Andrew, What do you mean, "securing Oregon's voting system"? Pen testing hardware and software; hosting a site; Monitoring activity? cheers, Sasha > -----Original Message----- > From: owner-crime@private [mailto:owner-crime@private] > On Behalf Of Andrew Plato > Sent: Friday, January 23, 2004 12:06 PM > To: Crime List > Subject: CRIME Security experts nix Internet voting plan > > > Interesting report from an independent group. They are > recommending that the federal voting site, SCORE be shut down > because of security weaknesses. The system was designed by Accenture. > > This is, of course, interesting to us since Anitian is > securing Oregon's electronic voting system. > > The report is a good read if your interested in electronic > voting issues. > > ___________________________________ > Andrew Plato, CISSP > President/Principal Consultant > Anitian Enterprise Security > > 503-644-5656 Office > 503-214-8069 Fax > 503-201-0821 Mobile > www.anitian.com > ___________________________________ > > > Security experts nix Internet voting plan > By R. Colin Johnson, EE Times > January 23, 2004 (12:45 p.m. EST) > URL: http://www.eetimes.com/story/OEG20040123S0036 > > PORTLAND, Ore. - An Internet voting scheme called Secure > Electronic Registration and Voting Experiment may be dead, at > least according to an independent report. > > The report was released by four whistle-blowing security > experts hired by the Federal Voting Assistance Program to > evaluate the program, also know as Serve. Serve is scheduled > to become operational in time for 2004 primary elections > beginning in February. > > "We were hired to evaluate the Serve Internet voting system, > and to recommend repairs we thought were needed to make the > system secure, but we found that its based on consumer-level > PCs and operating systems that cannot be made secure. A worm > or virus like the ones we've seen attacking the Internet > lately could easily change your vote without you knowing it. > Serve should be abandoned," said computer scientist David > Wagner. Wagner coauthored the report with computer scientists > Avi Rubin from the University of California at Berkeley, > David Jefferson of Johns Hopkins University and Barbara > Simons of Lawrence Livermore National Laboratory. Their > report represents a minority opinion of the Security Peer > Review Group, an advisory group formed by the Federal Voting > Assistance Program to evaluate Serve. > > Overseas residents and military personnel must use paper > absentee ballots, which are often delayed, thereby > invalidating the ballots. The program was created to remedy > the problem, but the cure could be worse than the illness, > according to the security experts. > > The critics said using consumer-grade components already > under attack by hackers worldwide makes the online voting > system dead-on-arrival. Program officials nevertheless plan > to begin trial usage soon despite the experts' conclusion > that the system is not secure. > > According to Wagner, the computer security experts tried a > range of methods to fix the security holes in the > Internet/PC/Windows environment, but concluded that it could > not be done. Instead, Wagner said secure lines independent of > the Internet and consumer-grade operating systems should be > installed at foreign embassies and military bases. > > "We tried every imaginable method of providing secure voting > over the Internet using PCs, but we have concluded that it > can only be done with secure lines. It won't be as convenient > as using the Internet, but it will be secure," said Wagner. > > Serve is being readied for use in 50 counties and in seven > U.S. states during this year's primary and general elections, > handling as many as 100,000 votes beginning on Feb. 3 during > South Carolina's presidential primary. The program's stated > goal is to provide 6 million overseas voters with access to > online absentee voting. >
This archive was generated by hypermail 2b30 : Fri Jan 23 2004 - 14:28:37 PST