Systems used by courts and govs across the US riddled with vulnerabilities

With hundreds of courts and gov agencies affected, chances are, one near you is, too.

See full article...

 

[nijave]

Not sure if there's state-level restrictions but it'd be nice if more things moved to login.gov. Seems to be a pretty decent identity provider (IdP) that supports MFA

I think it currently relies on individual apps to do identity validation, though (unfortunately). Ideally this could tie into BMV/DMV since they're already doing identity validation to issue physical ID cards--something simple like an online signup PIN

All these ad-hoc "enter arbitrary, usually publicly available information to authenticate" govt sites are pretty ridiculous

 

[nijave]

"...voter registration cancellation portal for the state of Georgia, for instance, allowed anyone visiting it to cancel the registration of any voter in that state when the visitor knew the name, birthdate, and county of residence of the voter" -- truly frightening, and likely being exploited right now. use a decent vpn to do it and it might be pretty damned hard to prove anything down the road. nightmare, actually. you drive around and see a political sign on someone's front lawn and you're just about there...

Especially terrifying given voter registration info is usually (always?) public and finding out who lives at an address is usually not terribly difficult ("reverse address" or "neighbor" search)