lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <q9jgl01sqfer9s5or3vdadaojj0ekbrrpi@4ax.com>
Date: Mon, 27 Sep 2004 18:43:09 +0100
From: Chris Paget <ivegotta@...bom.co.uk>
To: "Yoav Nir" <ynir@...ckpoint.com>
Cc: <bugtraq@...urityfocus.com>
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor    Account    Allows Authenticated Users to Modify Votes


On Sun, 26 Sep 2004 11:26:04 +0200, Yoav Nir wrote:
>Voter verification has many pitfalls, as I can't think of anything that will
>allow a voter to verify his vote was correctly counted without allowing him
>to prove how he voted to an evil vote-buyer.

Relatively simple, actually.  When the vote is cast, it is printed out
and scrolled past a clear window before being stored (presumably on a
roll somewhere).  The voter can see the recorded vote, but doesn't get
a copy of it so they can't prove how they voted (and hence sell their
vote).  Admittedly, you could take a digital photo, but that same
method could be used to prove how you voted using any system.

There are solutions to the problems of electronic voting, see
http://everyonecounts.com/downloads/May2003Pilots.pdf for moderately
technical info of the solutions trialled by the UK in the 2003 local
government elections.  AFAIK there has been no controversy over the
accuracy or reliability of these systems (other than the usual
scare-mongering FUD); if anyone knows of any resources which dispute
that I'd be interested to hear of them.

Chris

-- 
Chris Paget
ivegotta@...bom.co.uk




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