Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Invited To Crack Internet Voting

samzenpus posted more than 7 years ago | from the I-wonder-what-will-happen dept.

The Internet 119

InternetVoting writes "The Philippine government and the International Foundation for Electoral System will be soliciting hackers to test the security of of their Internet voting system that will be tested in an upcoming pilot program." From the article,"Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country's Commission on Elections (Comelec) starting July 10."

cancel ×

119 comments

Sorry! There are no comments related to the filter you selected.

So... (3, Insightful)

Anonymous Coward | more than 7 years ago | (#18792473)

they got a formal invitation this time?

I'm sure all the REAL hackers will RSVP.

Re:So... (0)

Anonymous Coward | more than 7 years ago | (#18793083)

I can't seem to find the site, that is supposed to be in the invitation, right?

Re:So...failure to disclose vulnerability? (2, Insightful)

buswolley (591500) | more than 7 years ago | (#18793563)

So how do you make sure that they tell you of a hack they do find? What is to prevent them from failing to disclose said hack and sell it for a tidy sum to China?

Re:So...failure to disclose vulnerability? (0, Redundant)

aussie_a (778472) | more than 7 years ago | (#18794373)

So how do you make sure that they tell you of a hack they do find regardless of an invitation? What is to prevent them from failing to disclose said hack and sell it for a tidy sum to China?

Re:So...failure to disclose vulnerability? (3, Insightful)

Yvanhoe (564877) | more than 7 years ago | (#18794595)

Because they're living there ?
Democracy is valued in some countries you know...

Re:So...failure to disclose vulnerability? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18796833)

Thats a lot of trust though. You're relying on everyone being of the same mind...

Re:So...failure to disclose vulnerability? (-1, Troll)

shaitand (626655) | more than 7 years ago | (#18794611)

'Philippine government'

Why would anyone want to rig a Philippine election? It isn't like we are talking about a real country here. What issues are you going to influence? The banning of brown rice perhaps?

Re:So...failure to disclose vulnerability? (0)

Anonymous Coward | more than 7 years ago | (#18795219)

Well, someone else might find it, then you wouldn't get the money from China, and you wouldn't get the credit. Besides, the invitation makes no difference if you really want to sell the hack.

If you need invitations, this is not for you (1)

iamacat (583406) | more than 7 years ago | (#18794787)

Look at e-mail Received From path for network structure, make social engineering phone calls, convince a hot chick to sleep with their system administrator for passwords...

Re:So... (5, Funny)

goombah99 (560566) | more than 7 years ago | (#18793105)

This is going to piss off that teenager in Helsinki that's been running their elections.

G0 f0r 1t, hack3rs! (0, Troll)

Sloppy (14984) | more than 7 years ago | (#18792509)

0wn th31r machines and figure out how to make sure the Boss isn't in the room telling the v0t3r how t0 v0t3!!!

Hey mods, supress your knee-jerk reaction (2, Interesting)

archeopterix (594938) | more than 7 years ago | (#18795169)

0wn th31r machines and figure out how to make sure the Boss isn't in the room telling the v0t3r how t0 v0t3!!!
Whoever modded this as troll missed an important point: no hacking/counterhacking measures will prevent voters being influenced by their bosses or bribed or forced to vote by abusive spouses, yada, yada, yada, you get the point.

Unless of course the e-voting procedure requires a signoff from a trusted third party who assures that the voter isn't showing their vote to their boss /person who paid them/ abusive spouse, yada, yada, yada, you get the point.

Re:Hey mods, supress your knee-jerk reaction (1)

CastrTroy (595695) | more than 7 years ago | (#18796913)

I would like to know what's so seriously wrong with Paper ballots counted by people that we want to abandon them? People have used this system for hundreds(?) of years, without too many problems. I would like to know why so many places are trying to move to more expensive, more complex, less secure means of voting when a better method already exists. I'm all for using computers where they have a place, such as things like filing taxes, but I fail to see the need for computers in voting. It doesn't speed up the counting process. It doesn't make it any cheaper. And it doesn't put any extra security into the system. What's the major motivation behind moving to electronic/internet voting. It seems like just a way for government to hand out more money to corporations.

