This Week in Security: Election Bug Bounty, Malaysia Breach

U.S. Election System Bug Bounty Program

Newly unveiled legislation proposes to allow researchers to legally follow Russia’s footsteps in hacking the U.S. voting system. Similar to the “Hack the Pentagon” campaign, the proposed “Cooperative hack the Election Program” would provide legal safeguards and rewards for researchers to find vulnerabilities in voting systems outside of election seasons. If this goes anything like the Chaos Computer Club’s examination of German election software, there should be plenty of vulnerabilities exposed for fixing.

This is a great first step, but only focuses on one facet of the problem. Other defensive measures, such as maintaining paper ballots and statistical spot-checking, are crucial for detecting successful election hacks and recovering from them.

Either way, here’s hoping this sort of program can find its way through the legislative process and out into the light of day. Last year, we demonstrated our own research on voting machine insecurities, which is worth a look (we think).

Code-Signing Certs More Valuable Than Guns

Just in case you’re looking to cash in big on the darknet black market (Cylance does not endorse this), forget drugs, guns, and forged passports. The real money is in code-signing certificates.

Research conducted by the Cyber Security Research Institute (CSRI) on behalf of Venafi found that such certificates fetched up to $1,200, and unlike handguns and other physical objects, could be continually sold to buyers until revoked.

Used as an authentication measure to prevent execution of malware and untrusted programs, these certificates are valuable for malware authors looking to present their malware as legitimate trusted software.

Everyone in Malaysia Affected by Breach

Another week, another breach. This time, a massive collection of data from various Malaysian sources has been discovered for sale. Unfortunately, it looks like it affects (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog