Slashdot Mirror

← Back to Stories (view on slashdot.org)

US House Candidates Vulnerable To Hacks, Researchers Say (reuters.com)

Posted by msmash on from the closer-look dept.

About 30 percent of House candidates running for office this year have significant cybersecurity issues with their campaign websites, according to a new study. Reuters: The research was unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations. A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security. Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation. The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party's national, state and campaign operations.

15 of 35 comments (clear)

  1. Extremely misleading article. by Anonymous Coward · · Score: 1, Insightful

    This article is misleading and poorly written. Those house members are NOT vulnerable and never have been. No proof was provided and all sources were obviously biased towards Democrat party Clinton and Soros fundeds. This writeup of bad journalism is example again of why many regular Americans see mainstream media as enemy of people, and not friend.

    1. Re: Extremely misleading article. by peragrin · · Score: 1

      It is misleading since nothing of real value can be done to those websites.

      It is the old xkcd.
      https://xkcd.com/932/

      I don't hide tricks using links.

      --
      i thought once I was found, but it was only a dream.
    2. Re:Extremely misleading article. by Plus1Entropy · · Score: 1

      You've got an interesting way of speaking. If I had to guess I'd say... Minnesota?

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
    3. Re:Extremely misleading article. by Plus1Entropy · · Score: 1

      Who said anything about Russia?

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
    4. Re:Extremely misleading article. by Plus1Entropy · · Score: 1

      The M which stands for... Russia?

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
    5. Re:Extremely misleading article. by sabbede · · Score: 1
      Biased towards Democrats? Read it again - it makes the DNC's security people look like ineffectual dolts. They aren't requiring or enforcing secure practices, they're asking people to pledge that they're following basic (yet still insufficient) standards. Are they running audits to make sure? NO! They're sending out a survey.

      Even if it is biased towards them, it's done in such an unintentionally backhanded way that it only ends up making the DNC look like a pack of idiots.

  2. Seems the DNC is ready. by bob4u2c · · Score: 2

    Since Krikorian joined the DNC a year ago, the party has moved email and data storage to Google cloud and replaced most Windows computers with easier-to-defend Apple hardware and Google Chromebooks, he said.

    Ahh, security by moving things into the cloud and using a different OS. That should fix everything. As we all know nobody has ever gotten a hold of cloud data and there are viruses/vulnerabilities for MAC; at least that's what my users tell me.

    1. Re:Seems the DNC is ready. by JackieBrown · · Score: 3, Informative

      Which is funny since the DNC breach was due to them falling for a phishing scheme and had nothing to do with OS security.

  3. They are hacks? by Oswald+McWeany · · Score: 3, Insightful

    Vulnerable to hacks? My local representative IS a hack!

    --
    "That's the way to do it" - Punch
  4. Problems with Digital Signatures by roccomaglio · · Score: 4, Interesting

    From the article "Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation." This may or may not be an issue. If the site is simply providing information and/or collecting email addresses this is not really an issue. If the site is collecting credit card info it would be an issue, but that is usually done through a third party. Basically they ran something that tested the web sites SSL implementation and without more information we cannot determine if that is really an issue.

  5. Easy fix: by Tablizer · · Score: 1

    Just get your own private email server.

    --
    Table-ized A.I.
    1. Re:Easy fix: by Tablizer · · Score: 1

      The State Dept. regular email server did get hacked, but hers did not (as far as known).

      --
      Table-ized A.I.
  6. Similar survey of 2016 Senate web sites by xxxJonBoyxxx · · Score: 1

    Similar survey of 2016 Senate web sites
    http://cybertical.com/2016-senate-cybersecurity.html

  7. The floor is lava by Impy+the+Impiuos+Imp · · Score: 3, Funny

    US House Candidates Vulnerable To Hacks, Researchers Say

    Well, hacked water heaters are a danger. Why not hacked air heaters?

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  8. DNC still doing a really bad job by sabbede · · Score: 1
    I don't know about y'all, but my users are required to use long, secure passwords and MFA. It's enforced by policy and audited. Users have no choice in the matter. Computers are managed and patched by me, not users.

    The DNC, which has had some rather famous problems, is doing this about it:

    The party also requires staff to fill out monthly surveys pledging that they are following key security practices, including use of two-factor authentication for personal accounts, long and unique passwords, and encryption on computers. They are also asked if they are running operating systems and application software with up-to-date security patches.

    So, after devastatingly embarrassing hacks, the DNC's response is to have users promise they're following good practices? Not best practices, not CSC guidelines, not NIST recommendations, just a pledge? A PLEDGE??