What if (5, Funny)

killa62 (828317) | more than 7 years ago | (#18792557)

1. Find bug
2. Don't report it
3. ????
4. Profit!

Re:What if (1, Informative)

jimdread (1089853) | more than 7 years ago | (#18792597)

Yes this is madness. They're allowing people to attempt to crack the voting system with no fear of getting into trouble. If somebody does crack into it, they can either report how they did it so the system can be fixed, or they can use the security hole to rig an election. That could possibly give them the power to take over a country, or receive some big payments from a political party who would really like to win. Oh well, looks like Kent Brockman was right, "democracy just doesn't work".

Re:What if (3, Funny)

Anonymous Coward | more than 7 years ago | (#18793361)

Madness...? This IS PHILIPPINES!

Re:What if (3, Insightful)

mackyrae (999347) | more than 7 years ago | (#18793535)

I think they're trusting that more than one person will notice it. With OSS, we know that it's possible someone will find a security bug and not report it because that would benefit them. We also figure that there's a high enough probability of someone else noticing too that the first person's secrecy will be nullified anyway. With the people who pay for each issue you find, the hacker has a better shot at cash through trying to report it first than through hoping nobody else does.

Re:What if (1, Insightful)

fred911 (83970) | more than 7 years ago | (#18794013)

"That could possibly give them the power to take over a country, or receive some big payments from a political party who would really like to win"

Sounds like a diebold system to me.

Re:What if (1)

robinvanleeuwen (1009809) | more than 7 years ago | (#18794401)

With some decent software they can see when people come in and out the system, so even if they don't report the security hole they can see someone accessed the system. They can work the way back from there to how he came in the system. That's just what honeypots, honeynets are for i guess.....

Re:What if (1)

CogDissident (951207) | more than 7 years ago | (#18797101)

So, explain to me how this would work, with thousands of legitimate users, and tens of thousands of illigitimate users, many of which may be successfully posing as legitimate users. Remember, if they can just "post" more votes than phillipines has people, then the whole thing is proved invalid.

Think they have not thought about that? (5, Insightful)

WindBourne (631190) | more than 7 years ago | (#18792713)

Almost certainly, they are recording ALL the packets that travel across the line as well as checking the state of the system. And if not, then they deserve what will happen. And if it is on a OSS platform, then they will be able to modify the kernel so that it gives more info during the cracking attempt.

Re:Think they have not thought about that? (3, Funny)

charlieman (972526) | more than 7 years ago | (#18793223)

What if it get's slashdotted?

All the better (1)

WindBourne (631190) | more than 7 years ago | (#18793297)

The system sitting in front of it (probably with a hub or via a broadcast) can record the traffic and then replay it at a later time. In fact, they can (and probably will) replay the data against the system as it comes from 1 connection at a time. This way they can see who is doing what. As to a /.ing, assume that it happens. Then it means that they have a LOT of work to do.

Re:Think they have not thought about that? (1)

POTSandPANS (781918) | more than 7 years ago | (#18793523)

Alright, so someone breaks in and either steals some source code (if they left any on the machine, which is possible, people do dumb things like that) or steals the whole compiled app and figures it out later..

Re:Think they have not thought about that? (0)

Anonymous Coward | more than 7 years ago | (#18796711)

In other news, ABCBank has setup a new security system in an abandoned bank building in Ohio. All bank robbers are requested to attempt to steal the fake money in vault. The outcome of this tesing will help ABC Bank determine the viability of the new system for rollout.

Re:What if (4, Insightful)

quanticle (843097) | more than 7 years ago | (#18792941)

Two words: honeypot system.

The way I would do something like this is to put the voting system inside a fully monitored and logged virtual machine. Then I would open it up to hackers, knowing that all changes to the system state will be logged and can be scanned for malicious actions.

Re:What if (0)

Anonymous Coward | more than 7 years ago | (#18795981)

Redundant.

Re:What if (1)

raeldc (845107) | more than 7 years ago | (#18793827)

Actually there's a deal with the hackers to make them report their findings.

