Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
After DHS Notice, 21 States Reveal They Were Targeted During Election
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Lepricon
50%
50%
Lepricon,
User Rank: Apprentice
10/2/2017 | 7:11:06 PM
DHS reverses on at least one state
The irony is that they've already had to amend their statement:

"MADISON, Wis. (AP) — The U.S. Department of Homeland Security reversed course Tuesday and told Wisconsin officials that the Russian government did not scan the state's voter registration system."

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/30/2017 | 12:20:32 PM
Re: DHS is late
@Dr.T: Not to mention that DHS itself was reportedly found with its hands in the cookie jar hacking a state election system...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/30/2017 | 12:19:32 PM
Re: Really? We're still pointing fingers at the Russians?
@jenshadus: Brian Krebs talks about the history of those very developments in his book, Spam Nation. Highly recommended read.
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
9/29/2017 | 7:27:34 AM
Re: Really? We're still pointing fingers at the Russians?
Excellent question.  At the price of bitcoin, think I'll forgo that avenue.  Cash will do nicely.  But it would be interesting to see the relationship of the use of gift cards and spam.  I do have an anonymous email, and I let that box get all the spam.  I safeguard my normal personal email and work email pretty carefully.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
9/29/2017 | 4:28:40 AM
Re: Really? We're still pointing fingers at the Russians?
I wonder how the controls on gift card usage to fight back against the spam industry has impacted/is impacting this.

Also, don't forget bitcoin and altcoins as a method of anonymous payment.
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
9/28/2017 | 8:02:16 AM
Re: Really? We're still pointing fingers at the Russians?
Considering that anyone can buy a VPN anonymously, using a gift card that you can pay with cash, and then selecting a server from anywhere in the world, and from there buy access to another VPN using a server in another part of the world, a hacker can really objuscate the origin of the attack.  The jury is out on this one.  Media loves to follow the media.  Better yet,  the media are their own best fan.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:58:43 PM
Re: Really? We're still pointing fingers at the Russians?
FWIW, not entirely sure what NoKo's motive would have been to actually interfere (although poke around, maybe). Seems like an HRC administration would have continued the policy of patience.

But yes, points well taken.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:57:01 PM
Re: Really? We're still pointing fingers at the Russians?
> Maryland is notorious for sending people to vote in Virginia using fake ID's

Same with MA and NH, from what I understand (NH being much different, politically, from most of New England).

And yes, you're absolutely right that voting has enough hacks and problems with it -- low- and high-tech -- with or without foreign involvement.

As I observed a few years ago, electronic voting of any kind is not and has not ever been ready for prime time. enterprisenetworkingplanet.com/netsecur/hack-early-hack-often-the-perils-of-electronic-voting.html
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:54:34 PM
Re: Really? We're still pointing fingers at the Russians?
@Dr. T: Absolutely. Reminds me of the forensics tracking that big Sony hack that was traced to North Korea...except other researchers eventually traced it to...Russia!

And even then, that location tracking may not have been accurate/the whole story. There seems to be little shortage of IP-masking tech if you know where to look (no pun intended).
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2017 | 11:14:55 AM
Re: Really? We're still pointing fingers at the Russians?
IP trace does not mean a tinker's damn as those can be hidden, fudged quite easily I would agree, IP address can easily be spoofed. It is not a traceable entity, there needs to be other mechanisms to track the attackers.
Page 1 / 2   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13552
PUBLISHED: 2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-15301
PUBLISHED: 2019-09-18
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
CVE-2019-5042
PUBLISHED: 2019-09-18
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.
CVE-2019-5066
PUBLISHED: 2019-09-18
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs ...
CVE-2019-5067
PUBLISHED: 2019-09-18
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerabi...