Re: draft of text for new OVC-sponsored bill

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Mon Jan 26 2009 - 20:12:12 CST

On class certification, if the class is something like "all
PC97-compliant computers", almost certainly all modern class members
will include networking interfaces, and most of them will include
wireless devices. These provide excellent attack vectors, both for
hacking (e.g., the OS build accidentally leaves a bluetooth device
enabled, and a hacker uses it to overflow a network buffer and run
arbitrary code) and for inside jobs (e.g., feeding election-specific
information to loaders in firmware).

I think class certification is just insecure, and shouldn't be allowed.

-R

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Jan 7 00:09:52 2010

This archive was generated by hypermail 2.1.8 : Thu Jan 07 2010 - 00:09:57 CST