File-sharing software on state election servers could expose them to intruders

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/tech-policy/2018/11/file-sharing-software-on-state-election-servers-could-expose-them-to-intruders/

By Jack Gillum and Jeff Kao, Propublica
Ars Technica
11/5/2018

As recently as Monday, computer servers that powered Kentucky's online 
voter registration and Wisconsin's reporting of election results ran 
software that could potentially expose information to hackers or enable 
access to sensitive files without a password.

The insecure service run by Wisconsin could be reached from Internet 
addresses based in Russia, which has become notorious for seeking to 
influence US elections. Kentucky's was accessible from other Eastern 
European countries.

The service, known as FTP, provides public access to files -- sometimes 
anonymously and without encryption. As a result, security experts say, it 
could act as a gateway for hackers to acquire key details of a server's 
operating system and exploit its vulnerabilities. Some corporations and 
other institutions have dropped FTP in favor of more secure alternatives.

Officials in both states said that voter-registration data has not been 
compromised and that their states' infrastructure was protected against 
infiltration. Still, Wisconsin said it turned off its FTP service 
following ProPublica's inquiries. Kentucky left its password-free service 
running and said ProPublica didn't understand its approach to security.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_