Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

One Man's Fight Against Forum Spam

Ankur Dave Re:Example "advanced" spam (245 comments)

I think the idea is that there are too many phrases in common between them, so the first one is probably an auto-recycled version of the second.

Both comments *could* be by the same person, but it seems pretty unlikely...

more than 3 years ago
top

"Accidental" Download Sending 22-Year-Old Man To Prison

Ankur Dave Re:FBI bait? (1127 comments)

Sorry for assuming you didn't know -- I myself had forgotten about that article and, after rediscovering it, thought it would be helpful.

Have a nice day!

more than 4 years ago
top

"Accidental" Download Sending 22-Year-Old Man To Prison

Ankur Dave Re:FBI bait? (1127 comments)

Maybe you are not aware that the article and discussion you have linked to have no evidence of rick-rolling with the bait.

Right, but even that article acknowledged that the potential for abuse is definitely there:
"Civil libertarians warn that anyone who clicks on a hyperlink advertising something illegal--perhaps found while Web browsing or received through e-mail--could face the same fate."

Show me evidence of 3rd parties deliberately rick-rolling innocents with FBI controlled kiddie porn URLs or go home.

Unlike canajin56, I don't claim that "FBI rolling" has actually happened -- just that it's very possible. No need to be an asshole about it.

more than 4 years ago
top

Pi Calculated To Record 2.5 Trillion Digits

Ankur Dave Re:No pattern = a very good thing (432 comments)

Presumably he means quick factorization of composites (the product of two primes).

about 5 years ago
top

Digsby IM Client Quietly Installs Badware

Ankur Dave Re:Badware? (259 comments)

While I agree with you that making up words is annoying, badware is different from malware: http://stopbadware.org/home/badware

It's a broader term that includes adware as well as directly malicious software. I don't think malware has the same scope.

about 5 years ago

Submissions

top

Ankur Dave Ankur Dave writes  |  more than 7 years ago

Ankur Dave writes "The documentary "Hacking Democracy" was recently released. It's a non-technical documentary about Diebold's voting systems that have been in wide use in the US since the 2004 elections.

Background about Diebold voting machines
These machines have a slot to feed your ballot in after you've filled it out (or, on the touchscreen kind, they have a touchscreen instead). They have a slot for the vote total to come out at the end of the election, and they have a slot on the front of the machine that takes the all-important memory card.
This memory card stores the votes in a Microsoft Access database (yes, you read right) that's meant to be read with the GEMS software, which prompts for a password upon loading the file. However, the file isn't actually encrypted, and can therefore be opened in Microsoft Access.

The film demonstrates how someone could change vote totals for a specific Diebold voting machine by obtaining a Diebold memory card and card reader, accessing the contents of the card from a computer, and modifying the vote totals using Microsoft Access. Almost the entire film is Bev Harris and others wailing about how it's possible to "hack" the voting system.

Now, my question is why is it so hard to make a secure voting system? Here's a setup I came up with:

HARDWARE

At the back of the room, in a locked closet, there is a database server running a DBMS (SQL, not Access, please).
There is a row of booths and each one has a small device with an LCD and a number pad inside.

SETUP

Before the election starts, connect each device to the server (over a wired connection -- obviously not wired) and turn them all on. Each device creates a random ID key and stores it in ROM. Each device establishes a PGP-encrypted connection with the server and sends its ID key over. The server records all those ID keys in a database.

USER INTERFACE

Each device has a small LCD screen and a number pad.
The LCD screen shows a list of candidates and corresponding numbers next to them. The voter will read the screen and choose a number. He will enter the number in using the keypad and press the SUBMIT button. The device will show a confirmation screen, where the user can affirm or deny his choice. When it is affirmed, the device sends a command to the server.

RECORDING EACH VOTE

Whenever a device records a vote, it sends a command to the server -- probably an SQL INSERT statement. This information, along with its ID key, is encrypted and sent to the server. The server decrypts the message sent to it by the device, checks the sent key against the ID key list, and, if it's valid, runs the INSERT command.
OPTIONAL: There can be a paper trail by having the device spit out a vote slip into a basket behind the machine.

TALLYING THE VOTES

After the election is over, the staff turns off each device. Since the devices don't actually store any data, just take input from the user, no elaborate memory card-removing ritual is needed; the staff can just pull the plug.
The staff presses a button on the server, signaling it to print out a paper slip with the vote totals recorded in its database. This also causes the server to reset its ID key database.

ADVANTAGES

  • Simple.
  • Easy to use.
  • Secure from voters because the data-storing machine (the server) is in the back of the room rather than there being several data-storing machines that the user directly interacts with.

DISADVANTAGES

  • The staff can plug an extra device into the server and enter lots of fake votes on that.
  • They can take the server apart and modify its hard drive's contents, then put it back.

SOLUTIONS TO DISADVANTAGES

  • Have the ID keys preset in all the devices including the server (not a good idea IMO)
  • Have the hard drive be nonremovable (although anyone with enough strength/time could still remove it).
  • Right before the election, manually check that the vote totals for all candidates are 0.
  • Right before the election, load a fresh disk image onto the server. This thwarts someone who tampered with it before the election.

CONCLUSION

I may be missing something, but I don't see why Diebold (and all the other voting machine manufacturers) are having so much trouble making a secure system.
I suspect that the real problem in Diebold's system is that it's possible to "hack" the election if you are a staff member, or you have unrestrained access to the machines prior to the election. This is solved by the last point in Solutions to Disadvantages, and by the paper trail mentioned in Recording Each Vote.

"

Journals

Ankur Dave has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>