info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bender Gets Elected
6 views
Skip to first unread message
Rhino
Mar 4, 2012, 9:01:12 AM3/4/12
to
I just saw that Bender has been elected to the school board of Washington
D.C. I had no idea he was interested in politics ;-)
http://www.pcworld.com/article/251187/hackers_elect_futuramas_bender_to_t
he_washington_dc_school_board.html
Hackers Elect Futurama's Bender to the Washington DC School Board
By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
Bender as featured in 'Futurama: Bender's Big Score.' [Photo: Twentieth
Century Fox]Electronic voting has earned a pretty bad reputation for
being insecure and completely unreliable. Well, get ready to add another
entry to e-voting's list of woes.
One Bender Bending Rodríguez was elected to the 2010 school board in
Washington DC. A team of hackers from the University of Michigan got
Bender elected as a write-in candidate who stole every vote from the real
candidates. Bender, of course, is a cartoon character from the TV series
Futurama.
This was not some nefarious attack from a group of rogue hackers: The DC
school board actually dared hackers to crack its new Web-based absentee
voting system four days ahead of the real election. University of
Michigan professor Alexander Halderman, along with two graduate students,
did the deed within a few hours.
After looking over the e-voting system's Ruby on Rails software
framework, Halderman's team discovered that they could use a shell
injection vulnerability to get into the system. This allowed them to
retrieve the "public key," which is used to encrypt the ballots. With the
public key in hand, the hackers were able to change every ballot already
in the system and replace any subsequent real ballots with fakes.
While the hackers were mucking about the system's server, they discovered
other files that were not ballot-related in the /tmp/ directory. Among
them was a 937-page PDF containing instructions to individual voters as
well as authentication codes for every voter. If someone with malicious
intent got their hands on these codes, they could use them to cast
ballots as a real voter.
The researchers also managed to hack into the network, allowing them to
gain access to other systems within the building. The team was able to
get into the surveillance system, which gave them access to the security
cameras. This allowed them to time their attacks so that the technicians
would not notice the additional server activity.
When the team tried to get into the terminal server, they noticed there
was an attack coming from Iran, and traced the IP address to the Persian
Gulf University. The team realized the Iran-based hackers were getting in
using one of the default admin logins (user: admin, password: admin). To
stop the outside attacks the team blocked the offending IP address with
iptables (a piece of software for server admins) and replaced the admin
password with something more challenging. The team also blocked similar
attacks launched from New Jersey, India, and China.
For the team's pièce de résistance, the researchers replaced the "Thank
you for voting" note with "Owned," and programed the site to start
playing the University Of Michigan's Fight Song "Hail To The Victors!" 15
seconds later. Despite all this, the system administrators did not notice
anything strange until two days later.
Halderman's closing statements on e-voting are that a single flaw in the
configuration of the system could be fatal, and secure Internet -based
voting won't be ready until there are significant fundamental advances in
computer security. Be sure to check out the full paper on Attacking the
Washington, D.C. Internet Voting System.
--
Rhino
D.C. I had no idea he was interested in politics ;-)
http://www.pcworld.com/article/251187/hackers_elect_futuramas_bender_to_t
he_washington_dc_school_board.html
Hackers Elect Futurama's Bender to the Washington DC School Board
By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
Bender as featured in 'Futurama: Bender's Big Score.' [Photo: Twentieth
Century Fox]Electronic voting has earned a pretty bad reputation for
being insecure and completely unreliable. Well, get ready to add another
entry to e-voting's list of woes.
One Bender Bending Rodríguez was elected to the 2010 school board in
Washington DC. A team of hackers from the University of Michigan got
Bender elected as a write-in candidate who stole every vote from the real
candidates. Bender, of course, is a cartoon character from the TV series
Futurama.
This was not some nefarious attack from a group of rogue hackers: The DC
school board actually dared hackers to crack its new Web-based absentee
voting system four days ahead of the real election. University of
Michigan professor Alexander Halderman, along with two graduate students,
did the deed within a few hours.
After looking over the e-voting system's Ruby on Rails software
framework, Halderman's team discovered that they could use a shell
injection vulnerability to get into the system. This allowed them to
retrieve the "public key," which is used to encrypt the ballots. With the
public key in hand, the hackers were able to change every ballot already
in the system and replace any subsequent real ballots with fakes.
While the hackers were mucking about the system's server, they discovered
other files that were not ballot-related in the /tmp/ directory. Among
them was a 937-page PDF containing instructions to individual voters as
well as authentication codes for every voter. If someone with malicious
intent got their hands on these codes, they could use them to cast
ballots as a real voter.
The researchers also managed to hack into the network, allowing them to
gain access to other systems within the building. The team was able to
get into the surveillance system, which gave them access to the security
cameras. This allowed them to time their attacks so that the technicians
would not notice the additional server activity.
When the team tried to get into the terminal server, they noticed there
was an attack coming from Iran, and traced the IP address to the Persian
Gulf University. The team realized the Iran-based hackers were getting in
using one of the default admin logins (user: admin, password: admin). To
stop the outside attacks the team blocked the offending IP address with
iptables (a piece of software for server admins) and replaced the admin
password with something more challenging. The team also blocked similar
attacks launched from New Jersey, India, and China.
