What is Nostr?
Jason Parker (he/they) /
npub17cs…xk5s
2024-11-09 15:25:46

Jason Parker (he/they) on Nostr: I reported my #vulnerability in #Georgia's #voter registration platform to the ...

I reported my #vulnerability in #Georgia's #voter registration platform to the Secretary of State 90 days ago. They've still done nothing (and deny that it's even exploitable).

It isn't enough of a vulnerability to cover the ~115,000 #vote difference in the Presidential #election, but it could be quite significant nonetheless, especially in smaller races.

Is there any good¹ reason I shouldn't just drop full details? It's extremely tempting and I'm not the only person to have discovered this (s/o npub1u9zeu7wuevrftj99vmzdj8tgnxdcwuxu9u9vstgw7kntl6nzfuaq6z2404 (npub1u9z…2404) ²). The only thing that was really stopping me before was the likelihood of bullshit³ election challenges by the far right, but that's now moot.

--
1) "Log in" to MyVoterPage (MVP) at https://mvp.sos.ga.gov/s/ with BurpSuite using name, date of birth, and county of residence.
2) Click "UPDATE VOTER INFORMATION", click "Edit".
3) Change any information in the attached image.
4) ???
5) Click "CONTINUE".
6) Enable packet Intercept.
7) Check the boxes, click "SUBMIT".
8) ???
9) Wait for the registrar to approve the change.

Congratulations, you've made it impossible for somebody to vote.
--

¹ Aside from the whole retaliatory prosecution thing.
² Alison is new here; you should follow her!
³ Though potentially justified in this particular case?

#cybersecurity #infosec

Author Public Key
npub17csmz6jrsukee599d54v88l56a79med2zaeyq5psf0hj6jrkmatsnlxk5s