[ale] hack challenge for electronic boting system

F. Grant Robertson f.g.robertson at alexiongroup.com
Sat Aug 23 18:47:46 EDT 2003 

If I understand correctly, those votes would be recovered from the cards
at the precinct. 

The real problems in the system are more fundamental. The code that got
"out" on that diebold ftp server had several significant, and really
non-sensible to the point of being suspect, problems.

The audit trail table has no serialized id on it's entry. You could
enter data, or modify it and that entry or modification would be logged
(if done through the interface, if done it the db level, there is no
log) to the audit trail, but simply deleting those rows in the audit
table would make them disappear without a trace, since it wouldn't break
the sequence of audit entries.  

The whole thing is done in Access, which is just goofy in my humble
opinion. AFAIK, access has no real triggers or stored procedures, which
significantly limits your ability to secure the tables beyond access
security. 

If you were to create stored procedures for auditing row entry, and then
make those execute with BIUD triggers(before insert, update, delete) you
would effectively log any tampering, and make it much more difficult to
hide your tracks. If you were to try and tamper without detection in
this scheme (say under Oracle for example) you would have to have access
privileges on the DB that allowed you to modify the stored procedure, or
remove it.. if you were to have some sort of reference structure to the
tables, you would also have to (potentially) unbind the foreign keys and
such to allow that level of tampering. It wouldn't make it impossible,
but it would definitely "raise the bar" for level of skill required to
make it happen.

>From someone who has spent a lot of time around databases, I personally
can't see a viable excuse why it was allowed to be developed on access.
I digress.. if I don't I'll just get mad.

Sigh,
-Grant

 
On Sat, 2003-08-23 at 18:22, tfreeman at intel.digichem.net wrote:

> I had a bad thought - What is the electorial consequence of dropping high 
> voltage across the precints power supply, and erasing/corrupting the 
> machine's counts? Does the precint get to vote again? (doubt it). Or is 
> the result of that polling precint zeroed out?


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list