Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
United States Security Politics

US House Candidates Vulnerable To Hacks, Researchers Say (reuters.com) 35

Posted by msmash from the closer-look dept.
About 30 percent of House candidates running for office this year have significant cybersecurity issues with their campaign websites, according to a new study. Reuters: The research was unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations. A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security. Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation. The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party's national, state and campaign operations.
This discussion has been archived. No new comments can be posted.

US House Candidates Vulnerable To Hacks, Researchers Say More

US House Candidates Vulnerable To Hacks, Researchers Say

Comments Filter:

  • Extremely misleading article. (Score:1, Insightful)

    by Anonymous Coward

    This article is misleading and poorly written. Those house members are NOT vulnerable and never have been. No proof was provided and all sources were obviously biased towards Democrat party Clinton and Soros fundeds. This writeup of bad journalism is example again of why many regular Americans see mainstream media as enemy of people, and not friend.

    • It is misleading since nothing of real value can be done to those websites.

      It is the old xkcd.
      https://xkcd.com/932/ [xkcd.com]

      I don't hide tricks using links.

    • You've got an interesting way of speaking. If I had to guess I'd say... Minnesota?

    • Biased towards Democrats? Read it again - it makes the DNC's security people look like ineffectual dolts. They aren't requiring or enforcing secure practices, they're asking people to pledge that they're following basic (yet still insufficient) standards. Are they running audits to make sure? NO! They're sending out a survey.

      Even if it is biased towards them, it's done in such an unintentionally backhanded way that it only ends up making the DNC look like a pack of idiots.

  • Since Krikorian joined the DNC a year ago, the party has moved email and data storage to Google cloud and replaced most Windows computers with easier-to-defend Apple hardware and Google Chromebooks, he said.

    Ahh, security by moving things into the cloud and using a different OS. That should fix everything. As we all know nobody has ever gotten a hold of cloud data and there are viruses/vulnerabilities for MAC; at least that's what my users tell me.

  • They are hacks? (Score:4, Insightful)

    by Oswald McWeany ( 2428506 ) on Monday August 13, 2018 @03:08PM (#57117822)

    Vulnerable to hacks? My local representative IS a hack!

  • Problems with Digital Signatures (Score:5, Interesting)

    by roccomaglio ( 520780 ) on Monday August 13, 2018 @03:14PM (#57117870)
    From the article "Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation." This may or may not be an issue. If the site is simply providing information and/or collecting email addresses this is not really an issue. If the site is collecting credit card info it would be an issue, but that is usually done through a third party. Basically they ran something that tested the web sites SSL implementation and without more information we cannot determine if that is really an issue.

  • Just get your own private email server.

  • Similar survey of 2016 Senate web sites
    http://cybertical.com/2016-senate-cybersecurity.html

  • The floor is lava (Score:4, Funny)

    by Impy the Impiuos Imp ( 442658 ) on Monday August 13, 2018 @04:21PM (#57118326) Journal

    US House Candidates Vulnerable To Hacks, Researchers Say

    Well, hacked water heaters [slashdot.org] are a danger. Why not hacked air heaters?

  • I don't know about y'all, but my users are required to use long, secure passwords and MFA. It's enforced by policy and audited. Users have no choice in the matter. Computers are managed and patched by me, not users.

    The DNC, which has had some rather famous problems, is doing this about it:

    The party also requires staff to fill out monthly surveys pledging that they are following key security practices, including use of two-factor authentication for personal accounts, long and unique passwords, and encr

Slashdot Top Deals

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Close