Aleksei Vasiliev posted:

http://elections.virginia.gov/WebDocs/VotingEquipReport/WINVote-final.pdf
Virginia detected weird errors on some of their voting machines, instituted a security review and found out that they're bad
* ad-hoc wifi using WEP with the password "abcde"
* appear to be running Windows XP Embedded 2002 with no service packs or updates, supposedly vulnerable to things patched in 2004
* administrator account password is "admin"
* rdp enabled, admin shares enabled
* vote database is MS Access, unencrypted, with an open-password of "shoup" (cracked in 10 seconds)
* tries to protect votes from compromise during voting process, but has no protection to stop modification of vote database

Bhodi posted:

how much do you think someone charged to slap together an app backended by access running on xp

Aleksei Vasiliev posted:

http://pastebin.com/GrV3uYh5
nachash's 2600 article on running a tor hidden service

quote:

You will only connect to your production box via a hidden service. It's
a good idea to get into that habit early. The only time deviating from
this pattern is acceptable is when you have to upgrade tor, at which
time you'll want to have a script ready that drops your firewall rules
and unbinds ssh from localhost just long enough for you to login, do the
upgrade, re-apply the firewall rules and bind ssh to localhost again.

anthonypants posted:

why does it have to be telnet and not like, netcat or wget or something

Aleksei Vasiliev posted:

http://elections.virginia.gov/WebDocs/VotingEquipReport/WINVote-final.pdf
Virginia detected weird errors on some of their voting machines, instituted a security review and found out that they're bad
* ad-hoc wifi using WEP with the password "abcde"
* appear to be running Windows XP Embedded 2002 with no service packs or updates, supposedly vulnerable to things patched in 2004
* administrator account password is "admin"
* rdp enabled, admin shares enabled
* vote database is MS Access, unencrypted, with an open-password of "shoup" (cracked in 10 seconds)
* tries to protect votes from compromise during voting process, but has no protection to stop modification of vote database

Aleksei Vasiliev posted:

* vote database is MS Access

Subjunctive posted:

could you run two copies of tor, and connect with one in order to upgrade the other?

Bloody posted:

or have it update itself

Aleksei Vasiliev posted:

http://elections.virginia.gov/WebDocs/VotingEquipReport/WINVote-final.pdf
Virginia detected weird errors on some of their voting machines, instituted a security review and found out that they're bad
* ad-hoc wifi using WEP with the password "abcde"
* appear to be running Windows XP Embedded 2002 with no service packs or updates, supposedly vulnerable to things patched in 2004
* administrator account password is "admin"
* rdp enabled, admin shares enabled
* vote database is MS Access, unencrypted, with an open-password of "shoup" (cracked in 10 seconds)
* tries to protect votes from compromise during voting process, but has no protection to stop modification of vote database

quote:

When I told him my story, he knew immediately what had happened. The teenagers, he said, likely got into the car using a relatively simple and inexpensive device called a “power amplifier.”

He explained it like this: In a normal scenario, when you walk up to a car with a keyless entry and try the door handle, the car wirelessly calls out for your key so you don’t have to press any buttons to get inside. If the key calls back, the door unlocks. But the keyless system is capable of searching for a key only within a couple of feet.

Carbon dioxide posted:

The coming two days, the city of The Hague will be hosting the "Global Conference on penguin space 2015". It's basically a massive meeting of politicians that are responsible for internet regulations and stuff in their respective countries. Other than politicians from most countries, there will be folks from tech companies and a bunch of NGOs.

It's treated like quite a big deal.

A few examples from their programme:

- Lunch panel on 'Penguin warfare and jus in bello'
- FOCUS SESSION : International peace and security in penguin space
- Parallel Session : Rethinking the social impact of new penguin technologies
- Parallel Session : Exploring the best (and most fun) tools in penguin security education

And so on.

The city government of The Hague is saying they did all they could to make sure the penguin security during the penguin space conference will be up to penguin standards, because they're afraid people are going to test their security during the conference.

