Looks like voter reg systems targeted; in many places, these may be on same net that provision machines/tally votes. https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/ …
-
-
Replying to @mattblaze @faineg
Not really. Voting machines aren't permanently connected to a network.
2 replies 0 retweets 0 likes -
Replying to @EmilyGorcenski @faineg
They don’t need to be in order to be compromised via the system that provisions and configures them.
1 reply 0 retweets 4 likes -
Replying to @mattblaze @faineg
Right. Though most configuration also done not online.
2 replies 0 retweets 0 likes -
I read every voting machine certification report a while back. The biggest risk is crappy, unreviewed code:https://github.com/Gorcenski/voting-machines …
1 reply 5 retweets 8 likes -
Replying to @EmilyGorcenski @faineg
Perhaps you know more about this than I do. But I will note that I led several of the security reviews of these systems.
1 reply 0 retweets 0 likes -
Replying to @mattblaze @faineg
Oh I don't disagree that it's possible. My "not really" wasn't well communicated :P
1 reply 0 retweets 1 like -
The fact that vendors are shipping cert test builds with line-of-code length violations shows that the eng process is super-fucked.
1 reply 0 retweets 2 likes -
Replying to @EmilyGorcenski @faineg
Absolutely. But holy grail for attacker is the backend. The vulnerabilities in the voting machines are a path to that.
1 reply 1 retweet 1 like
Agreed here. Sorry for miscomm earlier! Meeting and tweeting never works.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.