Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security Politics

Microsoft Proposes Fix For E-Voting Attack 111

Posted by Soulskill from the taking-out-the-trash dept.
Trailrunner7 writes "Microsoft Research has proposed mitigation for a known potential attack against verifiable electronic voting machines that could help prevent insiders from being able to alter votes after the fact. The countermeasure to the 'trash attack' involves adding a cryptographic hash to the receipts that voters receive (PDF). Many verifiable voting systems already include hashes on the receipts, but that hash is typically made from the ballot data for each specific voter. The idea proposed by Microsoft Research involves using a running hash that would add a hash of the previous voter's receipt to each person's receipt, ideally preventing a privileged insider from using discarded receipts to alter votes. The trash attack that the mitigation is designed to address involves election workers or others who might be motivated to change votes gathering discarded receipts and then altering those votes."
This discussion has been archived. No new comments can be posted.

Microsoft Proposes Fix For E-Voting Attack More

Microsoft Proposes Fix For E-Voting Attack

Comments Filter:

  • Microsoft Research (Score:4, Insightful)

    by SharkLaser ( 2495316 ) on Monday October 31, 2011 @05:11PM (#37900346) Journal
    They actually do a lot of great stuff there, which is not too surprising as they have many intelligent people working in Research. Just wish much more of their stuff would see daylight.

    Still, Microsoft is actually one of the only companies that spends billions in research and doesn't just buy start-up companies like Google does.

  • Re:Microsoft Research (Score:3, Insightful)

    by gcnaddict ( 841664 ) on Monday October 31, 2011 @05:14PM (#37900386)
    It's one of the few companies producing scientific research for the sake of research these days. This is a function which used to be governed best by Bell Labs, but now it's MSR that seems to put out the most content out of all research institutions which happen to be wholly-owned subsidiaries of for-profit corporations.

  • Re:Microsoft Research (Score:0, Insightful)

    by Anonymous Coward on Monday October 31, 2011 @06:44PM (#37901348)

    Hmmm. the folks that brought us NTLM and salt-less password hashes?

    Unix was using salted passwords for a couple decades when M$ decided to use non-salted pwords. This is why the same password can be cracked in milliseconds when a M$ hash, and take days/months/years when hash comes form a Unix host.

    And NTLM-- crazy stuff, you can use the hash instead of the original password. The HASH is EQUIVALENT to the password?!!!

    M$ needs to get their heads out of their nether regions. Certainly shouldn't be trusted to come up with the tech for e-voting.

  • Re:Microsoft Research (Score:4, Insightful)

    by RobbieThe1st ( 1977364 ) on Monday October 31, 2011 @10:34PM (#37903194)

    And yet windows XP - which is only 10 years old* and still has plenty of marketshare - still runs LM hashes by default, which are /case insensitive/ and in a max of 2 7-char chunks, making cracking trivial if you have access to the hashes.

    *the OS is 10 years old. The service packs aren't. They could have fixed the flaw at any point in the past easily enough.

  • Re:Microsoft Research (Score:2, Insightful)

    by citizenr ( 871508 ) on Tuesday November 01, 2011 @01:53AM (#37904330) Homepage

    It's one of the few companies producing scientific research for the sake of research these days.

    You misspelled Patents.

Slashdot Top Deals

This file will self-destruct in five minutes.

Close