Tag Archive for: weren’t

County election machines weren’t connected to internet


Auditors from a private auditing company, SLI Compliance, do an audit of the tabulation machines and the voting system at the Maricopa County Elections Headquarters in Phoenix on Feb. 9, 2021. The five-member team was spending five days at the Maricopa County Elections Headquarters on the audit.

Maricopa County’s vote-counting machines were not connected to the internet during the 2020 election, an independent review has found, further undercutting claims by former President Donald Trump and his allies that the results were “rigged.”

A trio of technology experts overseen by an impartial special master found no evidence of an internet connection, according to results of the review released Wednesday.

That echoes the county’s long-standing position as well as the findings of independent audits the county conducted a year ago. It also dispels unproven theories from election deniers that the tabulation machines were hooked up to the internet and therefore susceptible to hacking to throw the election to Joe Biden.

Biden won Maricopa County by 45,109 votes, according to the official results.

In a statement, Bill Gates, a Republican who chairs the Maricopa County Board of Supervisors, said “the unanimous conclusions of this expert panel should be a final stake in the heart of the Senate’s so-called ‘audit.’

Source…

Russia Hack Proves Privacy Hawks Weren’t Chicken Littles


Bob Barr

|

Posted: Dec 30, 2020 12:01 AM

The opinions expressed by columnists are their own and do not necessarily represent the views of Townhall.com.

The recent revelation of a historic hacking attack on U.S. businesses and government targets has put America’s national security apparatus in a conundrum. On one hand, the scale of the likely Russian sponsored attack is an excellent cudgel with which to press Congress for more power and money to fund secretive — and constitutionally problematic — national security programs. On the other, it proves that privacy hawks have been rightfully concerned about the state of America’s data security.

Earlier this month, reports surfaced that a major IT security company, SolarWinds, was hacked and its software corrupted to include a “back door” easily exploited by other hackers. This corrupt software was then unknowingly pushed by way of an “update” to an estimated 18,000 customers – including numerous Fortune 500 companies and several government agencies – which left the back door wide open to hackers for months prior to being discovered. Experts suggest we may never know the full scale of this attack, or the degree to which it imperils America’s national security. 

That the hack involved a malicious back door is an irony not lost on privacy hawks, who have for years warned against federal agencies (especially the ultra-secret National Security Agency) having the power to force private software providers, smart phone manufacturers, and social media giants to build back doors that allow for surreptitious government access to users of their products and to their companies’ databases. The resulting compromised security has been as regrettable as it was predictable. 

In 2015, for example, the Chinese government is suspected of hacking into the NSA itself, via an encryption back door the agency demanded of a major cybersecurity company. Even earlier than that, the NSA was involved in developing one of the most effective hacks of Microsoft systems, only to have this tool stolen by hackers and released to the public, where it is now accessible by criminals, foreign governments, and all manner of non-state actors.

It…

Source…

Drupal: If you weren’t quick to patch, assume your site was hacked

Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn’t immediately apply a security patch released on Oct. 15.

The unusually alarming statement was part of a “public service announcement” issued by the Drupal project’s security team Wednesday.

“Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection,” the Drupal security team said. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.”

To read this article in full or to leave a comment, please click here

Network World Security