
Accidentally altering data on senate.gov - rshnotsecure
https://blog.12security.com/accidentally-altering-data-on-senate-gov/
======
CapriciousCptl
After Googling, 8e:c3:91:a4:f6:c0:b3:66:01:e9:85:a9:da:a6:24:f9

appears to be the default public key for a juniper firewall. I could be wrong
but I don’t see anything nefarious.

Obviously you should change your default key and you probably shouldn’t
whitelist huge IP ranges.

------
Top19
So Granicus posts online streaming video of every gov agency in the country
basically. They have their own custom hardware to do this too that sites
inside of gov datacenters it seems.

Apparently they left open their main production database a few months ago. The
issue here though seems to be that even now they require all these agencies to
whitelist on all ports their two /24 "remote support" subnets.

He pulled an SSH key from one of the remote support servers and found it also
on dozens of Chinese servers...

------
netsharc
What the hell is that shitshow of a blog. It seems the story goes on, but
divided into many disjointed posts.

The presentation made me doubt if the research is legit or if this is just
someone drawing the wrong conclusions and throwing it together in yet another
Wordpress blog...

~~~
IAmLiterallyAB
I agree. Very poorly written and difficult to follow

------
Bucephalus355
The entire Emergency Alert System for the US is bizarre. Onsolve and
GovDelivery totally dominate it. They seem to have barely any engineering
talent on LinkedIn.

GovDelivery, I think the same as Granicus, has always been plagued by mass
spamming accusations. This comes up on reddit occasionally.

Either way, the video streaming servers, they are just what Elemental
Technologies offered before they were (super allegedly) hacked by the PLA to
get at Apple and Amazon in the Bloomberg article last year...

------
pixelA
This seems pretty threatening and dangerous even for todays low security
expectations. My guess is that the company acquired too many assets, they
didn’t know how to manage them all. Now the whole company's IT system is just
a "conspiracy of optimism" for their customers.

------
omega10
Wow.. this is one of the most egregious data breaches i have seen in awhile.
How could governments be so mislead to get caught up with companies like this.

