A Georgia election server was vulnerable to Shellshock and may have been hacked

Closeup photograph of a Georgia voter access card.

(credit: Jason Riedy / Flickr)

Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock, a critical flaw that gives attackers full control over vulnerable systems, a computer security expert said in a court filing on Thursday.

Shellshock came to light in September 2014 and was immediately identified as one of the most severe vulnerabilities to be disclosed in years. The reasons: it (a) was easy to exploit, (b) gave attackers the ability to remotely run commands and code of their choice, and (c) opened most Linux and Unix systems to attack. As a result, the flaw received widespread news coverage for months.

Patching on the sly

Despite the severity of the vulnerability, it remained unpatched for three months on a server operated by the Center for Election Systems at Kennesaw State University, the group that was responsible for programming Georgia election machines. The flaw wasn't fixed until December 2, 2014, when an account with the username shellshock patched the critical vulnerability, the expert’s analysis of a forensic image shows. The shellshock account had been created only 19 minutes earlier. Before patching the vulnerability, the shellshock user deleted a file titled shellsh0ck. A little more than a half hour after patching, the shellshock user was disabled.

Read 14 remaining paragraphs | Comments

https://arstechnica.com/?p=1645597

Source: Ars Technica

By:

This timeless piece of “body art” of people having sex in an MRI turns 20
This timeless piece of body art of people having sex in an MRI turns 20 ...
Dec/26/2019
Lessons from scorching hot weirdo-planets
Lessons from scorching hot weirdo-planets ...
Dec/22/2019
Biden wants Sec. 230 gone, calls tech “totally irresponsible,” “little creeps”
Biden wants Sec. 230 gone, calls tech totally irresponsible, little creeps ...
Jan/17/2020
Frontier, an ISP in 29 states, plans to file for bankruptcy
Frontier, an ISP in 29 states, plans to file for bankruptcy ...
Jan/20/2020
Starliner set for its historic debut flight on Friday morning
Starliner set for its historic debut flight on Friday morning ...
Dec/19/2019
Linux on laptops: Ubuntu 19.10 on the HP Dragonfly Elite G1
Linux on laptops: Ubuntu 19.10 on the HP Dragonfly Elite G1 ...
Jan/27/2020