Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Sequoia Voting Systems screws up, releases its SQL code accidentally

From: David Farber <dave () farber net>
Date: Wed, 21 Oct 2009 01:18:18 -0400


Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: October 20, 2009 7:25:21 PM EDT
To: Dave Farber <dave () farber net>, Paul Ferguson <fergdawgster () gmail com>, Richard Forno <rforno () infowarrior org> Subject: Sequoia Voting Systems screws up, releases its SQL code accidentally 

The gist may be found here:

        Sequoia Voting Systems hacks self in foot
        http://www.dailykos.com/storyonly/2009/10/20/795343/-Sequoia-Voting-Systems-hacks-self-in-foot

which quotes a message that appears to have transited the Open Voting
Consortium (OVC) mailing list earlier today. That message reads in part: 

        Folks, you'll love this.

        Sequoia blew it on a public records response.  We (basically
        EDA) have election databases from Riverside County that Sequoia
        insisted on "redacting" first, for which we paid cold cash.
        They appear instead to have just vandalized the data as valid
        databases by stripping the MS-SQL header data off, assuming that
        would stop us cold.

        They were wrong.

        The Linux "strings" command was able to peel it apart.        Nedit was
        able to digest 800meg text files.  What was revealed was thousands
        of lines of MS-SQL source code that appears to control or at
        least influence the logical flow of the election, in violation
        of a bunch of clauses in the FEC voting system rulebook banning
        interpreted code, machine modified code and mandating hash checks
        of voting system code.

        I've got it all organized for commentary and download in wiki
        form at:

        http://studysequoia.wikispaces.com/

And sure enough that wiki is live and running, and I'll bet that as I
type this, Sequoia's lawyers are frantically trying to shut it down...but it's too late. By now, there are dozens if not hundreds of copies of that code all over the world, so they're powerless to stop the analysis that's already started. (And while I was typing this, apparently Slashdot picked 
up the story, so make that "thousands of copies".)
The lesson for Sequoia: never underestimate the abilities of someone who's 
read ALL of section 1 of the Unix manual.

---Rsk





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: