Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Presidential Candidates' Websites Vulnerable
From: "Clairmont, Jan M" <jan.m.clairmont () citigroup com>
Date: Thu, 1 Jul 2004 10:43:07 -0400


If any issue is more important than electronic voting I don't
know what it is.  Congress has approved starting in the Spring
of 2005, the draft, all the way up to 49 years of age for 
special skills.

So we here are now in the fire, both security wise and on the
firing line in Iraq and the rest of the world as this war 
continues to rage.  We can tritely condemn the candidates 
use of OS but the voting machines that will be used are 
hackable and probably not reliable in any sense of the word.

Since I have 3 sons of draftable age, I am very concerned about
them and the under 49 crowd who may soon be in harms way.
Having gone through Vietnam I do not look forward to the 
future, whether you think war is right of wrong.  So how can 
we secure the integrity of the voting process and guarantee the
results?  I thought that a paper trail, an internet vote integrity counter based on voters SS or a random number that 
is assigned and given in the voter's booth.  Then you could log in to see how your vote was actually recorded, 
hopefully counted properly.

Anybody have any better ideas? We certainly can't trust the politicians or Diebold.  Considering the results of the last
election the whole process seems questionable, like in Chicago
"vote early, vote often."

Wary and concerned.
Jan Clairmont
Firewall Administrator/Consultant


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Marek
Isalski
Sent: Thursday, July 01, 2004 5:13 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Presidential Candidates' Websites Vulnerable


For those who didn't catch it on The Inquirer already, it sounds like not even the would-be presidents of the US can 
afford decent security: http://www.theinquirer.net/?article=16939

"site shows signs of being vulnerable to SQL injection errors" and "packed with cross-site scripting errors"... Has 
Donnie been doing overtime? :)

Most amusing comment given the still raging Win/Linux debate on this list: "Kerry has open source credentials - he is 
using Apache running on Red Hat.  Bush's OS of choice is none other than Vole's IIS 5.0 server." 

Most worrying comment: both sites use visitor trackers (something I always feel is a sign that the site's owners feel 
that invasion of privacy is less important than commercial success).  Maybe one day we'll just do away with elections 
and go by the Google PageRank of the candidates' websites?

Marek


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]