When they find a way to hack the system, the COMELEC will keep it a secret. But they will make the hacker available to the highest bidder.

This way, everybody profits.

What a dumb idea (2, Insightful)

EmbeddedJanitor (597831) | more than 7 years ago | (#18792585)

What they want is to be able to say:"We got the best hackers on the job and nobody could hack it".

Of course any hacker with intentions of being a naughty boy is not going to show up and (a) make himself known or (b) reveal the holes.

Re:What a dumb idea (3, Insightful)

TodMinuit (1026042) | more than 7 years ago | (#18792845)

Of course any hacker with intentions of being a naughty boy is not going to show up and (a) make himself known or (b) reveal the holes.

But freelance security professionals and security companies looking to make a name for themselves will.

It actually surprised me (4, Interesting)

grahamsz (150076) | more than 7 years ago | (#18793249)

But someone I did some consulting for years ago had a PC security product that they claimed was unhackable. It was some disk arrangement where the OS could write to the disk, and those sectors would be saved in a scratch table so that when you rebooted the machine it reverted to its original state.

They took it to one of the big conventions and had a briefcase with $10k in it for the first person that could make a permanant change to the disk without opening the case. Guys showed up with their own latex gloves so they wouldn't leave prints and one managed to come up with the proprietory vendor unique command set for the particular drive model that was in the system.

I don't think that was really the sort of adversary that they expected would show.

Re:What a dumb idea (1)

POTSandPANS (781918) | more than 7 years ago | (#18793849)

This system, Either breakable or not won't be a a true test. It's one thing to secure a single system in a test enviroment, but what about multiple systems in a production enviroment? What about the human factor? A production system has opportunities that just aren't available on a test system. What about predictable passwords or the password distribution system being broken into? What about social engineering end users? This would be a very temporary job, with limited training. What about social engineering or paying off tech support agents?

Testing *anything* only halfway is about as good as not testing it at all..

Re:What a dumb idea (1)

neoform (551705) | more than 7 years ago | (#18796905)

I think this is dumb for another reason. Internet voting is heavily flawed.

What's to stop someone from controlling/buying other people's votes? In a normal election you vote alone and secretly. Online it's very easy to have someone guiding/controlling your mouse.

What happens when you're raised in a house that always votes for X but you want to vote for Y?

Oh, OK. (0)

Anonymous Coward | more than 7 years ago | (#18792589)

Yep, Already done.

Next subject please...

Very Nice (1)

dedtr9 (1069932) | more than 7 years ago | (#18792605)

This sound like a good idea in theory, but slightly fatal for the goverment. What happens when the "hax0rs!!!" don't play nice and report bugs?

Re:Very Nice (1)

Roane (1075393) | more than 7 years ago | (#18795721)

We have that already.

Re:Very Nice (1)

couchslug (175151) | more than 7 years ago | (#18796623)

The Phillipines is not a rich country. This is an opportunity for people to get their skills noticed and add to their resume.

Do what the USA did... (-1, Offtopic)

flawedconceptions (1000049) | more than 7 years ago | (#18792613)

They should do what USA did in '06: threaten the populace with two more years of unbridled Bush.

Re:Do what the USA did... (1)

gekoscan (1001678) | more than 7 years ago | (#18792819)

Hahaha.. this is hilarious as if it got a 1.

Update (5, Funny)

Aqua OS X (458522) | more than 7 years ago | (#18792621)

Posted by samzenpus on Wednesday April 18, @10:43PM

"The Philippine government and the International Foundation for Electoral System will be soliciting hackers to test the security of of their Internet voting system that will be tested in an upcoming pilot program."

UPDATE:
Posted by samzenpus on Wednesday April 18, @10:53PM
Internet voting has now been cracked.

Gentlemen (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18792629)


start your port scanners

Re:Gentlemen (2, Funny)

BlueTrin (683373) | more than 7 years ago | (#18794863)

All your elections are belong to us !

