Jason Parker (security researcher)

Last updated
Jason Parker
OccupationCybersecurity Researcher
Years active2023–present
Organization Jeltz
Known forCybersecurity discoveries
Website https://ꩰ.com/@north

Jason Parker is an American cybersecurity researcher known for uncovering dozens of critical vulnerabilities in government and legal software systems. Their work has exposed significant security flaws in court record systems, records request platforms, and voting systems, leading to increased awareness and remediation of these issues.

Contents

Career

Parker began their career as a software developer. [1]

Notable Discoveries

Parker has discovered dozens of critical vulnerabilities in computer systems.

U.S. Court Record Systems

In late 2023, Parker began discovering vulnerabilities in court computer systems. [2] [3] [4] [5]

Parker has also discovered critical vulnerabilities in several electronic court filing platforms. [6] [7]

Records Requests Platforms

In 2024, Parker identified numerous vulnerabilities in widely used public records request platforms employed by state and local governments. [8]

Voting System Involvement

In August 2024, Parker discovered a critical flaw in Georgia's voter registration cancellation portal. The flaw allowed individuals to submit a voter cancellation request without proper identity verification, using publicly available information. State officials quickly fixed the vulnerability after media outlets, including ProPublica and Atlanta News First, alerted the state to the issue. [9] [10]

Parker's discovery added to the list of vulnerabilities, found in Georgia's new voter registration system, leading to increased scrutiny of the platform. [11]

Impact

Parker's work has brought significant attention to systemic security issues within government and legal systems, emphasizing the importance of robust cybersecurity measures. Their discoveries have led to increased scrutiny of these systems and prompted organizations to implement stronger security protocols. Following Parker's disclosures, many systems were updated without fanfare to address the security flaws; however, some entities, such as Florida's Lee County, threatened legal action against Parker. [12]

Related Research Articles

An exploit is a method or piece of code that takes advantage of vulnerabilities in software, applications, networks, operating systems, or hardware, typically for malicious purposes. The term "exploit" derives from the English verb "to exploit," meaning "to use something to one’s own advantage." Exploits are designed to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or steal sensitive data. While an exploit by itself may not be a malware, it serves as a vehicle for delivering malicious software by breaching security controls.

In the field of computer security, independent researchers often discover flaws in software that can be abused to cause unintended behaviour; these flaws are called vulnerabilities. The process by which the analysis of these vulnerabilities is shared with third parties is the subject of much debate, and is referred to as the researcher's disclosure policy. Full disclosure is the practice of publishing analysis of software vulnerabilities as early as possible, making the data accessible to everyone without restriction. The primary purpose of widely disseminating information about vulnerabilities is so that potential victims are as knowledgeable as those who attack them.

Vote counting is the process of counting votes in an election. It can be done manually or by machines. In the United States, the compilation of election returns and validation of the outcome that forms the basis of the official results is called canvassing.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

<span class="mw-page-title-main">Elections in Georgia (U.S. state)</span>

Elections in Georgia are held to fill various state and federal seats. Regular elections are held every even year. The positions being decided each year varies, as the terms of office varies. The State Senate, State House and U.S. House will typically be up for election, as all of those positions have two-year terms. Special elections are held to fill vacated offices. Georgia is one of seven states that require a run-off election if no candidate receives a majority of the vote in a primary election. Uniquely, Georgia requires a run-off election for state and congressional offices if no candidate wins a majority of the vote in a general election; only Louisiana has a similar requirement, but it operates under a different election system.

Vulnerabilities are flaws in a computer system that weaken the overall security of the system.

Secure coding is the practice of developing computer software in such a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne's network had paid over $230 million in bounties. HackerOne's customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.

Keeper Security, Inc. (Keeper) is a global cybersecurity company founded in 2009 and headquartered in Chicago, Illinois. Keeper provides zero-knowledge security and encryption software covering functions such as password and passkey management, secrets management, privileged access management, secure remote access and encrypted messaging.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

<span class="mw-page-title-main">Rafay Baloch</span> Pakistani ethical hacker and security researcher (born 1993)

Rafay Baloch is a Pakistani ethical hacker and security researcher. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, The Express Tribune and TechCrunch. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award. In 2021, Islamabad High court designated Rafay Baloch as an amicus curia for a case concerning social media regulations.

