[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
From: "Marek Isalski" <Marek.Isalski@xxxxxxxxxxxxxxxxxx>
Date: Fri, 02 Jul 2004 09:33:16 +0100

>>> "Kurt Seifried" <listuser@xxxxxxxxxxxx> 02/07/2004 02:47:55 >>>
> It is of interest to note we just had our federal election here in Canada a
> few days ago. I went to the polls, they checked my name, gave me a paper
> ballot, I took it to the booth, made my "X" (within the circle using the
> pencil provided), folded the ballot as indicated and handed it to them. 

"Postal voting" was recently tried and tested in the local elections in various 
parts of the UK, and my area was one of these "privileged" areas.  The 
rationale is that most Brits are lazy bums and can't be bothered to get off 
their arses, walk 100 yards to the polling station, and put the X in the box.  
Obviously in the run up to Euro 2004 we would be all too enthralled with 
watching our national heroes flexing their text-messages on Sky One...

The postal voting did a lot of stuff for "anonymity", but it did not feel 
"anonymous" to me.  If I remember correctly, it went something like this:

1) receive a load of papers through the post
2) sign that you are the person to whom the papers were addressed on form D 
(declaration); get someone to countersign.  Form D, if I remember rightly, has 
your name and address written on it.
3) mark your votes on voting form V
4) put voting form V into envelope B.  Envelope B has a window in it which, 
when V is correctly folded and placed inside, will show the barcode on form V
5) seal envelope B
6) put envelope B and form D into envelope A so that the barcode from form V 
shows through the window of envelope A

The barcode on form V was a symbol for a 9 or 10 digit number represented in 
Code 39.  The rationale for the barcode showing through envelope A, as 
explained by the information enclosed with this paperchase, was that the 
barcode was an authentication mechanism to prevent postal vote fraud.  
Presumably they would reject forms which hadn't been issued or had been 
received twice.

So we now have:

   A( D, B( V ) )

Where A and B can be thought of as cryptographic transforms for those of us who 
like analogies.  This feels "secure" -- the voting office opens A and confirms 
the authenticity of D.  It would then, presumably, pass B(V) on to the counting 
machines, who would open up B and tally the V.

That's how I would have liked it to work.  But actually, with this barcode 
showing through the window to the outside, we have:

  A( D, B( V, id ), id ), id

I have to take it on faith that the people who unwrap A (and therefore know the 
identity of the voter who submitted B(V)) do not collude with the people who 
unwrap B to find out what they voted for.

To me, this is an additional vulnerability to the voting system.  The other 
hole can occur where the people unwrapping B or counting V, who have the 
barcode on my voting form, collude with the people who issed D (my 
identification).

So for an anonymous postal voting system like this, we have to assume that 
different and non-communicative agencies issued the D form and the V form 
containing the id barcode.

Regards,

Marek


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] The 3 D's: Demo for the Dullards and Dunces
Next by Date: RE: RE: SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security
Previous by thread: [Full-Disclosure] The 3 D's: Demo for the Dullards and Dunces
Next by thread: [Full-Disclosure] Wiretrip down?
Index(es):
- Date
- Thread