Re: Fwd: ITA testing would detect Hursti attack, ballot programming errors, etc.

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Sun Sep 03 2006 - 00:05:52 CDT

The idea that a third pary could figure out every security hole when many users and the desingners themselves can't recgonize this in a complex piece of software is absurd

There's all sorts of examples of things that at the time seemed to exhibit a secure logic but later proved to be insecure. THe people designing those were not being cavalier and did think about the logic of the security but they got it wrong.

This sort of logic bomb shows up a lot then you mix two secure protocols that the desingners did not think through. Reviuewes of either one would not reveal the problem.

Just to name a couple of examples. Lots of people use SSH keys because they think it's safer than a password. Lot's of people use NFS network file systems for their home directory. Both of these are fairly secure protocols. Together they are totally unsecure.

Apple computer's mac osx went through a spate of problems when for example telnet:// became a recognized web protocol. (A web site could for example send a telnet shell escape to do and "rm -f ./*" when loading an ordinary insecure webpage. It also had problems when the applications discovery process (the OS queries applications for what files they open) crossed swords with automounting of downloaded disks. (the file download mounted into the filestystem as a disk. the OS trusted the file system and scanned it for applications. The applications said they could open xxxx file types and thus got lanched when any document was opened)

And in voting systems, there's the classic example of the voting machine company that used the windows system libs for it's text windows. When the OS was updated to allow automatic form-fillout the voting machine began filling in the forms and highlighting the buttons for you according to how the last guy voted.

Could a third party testing authority really have anticipated these deadly combinations? I doubt it.

-----Original Message-----
>From: "Douglas W. Jones" <>
>Sent: Sep 2, 2006 8:26 PM
>To: Open Voting Consortium discussion list <>, Joan Krawitz VTUSA <>,
>Subject: Re: [OVC-discuss] Fwd: ITA testing would detect Hursti attack, ballot programming errors, etc.
>On Sep 1, 2006, at 9:26 PM, Kathy Dopp wrote:
>> Can anyone please help me to verify or refute these claims ... ?
>>> From: Joan Krawitz VTUSA <>
>>> Date: Sep 1, 2006 7:56 PM
>>> Federal testing if conducted decently can and should find
>>> the kind of problems that have been reported with the Hursti
>>> hack, the ES&S ballot programming and similar system design
>>> defects.
>This is basically true. The VSTAAB review of the AccuBasic
>interpreter reveals numerous flat-out violations of the FEC
>2002 guidelines. If the California VSTAAB could do it, the
>ITAs could have done it. The basic problem exposed by Hursti
>I and II is also very obvious -- the ability to inject
>executable code into a voting system is clearly covered under
>the intent of the FEC 2002 guidelines concerning protection
>against viruses and malware.
>However, I see no evidence that the ITAs have been effective in
>detecting these problems. I've read the current ITA reports,
>and they're no better than the ones I used to read when I was
>an examiner for Iowa. My confidence is not raised by anything
>I've seen recently. Just because the ITA process has the
>potential to do better should not be taken as evidence that
>it is doing better.
>As an aside, I've read ITA source code review reports from
>Wyle, Ciber and SysTest. Ciber reports are, overall, the
>least informative. SysTest reports contain enough text that
>I can get into the head of the source code examiner and see
>what they're looking for and how they're going about it.
>Wyle is in between.
> Doug Jones
>OVC-discuss mailing list

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sat Sep 30 23:17:02 2006

This archive was generated by hypermail 2.1.8 : Sat Sep 30 2006 - 23:17:08 CDT