<span class="mw-page-title-main">Brad Raffensperger</span> American politician (born 1955)

Bradford Jay Raffensperger is an American businessman, civil engineer, and politician serving as the Secretary of State of Georgia since 2019. A member of the Republican Party, he previously served in the Georgia House of Representatives, representing District 50.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

Checkmarx is an enterprise application security company specializing in static application security testing (SAST) headquartered in Atlanta, Georgia in the United States.

<span class="mw-page-title-main">2024 United States presidential election in Georgia</span>

The 2024 United States presidential election in Georgia is scheduled to take place on Tuesday, November 5, 2024, as part of the 2024 United States elections in which all 50 states plus the District of Columbia will participate. Georgia voters will choose electors to represent them in the Electoral College via a popular vote. The state of Georgia has 16 electoral votes in the Electoral College, following reapportionment due to the 2020 United States census in which it neither gained nor lost a seat. Georgia is considered to be a crucial swing state in 2024.

<span class="mw-page-title-main">John Jackson (hacker)</span> Security researcher

John Jackson also known as Mr. Hacking, is an American security researcher and founder of the white-hat hacking group Sakura Samurai.

Log4Shell (CVE-2021-44228) is a zero-day vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

Pentera is a cybersecurity software company, specializing in automated security validation solutions. Originally founded as Pcysys in 2015, the company later rebranded as Pentera in 2021. The company is led by Amitai Ratzon (CEO) and Dr. Arik Liberzon. Pentera has entities in the US, Germany, UK, Israel, Dubai, and Singapore.

References

  1. Zurier, Steve (2024-10-01). "Over two dozen critical bugs found in voter registration, court systems". SC Media. Retrieved 2024-10-08.
  2. Lowrey, Brandon (2023-11-30). "Software Flaws Exposed Sealed Court Docs, Researcher Says" . Law360. Retrieved 2024-05-05.
  3. "Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems". Cybersecurity and Infrastructure Security Agency . 2023-11-30. Retrieved 2024-05-05.
  4. "Sarasota Clerk and Comptroller Confirms No Breach of Private Information Obtained Via ClerkNet". Sarasota County Clerk and Comptroller . 2023-11-30. Retrieved 2024-05-06.
  5. Baker-White, Emily (2024-06-18). "Massive Court Breach Exposed Confidential Court Testimony, Medical And Psychiatric Records". Forbes. Retrieved 2024-09-15.
  6. Goodin, Dan (2024-09-30). "Court Data Exposed by Vulnerabilities in Software Used by US Government: Researcher". Ars Technica. Retrieved 2024-10-08.
  7. Kovacs, Eduard (2024-10-03). "Systems used by courts and governments across the US riddled with vulnerabilities". SecurityWeek. Retrieved 2024-10-08.
  8. DiMolfetta, David (2024-03-07). "Flaws in public records management tool could let hackers nab sensitive data linked to requests". Nextgov/FCW. Retrieved 2024-05-05.
  9. Clark, Doug Bock (2024-08-05). "A Terrible Vulnerability: Cybersecurity Researcher Discovers Yet Another Flaw in Georgia's Voter Cancellation Portal". ProPublica. Retrieved 2024-09-14.
  10. Keefe, Brendan (2024-08-05). "Security flaw allowed anyone to request cancellation of Georgia voter registrations". Atlanta News First. Retrieved 2024-09-14.
  11. Clark, Doug Bock (2024-08-03). "Marjorie Taylor Greene's and Brad Raffensperger's Voter Registrations Targeted in Georgia's New Online Portal". ProPublica. Retrieved 2024-09-14.
  12. Whittaker, Zack (2023-11-30). "Security flaws in court record systems used in five US states exposed sensitive legal documents". TechCrunch. Retrieved 2024-05-05.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.