are not the same ones running the show tomorrow:
http://blogs.zdnet.com/security/?p=965Ok security people, we’ve been talking about it for awhile now, and here it is! Do you remember when you first heard about online voting? Do you remember thinking, geez, that sounds like a really bad idea? Well, your fears are confirmed.
The state of Pennsylvania online voter registration page has a major flaw that was discovered and mentioned on digg, the text of which is posted below:
Online voter registration PDFs are left unsecured on the server for anyone to access. Simply change the request ID at the end of the URL. Valid IDs appear to be working from 50000 and up to 58500+ This was discovered after filling out a registration myself. Being a security conscious programmer, I decided to test. Very bad PA…very very bad!The entire application has since been replaced with a message that says the site is temporarily offline,
but the basis of the flaw was that an attacker could force the application to retrieve arbitrary PDF voter registration files of other voters by simply modifying a request parameter sent in a request to the PrintVoterApplication.aspx page.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore