Tag Archives: exposed

Voter Database Security Is A Myth

In this post, guest author David Maman, CTO and founder of GreenSQL – the database security company – questions the security reliability of voter databases.

imageSome of us spend days and months of indecision, hours in front of the TV watching campaign commercials and presidential debates, researching on the Net, mulling the options with family and friends, all ultimately to go to the polls to exercise our constitutional right to vote. For millions among us, this is a final decision and a terminal point.

Not for me.

As an information security specialist and database security researcher, I wonder where my vote goes, in what database it’s maintained, and, of course, how secure it is.

Hard experience has taught me that right now, somewhere, a hacker is trying to penetrate the voter databases “just for fun,” “to prove something,” or if I really want to be paranoid, “because he’s part of a powerful, international organization that seeks to dictate our political process by determining elections.”

Paranoia? I wish. One only has to read the news… last year, the databases of major companies were hacked: LinkedIn, Visa, KT Mobile, Sony, Zappos, etc. Of course, that tally doesn’t include the organizations who don’t know they were hacked.

Want news on voter databases being hacked in the last few years? Take a look at the list below, the result of a two-minute Google search:

July 15, 2012: Florida Allowed to Access Citizen Database for Voter Purge

July 27, 2012: Obama Administration to Open Voter Database

March 26, 2012: GOP’s Voter Vault Database Hacked, Candidates’ Identity Altered

August 2011: No Personal Information Compromised After Voter Database Hacked

At a time when databases are being constantly penetrated by unauthorized users and personal information is being stolen, misused or just maliciously exposed, the question remains: How secure are voter databases?

As if selecting a candidate isn’t vexing enough, now, I have a bigger concern: “How can I be sure my vote ultimately goes to the candidate of my choice?” “Will my vote be manipulated in any way, whether by foreign or domestic entities?” “Will my voter information be used to make it easier to have my identity stolen? (Even the FBI says identity theft represents a more serious threat than drugs.)”

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

1 Comment

Filed under Cyber Crime, Guest Writers, Point of View

I Love Email, But….

imageI love email – I do – really. I have to love it – I certainly get enough, and send enough; so I have to kind of, sort of – love it. There are some issues with personal email though, that tone down the love quotient – “unlovely” issues.

Number one on my “unlovely” list – the “forward to everyone you know” email. Too often, this type of email turns out to be plain old B.S – otherwise known as a myth. I do wish that my connections who forward this type of aggravating nonsense would drop by Snopes.com (the definitive Internet reference source for urban legends, folklore, myths, rumors, and misinformation), before hitting the send button.

I wish I’d written the following rant regarding forwarded emails – it sums up my perspective, nicely –

If you’re going to forward something, at least send me something mildly amusing. I’ve seen all the “send this to 10 of your closest friends, and this poor, wretched excuse for a human being will somehow receive a nickel from some omniscient being”.

Show a little intelligence and think about what you’re actually contributing to by sending out these forwards. Chances are it’s our own unpopularity.

The point being? If you get some chain letter that’s threatening to
leave you shagless or luckless for the rest of your life, delete
it.

Don’t piss people off by making them feel guilty about a leper in Botswana with no teeth who has been tied to the ass of a dead elephant for 27 years and whose only salvation is the 5 cents per letter he’ll receive if you forward this email.

Now forward this to everyone you know.

Otherwise, tomorrow morning your underwear will turn carnivorous and will consume your genitals.

Number two on my list – the “hang my email address out there for everyone to see” email – or, the famous “I’ve never heard of the Bcc (Blind Carbon Copy) option in email.”

Here’s an example of this type of email I received just yesterday, in my private email inbox, from a friend. There are more than three times as many exposed email addresses as I’ve shown in this screen capture.

Lazy email 2

So what’s the big deal? Well, here’s the big deal –

This email has taken away my control of who has access to my private email address. I have no way of controlling how often my email address gets forwarded or, to whom.

Experience has taught me – there is now a good chance that this address will end up on a spammers list. Spammers comb the Web specifically seeking out email address which have been published in the clear. Since I have lost control over this address it’s now fair game for spammers. Drat!

Contrast this with the following forwarded email (again, from a friend), who has had the courtesy to use Bcc in order not to expose the recipients email addresses.

Lazy email 1

My good buddy Rick Robinette, over at What’s On My PC, has written an excellent piece on Bcc – Tip: Bcc Protects Private Email Addresses – which is definitely worth a read.

Here’s a sample from that article –

The benefits of using the Bcc field is simply this. You are protecting the privacy of other people. Currently I have approximately (5)-five email accounts that I use for specific purposes, from a variety of email services, with one of those accounts being my primary email account. I am very protective of that primary email account address and do not want it thrown about for the spammers to get hold of or for strangers to see.

For example, I have found people’s email addresses in forwarded emails that I know and have not seen for years. They are very surprised when I contact them; and, will often ask, “How did you get my email?”. I explain that I simply pulled it from a forwarded email.

Number three on my list – the “religious and political commentary” email. This type of email (usually a forwarded email), often tends to lean, more than slightly, to a rightwing extremist point of view – an unbalanced opinion, decidedly unsupported by facts.

It’s not that I don’t appreciate political commentary or discourse but, I can’t help wondering if any consideration is ever given (by the sender), to my personal point of view. It seems – not. Annoying as hell.

There you have it – my rant for the month of September.   Smile

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Email, Myths, Opinion, Point of View