![]() ![]() > In your opinion, is there a way to fix this sort of thing? Only due to bi-partisan efforts from technically versed people were we able to get the Governor at the time to veto the bill. They then used this incident as a base to create a bill to criminalize the security researcher's actions.Īs a state rep, I worked very hard to push back on a bad bill spawned by the incident that would've criminalized responsible disclosure. The state attempted to prosecute the security researcher but found no state statutes they could use. Eventually, this information became public. The apache configuration was updated to "use encryption" (moved from http to https) but still left the info indexed by google over https vs. Quickly, a hired security researcher for a corporate client found all registered voters info and instructional pdfs with credentials for the elections system publicly indexed by google. In the Georgia version, the technical details of the exposed information in the Secretary of State's office were facepalmingly simple (misconfigured apache directives) yet the story dragged on politically for years. Without a doubt, the calculations throughout the story were political not technical. I served in the Georgia legislature during a portion of a similar story. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |