As a long time reader of comp.risks, and having a professional interest in security (as a sysadmin), I'll take this opportunity to say that anyone who is promoting online voting as a replacement for paper ballots is (in my opinion) one or more of a)Hopelessly naive, b)Frighteningly optimistic, c)Woefully ignorant of the problems of authentication combined with anonymity, d)Ignoring the problems of coercion, or (worst of all) e) Willing to accept vote tampering. I do not seriously think that the Electoral Commissioner would be willing to accept vote tampering, but every electronic or online system has been demonstrated to be vulnerable to it. Worse, such attacks can occur at any point, be it in corrupt coding, interference with the ballots, or by injecting forged ballots. All of these have be proven to be possible in every practical and theoretical system proposed to date. This is ignoring the problem of d) - if the voting is not occurring in a public place, how do you prove that t...
Managing director: Tables, Robert.
ReplyDeleteFlorian Haas - I can't stop laughing...
ReplyDeleteRob Masters Happy to help. :)
ReplyDeleteTwo things amaze me about this.
ReplyDelete1/ The registration did not crash the database.
2/ It has taken this long for someone to do it.
A co-worker did point out that 2/ could be a product of 1/, in that it is the first such attempt that did not result in the database getting wiped.
Rob Masters Your logic does not hold water, for obviously, after the first wipe someone would have restored from backup and done "RENAME TABLE companies TO companiesx;".
ReplyDelete