https://arstechnica.com/tech-policy/2018/11/file-sharing-software-on-state-election-servers-could-expose-them-to-intruders/
By Jack Gillum and Jeff Kao, Propublica
Ars Technica
11/5/2018
As recently as Monday, computer servers that powered Kentucky's online
voter registration and Wisconsin's reporting of election results ran
software that could potentially expose information to hackers or enable
access to sensitive files without a password.
The insecure service run by Wisconsin could be reached from Internet
addresses based in Russia, which has become notorious for seeking to
influence US elections. Kentucky's was accessible from other Eastern
European countries.
The service, known as FTP, provides public access to files -- sometimes
anonymously and without encryption. As a result, security experts say, it
could act as a gateway for hackers to acquire key details of a server's
operating system and exploit its vulnerabilities. Some corporations and
other institutions have dropped FTP in favor of more secure alternatives.
Officials in both states said that voter-registration data has not been
compromised and that their states' infrastructure was protected against
infiltration. Still, Wisconsin said it turned off its FTP service
following ProPublica's inquiries. Kentucky left its password-free service
running and said ProPublica didn't understand its approach to security.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
