Slashdot Mirror
2016 Presidential Candidate Security Investigation (infosecinstitute.com)
New submitter Fryan writes: InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has. The recent breaches and security lapses of high profile individuals highlight the absolute need for everyone to take security awareness seriously. The hacking of the Director of the CIA's (John Brennan) personal email account, and the storage of classified emails on a personal email server with Hillary Clinton, show how damaging a lack of basic good security hygiene can be.
In this survey (of only the best known presidential candidates, not the scads of others), the authors give both their highest grade (an A) and lowest (a D) for candidates still in the race to two Republicans, Ben Carson and Jim Gilmore, respectively; surprising for a tech-focused campaign, Lawrence Lessig (who has ended his candidacy since the survey began) ranked even lower, with a D-.
Speaking of presidential candidates, the fourth Republican debate, hosted by Fox Business, will kick off about an hour after this post goes live (9:00 PM Eastern, 0200 GMT). Feel free to discuss it alongside the security report.
Speaking of presidential candidates, the fourth Republican debate, hosted by Fox Business, will kick off about an hour after this post goes live (9:00 PM Eastern, 0200 GMT). Feel free to discuss it alongside the security report.
I'd love to see the site ratings there folks..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
9 steps to greasing your anus for Yoda Doll Insertion!
v 4.97.3
$YodaBSD: src/release/doc/en_US.ISO8859-1/yodanotes/9stepprocess.sgml,v 4.97.3 2015/9/3 15:42:20 tsarkon Exp $
Wow, this is a crazy screed. Who would write stuff like this? I have to admit, its creative enough to read.
I know that no one reads TFA, but at least link to the source. I'm assuming it's the following article: http://resources.infosecinstitute.com/doesnt-any-presidential-candidate-know-how-to-secure-wordpress/
However, that data points to Democratic candidate Jim Webb as having the highest rating with an A- and doesn't include Ben Carson at all.
So no hacker goes there.
The short report claims that username exposure and login page exposure are vulnerabilities. But if you don't expose usernames, how do readers track to whom each comment in the comment section belongs? And if you don't expose a login page, how do posters track which of their comments have been replied to, and how do users manage their subscriptions to various newsletters?
InfoSec Institute has assessed the security posture of 16 of the presidential candidates' websites. This is an indicator of the level of security awareness the candidate and the campaign staff has.
This assertion is false. First, the candidate has other things to be concerned about. His IT staff, who will probably not follow him to the political office if he's elected given the nature of government bureaucracy, handle it. Second, a web site is a glorified poster and graffiti wall. It's there for John Q Public. Media organizations are provided with itineraries and possibly with the contents of speeches and other material directly, they do not have to go to the candidate's website. Third, any maliciousness done to the candidate only serves to strengthen the candidate, as those who were already in-favor of the candidate will not lessen their opinions based on a website hack, and those who were undecided may sympathize with the candidate after such an attack. Fourth, given the propensity for semianonymous abuse of comments sections, the candidate's staff already have to peruse comments to moderate/censor, so long-term abuse that could paint a candidate as something that they don't want to be is unlikely.
If you want to know how a candidate handles security, follow how they handle money, and how quickly they return contributions that come from undesirable sources, or how they handle public appearances and interaction with specific persons. At this early stage that's probably more of a tell than any website.
Do not look into laser with remaining eye.
Why not evaluate the candidate shitty policies on information security? Like Carly who can't grasp math and is in favor of back doors into software and encryption.
What a stupid "investigation"
Even their page doesn't have SSL by default, when you go to the HTTPS site, it uses outdated encryption even with a modern browser.
http://i.imgur.com/de0eBK8.png
...the last time I was actually interested in an article on Slashdot. I used to read 4-6 a day... way to go DHI.
So their security ratings are based on whether or not they installed some wordpress security plug in? Great info there.... pretty stupid....
Is getting support from other bible thumpers but in the national run this is not even going to get a quarter of the populous.
Same for Trump.
Rubio is but a kid with a latin temper (never mind Carson and his I-was-a-thug days).
And then there's Maude^WBush. Nuf said.
And a year more of this.
Donald Trump just said, "Wages are too high."
Discuss.
You are welcome on my lawn.
I really don't see what this says about the candidates, other than which ones hired better webmasters. If a candidate has a shitty, unsecured website, that doesn't really say they don't understand or care about security, it just shows they didn't pick a webmaster who does. And how knowledgeable on IT security do we expect the POTUS to be? We don't usually blame the CEO of a company when their website is hacked.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
How can this be considered worth reading if it does not even look at Rand Paul. Clearly this was created by the joint Republican/Democratic party.
Carly Fiorina just said we need "Uber, but for health care".
Thoughts?
You are welcome on my lawn.
Is Jim Gilmore really a candidate? He seems to be the only one who believes that.
Given that the Donald wants to force Christian law the entire USA [...]
This is what I *hate* about political debate in this country. It's all sock-puppetry by people making unbased predictions about the other candidates. In previous elections, it started about 6 weeks before the election. At 2 weeks before, it reached fever pitch.
Everyone and their dog argues back and forth "if *the other guy* get elected, they'll eat your babies and cancel Christmas!!!"
Don't tell me what they *want*, and don't tell me what they'll *do*. Tell me what they *did*. Tell me what they *said*.
Base your rhetoric on concrete information - what people have *done* and *said* - and maybe I'll listen. Saying that the democrats will raise taxes, that the republicans will kill social security, is simple guesswork by "some dude on the net".
Trump said "wages too high", that's true - but what were the previous 3 words in that sentence?
The totality of what he said, all six words and the following words to the end of the sentence, are worthy of discussion. The excised 3-words are not - that's just a childish emotional appeal.
OH NO!!! Trump wants to reduce our wages!!!
We're not the mainstream media, we're better than that. Let's have an honest and real discussion instead of childish pot-shots.
Rand Paul but nobody is going to vote for him because they're obsessed with pop culture relics telling them otherwise. Weeeeeelp!
http://gamehacking.org/vb/threads/12747-nensondubois-codes http://twitter.com/nensondubois_
How unknown do you have to be to be a lesser known candidate.
Or are they only not investigating the security of pets running for office.
Trump REALLY REALLY did say that. It REALLY REALLY means what he says.
Just because it shows the clown up to be the idiotic crazy man he is, YOU have to assume it's unsupported scurrilous attack.
I pulled up the report and saw Carson had an 'A' site. Out of curiosity, I found the site. they stated it had no store. What thu heck is this: http://store.bencarson.com/
I have to wonder if Dr. Lessig was downgraded on purpose because he is actively opposing the extreme nature of the last couple of presidential administrations regarding infosec. Vast amounts of previously public information were re-classified during the Bush 2 and first term of the Obama administrations. A substantial percentage of those "secrets" have nothing to do with national security, and much more to do with concealing wrongdoing by the government, going back several decades. Mr. Lessig's stance is that this move towards creating "secrets" that were once public knowledge, creating secrets to cover up misbehavior, and punishing those who reveal such information is destructive policy. If he was downgraded as a result, I assert that this says more about the Infosec institute than it does about Dr. Lessig.
When you think about it, the government email servers are giant targets for hacking. Its not often reported, but the government systems get hit and experience a lot of downtime. A private, properly secured email server would get far fewer attacks and could be more stable. Just sayin'