't connected to the internet. That doesn't mean someone can install malware on one and disseminate it to the rest.

2) Those cards or cartridges that get put into the voting machine before you cast your ballot, they have files on them which are inputted at a different facility - most likely a computer with internet access.

There have been plenty of cases in the past 20 years of people hacking into voting machines, changing tabulations and not leaving any trace they were there.

Besides, Georgia uses the AccuVote TS and OS which is easily hackable. Don't think for a second you're safe just because you aren't networked to other machines or the internet.


http://www.foxnews.com/tech/2011/09/30/ ... or-26.html


Besides - are you upset that cyber security professionals, developers, CISO, etc... at DEF CON are concerned about a known vulnerability?

Anything can be hacked. Nobody is arguing that it can't. Georgia knows that these machines are long past their useful life, but they have installed several layers of security that makes it almost impossible to manipulate votes. Doing so would take a monumental conspiracy of moon landing proportions.

Georgia's machines uses the same type of card as your credit card with a chip. All cards are programmed before they leave Atlanta and sent to the polling places...(hand delivered by armed POST certified agents BTW). The software on the cards, in the machines, and on the poll book is proprietary software. To reprogram those cards, a poll worker would have to have the hardware and the know how to alter the cards. If someone did reprogram the card, the second it is inserted into the machine and the machine reads anything other than what was programmed on the card from the "factory" the machine shuts itself down. There is also another layer of security when the machines are returned to Atlanta.

It isn't foolproof nor is it perfect, but these hackers at these silly conventions work in ideal situations. They sit down at a table, take a voting machine, hook it up to a laptop, and start hacking away for an average of 90 minutes or so. You, and they may have a point if the actual process of voting was similar. Call me crazy, but when I go vote I don't believe I'll be able to take one of these machines sit down at a table and hook a computer up to it without someone noticing and escorting my ass out of the building.

[Ibanez]

So? It's a computer program. Computers and their OS are vulnerable to viruses and malware. You don't need the internet to directly hack a machine. It's been proven that anyone with skill can walk into the a ballot box, use a cartridge which will send malware and implant a device that allows an attacker to have remote control of that machine - and send that malware to other machines. Thinking you need the internet to hack is naive.

1) Being on network isn't the point. You can still hack it, albeit it would have to be done locally. In fact, most voting machines aren't connected to the internet. That doesn't mean someone can install malware on one and disseminate it to the rest.

2) Those cards or cartridges that get put into the voting machine before you cast your ballot, they have files on them which are inputted at a different facility - most likely a computer with internet access.

There have been plenty of cases in the past 20 years of people hacking into voting machines, changing tabulations and not leaving any trace they were there.

Besides, Georgia uses the AccuVote TS and OS which is easily hackable. Don't think for a second you're safe just because you aren't networked to other machines or the internet.


http://www.foxnews.com/tech/2011/09/30/ ... or-26.html


Besides - are you upset that cyber security professionals, developers, CISO, etc... at DEF CON are concerned about a known vulnerability?

Anything can be hacked. Nobody is arguing that it can't. Georgia knows that these machines are long past their useful life, but they have installed several layers of security that makes it almost impossible to manipulate votes. Doing so would take a monumental conspiracy of moon landing proportions.

Georgia's machines uses the same type of card as your credit card with a chip. All cards are programmed before they leave Atlanta and sent to the polling places...(hand delivered by armed POST certified agents BTW). The software on the cards, in the machines, and on the poll book is proprietary software. To reprogram those cards, a poll worker would have to have the hardware and the know how to alter the cards. If someone did reprogram the card, the second it is inserted into the machine and the machine reads anything other than what was programmed on the card from the "factory" the machine shuts itself down. There is also another layer of security when the machines are returned to Atlanta.

It isn't foolproof nor is it perfect, but these hackers at these silly conventions work in ideal situations. They sit down at a table, take a voting machine, hook it up to a laptop, and start hacking away for an average of 90 minutes or so. You, and they may have a point if the actual process of voting was similar. Call me crazy, but when I go vote I don't believe I'll be able to take one of these machines sit down at a table and hook a computer up to it without someone noticing and escorting my ass out of the building.

Well, hacking in conditions that aren't real world is one thing. But it's been proven that anyone can walk into a booth and hack it. That's a reality. I get there are several layers. WE have several layers at the Bank but guess what...we still get hacked by "primitive" measures.

[Pwns]

How exactly are you going to get a physical connection to the computers? Those old computers don't support wireless communications. It would take an inside job to do any real vote rigging.

[Ibanez]

How exactly are you going to get a physical connection to the computers? Those old computers don't support wireless communications. It would take an inside job to do any real vote rigging.

SOme voting systems are networked. So all you have to do is infect one and the virus will travel.

