interesting-people message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]

Subject: [IP] Sequoia Voting Systems screws up, releases its SQL code accidentally



Begin forwarded message:

From: Rich Kulawiec <rsk@gsp.org>
Date: October 20, 2009 7:25:21 PM EDT
To: Dave Farber <dave@farber.net>, Paul Ferguson <fergdawgster@gmail.com>, Richard Forno <rforno@infowarrior.org> Subject: Sequoia Voting Systems screws up, releases its SQL code accidentally 

The gist may be found here:

	Sequoia Voting Systems hacks self in foot
	http://www.dailykos.com/storyonly/2009/10/20/795343/-Sequoia-Voting-Systems-hacks-self-in-foot

which quotes a message that appears to have transited the Open Voting
Consortium (OVC) mailing list earlier today. That message reads in part: 

	Folks, you'll love this.

	Sequoia blew it on a public records response.  We (basically
	EDA) have election databases from Riverside County that Sequoia
	insisted on "redacting" first, for which we paid cold cash.
	They appear instead to have just vandalized the data as valid
	databases by stripping the MS-SQL header data off, assuming that
	would stop us cold.

	They were wrong.

	The Linux "strings" command was able to peel it apart.	Nedit was
	able to digest 800meg text files.  What was revealed was thousands
	of lines of MS-SQL source code that appears to control or at
	least influence the logical flow of the election, in violation
	of a bunch of clauses in the FEC voting system rulebook banning
	interpreted code, machine modified code and mandating hash checks
	of voting system code.

	I've got it all organized for commentary and download in wiki
	form at:

	http://studysequoia.wikispaces.com/

And sure enough that wiki is live and running, and I'll bet that as I
type this, Sequoia's lawyers are frantically trying to shut it down...but it's too late. By now, there are dozens if not hundreds of copies of that code all over the world, so they're powerless to stop the analysis that's already started. (And while I was typing this, apparently Slashdot picked 
up the story, so make that "thousands of copies".)
The lesson for Sequoia: never underestimate the abilities of someone who's 
read ALL of section 1 of the Unix manual.

---Rsk





-------------------------------------------

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]

Powered by eList eXpress LLC