11 Year Old At DefCon "Hacking Conv." Changed Florida Election Results In A Replical Web. 10 Mins

It’s going to sound super weird, but I’m Army SF. I moonlight as a cybersecurity engineer (mostly as a pen tester but a few A&A engagements) for a few reasons: army pay sucks, it’s a great field that loved the fact that I have active security clearances and pen tests normally happen off normal business hours, it’s a good field to get some experience in so I can easily transition when I retire, and because it’s just plain cool :) You?


Nerds.


I kid. I only said that because you might have well been speaking German. :)
 
It’s going to sound super weird, but I’m Army SF. I moonlight as a cybersecurity engineer (mostly as a pen tester but a few A&A engagements) for a few reasons: army pay sucks, it’s a great field that loved the fact that I have active security clearances and pen tests normally happen off normal business hours, it’s a good field to get some experience in so I can easily transition when I retire, and because it’s just plain cool :) You?

Ahh right on. I've been a software developer* for a long time, and specifically a game developer for the past 6 years.

Mostly I'm a programmer & manager, but I've done dev-ops, live-ops, some DB management. I've worked for a few startups so I tend to wear whatever hats are necessary.
 
p0wnyb0y-Audrey-1st-2nd-break-in-1200x775.jpg

Hermione be like Haximus Revelio!
 
I think the counter position presented (either by the machine manufacturers or the Florida election board, I don't remember which) is that this didn't mirror the actual scenario in real life. There was something about the kids have unfettered physical access to the machines which is not how it works in reality. I don't know how much of a difference that makes but they assert that it does matter.

That said, I think this is still a significant issue and I'd like to know that more is being done to protect this element of our democracy.

Yeah there are layers and zones to security so if they started off 'inside' so to speak it wouldn't be realistic. It can still reveal flaws though but it may very well be an unrealistic scenario. Devil in the details.
 
Since I live here in Georgia, I'm probably screwed...

https://www.cnn.com/2018/08/14/politics/georgia-brian-kemp-voter-data/index.html

"6 million Georgia voters' records exposed: 'Could have easily been compromised'"

"CNN)Georgia's shotgun-toting, Trump-style Republican candidate for governor Brian Kemp has sought to assure voters that his state's election system is secure and that any allegations to the contrary are "fake news."

But Kemp, who is also the secretary of state in charge of Georgia's elections, is now being accused in a federal lawsuit of failing to secure his state's voting system and allowing a massive breach that exposed voter records and other sensitive election information. "

This is why we need paper ballots also.
 
Since I live here in Georgia, I'm probably screwed...

https://www.cnn.com/2018/08/14/politics/georgia-brian-kemp-voter-data/index.html

"6 million Georgia voters' records exposed: 'Could have easily been compromised'"

"CNN)Georgia's shotgun-toting, Trump-style Republican candidate for governor Brian Kemp has sought to assure voters that his state's election system is secure and that any allegations to the contrary are "fake news."

But Kemp, who is also the secretary of state in charge of Georgia's elections, is now being accused in a federal lawsuit of failing to secure his state's voting system and allowing a massive breach that exposed voter records and other sensitive election information. "

This is why we need paper ballots also.
I'm with you. They gotta get voting machines/tallies offline.

Bring back mechanical machines I guess.
 
The kids growing up with the internet are going to do things we cant understand. Remember trying to explain this shit to our parents?
But Russia is easy for everyone to understand so let's go with that
This generation of kids is actually less tech-savvy than Gen X and older Millennials. Fewer understand the fundamentals of operating systems or more robust, open-source, user-dependent software. This is DEFCON. This isn't reflective of the wider generation.
 
There are web application firewalls and network firewalls, but a firewall isn't really the issue here. If it's SQL injections that are the problem, the thing needed is input sanitization to ensure that SQL statements and queries can't be entered into normal input fields. Take, for example, the fields where you enter your username and password. If not properly coded, you can run SQL commands into these fields, allowing you to see or alter databases that you shouldn't have access to. The problem is with the code itself from the manufacturer, so their developers need to go back through and change the code. Proper security configurations during the Software Development Life Cycle and periodic penetration tests of the system to look for vulnerabilities would have reduced the changes of these vulnerabilities making it to software currently in production.
Pardon me sir, we have stereotypes about out veterans, I'd appreciate it if you would get back in the box society has decided you belong in.
 
Ugh, if this kid was really using SQL injection then whoever coded that website needs to be fired into space from a rail gun. SQL injection was old hat 15 years ago and pretty much every framework and language around has some kind of support for validating forms. This is more of a case of ultra shitty coding than the kid being a genius.

Most likely they gave the contract to some Indian chop shop instead of qualified, experienced professionals then wonder why the shit is full of holes. It amazes me in the modern world how people take the standards of things like buildings and ships so seriously but treat the quality of software as an afterthought.
This is precisely why we should be more proactive in update and sophisticating our digital voting standards if we are going to embrace them.

Russia isn't a joke. That is no longer a matter of controversy. It's "settled science". Thank you, Mueller. I appreciated that some in my government understood that, and took it seriously.
 
Trump would have lost. We still have mostly legit votes.

Who cares who is in government at any given time? The wars continue, the Federal Reserve keeps stealing wealth from the people, and government keeps swallowing the liberties of the people.

What difference does it make who's in office?
 
Invent blockchain voting, get a bunch of VC funding, then bribe your way to the presidency.
 
Back
Top