lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <62FABDB38AEC0B488BA47DB3BC226F42022C6617@exchny41.ny.ssmb.com>
From: jan.m.clairmont at citigroup.com (Clairmont, Jan M)
Subject: Presidential Candidates' Websites Vulnerable

If any issue is more important than electronic voting I don't
know what it is.  Congress has approved starting in the Spring
of 2005, the draft, all the way up to 49 years of age for 
special skills.

So we here are now in the fire, both security wise and on the
firing line in Iraq and the rest of the world as this war 
continues to rage.  We can tritely condemn the candidates 
use of OS but the voting machines that will be used are 
hackable and probably not reliable in any sense of the word.

Since I have 3 sons of draftable age, I am very concerned about
them and the under 49 crowd who may soon be in harms way.
Having gone through Vietnam I do not look forward to the 
future, whether you think war is right of wrong.  So how can 
we secure the integrity of the voting process and guarantee the
results?  I thought that a paper trail, an internet vote integrity counter based on voters SS or a random number that is assigned and given in the voter's booth.  Then you could log in to see how your vote was actually recorded, hopefully counted properly.

Anybody have any better ideas? We certainly can't trust the politicians or Diebold.  Considering the results of the last
election the whole process seems questionable, like in Chicago
"vote early, vote often."

Wary and concerned.
Jan Clairmont
Firewall Administrator/Consultant


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Marek
Isalski
Sent: Thursday, July 01, 2004 5:13 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Presidential Candidates' Websites Vulnerable


For those who didn't catch it on The Inquirer already, it sounds like not even the would-be presidents of the US can afford decent security: http://www.theinquirer.net/?article=16939

"site shows signs of being vulnerable to SQL injection errors" and "packed with cross-site scripting errors"... Has Donnie been doing overtime? :)

Most amusing comment given the still raging Win/Linux debate on this list: "Kerry has open source credentials - he is using Apache running on Red Hat.  Bush's OS of choice is none other than Vole's IIS 5.0 server." 

Most worrying comment: both sites use visitor trackers (something I always feel is a sign that the site's owners feel that invasion of privacy is less important than commercial success).  Maybe one day we'll just do away with elections and go by the Google PageRank of the candidates' websites?

Marek


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