

Attacking the Washington, D.C. Internet Voting System - moe
https://jhalderm.com/pub/papers/dcvoting-fc12.pdf

======
eli
To their credit... this is an example of a city trying to do the right thing.
Rather than buy crappy Diebold technology, DC sponsored an open source project
for their voting software and then encouraged security professionals to try to
hack it. Imagine if all government software was developed this way.

Yeah, it sucks that the security was surprisingly bad. But I wonder, would any
of my websites stand up to a group of high-level security researchers actively
seeking to exploit them? I doubt it.

------
moe
Money quote:

 _Within 48 hours of the system going live, we had gained near complete
control of the election server. We successfully changed every vote and
revealed almost every secret ballot. Election officials did not detect our
intrusion for nearly two business days — and might have remained unaware for
far longer had we not deliberately left a prominent clue._

