Details Of How The DC Online Voting System Was Hacked:
Small Vulnerability, Huge Consequences from the validate,-validate,-validate dept
We already wrote about the news that some folks at the University of Michigan had successfully hacked
an online voting trial in DC, and suggested that Alex Halderman was the guy behind it (though, he was not identified in the press). Halderman has now written a blog post noting that, indeed, it was him and a few others, and providing a pretty thorough explanation of what happened. The DC project had called on anyone to try to hack it during an open hack period, though they only gave three days notice. Still, it didn’t take long for Halderman, two PhD. students and a member of UMich’s technical staff to find a vulnerability:
The problem, which geeks classify as a “shell-injection vulnerability,” has to do with the ballot upload procedure. When a voter follows the instructions and uploads a completed ballot as a PDF file, the server saves it as a temporary file and encrypts it using a command-line tool called GnuPG. Internally, the server executes the command gpg with the name of this temporary file as a parameter: gpg […] /tmp/stream,28957,0.pdf.
“While We Were Sleeping”
Orwell Rolls In His Grave, featuring MCM – Buy the DVD
About News From Underground
News From Underground is a daily e-news service run by Mark Crispin Miller, a Professor of Culture and Communication at NYU. It is based on his belief that academics, like reporters, have a civic obligation to help keep the people well-informed, so that American democracy might finally work.
If you'd like to receive updates delivered to your inbox daily, sign up for News From Underground Alerts:
Help News From Underground!
Message from Mark: "I am a one-man operation, although assisted greatly by some volunteers, and, now and then, by people paid by others for one-time projects. There is no shortage of skilled, dedicated folks out there who want to help me. There is, however, nothing I can pay them with, unless you decide you can contribute something."
Please donate via the PayPal button above or via PayPal by email to: email@example.com
- Please HELP FUND this documentary on JFK’s assassination!
- Talkin’ World War One Blues…
- How Australia plans to keep its vaccinated children safe from illnesses that they can’t catch
- On the mass delusion now afflicting liberals (and putting all of us at risk)
- There’s actually more evidence in Pizzagate than there is in “Russia-gate.”
- Forbidden Bookshelf on
- Contact Lou Dobbs on
- Forbidden Bookshelf on
- Top US spooks see NO “conclusive evidence” of Russian hacking in Election 2016 on
- How blaming Trump’s “election” on the Russians could force Hillary on us after all—and end US democracy for good… on
- Forbidden Bookshelf
- The strange death of Nancy Schaefer (two items)
- There's actually more evidence in Pizzagate than there is in "Russia-gate."
- Don't buy these products from Koch Industries!
- How NYU squeezes billions from its students—and where that money goes
- Thom Hartmann
- Evil GOP Bastards
- History Unfolding
- Suburban Guerrilla
- Veterans for Common Sense
- Barry Gordon
- Richard Charnin
- t r u t h o u t
- The Rude Pudit
- Talking Points Memo
- Citizens for Legitimate Government
- Media Matters
- alias Bruce
- Mainstream Baptist
- Media Channel
- William Betz
- Democratic Undergroud
- Fairness & Accuracy in Reporting
- The Existentialist Cowboy
Need a bigger font size?
- Your link could be here too, contact us for pricing details.