[E-voting] Third party code

David GLAUDE dglaude at poureva.be
Thu Jun 2 23:59:48 IST 2005


Aengus Lawlor wrote:
> Brian O'Byrne wrote:
>>For example: we know the count machines run an operating system and
>>database application provided by Microsoft.
> 
> (As I understand it, it's also not correct to refer to a "database
> application from Microsoft" or to an Access database. As far as I know, the
> PowerVote application uses the odbc calls to the default Jet database
> engine. This happens to be the same engine as Access uses, but I don't think
> that Access is installed on the Count machines).

If the default Jet database engine is a Microsoft piece of software then 
it is right to say "database application from Microsoft" where 
application is the non tech word to say "driver" or "engine" or "module".

For more definition on the Jet database...
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0353.html

David GLAUDE

> Off the shelf software is arguably safer than custom code for the situation
> we are talking about - it's a reasonably safe bet that the developers at
> Roxio didn't build in a special Nedap hacking module on the off chance that
> their software might end up counting the results of an Irish Election.

Does leaving a way to do a buffer overflow is considered as a way to 
participate to a special Nedap hacking module? See above link.

David GLAUDE



More information about the E-voting mailing list