Details Of How The DC Online Voting System Was Hacked:
Small Vulnerability, Huge Consequences from the validate,-validate,-validate dept

We already wrote about the news that some folks at the University of Michigan had successfully hacked
an online voting trial in DC, and suggested that Alex Halderman was the guy behind it (though, he was not identified in the press). Halderman has now written a blog post noting that, indeed, it was him and a few others, and providing a pretty thorough explanation of what happened. The DC project had called on anyone to try to hack it during an open hack period, though they only gave three days notice. Still, it didn’t take long for Halderman, two PhD. students and a member of UMich’s technical staff to find a vulnerability:
The problem, which geeks classify as a “shell-injection vulnerability,” has to do with the ballot upload procedure. When a voter follows the instructions and uploads a completed ballot as a PDF file, the server saves it as a temporary file and encrypts it using a command-line tool called GnuPG. Internally, the server executes the command gpg with the name of this temporary file as a parameter: gpg […] /tmp/stream,28957,0.pdf.

Read more.



Post comment

Forbidden Bookshelf

Forbidden Bookshelf




“While We Were Sleeping”

While We Were Sleeping is an urgent call to save Greenwich Village from New York University's uncontrolled expansion.

Click here to donate to NYUFASP and receive a copy of "While We Were Sleeping: NYU and the Destruction of New York" (minimum donation to receive a book is $10 plus $8 shipping).

Orwell Rolls In His Grave, featuring MCM – Buy the DVD



About News From Underground

News From Underground is a daily e-news service run by Mark Crispin Miller, a Professor of Culture and Communication at NYU. It is based on his belief that academics, like reporters, have a civic obligation to help keep the people well-informed, so that American democracy might finally work.

If you'd like to receive updates delivered to your inbox daily, sign up for News From Underground Alerts:

Help News From Underground!





Message from Mark: "I am a one-man operation, although assisted greatly by some volunteers, and, now and then, by people paid by others for one-time projects. There is no shortage of skilled, dedicated folks out there who want to help me. There is, however, nothing I can pay them with, unless you decide you can contribute something."

Please donate via the PayPal button above or via PayPal by email to: markcrispinmiller@gmail.com

Recent Posts

Recent Comments

Popular Posts

Blogroll

Need a bigger font size?




Sponsored Links



  • Your link could be here too, contact us for pricing details.