Interesting People mailing list archives
Sequoia Voting Systems screws up, releases its SQL code accidentally
From: David Farber <dave () farber net>
Date: Wed, 21 Oct 2009 01:18:18 -0400
Begin forwarded message: From: Rich Kulawiec <rsk () gsp org> Date: October 20, 2009 7:25:21 PM EDTTo: Dave Farber <dave () farber net>, Paul Ferguson <fergdawgster () gmail com>, Richard Forno <rforno () infowarrior org> Subject: Sequoia Voting Systems screws up, releases its SQL code accidentally
The gist may be found here: Sequoia Voting Systems hacks self in foot http://www.dailykos.com/storyonly/2009/10/20/795343/-Sequoia-Voting-Systems-hacks-self-in-foot which quotes a message that appears to have transited the Open VotingConsortium (OVC) mailing list earlier today. That message reads in part:
Folks, you'll love this. Sequoia blew it on a public records response. We (basically EDA) have election databases from Riverside County that Sequoia insisted on "redacting" first, for which we paid cold cash. They appear instead to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux "strings" command was able to peel it apart. Nedit was able to digest 800meg text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code. I've got it all organized for commentary and download in wiki form at: http://studysequoia.wikispaces.com/ And sure enough that wiki is live and running, and I'll bet that as Itype this, Sequoia's lawyers are frantically trying to shut it down...but it's too late. By now, there are dozens if not hundreds of copies of that code all over the world, so they're powerless to stop the analysis that's already started. (And while I was typing this, apparently Slashdot picked
up the story, so make that "thousands of copies".)The lesson for Sequoia: never underestimate the abilities of someone who's
read ALL of section 1 of the Unix manual. ---Rsk ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Sequoia Voting Systems screws up, releases its SQL code accidentally David Farber (Oct 20)