Full Disclosure mailing list archives
RE: Presidential Candidates' Websites Vulnerable
From: "Clairmont, Jan M" <jan.m.clairmont () citigroup com>
Date: Thu, 1 Jul 2004 10:43:07 -0400
If any issue is more important than electronic voting I don't know what it is. Congress has approved starting in the Spring of 2005, the draft, all the way up to 49 years of age for special skills. So we here are now in the fire, both security wise and on the firing line in Iraq and the rest of the world as this war continues to rage. We can tritely condemn the candidates use of OS but the voting machines that will be used are hackable and probably not reliable in any sense of the word. Since I have 3 sons of draftable age, I am very concerned about them and the under 49 crowd who may soon be in harms way. Having gone through Vietnam I do not look forward to the future, whether you think war is right of wrong. So how can we secure the integrity of the voting process and guarantee the results? I thought that a paper trail, an internet vote integrity counter based on voters SS or a random number that is assigned and given in the voter's booth. Then you could log in to see how your vote was actually recorded, hopefully counted properly. Anybody have any better ideas? We certainly can't trust the politicians or Diebold. Considering the results of the last election the whole process seems questionable, like in Chicago "vote early, vote often." Wary and concerned. Jan Clairmont Firewall Administrator/Consultant -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Marek Isalski Sent: Thursday, July 01, 2004 5:13 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Presidential Candidates' Websites Vulnerable For those who didn't catch it on The Inquirer already, it sounds like not even the would-be presidents of the US can afford decent security: http://www.theinquirer.net/?article=16939 "site shows signs of being vulnerable to SQL injection errors" and "packed with cross-site scripting errors"... Has Donnie been doing overtime? :) Most amusing comment given the still raging Win/Linux debate on this list: "Kerry has open source credentials - he is using Apache running on Red Hat. Bush's OS of choice is none other than Vole's IIS 5.0 server." Most worrying comment: both sites use visitor trackers (something I always feel is a sign that the site's owners feel that invasion of privacy is less important than commercial success). Maybe one day we'll just do away with elections and go by the Google PageRank of the candidates' websites? Marek _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Presidential Candidates' Websites Vulnerable Marek Isalski (Jul 01)
- <Possible follow-ups>
- RE: Presidential Candidates' Websites Vulnerable Clairmont, Jan M (Jul 01)
- RE: Presidential Candidates' Websites Vulnerable Harlan Carvey (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Jordan Klein (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Frank Knobbe (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Barry Fitzgerald (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Kurt Seifried (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Ron DuFresne (Jul 01)
- Re: Presidential Candidates' Websites Vulnerable Nasir Ghaznavi (Jul 02)
- Re: Presidential Candidates' Websites Vulnerable Daniel Veditz (Jul 02)
- RE: Presidential Candidates' Websites Vulnerable Harlan Carvey (Jul 01)