Phillipine Election 2008 Headlines: (5, Funny)

Organic Brain Damage (863655) | more than 7 years ago | (#18792633)

Ferdinand Marcos elected for another term as President with 3,000,000,000 votes. Runner up, D4v1d 3. P3t3rs0n had only 2,000,000,000 votes. Second runner up, Nikolay Sokratov from St. Petersberg had 1,5000,000,000 votes and the remaining 10,000,000,000 votes were split among 1,000,000,000 minor party candidates.

Re:Phillipine Election 2008 Headlines: (1)

weighn (578357) | more than 7 years ago | (#18792849)

Marcos is going back [wikipedia.org] about 4 presidents. And, now that they have a new constitution [chanrobles.com] , don't imagine that the Philippines is any different to any other country's system of a one party state posing as a two party state...take your pick between Christian-Muslim Democrats [wikipedia.org] and the republicans [wikipedia.org] or to put it literally, "Struggle of the Patriotic Filipino Masses". All the same really...

Re:Phillipine Election 2008 Headlines: (1)

RockoTDF (1042780) | more than 7 years ago | (#18792925)

What? Did the nigerian prince who needs money for viagra not give it another go this year?

Re:Phillipine Election 2008 Headlines: (1)

Architect_sasyr (938685) | more than 7 years ago | (#18793145)

He was too busy dragging a suitcase of gold from his burning wreck of a car to the nearest phone box so that he could call you and ask you to take it for a small fee of course!

Re:Phillipine Election 2008 Headlines: (1)

iamstretchypanda (939837) | more than 7 years ago | (#18793445)

oops, :(. I accidentally marked you as overrated instead of funny =/. Unmodding. Funny joke though.

Re:Phillipine Election 2008 Headlines: (1)

Jarjarthejedi (996957) | more than 7 years ago | (#18793809)

1,5000,000,000 votes

Wow...the system has already been cracked and the formatting system altered...fast work!

Re:Phillipine Election 2008 Headlines: (0)

Anonymous Coward | more than 7 years ago | (#18794209)

Come on, Colbert will want some of that voting action.

Re:Phillipine Election 2008 Headlines: (1)

CogDissident (951207) | more than 7 years ago | (#18797149)

You know, I can completely see him starting off his show, on a makeshift throne, with a crown on his head and a scepter in hand, declaring himself "King of the Philippines".

won't change much (0, Offtopic)

weighn (578357) | more than 7 years ago | (#18792663)

they'll still keep murdering [people.com.cn] anyone who makes a stand for human rights

Re:won't change much (0)

Anonymous Coward | more than 7 years ago | (#18792947)

Troll. Not related to the subject.

Re:won't change much (1)

Kiaser Wilhelm II (902309) | more than 7 years ago | (#18793113)

I'd say its very related to the subject. Sounds like you're on the sick and criminal side of this debate.

Re:won't change much (1)

alexjohnc3 (915701) | more than 7 years ago | (#18793503)

they'll still keep murdering [people.com.cn] anyone who makes a stand for human rights

I wouldn't source People's Daily Online, which is known for having just a little bias [people.com.cn] , especially when China hasn't been doing very well in the area of abductions [amnesty.org] or human [hrw.org] rights [amnesty.org] itself.

Is this genuine, a honeypot or both? (1)

CryogenicKeen (1088911) | more than 7 years ago | (#18792675)

Although this seems like a good idea to check for security holes, one has to wonder if there were a more devious plan behind it or as an added bonus. Couldn't this conceivably be a way to trap people trying to break in under some sort of international law?

Re:Is this genuine, a honeypot or both? (1)

Plasmagrid (322106) | more than 7 years ago | (#18792727)

I'm sure to see a lawsuit sooner or later on some poor hacker just learning and not watching his trail
that "formal" invitation is just a front.

the philippines is famous (4, Interesting)

circletimessquare (444983) | more than 7 years ago | (#18792683)

for handing out wads of cash to the poor to get them to vote a certain way come elections

200 peso notes famously become scarce before elections

no need to hack the system to alter the vote, just keep buying the votes

the philippines is a beautiful land, with beautiful people... and a corrupt political establishment, it's a sad commentary on corruption the philippines, the vote buying

Re:the philippines is famous (0)

catxk (1086945) | more than 7 years ago | (#18792829)

200 peso notes famously become scarce before elections

All the more reason to make it electronic!

