August 13, 2009

Nope! Nothing wrong here!

Paper ballots, dammit! Who cares if you don't know who the next president is five minutes after the polls close?

A team of computer scientists from University of California-San Diego, the University of Michigan, and Princeton University used an attack based on "return-oriented programming" to turn a Sequoia AVC Advantage e-voting machine against itself and shift votes from one candidate to another.
...

The attack doesn't require any new code, either: "The attacker reuses short snippets of the existing system and recombines them in such a way that the computation they perform is exactly the computation he wants to carry out," he says.

The researchers exploited a buffer-overflow vulnerability in the Sequoia voting machine, which has built-in defenses against code injection into its RAM. "This is exactly the defense that our use of return-oriented programming defeats," Schacham says.

Posted by: Alice H at 12:45 PM | Comments (2) | Add Comment
Post contains 141 words, total size 1 kb.

Comments are disabled. Post is locked.
12kb generated in CPU 0.01, elapsed 0.0147 seconds.
61 queries taking 0.0092 seconds, 133 records returned.
Powered by Minx 1.1.6c-pink.