[Col Hogan]

How exactly are you going to get a physical connection to the computers? Those old computers don't support wireless communications. It would take an inside job to do any real vote rigging.

SOme voting systems are networked. So all you have to do is infect one and the virus will travel.

Which systems are networked??? Honest question...

[89Hen]

SOme voting systems are networked. So all you have to do is infect one and the virus will travel.

Which systems are networked??? Honest question...

The Colonel hatching a plan.

[Ibanez]

SOme voting systems are networked. So all you have to do is infect one and the virus will travel.

Which systems are networked??? Honest question...

Honest question - do you know what a network is?

To answer your question, there are public network DRE voting systems which have internet connections. I know the EU uses them.

I think you might have missed where I said most voting booths aren't connected to the Internet and many aren't connected to one another. But some are.

https://freedom-to-tinker.com/2016/09/2 ... -internet/

THere's a chart at that link that shows the methods of hacking for many types of commonly used voting systems.

[Baldy]

Anything can be hacked. Nobody is arguing that it can't. Georgia knows that these machines are long past their useful life, but they have installed several layers of security that makes it almost impossible to manipulate votes. Doing so would take a monumental conspiracy of moon landing proportions.

Georgia's machines uses the same type of card as your credit card with a chip. All cards are programmed before they leave Atlanta and sent to the polling places...(hand delivered by armed POST certified agents BTW). The software on the cards, in the machines, and on the poll book is proprietary software. To reprogram those cards, a poll worker would have to have the hardware and the know how to alter the cards. If someone did reprogram the card, the second it is inserted into the machine and the machine reads anything other than what was programmed on the card from the "factory" the machine shuts itself down. There is also another layer of security when the machines are returned to Atlanta.

It isn't foolproof nor is it perfect, but these hackers at these silly conventions work in ideal situations. They sit down at a table, take a voting machine, hook it up to a laptop, and start hacking away for an average of 90 minutes or so. You, and they may have a point if the actual process of voting was similar. Call me crazy, but when I go vote I don't believe I'll be able to take one of these machines sit down at a table and hook a computer up to it without someone noticing and escorting my ass out of the building.

Well, hacking in conditions that aren't real world is one thing. But it's been proven that anyone can walk into a booth and hack it. That's a reality. I get there are several layers. WE have several layers at the Bank but guess what...we still get hacked by "primitive" measures.

It's not like these machines are in a closed booth with a curtain. You have to stand there in the open when you vote, and the average person votes in 2 minutes or less. Maybe they can hack a generic system with generic software in that amount of time, but they can't hack one of Georgia's machines that easily. The Trip type #resist nutjobs think the rigging of elections is rampant in GA and it's some some sort of conspiracy deep inside the offices of the Secretary of State.

[Ibanez]

Well, hacking in conditions that aren't real world is one thing. But it's been proven that anyone can walk into a booth and hack it. That's a reality. I get there are several layers. WE have several layers at the Bank but guess what...we still get hacked by "primitive" measures.

It's not like these machines are in a closed booth with a curtain. You have to stand there in the open when you vote, and the average person votes in 2 minutes or less. Maybe they can hack a generic system with generic software in that amount of time, but they can't hack one of Georgia's machines that easily. The Trip type #resist nutjobs think the rigging of elections is rampant in GA and it's some some sort of conspiracy deep inside the offices of the Secretary of State.

In SC a curtain gets closed around you. I don't think ballot tampering is rampant. In fact, many of the vases where people htought there was something fishy going, witnessed glitches in the software which weren't malicious.

Btw, ESS has been caught having remote access software installed on all their machines.


You guys are getting fussy over me saying the potential is there. It's like you don't understand probable vs possible. Those are two different conversations.

[Pwns]

How exactly are you going to get a physical connection to the computers? Those old computers don't support wireless communications. It would take an inside job to do any real vote rigging.

SOme voting systems are networked. So all you have to do is infect one and the virus will travel.

That's true, but you have to get them into one of the computers in the first place, and I don't see how anyone could possibly do it remotely. It would probably be easier to light a match and burn paper ballots than it would be from someone to infect these computers.

[Ibanez]

Well, hacking in conditions that aren't real world is one thing. But it's been proven that anyone can walk into a booth and hack it. That's a reality. I get there are several layers. WE have several layers at the Bank but guess what...we still get hacked by "primitive" measures.

It's not like these machines are in a closed booth with a curtain. You have to stand there in the open when you vote, and the average person votes in 2 minutes or less. Maybe they can hack a generic system with generic software in that amount of time, but they can't hack one of Georgia's machines that easily. The Trip type #resist nutjobs think the rigging of elections is rampant in GA and it's some some sort of conspiracy deep inside the offices of the Secretary of State.

