To Participate on Thurstonblog

email yyyyyyyyyy58@gmail.com, provide profile information and we'll email your electronic membership


Wednesday, October 27, 2010

Want China to cast your vote in addition to owning your debt?

:::::::::::::::::::::::::::::::::
Analysis: Professor exposes more voting system flaws


... Halderman and his students pulled off another coup, exposing vulnerabilities in an internet-based system for overseas and military voters that the District of Columbia planned to test in the November election.


"Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots," Halderman wrote on his blog.
[snipped]


... Halderman's team "collected crucial secret data stored on the server," "modified all the ballots that had already been cast to contain write-in votes for candidates we selected," "installed a back door that let us view any ballots that voters cast after our attack," and -- best of all -- "left a 'calling card' on the system's confirmation screen, which voters see after voting."
[snipped]


To be fair, the people running the D.C. pilot program made a couple of weeks available for outsiders to have a crack at their system. While Halderman and his students did their best in the name of protecting the sanctity of the voting process, it appears that there were others with potentially less-friendly motives also taking advantage of the test period.


Testifying before the D.C. Board of Ethics and Elections -- in a virtually empty room, according to news reports -- Halderman dropped this bomb: "While we were in control of these systems we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded."


Halderman's team even changed the D.C. system's password (who uses a four-letter password?) to thwart the foreign intrusions.
Granted, this was a test and only a test of a small pilot program. But the idea of attempts from outside of the United States to compromise the security of the most basic of American rights should worry anyone who cares about the political process.
[snipped]

No comments: