[Fwd: Re: [E-voting] About Estonian e-voting]
colm at stdlib.net
Tue Oct 25 09:21:30 IST 2005
On Tue, Oct 25, 2005 at 03:07:52PM +1000, Craig Burton wrote:
> >>Hackers will employ the law of least effort. This helps us determine
> >>where to look for hacks.
> >Of all of your bizarre arguments, this is perhaps the most flawed.
> A system bug or flaw can be anywhere. A hack has a purpose and it can't
> do anything from anywhere on the machine. A good search heuristic is to
> look where the hack can most likely be executed, be least likely to be
> found and yet most likely to achieve its purpose. The BIOS is a good
> place to hide, but something has to call the BIOS code to get it
> executed after the boot sequence. Better to trojan a common
> executable. I could argue about microcode but this has even more
> constraints as a hack has to be prepared further in advance.
This assumes the a) attackers are not clever enough to make those same
judgements about were you look, and b) non-malicious errors are not a
> >It would be relatively trivial to achieve either.
> Please provide examples or evidence that backs this assumption.
I already have: attack the input/output layers. You're not even
understanding the well-known basic points here, I'm not investing my own
time coming up with specific examples for you.
> Both are very hard, the JVM possibly being more plausible.
They are not at all hard. As I said, relatively trivial.
> Still, this doesn't help remote voters: some sort of remote service for
> VVAT has to provide the equivalent oversight.
There is no help for remote voters. Remote voters will always be prone
to vote-buying, intimidation and impersonation. Large-scale remote
voting is not compatible with safe democracy.
> >Thankfully, we don't have FPP.
> If the US wasn't FPP, Kerry would have got Nader's votes and left (ish)
> majority would have won as they should have. The ramifications of the
> US FPP voting system are global.
I don't care, I don't live in the US.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
More information about the E-voting