I'll say that Georgia, SC, Delaware and one other state us the same type of system that is one of the easiest to hack - according to what i've read.


My sister in law's, mother in law works for a company that sells these machines. I see her a few times a year. I'll have to ask her about all this. I don't recall the company. I think "Vote" is in the name.

[Ibanez]

SOme voting systems are networked. So all you have to do is infect one and the virus will travel.

That's true, but you have to get them into one of the computers in the first place, and I don't see how anyone could possibly do it remotely. It would probably be easier to light a match and burn paper ballots than it would be from someone to infect these computers.

This is the Probable vs Possible I mentioned. Anyone with a pre-programmed key card or something can quickly do it. It's all flash memory, for the most part. The poll worker spends maybe 5-10 seconds putting the cartridge in, letting it download and then removing it before I can vote.

But you would need a monumental effort to affect enough machines to alter any outcome of a national contest, IMO.

[dbackjon]

A colleague of mine is at DEFCON and told me about this.

https://www.axios.com/def-con-las-vegas ... 9ec40.html

Georgia has some of the oldest voting machines in the country...they run off freaking Windows 2000. Those machines don't even see a network, but the people at DEFCON will fail to say anything about that.

https://arstechnica.com/tech-policy/201 ... -precinct/

Georgia defends voting system despite 243-percent turnout in one precinct
A federal lawsuit alleges significant problems with voting in the Peach state.

But if any state is a poster child for terrible election practices, it is surely Georgia. Bold claims demand bold evidence, and unfortunately there's plenty; on Monday, McClatchy reported a string of irregularities from the state's primary election in May, including one precinct with a 243-percent turnout.

McClatchy's data comes from a federal lawsuit filed against the state. In addition to the problem in Habersham County's Mud Creek precinct, where it appeared that 276 registered voters managed to cast 670 ballots, the piece describes numerous other issues with both voter registration and electronic voting machines. (In fact it was later corrected to show 3,704 registered voters in the precinct.)

Multiple sworn statements from voters describe how they turned up at their polling stations only to be turned away or directed to other precincts. Even more statements allege incorrect ballots, frozen voting machines, and other issues.


We've looked at poor voting security in the state previously. In 2017, a report by a Georgian security researcher revealed a shocking lack of security throughout the state's voting system. Later that year, we discovered that servers that were thought to be key evidence for the same federal lawsuit that has led to this week's news were wiped, then repeatedly degaussed.

[dbackjon]

How exactly are you going to get a physical connection to the computers? Those old computers don't support wireless communications. It would take an inside job to do any real vote rigging.

Unless you are hacked into the vote COUNTING machines...

[89Hen]

FFS people...

phpBB [video]

http://www.foxnews.com/food-drink/2018/ ... endos.html

The tongue-in-cheek commercial seems par for the course for the brand — which has also caught some flak for its stoner-geared Munchies Meals ads. However, many viewers feel the ad is tone-deaf in today’s #MeToo environment.

[∞∞∞]

https://arstechnica.com/tech-policy/201 ... -precinct/

Georgia defends voting system despite 243-percent turnout in one precinct
A federal lawsuit alleges significant problems with voting in the Peach state.

But if any state is a poster child for terrible election practices, it is surely Georgia. Bold claims demand bold evidence, and unfortunately there's plenty; on Monday, McClatchy reported a string of irregularities from the state's primary election in May, including one precinct with a 243-percent turnout.

McClatchy's data comes from a federal lawsuit filed against the state. In addition to the problem in Habersham County's Mud Creek precinct, where it appeared that 276 registered voters managed to cast 670 ballots, the piece describes numerous other issues with both voter registration and electronic voting machines. (In fact it was later corrected to show 3,704 registered voters in the precinct.)

Multiple sworn statements from voters describe how they turned up at their polling stations only to be turned away or directed to other precincts. Even more statements allege incorrect ballots, frozen voting machines, and other issues.


We've looked at poor voting security in the state previously. In 2017, a report by a Georgian security researcher revealed a shocking lack of security throughout the state's voting system. Later that year, we discovered that servers that were thought to be key evidence for the same federal lawsuit that has led to this week's news were wiped, then repeatedly degaussed.

Yes, but Hillary brought in 3,000,000 illegals to vote for her. Only in the shoo-in states though and not somewhere useful like Michigan or Wisconsin.

Also, isn't Georgia the state where they destroyed all their election data despite a court order not to?

Sounds like we need to bring in UN election observers for Georgia.

[dbackjon]

https://arstechnica.com/tech-policy/201 ... -precinct/

Georgia defends voting system despite 243-percent turnout in one precinct
A federal lawsuit alleges significant problems with voting in the Peach state.

