Hacking a Washington D.C. internet voting site

Here’s the first thing that I was about to email to you guys and thought… Wait I can blog this!

It’s techy. How a pilot project for online overseas voters got owned.

The (white hat) hackers knew that the pdf file that users uploaded were encrypted via a command line tool. They were able to compromise the system by changing the extension of their ballot submission from .pdf , to specific system commands. When the system tried to run the encryption program at the command line, it instead ran the commands the hackers embedded in the file name (via the extension).

http://www.freedom-to-tinker.com/blog/jhalderm/hacking-dc-internet-voting-pilot

(From BoingBoing.net
http://www.boingboing.net/2010/10/05/alex-haldermans-tota.html )

Share
This entry was posted in Chatter, Geeky. Bookmark the permalink.

2 Responses to Hacking a Washington D.C. internet voting site

  1. Tim says:

    It’s great that DC is trying an open model for voting machines. There is a huge need for this kind of transparency in electronic voting. Lot’s of scary reports of error and fraud both intentional and accidental: http://www.democracynow.org/2008/12/22/republican_it_specialist_dies_in_plane. The only way to avoid this stuff ifs to have the whole system be transparent.

Leave a Reply