For the team's pièce de résistance, the researchers replaced the "Thank
you for voting" note with "Owned," and programed the site to start
playing the University Of Michigan's Fight Song "Hail To The Victors!" 15
seconds later. Despite all this, the system administrators did not notice
anything strange until two days later.
Halderman's closing statements on e-voting are that a single flaw in the
configuration of the system could be fatal, and secure Internet -based
voting won't be ready until there are significant fundamental advances in
computer security. Be sure to check out the full paper on Attacking the
Washington, D.C. Internet Voting System.
--
Rhino
Don Del Grande
Mar 4, 2012, 12:05:59 PM3/4/12
to
Rhino wrote:
>I just saw that Bender has been elected to the school board of Washington
>D.C. I had no idea he was interested in politics ;-)
>
>http://www.pcworld.com/article/251187/hackers_elect_futuramas_bender_to_t
>he_washington_dc_school_board.html
>
>
>Hackers Elect Futurama's Bender to the Washington DC School Board
>By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
>
>I just saw that Bender has been elected to the school board of Washington
>D.C. I had no idea he was interested in politics ;-)
>
>http://www.pcworld.com/article/251187/hackers_elect_futuramas_bender_to_t
>he_washington_dc_school_board.html
>
>
>Hackers Elect Futurama's Bender to the Washington DC School Board
>By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
>
>For the team's pièce de résistance, the researchers replaced the "Thank
>you for voting" note with "Owned"
"Owned"? Not "Pwned"?
>you for voting" note with "Owned"
-- Don
Rhino
Mar 5, 2012, 3:00:29 PM3/5/12
to
"Don Del Grande" <del_gra...@earthlink.net> wrote in message
news:p587l71lc4436nslv...@4ax.com...
If it were the mainstream media where familiarity with technology is not a
given, I'd suspect a transcription error as some non-technical person typed
in the story and assumed "pwned" was a typo and fixed it.
But I'd have thought PC World would know better.
It's probably just a simple typo....
--
Rhino
Matthew Miller
Mar 6, 2012, 12:02:06 AM3/6/12
to
Rhino <no_offline_c...@example.com> wrote:
>>Hackers Elect Futurama's Bender to the Washington DC School Board
>>By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
>>For the team's pièce de résistance, the researchers replaced the "Thank
>>you for voting" note with "Owned"
> "Owned"? Not "Pwned"?
Same thing. Or rather, "owned" is older usage and "pwned" a relatively
>>Hackers Elect Futurama's Bender to the Washington DC School Board
>>By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
>>For the team's pièce de résistance, the researchers replaced the "Thank
>>you for voting" note with "Owned"
> "Owned"? Not "Pwned"?
modern variant spelling.
--
Matthew Miller
Paul Hyett
Mar 6, 2012, 3:27:11 AM3/6/12
to
On Mon, 5 Mar 2012 at 23:02:06, Matthew Miller
<mattdm...@mattdm.org> wrote in alt.tv.futurama :
But what does it *mean*? At first I assumed it was just a typo...
--
Paul 'Charts Fan' Hyett
<mattdm...@mattdm.org> wrote in alt.tv.futurama :
--
Paul 'Charts Fan' Hyett
Matthew Miller
Mar 7, 2012, 9:42:37 AM3/7/12
to
Paul Hyett <p...@nojunkmailplease.co.uk> wrote:
>>Rhino <no_offline_c...@example.com> wrote:
>>>>Hackers Elect Futurama's Bender to the Washington DC School Board
>>>>By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
>>>>For the team's pièce de résistance, the researchers replaced the "Thank
>>>>you for voting" note with "Owned"
>>> "Owned"? Not "Pwned"?
>>Same thing. Or rather, "owned" is older usage and "pwned" a relatively
>>modern variant spelling.
> But what does it *mean*? At first I assumed it was just a typo...
http://en.wikipedia.org/wiki/Owned
>>Rhino <no_offline_c...@example.com> wrote:
>>>>Hackers Elect Futurama's Bender to the Washington DC School Board
>>>>By Kevin Lee, PCWorld Mar 2, 2012 11:39 AM
>>>>For the team's pièce de résistance, the researchers replaced the "Thank
>>>>you for voting" note with "Owned"
>>> "Owned"? Not "Pwned"?
>>Same thing. Or rather, "owned" is older usage and "pwned" a relatively
>>modern variant spelling.
> But what does it *mean*? At first I assumed it was just a typo...
http://en.wikipedia.org/wiki/Pwned
--
Matthew Miller
Paul Hyett
Mar 7, 2012, 12:43:57 PM3/7/12
to
On Wed, 7 Mar 2012 at 08:42:37, Matthew Miller
<mattdm...@mattdm.org> wrote in alt.tv.futurama :
Thanks.
Teenagers today... :p
<mattdm...@mattdm.org> wrote in alt.tv.futurama :
Teenagers today... :p
0 new messages