But if any state is a poster child for terrible election practices, it is surely Georgia. Bold claims demand bold evidence, and unfortunately there's plenty; on Monday, McClatchy reported a string of irregularities from the state's primary election in May, including one precinct with a 243-percent turnout.

McClatchy's data comes from a federal lawsuit filed against the state. In addition to the problem in Habersham County's Mud Creek precinct, where it appeared that 276 registered voters managed to cast 670 ballots, the piece describes numerous other issues with both voter registration and electronic voting machines. (In fact it was later corrected to show 3,704 registered voters in the precinct.)

Multiple sworn statements from voters describe how they turned up at their polling stations only to be turned away or directed to other precincts. Even more statements allege incorrect ballots, frozen voting machines, and other issues.


We've looked at poor voting security in the state previously. In 2017, a report by a Georgian security researcher revealed a shocking lack of security throughout the state's voting system. Later that year, we discovered that servers that were thought to be key evidence for the same federal lawsuit that has led to this week's news were wiped, then repeatedly degaussed.

Yes, but Hillary brought in 3,000,000 illegals to vote for her. Only in the shoo-in states though and not somewhere useful like Michigan or Wisconsin.

Also, isn't Georgia the state where they destroyed all their election data despite a court order not to?

Sounds like we need to bring in UN election observers for Georgia.

Yes - no paper back up in Georgia

[Baldy]

Georgia has some of the oldest voting machines in the country...they run off freaking Windows 2000. Those machines don't even see a network, but the people at DEFCON will fail to say anything about that.

https://arstechnica.com/tech-policy/201 ... -precinct/

Georgia defends voting system despite 243-percent turnout in one precinct
A federal lawsuit alleges significant problems with voting in the Peach state.

But if any state is a poster child for terrible election practices, it is surely Georgia. Bold claims demand bold evidence, and unfortunately there's plenty; on Monday, McClatchy reported a string of irregularities from the state's primary election in May, including one precinct with a 243-percent turnout.

McClatchy's data comes from a federal lawsuit filed against the state. In addition to the problem in Habersham County's Mud Creek precinct, where it appeared that 276 registered voters managed to cast 670 ballots, the piece describes numerous other issues with both voter registration and electronic voting machines. (In fact it was later corrected to show 3,704 registered voters in the precinct.)

Multiple sworn statements from voters describe how they turned up at their polling stations only to be turned away or directed to other precincts. Even more statements allege incorrect ballots, frozen voting machines, and other issues.


We've looked at poor voting security in the state previously. In 2017, a report by a Georgian security researcher revealed a shocking lack of security throughout the state's voting system. Later that year, we discovered that servers that were thought to be key evidence for the same federal lawsuit that has led to this week's news were wiped, then repeatedly degaussed.

There was not a peep uttered about this by the Leftists in 2008 and 2012 when the same thing happened in Michigan, Colorado, and Ohio. I wonder why?

What happened in GA was a clerical error that was easily fixed. Nobody knows what happened in those other states. Counties are charged with the responsibility for deciding the precincts where voters are supposed to vote.

Election servers were wiped AFTER they were returned by cleared by the FBI. Besides, those servers aren't even owned, housed, operated, maintained, or even controlled by the Secretary of State's office.

[Baldy]

Yes, but Hillary brought in 3,000,000 illegals to vote for her. Only in the shoo-in states though and not somewhere useful like Michigan or Wisconsin.

Also, isn't Georgia the state where they destroyed all their election data despite a court order not to?

Sounds like we need to bring in UN election observers for Georgia.

Yes - no paper back up in Georgia

Wrong again.

[∞∞∞]

Yes - no paper back up in Georgia

So I'm reading about Georgia's elections:

-Widespread reports of polling locations being changed at the last minute in the 2016 election, prominently in African-American communities (surprise!).
-One of five paperless states (NJ, Delaware, Louisiana, South Carolina, Georgia).
-Destroyed statewide election data despite a COURT order.
-More people voting in a rural district than registered there.
-State has funds to replace voting machines for 2018 election, but declines to do so until 2020.
-Only paperless state to decline Federal security for elections.

Yeah, nothing weird is going on there.

[dbackjon]

Yes - no paper back up in Georgia

Wrong again.

No, you are wrong.

[Baldy]

Yes - no paper back up in Georgia

So I'm reading about Georgia's elections:

-Widespread reports of polling locations being changed at the last minute in the 2016 election, prominently in African-American communities (surprise!).
-One of five paperless states (NJ, Delaware, Louisiana, South Carolina, Georgia).
-Destroyed statewide election data despite a COURT order.
-More people voting in a rural district than registered there.
-State has funds to replace voting machines for 2018 election, but declines to do so until 2020.
-Only paperless state to decline Federal security for elections.

Yeah, nothing weird is going on there.

...and virtually nothing in your little list is true.