4954 votes ~ 18 comments
It's also interesting to read the perspective of the folks operating the compromised webapp (details are in the section titled "Digital Vote-By-Mail" on pages 34 to 38).
"We found a pair of webcams on the DVBM network — both publicly accessible without any password — that showed views of the server room that housed the pilot. <...> We used them to gauge whether the network administrators had discovered our attacks — when they did, their body language became noticeably more agitated."
[ Parent | Reply to this comment ]
Despite these problems, one of the strongest logistical aspects of the D.C. trial was that access to the code -- and to some extent, the architecture -- was available to the testers. While some observers have suggested that this gave us an unrealistic advantage while attacking the system, there are several reasons why such transparency makes for a more realistic test. Above and beyond the potential security benefits of open source code (pressure to produce better code, feedback from community, etc.), in practice it is difficult to prevent a motivated attacker from gaining access to source code. The code could have been leaked by the authors through an explicit sale by dishonest insiders, as a result of coercion, or through a compromised developer workstation. Since highly plausible attacks such as these are outside the scope of a research evaluation, it is not only fair but realistic to provide the code to the testers.
Articles and comments are the property of their respective posters.
Trademarks are the property of their respective owners.
Debian is a registered trademark of Software in the Public Interest, Inc.
This site is copyright ©; 2004-2016 Steve Kemp.
Site hosting provided by Bytemark Hosting on the BigV platform.
Article Feeds in Atom, RSS, & RDF formats