Help Secure the Vote!

Contact your county commissioners today.

Cross-Site Scripting (XSS) attacks appear to account for between 20% and 40% of cyber attacks in any given year, more or less since the invention of the web server and web-facing apps.

As a category, XSS attacks appear in most reports about the top web security issues, for example in the most recent OWASP (Open Web Application Security Project) Top 10 Web Application Security Risks report from 2021 (XSS was a separate category in the 2017 report, and combined with the Injection category in 2021).

One of the few effective strategies to protect against XSS is to reduce the attack surface by declaring security response headers (aka security headers) in the configuration of the web server.

These settings do things like limit the places from which a web resource can be fetched. so that scripts can't be loaded from just any-old-where on the world wide web, for example.

However, few websites implement these configuration settings, and even fewer do so completely or robustly.

I've been examining election-related websites (county and state government, campaign, and political parties) and the state of affairs here is dismal. (See the Post link below.)

The effort required to tidy this up isn't prohibitive, so presumably the issue is that people don't understand the importance or in some cases may not even realize what's possible.

If you could prevent 1 out of 5 cyber attacks on internet-facing websites and applications, by correct configuration of your existing software, would you do that?

Of course you would.

Do all y’all have any suggestions for how to effectively reach the responsible parties for state and county government websites, campaign websites, and political party websites, with this message?

How Can I Help Secure the Vote?

Share!

You can help Secure the Vote by sharing links to the Secure the Vote article or this article (the one you’re reading, now) on your social media!

Care!

You can use these free online checker tools to see the security headers on the website of your county government. Just put the URL to your county government’s website into the form on the site.

Security Headers Scan by Probely

Security Headers Analysis by Securily

Contact your County Commissioners!

Your county commissioners are responsible for making elections run well in your county and they really do care about a well-run county government and election security. The most important work in our elections has always been done at the local and county levels. Your county commissioners want elections to be secure so that people can trust the elections in your state.

Let your elected county commissioners know about this problem by sharing the link to the scan report with them via email or post on LinkedIn and tag them.

Share the Secure the Vote article with your county commissioner, so they can see easily discover the context and importance of a good .

How do I find my county commissioners?

Your county commissioners are usually pretty easy to find. They’re elected public officials — they want to be found! Here are a few tips for finding the county commissioners in your county.

Google

One easy way is to google your way to your county website. Just go to Google.com and type in something like, “Missoula County government website” (you might need to include the name of your state in the search).

Once you find it, click through. Your county government website will have contact information for your county commissioners.

Note: One thing I’ve noticed, there are lots of spam websites that copy basic information from county government website, and run ads. The information on these spam sites is usually out of date. If you see an ad banner, you’re probably not at the true website for your county.

Wikipedia

If Google searches are too cluttered with spam, you can use Wikipedia to find your county government website. Just go to the Wikipedia website and search for your county.

Wikipedia has a nice collection of articles about the counties in each state, like this one, the List of Counties in Wisconsin.

When you find the Wikipedia article for your home county, it will have a link to the county government website. Like this one, screenshot below, for Adams County, Wisconsin.

Screenshot from Wikipedia article for Adams County, Wisconsin, showing link to the county government website at the bottom

I hope some of you will try to contact you county commissioners and let them know about our effort to help them protect their websites from cross-site scripting and other attacks.

If you do, let us know how it goes!