DC Internet Voting Trial Attacked 2 Different Ways

mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!

Re:They Should Handle it Like Reality Shows

[istartedi]

In the long run, the number of votes cast would tend to be based on prevailing interest rates. If the winner's salary + bribes is $1 million, and the prevailing rate of interest is 2%, then spending $50 million would only get you prevailing interest. You should spend less, because there are risks to being an office holder, and you might also lose.

Ultimately, an options market should be built around the candidates, and we should dispense with voting and simply sell shares in each candidate. Insted of pork, they could just pay dividends.

Of course, on the way to this perfection there might be some problems with candidate derivatives being sold over the counter, and banks over-leveraging on a particular candidate that nobody thought would lose or get sick and die.

Nevertheless, we should proceed. I'll get in touch with the Grand Negis shortly...

The Rivest bit reminded me of Annie Hall

[hey!]

In Annie Hall, Woody Allen is stuck in line behind an obnoxious guy pontificating about the work of media critic and scholar Marshall McLuhan

MAN: Now, Marshall McLuhan--

WOODY ALLEN: You don't know anything about Marshall McLuhan's work--

MAN: Really? Really? I happen to teach a class at Columbia called TV, Media and Culture, so I think that my insights into Mr. McLuhan, well, have a great deal of validity.

WOODY ALLEN: Oh, do you?

MAN: Yeah.

WOODY ALLEN: Oh, that's funny, because I happen to have Mr. McLuhan right here. Come over here for a second?

[Allen pulls McCluhan out from behind a group of bystanders]

MAN: Oh--

WOODY ALLEN: Tell him.

MARSHALL McLUHAN: -- I heard, I heard what you were saying. You, you know nothing of my work. How you ever got to teach a course in anything is totally amazing.

WOODY ALLEN: Boy, if life were only like this.

Evidently, sometimes it is.

Re:Please use internet voting

[flimflammer]

Why are people wasting mod points to mod these troll?