Slashdot Mirror

← Back to Stories (view on slashdot.org)

Voting System Test Hack Elects Futurama's Bender To School Board

Posted by Soulskill on from the bite-my-shiny-metal-ballot dept.

mr crypto writes with this quote from El Reg: "In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election. 'It was too good an opportunity to pass up,' explained Professor Alex Halderman from the University of Michigan. 'How often do you get the chance to hack a government network without the possibility of going to jail?' With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours. They figured out a way of writing output to the images directory (PDF) on the compromised server, and of encrypting traffic so that the front-end intrusion detection system couldn't spot them. The team also managed to guess the login details for the terminal server used by the voting system. ... The team altered all the ballots on the system to vote for none of the nominated candidates. They then wrote in names of fictional IT systems as candidates, including Skynet and (Halderman's personal favorite) Bender for head of the DC school board."

17 of 210 comments (clear)

  1. Why... by Daniel_is_Legnd · · Score: 5, Funny

    Why not Zoidberg?

    1. Re:Why... by ackthpt · · Score: 3, Funny

      Why not Zoidberg?

      I'm surprised it wasn't Putin.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:Why... by Alter_3d · · Score: 5, Funny

      Why not Zoidberg?

      I'm surprised it was not Hypnotoad

    3. Re:Why... by snowgirl · · Score: 4, Funny

      Why not Zoidberg?

      I'm surprised it was not Hypnotoad

      All Glory to the Hypnotoad!

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
  2. Bite my shiny metal ass! by bunratty · · Score: 4, Funny

    If elected I promise to KILL ALL HUMANS! Hey, you said there'd be hookers at this convention.

    --
    What a fool believes, he sees, no wise man has the power to reason away.
    1. Re:Bite my shiny metal ass! by Patch86 · · Score: 4, Funny

      Have you ever tried simply turning off the TV, sitting down with your children, and hitting them?

    2. Re:Bite my shiny metal ass! by Anonymous Coward · · Score: 3, Funny

      Fine, I'll go rig my own elections! With blackjack, and hookers! In fact, forget about the election.

  3. Bender would be great for head of the school board by jizziknight · · Score: 3, Funny

    "Have you ever tried simply turning off the TV, sitting down with your children, and hitting them?"

    --
    Everything I say is a lie. Except that... and that... and that, and that, and that, and that... and that.
  4. Ruby on Fails? LOL by Anonymous Coward · · Score: 4, Funny

    Ruby on Rails

    And there's your problem. Only an idiot would try to run something that needs high security on Ruby on Fails. Rubyists couldn't write secure code if their life depended on it. Next time hire real programmers not hipsters who spend all day sipping lattes and admiring each other's new pair of skinny jeans.

    1. Re:Ruby on Fails? LOL by Anonymous Coward · · Score: 4, Funny

      Ruby on Rails

      And there's your problem. Only an idiot would try to run something that needs high security on Ruby on Fails. Rubyists couldn't write secure code if their life depended on it. Next time hire real programmers not hipsters who spend all day sipping lattes and admiring each other's new pair of skinny jeans.

      Somewhere, in some coffee shop, some guy with a bowl cut and a faint mustache is commenting to his friend that he just got hired back to do another contract for the DC BOE and this time they want him to spend 4 hours on it instead of 2.

    2. Re:Ruby on Fails? LOL by Anonymous Coward · · Score: 3, Funny

      But I suppose it's fun to bash the Rails programmers because they are in really high demand and able to command very high billing rates :-)

      Yeah and we all believe you. No, really, we do. I'm sure the other unemployed Rubyists at Starbucks with you are congratulating you on this great post.

    3. Re:Ruby on Fails? LOL by Anonymous Coward · · Score: 4, Funny

      Yeah, and I believe you. That's why I can't find any experience RoR developers to hire. Our recruiters can't find anyone either. They're all busy.

      We have the same issue! It took us six months before we were able to find a Senior RoR developer with 10 years experience.

  5. Re:"managed to guess the login details" by Desler · · Score: 4, Funny

    This was a system created by Rubyists. They don't understand security because that's a "low-level detail" they can't be arsed to learn.

  6. Election System by necro81 · · Score: 4, Funny

    Ya, well, I'm gonna go build my own election system. With blackjack! And hookers!

    In fact, forget the election system.

  7. Re:why evoting machines by jeffmeden · · Score: 5, Funny

    Every single technology profession I have EVER communicated with, does not think electronic voting machines are a good idea. If EVERYONE is in agreement this is a BAD idea, why the FUCK are we still making these things?

    That's just it, we took a vote on that and as it turns out about 190% of respondents said that they were in favor of electronic voting...

  8. Re:Bender would be great for head of the school bo by an+unsound+mind · · Score: 5, Funny

    Because "Insightful" is Secret Slashdot Code for "Funny, but enough so it deserves karma". And "Funny" is Secret Slashdot Code for "So painfully unfunny it induces groaning."

    Or possibly Groening. Not precisely clear on that.

  9. Re:"managed to guess the login details" by powerlord · · Score: 5, Funny

    New Jersey, India, and China.

    Ah yes, the new "Axis of Evil"!

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.