In a recent study of the new internet based voting system being tested in DC "white hat" hackers found serious security flaws within 36 hours...
Hmm... a four letter master password?!?
(They shouldn't be even be using passwords for something like this.)
In related stories, reports of voting machine problems during early voting 2010:
Voters Complain Of Problems At Polls
Voter reports problem with ballot machine
Hmm... our new hacker overlords must be democrats.
"Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots," Halderman wrote on his blog.
Along the way, Halderman's team "collected crucial secret data stored on the server," "modified all the ballots that had already been cast to contain write-in votes for candidates we selected," "installed a back door that let us view any ballots that voters cast after our attack," and -- best of all -- "left a 'calling card' on the system's confirmation screen, which voters see after voting."
[...]
Testifying before the D.C. Board of Ethics and Elections -- in a virtually empty room, according to news reports -- Halderman dropped this bomb: "While we were in control of these systems we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded."
Along the way, Halderman's team "collected crucial secret data stored on the server," "modified all the ballots that had already been cast to contain write-in votes for candidates we selected," "installed a back door that let us view any ballots that voters cast after our attack," and -- best of all -- "left a 'calling card' on the system's confirmation screen, which voters see after voting."
[...]
Testifying before the D.C. Board of Ethics and Elections -- in a virtually empty room, according to news reports -- Halderman dropped this bomb: "While we were in control of these systems we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded."
(They shouldn't be even be using passwords for something like this.)
In related stories, reports of voting machine problems during early voting 2010:
Voters Complain Of Problems At Polls
Voter Joyce Ferrara said when they went to vote for Republican Sharron Angle, her Democratic opponent, Sen. Harry Reid's name was already checked.
Sam Laughinghouse of New Bern said he pushed the button to vote Republican in all races, but the voting machine screen displayed a ballot with all Democrats checked. He cleared the screen and tried again with the same result, he said. Then he asked for and received help from election staff.
“They pushed it twice and the same thing happened,” Laughinghouse said. “That was four times in a row. The fifth time they pushed it and the Republicans came up and I voted.”
“They pushed it twice and the same thing happened,” Laughinghouse said. “That was four times in a row. The fifth time they pushed it and the Republicans came up and I voted.”

Comment