ARNO*

I’m very careful, you know, when I walk downstairs, like I’m on stairs, like these stairs, they’re very… I walk very slowly.

http://www.scarabee.org
RSS: ARNO*
tous les messages de ARNO*
  • @arno
    ARNO* ART LIBRE
    2
    @simplicissimus
    @aurelieng
    2

    Anyone Can Push Updates to the DOGE.gov Website
    https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2

    The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”

    Doge.gov was hastily deployed after Elon Musk told reporters Tuesday that his Department of Government Efficiency is “trying to be as transparent as possible. In fact, our actions—we post our actions to the DOGE handle on X, and to the DOGE website.” At the time, DOGE was an essentially blank webpage. It was built out further Wednesday and Thursday, and now shows a mirror of the @DOGE X account posts, as well as various stats about the U.S. government’s federal workforce.

    Two different web development experts who asked to remain anonymous because they were probing a federal website told 404 Media that doge.gov is seemingly built on a Cloudflare Pages site that is not currently hosted on government servers. The database it is pulling from can be and has been written to by third parties, and will show up on the live website.

    ARNO* ART LIBRE
    • @sombre
      Sombre CC BY-NC-SA

      https://foreignpolicy.com/2025/02/11/doge-cyberattack-united-states-treasury

      In the span of just weeks, the U.S. government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

      First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the U.S. Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.

      Then, we learned that uncleared DOGE personnel had gained access to classified data from the U.S. Agency for International Development, possibly copying it onto their own systems. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances—was compromised. After that, Medicaid and Medicare records were compromised.

      Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy.

      This story is moving very fast. On Feb. 8, a federal judge blocked the DOGE team from accessing the Treasury Department systems any further. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

      In any case, breaches of other critical government systems are likely to follow unless federal employees stand firm on the protocols protecting national security.

      Sombre CC BY-NC-SA
    Écrire un commentaire