lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41180DB8.8010600@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: waa waa (was Finally the truth slips out)

Security List wrote:

>Appointed?  If you do not believe in the U.S.
>constitution and the supreme court then I could see
>how one might suggest that Mr. Bush was appointed.  If
>you do believe in it then you must know that his
>"appointment" was the only legal solution to the
>issue.  Many major papers investigated the vote
>counting in FL and they all concluded that Mr. Bush
>did win if the votes were counted correctly.  Never
>mind the thousands of military votes the Dems had
>thrown out which were legal.  Come on people.  Do your
>research if you are going to try and make a point.
>
>
>
>  
>

To bring this back to a security issue, your statement hinges on your 
operational definition of "counted correctly".  I can guarantee you that 
many informed people are going to disagree with your personal 
operational definition of "counted correctly".  So, the key here is what 
is the baseline for counting and verifying votes?

This is the single largest issue with touch-screen voting and the 
security of modern elections: verifying the integrity and authenticity 
of the vote. 

Many of the so-called "legal military votes" were given the soldiers 
already filled out.  Some (a significant portion) did not have the valid 
authentication requirements (SSN, full name, etc).  Some soldiers 
reported that absentee ballots were never actually sent by them, but 
rather filled out by commanders and sent unsigned.

The litmus test for verification is always the completion of the shared 
secret, whatever form that takes.

A properly functional login system doesn't say "well, the person may not 
have put in their password, but I'll let them in anyway!".  That's a 
sign of a flawed system.

And if this were not a controversial subject that most people can't 
seperate emotion fromn logic on, you'd agree with me on this.

There are terrible flaws in the electoral system and these issues have 
to be validly addressed.  These issues will continue to shed doubt on 
elections, regardless of the outcome.

       -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