Re:the philippines is famous (2, Funny)

JonathanR (852748) | more than 7 years ago | (#18793121)

When you vote for our candidate, the voting machine automatically direct deposits PHP200.00 to your bank account.

In America we call that tax breaks (0)

Anonymous Coward | more than 7 years ago | (#18793127)

In America we call buying votes tax breaks

Re:the philippines is famous (0)

Anonymous Coward | more than 7 years ago | (#18793891)

I have to agree with you here. Cracking the voting machine is the least of their worries. Cracking the voting system, now that's the challenge. Reports of insider manipulation, vote buying and ghost voters are the main problems. Not to mention, eliminating the competition. [pcij.org]

Re:the philippines is famous (0, Troll)

aussie_a (778472) | more than 7 years ago | (#18794529)

the philippines is a beautiful land, with beautiful people... and a corrupt political establishment, it's a sad commentary on corruption the philippines, the vote buying
These are humans who are willing to be bought out, the people that their government is suppose to represent. I'd say they get what they deserve, and I feel sorry for anyone who didn't allow their vote to be bought.

Re:the philippines is famous (1)

aussie_a (778472) | more than 7 years ago | (#18795117)

How is this a troll?

But surely all elections are bought to some degree (1)

goldcd (587052) | more than 7 years ago | (#18795541)

as people vote in their own self-interest.

Whether that self-interest is 200 Pesos thrust into their hand as they walk into the booth, or 200 Pesos less tax paid due to new tax system voted in doesn't make much difference.

Actually the more I think about it - In the Phillippines the cash seems to be given to you by the politician if you promise to vote for them. In the 'democratic West',we get nothing for our vote apart from the promise from the politician. Personally I'd prefer to see the cash in my hand, rather than a promise.

Reverse engineering corruption (2, Insightful)

gr8dude (832945) | more than 7 years ago | (#18795559)

the philippines is a beautiful land, with beautiful people... and a corrupt political establishment, it's a sad commentary on corruption the philippines, the vote buying
In the context of corruption, perhaps this will be handy, Reverse engineering corruption [nytka.org] . The essay has quite a few hidden references to Slashdot subculture [wikipedia.org] .

Re:the philippines is famous (1)

kwikrick (755625) | more than 7 years ago | (#18795825)

And having an internet voting system will only make it easier to pressure people to vote a certain way, because you can't see from an electronic vote if a gun was pointed at the voters head.

Re:the philippines is famous (0)

Anonymous Coward | more than 7 years ago | (#18796287)

Are you off your rocker? The same thing happens under any government (especially the US) -- vote for me and I'll reward you with a piece of the pie. That is the essence of the voting process, is it not?

You're not fooled by the grandiose scale of US politics, are you? ;) Just because they don't come knocking with cash in hand doesn't mean that bribery (in all its subtle forms) doesn't play a HUGE role in US politics. Of course, the people in the business of government wouldn't dare call it bribery...

Media Circus (1)

bossesjoe (675859) | more than 7 years ago | (#18792699)

I can assure you that when this story hits the mainstream media they are going to try and turn this into something it's not. I certainly hope the daytime talking heads will manage to find a decent "expert" for the show who can explain what a good thing this really is.

If you get in... (3, Funny)

Anonymous Coward | more than 7 years ago | (#18792731)

...make sure to add n+1 votes for CowboyNeal!

Re:If you get in... (1)

wwrmn (42399) | more than 7 years ago | (#18792877)

$CowboyNeal++;

Re:If you get in... (1)

WaZiX (766733) | more than 7 years ago | (#18794001)

Oh, we don't vote for Colbert anymore?

More secure than... (0)

Anonymous Coward | more than 7 years ago | (#18792923)

Let's just hope it's more secure than Mr. Linderman's voting system [heroeswiki.com] !

