Мои публикации
Мужской
Бомбежки Ливии – наказание Каддафи за попытку введения золотого динара.
-
- Просмотр профиля: Репутация: Pozitiff
#3466951 Воздушные удары по Ливии
Автор:
на 26 марта 2011 - 20:55
#3446440 Жалобу компьютерщика Избирком направил в Госсуд
Автор:
на 11 марта 2011 - 19:05
shb, проблема может возникнуть не только на стороне клиента. В цепи электронного голосования несколько уязвимых мест. Подробнее здесь.
Vote counting:
After the election period ends, the VCS will take the latest encrypted votes of all voters and send them to the second server that is behind a firewall. The second server removes all the signatures. It then ‘burns’ all the unsigned encrypted votes to a CD. Now, a number of trusted people (including observers) take this CD and bring it to a separate room, which is well guarded. That room contains the third server, the tallier who is *not* connected to Internet at all. The CD is input to the tallier. The tallier reads all encrypted votes. Since it knows the decryption keys, it can decrypt all votes. After that it outputs the number of votes given for every candidate.
So what’s wrong with it? For a cryptographer it’s a rhetoric question but let me reiterate some points. Basically, an e-voting system can be attacked by attacking voter computers, Internet connection or voting servers. Signing/encryption mostly takes care of fraudulent Internet (they do not obviously protect you against DDOS attacks and the like).
Voter computers are an obvious problem: most of the people are computer illiterate, and are not able to check if their computers are not infected. Even if they have the newest antivirus (which we can’t be sure of), that antivirus itself might not be able to detect a piece of new malware that has been written specifically for *that* election and is unleashed just before it. (Note: in Estonia e-voting lasts for 3 days.) That malware could do a lot of damage, like hijack the connection between you and the ID card (basically letting the ID card to sign wrong votes), between the GUI and what actually happens inside the computer, etc. I would *not* be surprised if such a piece of software was written by a high-school kid.
Vote servers are another problem: they can attacked by a hostile (but yet invisible) takeover, or by an insider (software provider, hardware provider, they guy with a gun meant to protect the servers, cleaning lady…). To be completely certain nothing like that happens, one should use either 100% trusted providers etc, etc (which is somewhat unlikely if an interested foreign powers invests a few million euros to bribe everybody), or one should use cryptography. But first, why does it matter? Can’t we trust the election office? Rhetorically I could ask: do we trust politicians in general? Do we? Less rhetorically, there are so many potential threats here.
Vote counting:
After the election period ends, the VCS will take the latest encrypted votes of all voters and send them to the second server that is behind a firewall. The second server removes all the signatures. It then ‘burns’ all the unsigned encrypted votes to a CD. Now, a number of trusted people (including observers) take this CD and bring it to a separate room, which is well guarded. That room contains the third server, the tallier who is *not* connected to Internet at all. The CD is input to the tallier. The tallier reads all encrypted votes. Since it knows the decryption keys, it can decrypt all votes. After that it outputs the number of votes given for every candidate.
So what’s wrong with it? For a cryptographer it’s a rhetoric question but let me reiterate some points. Basically, an e-voting system can be attacked by attacking voter computers, Internet connection or voting servers. Signing/encryption mostly takes care of fraudulent Internet (they do not obviously protect you against DDOS attacks and the like).
Voter computers are an obvious problem: most of the people are computer illiterate, and are not able to check if their computers are not infected. Even if they have the newest antivirus (which we can’t be sure of), that antivirus itself might not be able to detect a piece of new malware that has been written specifically for *that* election and is unleashed just before it. (Note: in Estonia e-voting lasts for 3 days.) That malware could do a lot of damage, like hijack the connection between you and the ID card (basically letting the ID card to sign wrong votes), between the GUI and what actually happens inside the computer, etc. I would *not* be surprised if such a piece of software was written by a high-school kid.
Vote servers are another problem: they can attacked by a hostile (but yet invisible) takeover, or by an insider (software provider, hardware provider, they guy with a gun meant to protect the servers, cleaning lady…). To be completely certain nothing like that happens, one should use either 100% trusted providers etc, etc (which is somewhat unlikely if an interested foreign powers invests a few million euros to bribe everybody), or one should use cryptography. But first, why does it matter? Can’t we trust the election office? Rhetorically I could ask: do we trust politicians in general? Do we? Less rhetorically, there are so many potential threats here.
#3435064 Выборы в Riigikogu по версии forum.ee
Автор:
на 03 марта 2011 - 23:37
Считаю что центристы легко манипулируют русскоговорящим избирателем. На прошлых выборах была какая-то вера центристам. Голосовал за Сытник. За 4 года постигло полное разочарование в их политике. Интересам русскоговорящих она не отвечает. Вот набрел на статью, которая подтверждает мои догадки http://belagor.livej...l.com/2594.html В этот раз буду голосовать за Кленского. Даже если и не пройдет в парламент, то ничего страшного. Хуже отдать голос за предателей.
