Jason Parker (he/they)May 16, 2024

I finally made a list of all of my govtech vulnerabilities. Seeing it all broken out like this makes it feel so...real.

21 platforms, 18 of them are courts.

#infosec #govtech #vulnerability #law

Show thread@infosec_jcp πŸˆπŸƒ done differentlyMay 16, 2024

@north

Ooo, does this include Malware being served from .org sites that are PD? πŸ€”

Show threadJason Parker (he/they)May 16, 2024
@infosec_jcp No, that one is a CVSS 10 that basically lets you take full admin, including editing queries and DB connection strings. In theory, I suppose you could inject some JS into the output of officer complaints?
Show thread@infosec_jcp πŸˆπŸƒ done differently

@north

Yikes(!) That would be terrible for a form online from citizens making reports!

The difference in the City here vs. The South Bay PD systems online on VirusTotal is night and day, Malware infested vs. zero Malware detected in forms. πŸ’―βš οΈπŸ‘‡
https://infosec.exchange/@infosec_jcp/109487605914643315

@infosec_jcp πŸˆπŸƒ done differently (@[email protected])

Attached: 1 image Follow up from a past scan on https://sjpd.org Still βœ‹β˜£οΈβœ‹β˜£οΈβœ‹β˜£οΈ but believe I.T. or Not... This is BETTER than I.T. was. πŸ™„πŸ˜³πŸ€¨ #SJPD #VirusTotal #infosec https://www.virustotal.com/graph/embed/g98f85cfb01464fa09fd96259a7b7275cf7ba6da5fab9430786408fbc8213dda6

Infosec Exchange
May 16, 2024 at 5:33pmWeb
Show thread@infosec_jcp πŸˆπŸƒ done differentlyMay 16, 2024

@north

Hmm, it's gotten *better*, iGuess

☣️ πŸ”δΉ[α“€Λ΅β–ΎΛ΅α“‚]γ„πŸ”Ž ☣️

#VirusTotal #SJPD

β˜£οΈπŸ”Ž https://sjpd.org/ πŸ”β˜£οΈ Last Scanned 11 months ago. Refreshed today though πŸ’―πŸ”Žβ˜£οΈπŸ”πŸ§ΎπŸ‘‡βš οΈ

https://www.virustotal.com/graph/embed/g9759cf56c9cb4db4a1d1e9310c43c1cccad331c248e54bccbdc3b138a6d4a7da