County employees checking crappy out-of-date touchscreen voting machines
❝ A security researcher disclosed a gaping security hole at the outfit that manages Georgia’s election technology, days before the state holds a closely watched congressional runoff vote on June 20.
The security failure left the state’s 6.7 million voter records and other sensitive files exposed to hackers, and may have been left unpatched for seven months. The revealed files might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls during elections…
❝ Logan Lamb, a 29-year-old Atlanta-based private security researcher…made the discovery last August. He…felt the election center had not been serious enough about security and came forward with his findings, this week.
❝ Lamb discovered the security hole — a misconfigured server — one day as he did a search of the Kennesaw State election-systems website. There, he found a directory open to the internet that contained not just the state voter database, but PDF files with instructions and passwords used by poll workers to sign into a central server used on Election Day. Lamb said he downloaded 15 gigabytes of data, which he later destroyed…
The directory of files “was already indexed by Google,” Lamb said in an interview — meaning that anyone could have found it with the right search.
❝ “I don’t know if the vote could have been rigged, but compromising that server would have served as a great pivot point and malware could have been planted easily,” he added.
❝ Lamb said he notified the center’s director, Merle King, who assured him the hole would be patched and who asked to keep his discovery to himself.
RTFA for the details. Usually, we can categorize information like this as either stupid or ignorant. Maybe we should add incompetent.