I live in the Philippines... (2, Insightful)

RuBLed (995686) | more than 7 years ago | (#18792967)

Seriously, nothing to see here, move along...

On a related topic = I can't believe our Comelec is advertising this thing, a few months ago they don't even have a feasible electronic voting solution. I remember that they got a "Diebold" like deal for use in the last national elections but we know that the expensive machines had been now rotting in warehouses (and never had seen the light of the day, that makes Diebold more succesful). There are even local programmers/firms who are willing to "donate" their services just to make the election electronic but I guess that did not work out.

And I still don't have that promised "Electronic Voter's ID" when I registered at 18 (I'm in my 20's now). Now, how could they validate if I am the one who had casted my vote.. Hmmm...

As I said, nothing to see here.. move along.. I'm going to make some coffee...

Regards,

Re:I live in the Philippines... (1)

justinlee37 (993373) | more than 7 years ago | (#18793725)

I think there is something to see here. This is great security policy -- inviting people to test the security of systems.

The U.S. gov't is too worried about it's appearance to invite criticism. It's like an insecure high school girl.

political posturing, external hackers not problem. (1)

plasmacutter (901737) | more than 7 years ago | (#18793117)

the problem is the internal hackers, like the diebold tech who has testified before congress that he was told by the VP to override the machine's security and install "unauthorized patches" without alerting the polling officials.

i dont know many people outside the phillipines who get up every morning saying "i really have a stake in rigging the phillipine election this year".

Re:political posturing, external hackers not probl (1)

Aladrin (926209) | more than 7 years ago | (#18795787)

Wait, wasn't that on an episode of Numb3rs? Are you getting reality and TV confused? Or am I...? -ponder-

A cunning plan (1)

dinther (738910) | more than 7 years ago | (#18793139)

"Ok, boys you know what to do. Explore the weaknesses look around and give a thumbs up. Come election time we go for gold"

Sorry Hilary (0, Flamebait)

c3ph45 (911279) | more than 7 years ago | (#18793221)

In an unrelated story, George W. Bush has received over 50,000 votes in the upcoming 2008 presidential election.

Theater (1)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#18793255)

This is black box testing with dubious motivation for the attackers.

The right way to do this is to publish everything and pay people like Adi Shamir and Ross Anderson for blocks (big blocks) of consulting time. Even that's futile without the will and the budget to fix problems -=>WHEN<=- the security people find them.

What they're doing is a good way to get headlines and to impress the impressionable. It's not a good way to make sure a system is secure.

Huh? (1)

Dan Stephans II (693520) | more than 7 years ago | (#18793269)

FTA:

"When Scytl presented the system, everybody was impressed on the security features. It is covered by international patent and it has been declared secured by no less than Switzerland and everyone in the global community should respect that decision," Tuason told reporters in a conference Tuesday.

Switzerland is now the global arbiter of the well defined "secured" and the global community should accept that? Huh? This quote is either a really bad translation or high comedy.

Re:Huh? (1)

CogDissident (951207) | more than 7 years ago | (#18797337)

Well, when you've got the money to hire BOTH Itallian leg-breakers, and a German hit-squad, then you get a little respect.

The solution is simple... (1)

Graham J - XVI (1076671) | more than 7 years ago | (#18793539)

If they want it to be hack-proof, just get Diebold to design it.

This is the way it should be done! (1)

jhfry (829244) | more than 7 years ago | (#18793619)

I understand that any electronic voting machine, if hacked, can completely invalidate an election. Therefore the only way to make a voting system credible is to encourage the public to develop, and crack it.

I personally think the OSTG, FSF, or some other open source advocacy group needs to start an open source, high profile, project to create an "uncrackable" solution for electronic voting. I know uncrackable is unobtainable, but there is a level where physical access to internal components is required to crack the system; and a system can be made with intrusion detection and prevention in place that when combined with proper physical security practices, a successful crack can only be done via significant corruption or some amazing social engineering.

I believe that ONLY the open source community could successfully develop such a voting system. Not because of the technical expertise, but because any proprietary alternative will be suspect in the eyes of the voter.