Another, more important piece of news, is that the folks on the conference will officially announce the formation of a "Global Forum on Penguin Expertise". The idea is that countries are scared their confidential data will leak when third world governments with worse penguin security get hacked and are used as a point of entry to secure information. So this global forum will share tips on how to secure government systems with countries that have less penguin expertise.

canis minor posted:

sorry, i don't like wizards

Carbon dioxide posted:

The coming two days, the city of The Hague will be hosting the "Global Conference on Cyberspace 2015". It's basically a massive meeting of politicians that are responsible for internet regulations and stuff in their respective countries. Other than politicians from most countries, there will be folks from tech companies and a bunch of NGOs.

It's treated like quite a big deal.

A few examples from their programme:

- Lunch panel on 'Cyber warfare and jus in bello'
- FOCUS SESSION : International peace and security in cyberspace
- Parallel Session : Rethinking the social impact of new cyber technologies
- Parallel Session : Exploring the best (and most fun) tools in cyber security education

And so on.

The city government of The Hague is saying they did all they could to make sure the cybersecurity during the cyberspace conference will be up to cyberstandards, because they're afraid people are going to test their security during the conference.

Another, more important piece of news, is that the folks on the conference will officially announce the formation of a "Global Forum on Cyber Expertise". The idea is that countries are scared their confidential data will leak when third world governments with worse cyber security get hacked and are used as a point of entry to secure information. So this global forum will share tips on how to secure government systems with countries that have less cyberexpertise.

, but I'm interested to see how many gently caress-ups will happen in The Hague tomorrow.

Carbon dioxide posted:

The coming two days, the city of The Hague will be hosting the "Global Conference on Cyberspace 2015". It's basically a massive meeting of politicians that are responsible for internet regulations and stuff in their respective countries. Other than politicians from most countries, there will be folks from tech companies and a bunch of NGOs.

It's treated like quite a big deal.

A few examples from their programme:

- Lunch panel on 'Cyber warfare and jus in bello'
- FOCUS SESSION : International peace and security in cyberspace
- Parallel Session : Rethinking the social impact of new cyber technologies
- Parallel Session : Exploring the best (and most fun) tools in cyber security education

And so on.

The city government of The Hague is saying they did all they could to make sure the cybersecurity during the cyberspace conference will be up to cyberstandards, because they're afraid people are going to test their security during the conference.

Another, more important piece of news, is that the folks on the conference will officially announce the formation of a "Global Forum on Cyber Expertise". The idea is that countries are scared their confidential data will leak when third world governments with worse cyber security get hacked and are used as a point of entry to secure information. So this global forum will share tips on how to secure government systems with countries that have less cyberexpertise.

, but I'm interested to see how many gently caress-ups will happen in The Hague tomorrow.

SIGSEGV posted:

just the same ones everyone gets or did you actually have to deal with his poo poo at a day job?

quote:

Fairfax City election officials said they felt the study the State Board of Elections looked at before deciding the decertify the machines overstated the risks.

quote:

Texas-based Advanced Voting Solutions Inc. stopped making voting machines in 2007 after failing to win U.S. Election Commission certification for its equipment, according to VerifiedVoting.org, a nonprofit that lobbies for accurate and secure voting.

The company's phone is disconnected, and its corporate charter has been withdrawn, according to Texas Secretary of State filings.

Cocoa Crispies posted:

Ignoring the usual fuckups of normal people taking security: http://www.nytimes.com/2015/04/16/style/keeping-your-car-safe-from-electronic-thieves.html

Aleksei Vasiliev posted:

http://elections.virginia.gov/WebDocs/VotingEquipReport/WINVote-final.pdf
Virginia detected weird errors on some of their voting machines, instituted a security review and found out that they're bad
* ad-hoc wifi using WEP with the password "abcde"
* appear to be running Windows XP Embedded 2002 with no service packs or updates, supposedly vulnerable to things patched in 2004
* administrator account password is "admin"
* rdp enabled, admin shares enabled
* vote database is MS Access, unencrypted, with an open-password of "shoup" (cracked in 10 seconds)
* tries to protect votes from compromise during voting process, but has no protection to stop modification of vote database

hobbesmaster posted:

awwwww its baby's first mitm attack

DNova posted:

just epoxy the network and usb ports and don't broadcast the ssid

Optimus_Rhyme posted:

Subjunctive posted:

he's genuinely a really nice guy, but definitely has some questionable calibration on a few issues, and I've given him feedback about his communication style many many times.

Sharktopus posted:

rip