Discussion
  • Read More
    IGetPwnedOftenDell Cameron
    11/09/17 1:58pm

    As someone who spent many years working in IT security at the highest levels, I can safely assure you I read this whole thing with this expression on my face...

    Illustration for article titled

    Having said that, in a way I’m not surprised. Many big government projects have a tendency to overlook security if it isn’t the prime requisite of said project.

    Reply
    • Read More
      The Real UnsharerIGetPwnedOften
      11/09/17 3:22pm

      They didn’t even use SFTP WITH A CERT FROM A PUBLIC CA?!?!?!?!?!

      I... I don’t even have words for how absolutely rubbish this infrastructure is. It’s almost as bad as Guiliani Security’s public-facing website was (secured using an expired cert not issued to them). Wonder if Kobach hired Guilani Security to secure their systems...

      Reply
    • Read More
      Sorely VexedIGetPwnedOften
      11/09/17 4:46pm

      Security through Absurdity.

      Reply
  • Read More
    The Ghost of James Madison's Rage BonerDell Cameron
    11/09/17 1:13pm

    So, I guess it’s safe to assume the Russians have all this data now?

    That’s if Kobach’s staff didn’t just email it to them directly, I suppose.

    Reply
    • Read More
      GromgerererThe Ghost of James Madison's Rage Boner
      11/09/17 1:20pm

      Why would you risk exposing your program as the Russians, when it takes a few hours of work to have secret, deniable access that doesn’t rely on the ability of the Trump administration to keep its mouth shut?

      Reply
    • Read More
      Mondo-CarnieThe Ghost of James Madison's Rage Boner
      11/09/17 1:32pm

      Probably. Although we shouldn’t have to worry too much about the Russian’s copy.

      Russia’s cyber-war strategy has always been maximize disruption and unrest in the U.S. The Voter-Suppression commission will do more damage to American’s faith in its institutions if it works exactly like it’s intended to, rather than if it were compromised. I wouldn’t be surprised if one or two good Samaritans with Slavic-sounding accents haven’t already contacted Kobach and tried to get him to patch easy vulnerabilities.

      Reply
  • Read More
    buffalo319Dell Cameron
    11/09/17 4:10pm

    The Republicans are going to prove voter fraud even if they have to do it themselves.

    Reply
    • Read More
      Apocalypse Cowbuffalo319
      11/09/17 4:27pm

      The Republicans are going to prove voter fraud even if they have to do it themselves.

      Just like they’ve tried to prove government doesn’t work by actively driving it into a ditch every time they can ...

      Reply
    • Read More
      CSX321Apocalypse Cow
      11/09/17 4:47pm

      “Republicans are the party that says government doesn’t work, and then they get elected and prove it.” - P.J. O’Rourke

      Reply
  • Read More
    missbikeDell Cameron
    11/09/17 4:52pm

    Crosscheck isn’t about duplicate registrations, it’s about purging poor, black, or Hispanic voters from the polls. It uses a postcard verification system to “check on” current addresses, but who send those back? So people Kobach and the RNC considers undesirable (likely to vote Democrat) get removed from poll lists. This is what this comission is all about - voter suppression.

    When we look at the sketchy happenings in Republican controlled swing states last November, and the strange swings in vote totals on certain races, it’s pretty stinky. My mind immediately jumps to, well of course the security sucks, it’s so Vlads guys can get in easily and wreak havoc at the state level. Yeah, I know, but then again...

    State level election returns need a hard look, and until that happens I assume the worst. Virginia just had a huge rout of Republicans - after a return to paper ballots and offline scanning machines. I can’t even begin to trust that Kobach isn’t up to worse stuff than Crosscheck now that he has the Administration backing his horrible behavior.

    Reply
    • Read More
      techmaster5000missbike
      11/09/17 6:41pm

      This

      Reply
    • Read More
      Kirkaiyamissbike
      11/09/17 9:18pm

      Fortunately, neither Kobach (nor any other fed) can remove voters from voter rolls, as those are maintained by the states. Which isn’t to say that GOP-controlled states won’t take the findings of his pseudo-commission and use them to purge the rolls in their states. They already do this to minorities in states like Florida, which is how we got Bush in 2000.

      Reply
  • Read More
    ArtistAtLargeDell Cameron
    11/09/17 3:17pm

    Rainbow table and done.

    But as other comments have pointed out this is deliberate. There is also the second problem that this is a not so subtle attempt by the GOP to take voting control from the states. You know, the very states they say should have more power and smaller federal gubmint interference.

    But hey, fascist Nazis gonna fascist Nazi.

    Reply
    • Read More
      clickSuckaArtistAtLarge
      11/10/17 8:49am

      Rainbow tables....so 90ies...oh, wait....fuck

      Reply
  • Read More
    Andrew DaisukeDell Cameron
    11/09/17 1:25pm

    Kansas Secretary of State, Kris Kobach (L)

    I know he’s a loser, the L is redundant.

    Reply
  • Read More
    asmallcatDell Cameron
    11/09/17 1:05pm

    It’ll be deliciously ironic when this leads to more actual voter fraud.

    Reply
    • Read More
      NobodyIsHappyasmallcat
      11/09/17 2:18pm

      The only thing this will lead to is Trump and his campaign getting direct access to voter details that they can use to their advantage in 2020.

      “If the State of Arkansas hired us to deliver a penetration test, based on what we see here, we’d almost certainly be able to breach without them detecting us,” 

      This is likely by design, not accident.

      Reply
  • Read More
    llaalleellDell Cameron
    11/09/17 6:35pm

    A slew of people have been screaming this for months. I mean screaming this to the point of saying, have your little commission or whatever, but at least protect the data. It’s extraordinary that it hasn’t been taken seriously. But I guess that’s par for the course these days.

    Reply
  • Read More
    randomguy109Dell Cameron
    11/10/17 7:20am

    It is quite simple:

    Bring the data that is used for the cross reference together on a disconnected system using a physical media.

    Have the desired checks/routines stored on the system.

    Save results to another physical media.

    Wipe system + source physical media.

    Return results.

    Reply
  • Read More
    Darmok eats Challah at 12NagraDell Cameron
    11/09/17 4:30pm

    The people in charge of investigating “rampant voter fraud” has MUCH less standards than a typical voting machine. Cool.

    Reply