Re:This is the way it should be done! (0)

Anonymous Coward | more than 7 years ago | (#18794985)

The problem is that you don't know if the executable on the machine corresponds to the source code. Of course you can run gentoo on all the machines, but then you would still have problems with the compiler and the hardware. If the data file is lost then you can never count the votes again. I don't think that open source is the solution. See also http://www.wijvertrouwenstemcomputersniet.nl/Engli sh [wijvertrou...ersniet.nl]

How about using an OCR machine to count paper votes? Wouldn't that work?

Incentive? (2, Interesting)

TwoPerfect (1082651) | more than 7 years ago | (#18793647)

How much is the reward for cracking it? Or is there none?

Either way, if it's less than what someone running for president can give you, then creating problems for themselves :D

Re:Incentive? (1)

justinlee37 (993373) | more than 7 years ago | (#18793695)

Making it public, though, is more likely to attract the attention of more hackers, especially foreign ones.

I mean, how does the average hacker go about contacting the average morally dubious third world Presidential candidate, to arrange for payment to rig the election?

That's not exactly the sort of thing you can solicit for on craigslist.

Wiki government (0)

Anonymous Coward | more than 7 years ago | (#18793739)

This is a step in the evolution of the wiki [wikipedia.org] government [metagovernment.org] . Once we have a reliable network infrastructure, we can move on to governing ourselves for a change. (Though I am sure that's not what the Philippine government is thinking.)

Re:Wiki government (0)

Anonymous Coward | more than 7 years ago | (#18793815)

Well, the latter is not really a wiki. More of a scored discussion, it looks like.

Re:Wiki government (2, Funny)

maxwell demon (590494) | more than 7 years ago | (#18795163)

Well, the latter is not really a wiki. More of a scored discussion, it looks like.
A Slashdot government?

100% foolproof guaranteed exploit (3, Insightful)

Builder (103701) | more than 7 years ago | (#18794715)

1. Go to relatives house
2. Hold gun to their head and insist that they vote for who you tell them to
3. Watch them cast the vote
4. Tell them that you will kill them and their pet rabbit if they tell anyone
5. Win the election

Sadly, that is a problem that will always exist if people aren't voting in a private cubicle in a public place.

After the recent postal voting in the UK, it was found that many heads of families coerced the rest of the family into voting a certain way. That just can't happen in a private cubicle where you can always lie to dad later, but vote for who you want to now.

Re:100% foolproof guaranteed exploit (1)

null-loop (111543) | more than 7 years ago | (#18795115)

Unless dad demanded some proof... say a photo of the ballot paper taken with a camera phone.

Re:100% foolproof guaranteed exploit (0)

Anonymous Coward | more than 7 years ago | (#18795637)

You can take the pic, then say you made a mistake and ask for another ballot paper, unless Pa is standing outside your cubicle. Even then, you can at least spoil your ballot so the vote isn't counted, partially mitigating the damage.

But, ultimately, if you're old enough to vote and your family are being dicks it's time to move the hell out!

Re:100% foolproof guaranteed exploit (0)

Anonymous Coward | more than 7 years ago | (#18795375)

This is fixed by allowing anyone to change their votes later.

this 1s goatsex (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18795021)

[tux.org]? Are you@ demise. You don't

Procedural comparison (4, Insightful)

Random BedHead Ed (602081) | more than 7 years ago | (#18795233)

How things work outside the United States:

  • Government announces plan to implement a voting system.
  • Government devises detailed plan for a system, working with experts in field.
  • Government runs pre-launch plan for rigorous testing of system reliability. Experts invited to oversee tests.
  • System implemented, possibly with modifications based upon lessons learned in testing.

