Last year will be characterized by hacking and interference in the American political system. It was a huge wake up call for everybody involved in politics; InfoSec was an important priority. I don’t live in America. I live in the tiny Australian Capital Territory, a territory comprising of a Canberra; a city of 300,000 people. Like many places, we have a local government full of politicians. I analyzed the websites of the 25 MLAs (members of the legislative assembly) and their parties sites.
Spolier: too many local politicians have SQL injection vulnerable sites, and don’t even care.
I’m not an InfoSec industry professional; just a developer who is interested in this stuff. This is not a blog post about novel vulnerabilities – is is a story about bad higyine.
First, I compiled a list of all the sites. In total, there are 17 MLA sites (not all MLAs have their own site) and 3 party sites. There is even a helpful list maintained by the government.
Then I used used the http headers to do l33t hax0r discovery of the server software they used. It was as follows:
# of Users