[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
From: "Clairmont, Jan M" <jan.m.clairmont@xxxxxxxxxxxxx>
Date: Thu, 1 Jul 2004 10:43:07 -0400

If any issue is more important than electronic voting I don't
know what it is.  Congress has approved starting in the Spring
of 2005, the draft, all the way up to 49 years of age for 
special skills.

So we here are now in the fire, both security wise and on the
firing line in Iraq and the rest of the world as this war 
continues to rage.  We can tritely condemn the candidates 
use of OS but the voting machines that will be used are 
hackable and probably not reliable in any sense of the word.

Since I have 3 sons of draftable age, I am very concerned about
them and the under 49 crowd who may soon be in harms way.
Having gone through Vietnam I do not look forward to the 
future, whether you think war is right of wrong.  So how can 
we secure the integrity of the voting process and guarantee the
results?  I thought that a paper trail, an internet vote integrity counter 
based on voters SS or a random number that is assigned and given in the voter's 
booth.  Then you could log in to see how your vote was actually recorded, 
hopefully counted properly.

Anybody have any better ideas? We certainly can't trust the politicians or 
Diebold.  Considering the results of the last
election the whole process seems questionable, like in Chicago
"vote early, vote often."

Wary and concerned.
Jan Clairmont
Firewall Administrator/Consultant


-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of Marek
Isalski
Sent: Thursday, July 01, 2004 5:13 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Presidential Candidates' Websites Vulnerable


For those who didn't catch it on The Inquirer already, it sounds like not even 
the would-be presidents of the US can afford decent security: 
http://www.theinquirer.net/?article=16939

"site shows signs of being vulnerable to SQL injection errors" and "packed with 
cross-site scripting errors"... Has Donnie been doing overtime? :)

Most amusing comment given the still raging Win/Linux debate on this list: 
"Kerry has open source credentials - he is using Apache running on Red Hat.  
Bush's OS of choice is none other than Vole's IIS 5.0 server." 

Most worrying comment: both sites use visitor trackers (something I always feel 
is a sign that the site's owners feel that invasion of privacy is less 
important than commercial success).  Maybe one day we'll just do away with 
elections and go by the Google PageRank of the candidates' websites?

Marek


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
  - From: Harlan Carvey
- Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
  - From: Jordan Klein

Prev by Date: Re: [Full-Disclosure] software burning cpu or mobo ?
Next by Date: RE: [Full-Disclosure] Web sites compromised by IIS attack
Previous by thread: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Next by thread: RE: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Index(es):
- Date
- Thread