Man. You ain’t kidding. Too bad the average normie doesn’t understand this is as safe as storing your oily rags next to your dry Christmas tree that’s next to the old space heater that’s too hot to touch and has a frayed cord.
As a security expert I'd usually say Windows 7 doesn't strictly have to be insecure. All operating systems are potentially insecure and system architects don't operate on the basis that if you use the latest OS all the time staying updated then that keeps you secure.
It's not abnormal to have embedded systems running operating systems ten years old or twenty years old that are still stable and secure.
The big but is having things like Windows file sharing exposed, a notorious attack vector. I would be very sceptical that they have secured that.
There would be some potential convenience in having it though I would try to achieve that other ways.
It could probably be possible to make SMB secure enough on Linux having it run in a container, virtualised, etc and read only secondary copy (a clone / replicant, not master editable copy) as well as with monitoring (you always assume they manage to find a way in so also have fallbacks).
I doubt you can do anything so easily with windows and I doubt they have so many fallbacks.
It's not just the ability to remote access files (if they make it the master copy to and RW) but also those kind of services are known to be stuffed with exploits. A simpler file transfer mechanism can likely be better audited or controlled.
SMB probably gives far more features than they really need. If you really want it I would have multiple computers on the device. Things get sent to a raspberry PI one way through internal link and that can share all kinds of ways. Still not as simple as it sounds though.
In Windows, your best bet is to keep the system patched, disable null sessions, have no anonymous shares, have a strong password policy on the machine, have good lockout policies, and enable SMB signing. But that's an unbelievable amount of risk to adopt on a voting machine.
The words "Windows file share" and "voting system" being used in the same sentence make me hyperventilate.
Man. You ain’t kidding. Too bad the average normie doesn’t understand this is as safe as storing your oily rags next to your dry Christmas tree that’s next to the old space heater that’s too hot to touch and has a frayed cord.
Visual definitely checks out
As a security expert I'd usually say Windows 7 doesn't strictly have to be insecure. All operating systems are potentially insecure and system architects don't operate on the basis that if you use the latest OS all the time staying updated then that keeps you secure.
It's not abnormal to have embedded systems running operating systems ten years old or twenty years old that are still stable and secure.
The big but is having things like Windows file sharing exposed, a notorious attack vector. I would be very sceptical that they have secured that.
I'm in infosec as well. With the amount of junk you can do with SMB shares sitting on a network, having them on voting machines is appalling.
Then wait for these machines to get locked up by a cryptolocker “attack” once forensic investigators from the guvmint show up, hiding all evidence
There would be some potential convenience in having it though I would try to achieve that other ways.
It could probably be possible to make SMB secure enough on Linux having it run in a container, virtualised, etc and read only secondary copy (a clone / replicant, not master editable copy) as well as with monitoring (you always assume they manage to find a way in so also have fallbacks).
I doubt you can do anything so easily with windows and I doubt they have so many fallbacks.
It's not just the ability to remote access files (if they make it the master copy to and RW) but also those kind of services are known to be stuffed with exploits. A simpler file transfer mechanism can likely be better audited or controlled.
SMB probably gives far more features than they really need. If you really want it I would have multiple computers on the device. Things get sent to a raspberry PI one way through internal link and that can share all kinds of ways. Still not as simple as it sounds though.
In Windows, your best bet is to keep the system patched, disable null sessions, have no anonymous shares, have a strong password policy on the machine, have good lockout policies, and enable SMB signing. But that's an unbelievable amount of risk to adopt on a voting machine.