How things work in the United States:

  • Government announces plan to implement a voting system.
  • Industry lobbyists head to Washington. Meet with lawmakers, attempting to steer business toward their sponsors.
  • Dinners held, bribes exchanged.
  • Select lawmakers refuse to give in to lobbyists, are denied funding for upcoming campaigns, lose next election. Most capitulate, are re-elected.
  • Revised bill reintroduced. Spending increased by a factor of 10.
  • Experts review bill, criticize flaws, are ignored. Who needs 'em?
  • Bill to implement system passes. Includes provision allowing NSA to nuke a US city without prior oversight if it finds suspicious activity in said city. Pre-absolves president of guilt for said annihilation. Also includes subsidy of corn processing industry in midwest, tax breaks for plastics industry executives. Last-minute rider added to provide additional funding for superhighway from Mexico to Kansas (now standard in all bills), and provide funding for evangelical law school that advocates a new wars to prevent the coming of the Antichrist.
  • President signs bill in televised ceremony. Pen used to sign bill is framed.
  • System implemented with no modifications. Massive failures nationwide.
  • Experts point out that they predicted failures, are ignored again. Who needs 'em? Industry spokespersons call experts 'communists trying to undermine the free market,' deny there are any problems. Evening news ignores story, focuses on a recent celebrity divorce.
  • Lawmakers vow to raise new spending bill to correct problems. Lobbyists return to Washington ...

Internet Voting (1)

Tom (822) | more than 7 years ago | (#18795921)

The real problem of Internet Voting isn't that you can hack the system. Even if you have an unhackable system, Internet Voting is still a bad idea.

In a voting booth, you can put your vote wherever you want, even if someone bribed or threatened you or your family to make you vote his way. You can put your mark somewhere else, nobody will know.

At home, your vote can be checked before it's sent.

make it easier on the hackers (1)

v1 (525388) | more than 7 years ago | (#18795935)

It seems that with things like this, they usually fall because the programmers are either incompetent or lazy, and do not write code that is secure by design. Because of that they are scared stiff that someone will get a peek at the source code and find their sloppy hacks, identify careless assumptions, or discover that the outwardly formidable security is based on a model with a difficult to fix design flaw.

So they should publish the source code to the machines. There's nothing like a good public mugging to quickly uncover any stupid code. As is well known, any security code that cannot withstand public review is worthless. Anyone that says their code has to remain private to remain secure is admitting their code is NOT secure, and that it's merely a matter of time before it's compromised.

Hello Diebold, are you LISTENING? idiots.

Forget profit; this isn't even appealing for fame! (0)

Anonymous Coward | more than 7 years ago | (#18796961)

Say I'm a l33t hacker (which I'm not) and I find myself around this system and exploit its weaknesses. Cool, what does this make me? Well, a very helpfull beta tester which posses skills people might want to keep an eye on. But in the end I'd still be John Doe who managed to win the price and find the bug(s).

OR... I wait for the system to go live, then start digging around and falsify data in such a way where its obvious that something is stinking big time. Then all I have to do is leave my mark of some sorts and watch the cardhouse tumbleing down. Sometimes even taking whole (local) goverments with it. Ofcourse not always that extreme, but when it comes to election fraud you can be sure that reputations will be bruised or scarred, credibility will be on the line and if things do get out of control the whole thing can tumble down like the cardhouse mentioned earlier.

Gee, what option would I pick if I were in it for the fame and glory? Hard choice indeed... NOT!

WRONG. Q: Can it be manipulated by insiders? (2, Insightful)

Catbeller (118204) | more than 7 years ago | (#18797451)

Wrong question, a straw man. The problem isn't outside hackers playing with the system, but political insiders who have full access to the machines and code inperceptibly changing elections and the voting logs. A hacker may not be able to change an election, but a fully vested operative in the voting machine company can. Want a real test? Give the testers full access to the machines from soup to nuts. All code, accumulators, logs, access to the paper trail printouts, the works. NOW can they change the election?

Yes. Always, untraceably, if you can manipulate the traces.

This test they are running is worthless. They are playing to the myth of the superhacker, master of all crimes. The problem with evoting is that the evoting system programmers own the democracy, and you cannot test for that.

These evoting systems are the answer to the question: how do we fix elections without anyone noticing, or even understanding the system so that they notice that we can? The paper systems are foolproof, if done correctly, as in Canada. Those systems aren't broken. So we are fixing an uncrackable system for one that is cracked by design.

People. Someone is really determined to own democracy. Follow the money.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>