Slashdot Mirror
2016 Presidential Candidate Security Investigation (infosecinstitute.com)
New submitter Fryan writes: InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has. The recent breaches and security lapses of high profile individuals highlight the absolute need for everyone to take security awareness seriously. The hacking of the Director of the CIA's (John Brennan) personal email account, and the storage of classified emails on a personal email server with Hillary Clinton, show how damaging a lack of basic good security hygiene can be.
In this survey (of only the best known presidential candidates, not the scads of others), the authors give both their highest grade (an A) and lowest (a D) for candidates still in the race to two Republicans, Ben Carson and Jim Gilmore, respectively; surprising for a tech-focused campaign, Lawrence Lessig (who has ended his candidacy since the survey began) ranked even lower, with a D-.
Speaking of presidential candidates, the fourth Republican debate, hosted by Fox Business, will kick off about an hour after this post goes live (9:00 PM Eastern, 0200 GMT). Feel free to discuss it alongside the security report.
Speaking of presidential candidates, the fourth Republican debate, hosted by Fox Business, will kick off about an hour after this post goes live (9:00 PM Eastern, 0200 GMT). Feel free to discuss it alongside the security report.
I'd love to see the site ratings there folks..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Wow, this is a crazy screed. Who would write stuff like this? I have to admit, its creative enough to read.
I know that no one reads TFA, but at least link to the source. I'm assuming it's the following article: http://resources.infosecinstitute.com/doesnt-any-presidential-candidate-know-how-to-secure-wordpress/
However, that data points to Democratic candidate Jim Webb as having the highest rating with an A- and doesn't include Ben Carson at all.
So no hacker goes there.
The short report claims that username exposure and login page exposure are vulnerabilities. But if you don't expose usernames, how do readers track to whom each comment in the comment section belongs? And if you don't expose a login page, how do posters track which of their comments have been replied to, and how do users manage their subscriptions to various newsletters?
InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has.
This assertion is false. First, the candidate has other things to be concerned about. His IT staff, who will probably not follow him to the political office if he's elected given the nature of government bureaucracy, handle it. Second, a web site is a glorified poster and graffiti wall. It's there for John Q Public. Media organizations are provided with itineraries and possibly with the contents of speeches and other material directly, they do not have to go to the candidate's website. Third, any maliciousness done to the candidate only serves to strengthen the candidate, as those who were already in-favor of the candidate will not lessen their opinions based on a website hack, and those who were undecided may sympathize with the candidate after such an attack. Fourth, given the propensity for semianonymous abuse of comments sections, the candidate's staff already have to peruse comments to moderate/censor, so long-term abuse that could paint a candidate as something that they don't want to be is unlikely.
If you want to know how a candidate handles security, follow how they handle money, and how quickly they return contributions that come from undesirable sources, or how they handle public appearances and interaction with specific persons. At this early stage that's probably more of a tell than any website.
Do not look into laser with remaining eye.
Why not evaluate the candidate shitty policies on information security? Like Carly who can't grasp math and is in favor of back doors into software and encryption.
What a stupid "investigation"
Even their page doesn't have SSL by default, when you go to the HTTPS site, it uses outdated encryption even with a modern browser.
http://i.imgur.com/de0eBK8.png
...the last time I was actually interested in an article on Slashdot. I used to read 4-6 a day... way to go DHI.
So their security ratings are based on whether or not they installed some wordpress security plug in? Great info there.... pretty stupid....
Donald Trump just said, "Wages are too high."
Discuss.
You are welcome on my lawn.
"Same for Trump."
It all depends on how long the candidates last. If trump bankrolls himself to the end, he is going to go a lot better.
I really don't see what this says about the candidates, other than which ones hired better webmasters. If a candidate has a shitty, unsecured website, that doesn't really say they don't understand or care about security, it just shows they didn't pick a webmaster who does. And how knowledgeable on IT security do we expect the POTUS to be? We don't usually blame the CEO of a company when their website is hacked.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
How can this be considered worth reading if it does not even look at Rand Paul. Clearly this was created by the joint Republican/Democratic party.
Carly Fiorina just said we need "Uber, but for health care".
Thoughts?
You are welcome on my lawn.
Is Jim Gilmore really a candidate? He seems to be the only one who believes that.
"populace", not "populous"
He was not a thug. He just liked dem white women.
Given that the Donald wants to force Christian law the entire USA [...]
This is what I *hate* about political debate in this country. It's all sock-puppetry by people making unbased predictions about the other candidates. In previous elections, it started about 6 weeks before the election. At 2 weeks before, it reached fever pitch.
Everyone and their dog argues back and forth "if *the other guy* get elected, they'll eat your babies and cancel Christmas!!!"
Don't tell me what they *want*, and don't tell me what they'll *do*. Tell me what they *did*. Tell me what they *said*.
Base your rhetoric on concrete information - what people have *done* and *said* - and maybe I'll listen. Saying that the democrats will raise taxes, that the republicans will kill social security, is simple guesswork by "some dude on the net".
Trump said "wages too high", that's true - but what were the previous 3 words in that sentence?
The totality of what he said, all six words and the following words to the end of the sentence, are worthy of discussion. The excised 3-words are not - that's just a childish emotional appeal.
OH NO!!! Trump wants to reduce our wages!!!
We're not the mainstream media, we're better than that. Let's have an honest and real discussion instead of childish pot-shots.
Please allow me to repost this thing I wrote on the red site:
AC said:
And there's a whole one candidate who doesn't support [TPP], and he probably won't even win the primaries. No, the TPP is pretty much a done deal at this point because the neo-nobility will never allow Sanders to get elected.
