[ale] electronic voting

Sean Kilpatrick kilpatms at mindspring.com
Thu Jul 24 09:36:47 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The New York Times has an article in today's paper about the
weaknesses in the software for these machines. The source
document can be found at

www.avirubin.com/vote.pdf

This "Analysis of an Electronic Voting System" is written by
Tadayoshi Kohono, Adam Stubblefield, amd Aviel Rubin, all at
Johns Hopkins, and by Dan Wallach from Rice.

To quote from the abstract,
"Our analysis shows that this voting system is far below even
the most minimal security standards applicable in other contexts.
We highlight several issues including unauthroized privilege
escalation, incorrect use of cryptography, vulnerabilities to
network threats, and poor software development processes. For
example, common voters, without any insider privileges, can cast
unlimited votes without being detected by any mechanisms within
the voting terminal. Furthermore, we show that even the most
serious of our outsider attacks coulg have been discovered
without the source code."

Sean

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/H+D173hVp4UeGJERAlx2AKCBZ2Ge3Zzg06rJehO+PVL9nxv/3wCfRyHd
xpioADS6zw21YtmJuFhy+7M=
=n4cU
-----END PGP SIGNATURE-----

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list