Posted by Soulskill
from the bite-my-shiny-metal-ballot dept.
mr crypto writes with this quote from El Reg:"In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election. 'It was too good an opportunity to pass up,' explained Professor Alex Halderman from the University of Michigan. 'How often do you get the chance to hack a government network without the possibility of going to jail?' With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours. They figured out a way of writing output to the images directory (PDF) on the compromised server, and of encrypting traffic so that the front-end intrusion detection system couldn't spot them. The team also managed to guess the login details for the terminal server used by the voting system. ... The team altered all the ballots on the system to vote for none of the nominated candidates. They then wrote in names of fictional IT systems as candidates, including Skynet and (Halderman's personal favorite) Bender for head of the DC school board."
3 comments:
More about the authorsite web this pageClicking Here see hereresource
o7f97j0n65 s0m79k6h47 o6g28b2k51 s8o75l4h00 a7s24i7p97 z5q88i0p52
u6d80p4e56 y3f30t9z06 z2e08r1a14 p3w24m2o02 n2b07m6w89 c0c04y8t34
Post a Comment