The only serious candidates iirc that oppose it are Sanders and Trump.
Trump is, well, Trump. Crazy. Unelectable. That being said, if Sanders isn't in the running either as a D or I, I don't hear word of a massive write-in campaign, and Trump has the R nomination, why the fsck not. He'll have my vote. It's not like we're electing a dictator. The other two branches of government will keep his crazy at bay.
Sanders might have a good run of it, but there are two things working against him. Firstly, there's the Coronation of Clinton. If she doesn't get the D nomination, I'll be flabbergasted. So then the second thing comes into play. If Sanders stays in the running as an I, that means he no longer gets the votes from the large number of people who just mark “straight ticket D” at the polls.
I think if Sanders got D, he'd win in a landslide. If Trump gets R and Sanders is running as I, Sanders might be the first president since Fillmore (Whig) not to be a D or R, first I since Washington. If Jeb has R and Sanders stays in as I, then Jeb is the next president. Other scenarios are more of a toss-up.
You are probably correct in the end, though. There will be some reason Sanders drops out entirely. If Trump gets R, the Coronation of Clinton will be complete. If Jeb gets R, it may be an actual contest, but an entirely meaningless one since in all probability our next president is from one of the two dynasties without Sanders running as I.
I haven't keep up with the Libertarians as much as I used to, but the only other scenario that can prevent a dynasty presidency next is if Gary Johnson runs as L. Even then, that's a million in one shot. I don't think I even know his position on TPP, but I have been throwing money at the L+G(reen) initiative (Johnson is the main L for that at least and I believe Jill Stein is the main G) to open up the debates to more than just Rs and Ds.
-----
gewg_ replied:
Jill Stein (a physician), when she debated Mitt Romney during the Massachusetts gubernatorial race, was called "the only adult in the room" by the Boston Globe. So, how "serious" do you want?
Her previous stances against SOPA and PIPA (orig) give an indication that she opposes the likes of TPP.
This guy uses the past tense to acknowledge that the Big 2 parties and Lamestream Media are doing everything they can to make sure no one is aware of her.
She rejected the bootstrap philosophy of extremist free market capitalism. She believed that all people are endowed with certain unalienable rights. That these rights include life, liberty, food, shelter, education, medical care, and the pursuit of happiness.
She supported all public programs which accommodate basic human needs. Food stamps, subsidized housin
Rand Paul but nobody is going to vote for him because they're obsessed with pop culture relics telling them otherwise. Weeeeeelp!
http://gamehacking.org/vb/threads/12747-nensondubois-codes http://twitter.com/nensondubois_
Trump is, well, Trump. Crazy.
Sometimes I think that the craziest people are the ones claiming to be sane in a rational world - claiming that the world makes sense and they've got it all figured out.
How unknown do you have to be to be a lesser known candidate.
Or are they only not investigating the security of pets running for office.
No, it's the ones saying crazy shit who are crazy.
And Trump is a three year old with a billion dollars to buy yes-men and all the right allowed him as a "job creator" to close down YOUR job if you don't say how great he is.
And he's a fucking lunatic.
Unlike Carson, not an onmincidal maniac lunatic, but you still don't want that moron playing private CEO with other countries and going "My finger is over the button...", 'cos that fruitcake WILL press it if you dare defy him or even tell him something that he doesn't want to hear.
Trump REALLY REALLY did say that. It REALLY REALLY means what he says.
Just because it shows the clown up to be the idiotic crazy man he is, YOU have to assume it's unsupported scurrilous attack.
I pulled up the report and saw Carson had an 'A' site. Out of curiosity, I found the site. they stated it had no store. What thu heck is this: http://store.bencarson.com/
What's this "latin temper" you referred to? Go on, please explain. Also, Senator Rubio is currently 44 years old, which is not a "kid".
I have to wonder if Dr. Lessig was downgraded on purpose because he is actively opposing the extreme nature of the last couple of presidential administrations regarding infosec. Vast amounts of previously public information were re-classified during the Bush 2 and first term of the Obama administrations. A substantial percentage of those "secrets" have nothing to do with national security, and much more to do with concealing wrongdoing by the government, going back several decades. Mr. Lessig's stance is that this move towards creating "secrets" that were once public knowledge, creating secrets to cover up misbehavior, and punishing those who reveal such information is destructive policy. If he was downgraded as a result, I assert that this says more about the Infosec institute than it does about Dr. Lessig.
When you think about it, the government email servers are giant targets for hacking. Its not often reported, but the government systems get hit and experience a lot of downtime. A private, properly secured email server would get far fewer attacks and could be more stable. Just sayin'
What's this "latin temper" you referred to? Go on, please explain. Also, Senator Rubio is currently 44 years old, which is not a "kid".
It is just more racism from the left. He is a minority so they refer to him as a kid and then talk about his "latin" temper.
He is referred to as a kid because he dramatically oversimplifies complex issues which is something children do. It has nothing to do with his Hispanic light image, I would even argue that most people don't even know he's Hispanic by looks but only by name. I'm not sure how you can even come to that racism conclusion except to grasp at straws.
His "latin" temper is not something I've heard in any media about him but I could see drawing that from his answer that he would stop the Iran deal on his first day in office regardless of its efficacy which again is a childish response as an adult would always take stock in whether the rules are being followed before destroying a deal that is actually attempting a peaceful resolution to another very complex issue.
He is referred to as a kid because he dramatically oversimplifies complex issues which is something children do.
Like Obama? That was a major selling point for him. It made anyone that actually tried to go into detail look like they were bullshitting.
It's part of his "common-sense" verbiage. "I think we can all agree on this common-sense approach".
That's a pathetic attempt to pretend you're not a racist.