Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
After DHS Notice, 21 States Reveal They Were Targeted During Election
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Lepricon
50%
50%
Lepricon,
User Rank: Apprentice
10/2/2017 | 7:11:06 PM
DHS reverses on at least one state
The irony is that they've already had to amend their statement:

"MADISON, Wis. (AP) — The U.S. Department of Homeland Security reversed course Tuesday and told Wisconsin officials that the Russian government did not scan the state's voter registration system."

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/30/2017 | 12:20:32 PM
Re: DHS is late
@Dr.T: Not to mention that DHS itself was reportedly found with its hands in the cookie jar hacking a state election system...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/30/2017 | 12:19:32 PM
Re: Really? We're still pointing fingers at the Russians?
@jenshadus: Brian Krebs talks about the history of those very developments in his book, Spam Nation. Highly recommended read.
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
9/29/2017 | 7:27:34 AM
Re: Really? We're still pointing fingers at the Russians?
Excellent question.  At the price of bitcoin, think I'll forgo that avenue.  Cash will do nicely.  But it would be interesting to see the relationship of the use of gift cards and spam.  I do have an anonymous email, and I let that box get all the spam.  I safeguard my normal personal email and work email pretty carefully.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
9/29/2017 | 4:28:40 AM
Re: Really? We're still pointing fingers at the Russians?
I wonder how the controls on gift card usage to fight back against the spam industry has impacted/is impacting this.

Also, don't forget bitcoin and altcoins as a method of anonymous payment.
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
9/28/2017 | 8:02:16 AM
Re: Really? We're still pointing fingers at the Russians?
Considering that anyone can buy a VPN anonymously, using a gift card that you can pay with cash, and then selecting a server from anywhere in the world, and from there buy access to another VPN using a server in another part of the world, a hacker can really objuscate the origin of the attack.  The jury is out on this one.  Media loves to follow the media.  Better yet,  the media are their own best fan.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:58:43 PM
Re: Really? We're still pointing fingers at the Russians?
FWIW, not entirely sure what NoKo's motive would have been to actually interfere (although poke around, maybe). Seems like an HRC administration would have continued the policy of patience.

But yes, points well taken.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:57:01 PM
Re: Really? We're still pointing fingers at the Russians?
> Maryland is notorious for sending people to vote in Virginia using fake ID's

Same with MA and NH, from what I understand (NH being much different, politically, from most of New England).

And yes, you're absolutely right that voting has enough hacks and problems with it -- low- and high-tech -- with or without foreign involvement.

As I observed a few years ago, electronic voting of any kind is not and has not ever been ready for prime time. enterprisenetworkingplanet.com/netsecur/hack-early-hack-often-the-perils-of-electronic-voting.html
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:54:34 PM
Re: Really? We're still pointing fingers at the Russians?
@Dr. T: Absolutely. Reminds me of the forensics tracking that big Sony hack that was traced to North Korea...except other researchers eventually traced it to...Russia!

And even then, that location tracking may not have been accurate/the whole story. There seems to be little shortage of IP-masking tech if you know where to look (no pun intended).
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2017 | 11:14:55 AM
Re: Really? We're still pointing fingers at the Russians?
IP trace does not mean a tinker's damn as those can be hidden, fudged quite easily I would agree, IP address can easily be spoofed. It is not a traceable entity, there needs to be other mechanisms to track the attackers.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3758
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.