201
top 14 comments
sorted by: hot top controversial new old
[-] viking@infosec.pub 44 points 3 months ago

Georgia = US State, not the country.

Maybe I saved some people a click.

[-] towerful@programming.dev 24 points 3 months ago

A reminder that Georgia (state) was a part of the whole 2020 election denial bullshit.

Georgia (country) has a seemingly left leaning president (wanting to join EU), but with a parliament seemingly working against them (eg overturning veto of the controversial Foreign Agent law).

This is a very very broad outsiders opinion. I'd love to hear from a variety of people living in Georgia, and what they reckon!

[-] viking@infosec.pub 10 points 3 months ago

I'm not Georgian myself but used to work there for a while, and your observation is spot on from my experience. Their biggest issue are Russian interventions, they outright buy politicians there. Georgia is rather poor, so you don't even have to reach too deep into your pockets.

[-] msage@programming.dev 2 points 3 months ago

Even US politicians are pretty cheap.

You almost never need the most popular ones.

[-] technocrit@lemmy.dbzer0.com 1 points 3 months ago

Same thing with zios in USA. Just ask Cori Bush.

[-] Drusas@kbin.run -3 points 3 months ago

It's pretty obvious from the context.

[-] viking@infosec.pub 14 points 3 months ago

Georgia (the country) has plenty of issues with their current elections due to Russian interventions, so no, it's absolutely not obvious from context.

[-] Waldowal@lemmy.world 32 points 3 months ago

This portal is a dumb idea, but most developers know you don't let on when a hack is attempted and you detect it. It's common to return a "success" message in hopes the "hacker" stops trying and moves on. Meanwhile, you log the attempt (and don't actually cancel a voter registration).

Though, I don't have high hopes the state actually built a secure site here.

[-] atx_aquarian@lemmy.world 13 points 3 months ago

“Incomplete paper and online applications will not be accepted,” Evans said in the statement. (Parker’s [demonstration] cancellation request would have lacked a driver’s license number.) The Secretary of State’s Office did not respond to individual questions about what testing the portal underwent before launch, the system’s security procedures, what happened to Parker’s cancellation request....

Yeah, that tells us we just don't know if this was a problem after all. Evans's statement basically claims it wasn't a vulnerability. If that's correct, then the worst thing might be if someone's browser tripped on the validation JS and allowed them down a blind alley execution path. If the claim is correct and if the page's JS never shits the bed, then in that case the only negative outcome would be someone dicking with the in-browser source could lead themselves down the blind alley, in which case who cares. The only terrible outcome seems like it would be if the claim is incorrect--i.e. if an incomplete application submission would be processed, thus allowing exploit.

Short of an internal audit, there's no smoking gun here.

[-] expr@programming.dev 0 points 3 months ago

It's still grossly negligent from a security perspective.

[-] Geometrinen_Gepardi@sopuli.xyz 15 points 3 months ago

Why does that portal need to exist in the first place?

[-] bigkahuna1986@lemmy.ml 11 points 3 months ago

And I'm sure they won't keep logs of that sort of thing.

[-] solarvector@lemmy.zip 8 points 3 months ago

Doesn't sound like a design flaw, it's the whole point, only reason you need a cancellation portal.

this post was submitted on 05 Aug 2024
201 points (98.6% liked)

Technology

59467 readers
3210 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS