Local Politicians Meet InfoSec – a WordPress Disaster


Last year will be characterized by hacking and interference in the American political system. It was a huge wake up call for everybody involved in politics; InfoSec was an important priority. I don’t live in America. I live in the tiny Australian Capital Territory, a territory comprising of a Canberra; a city of 300,000 people. Like many places, we have a local government full of politicians. I analyzed the websites of the 25 MLAs (members of the legislative assembly) and their parties sites.
Spolier: too many local politicians have SQL injection vulnerable sites, and don’t even care.
Methodology
I’m not an InfoSec industry professional; just a developer who is interested in this stuff. This is not a blog post about novel vulnerabilities – is is a story about bad higyine.
First, I compiled a list of all the sites. In total, there are 17 MLA sites (not all MLAs have their own site) and 3 party sites. There is even a helpful list maintained by the government.
Then I used used the http headers to do l33t hax0r discovery of the server software they used. It was as follows:
Software Package
# of Users
Wordpress
7
NationBuilder (SaaS)
4
Wix (SaaS)
2
Unknown/Bespoke
2
Static
1
Wordpress.COM
Source: https://managewp.org/articles/14472/local-politicians-meet-infosec-a-wordpress-disaster


Source: https://williechiu40.wordpress.com/2017/02/28/local-politicians-meet-infosec-a-wordpress-disaster/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s