Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: grey_whiskers; Steve Van Doorn

It was a thread wherein somebody did a review of something which I believe was an installation of SolarWinds / Orion software but the article was written as a critique of Dominion. The writer reportedly ran some standard systems vulnerability testing tools against this installation and reported discovered vulnerabilities. HOWEVER it was unclear what exactly the guy was reportedly critiquing because, it seemed to me, it was not a Dominion platform per se but that was the focus of the thread.


1,844 posted on 12/17/2020 8:01:07 AM PST by Steven W.
[ Post Reply | Private Reply | To 1822 | View Replies ]

To: Steven W.
OK, here's my links. Please ask the Mod to remove if it turns out to be the same guy.

Decompiling the SolarWinds Orion software with the embedded SUNBURST backdoor use to hack nearly the entire Gov, first thing I find: <enforceFIPSPolicy enabled="false"/>

So the US Government is running software with FIPS disabled? Isn't that a violation of a Number of Laws? pic.twitter.com/hlb6qpxGYY— President-Elect Alexander Higgins (@kr3at) December 15, 2020

Note to self: Wide open web service running on port 17777 on localhost. @CodeMonkeyZ This could be a candidate for #DominionVotingSystems forensic audits. pic.twitter.com/XkW4yPLcYl— President-Elect Alexander Higgins (@kr3at) December 15, 2020

He nothing like the most secure election ever running servers with DB Admin permissions and execute permission on dynamic sql. Yeah! And Nevermind DLL indexing on dbm_TimeSerieLegacyDDL. Misspelled table name, also called legacy. What could be wrong there? pic.twitter.com/bemSKCfbmR— President-Elect Alexander Higgins (@kr3at) December 15, 2020

Hey look. Solaris is Security Minded after all. They have library to prevent against Cross Site Scripting Attacks. But oops. That's pretty ancient Web sure has changed alot since 2012 (don't mind that modified date): https://t.co/Q4RT7GqwNu) This library also has security issues. pic.twitter.com/7sCf7y7aUn— President-Elect Alexander Higgins (@kr3at) December 15, 2020

Another ancient library: Antlr3. I wonder what they need for this is? Hope it is for straight grammar parsing and not dynamic code generation. This version going back to 2012 also has many well-known vulnerabilities. https://t.co/q5JVWoTVYD

Source Code : https://t.co/sOIA6haUgW— President-Elect Alexander Higgins (@kr3at) December 15, 2020

And here is the APM (typically stands for App manager) admin Url: /Orion/APM/Admin.sitemap

Wonder if the legacies url still works: /Orion/APM/Admin/Default.aspx

Should definitely test these on #DominionVotingSystems machines to make sure they aren't open. pic.twitter.com/UsMGKnU5en— President-Elect Alexander Higgins (@kr3at) December 15, 2020


1,847 posted on 12/17/2020 8:05:18 AM PST by grey_whiskers (The opinions are solely those of the author and are subject to change with out notice.)
[ Post Reply | Private Reply | To 1844 | View Replies ]
To: Steven W.
said, "it was not a Dominion platform per se but that was the focus of the thread"
Yes. "President-Elect Alexander Higgins @kr3at" seemed to trying to trick people into believing it was dominion.
Controlled opposition has some really good players in this one.
1,946 posted on 12/17/2020 9:41:50 AM PST by Steve Van Doorn (*in my best Eric Cartman voice* 'I love you, guys')
[ Post Reply | Private Reply | To 1844 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson