Re: MORE Questions from election officials

From: Arthur Keller <arthur_at_kellers_dot_org>
Date: Tue May 04 2004 - 13:02:16 CDT

At 10:26 AM -0500 5/4/04, Douglas W. Jones wrote:
>>In my own presentations I generally dont emphasize hacking (I think
>>bugs are quite suffieint an issue) but somehow everyone always
>>wants to bring up fraud so its an unavoidable topic.
>When someone brings it up, I always point out that, for every hacker,
>there are hundreds or thousands of innocent people who make normal
>human mistakes. My favorite example of this was a new release of
>Windows 95 that contained a perfect example of an attack on the
>voting system from within the window manager. It was entirely innocent,
>Microsoft didn't mean to break the voting system made by Fidlar and
>Chambers. They did, though. It was an innocent enhancement, totally
>upward compatable and with no impact on existing code and no need to
>change any use of the Windows API. The consequence was to reveal, to
>each voter, exactly how the person who used the machine before them
>voted. (the radio button widget had a new GUI feature, a subtle
>highlight indicating which button had been pressed most recently.)

Great example! It points out the need to do "full system testing"
including OS, etc. Interestingly, "black box testing" is a feeble
attempt at "full system testing." However, you also want to do
testing of internal interfaces, testing of logic branches, all paths
testing, inspection of the code, etc., as well.

Best regards,

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Mon May 31 23:17:10 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:15 CDT