Pennsylvania has taken down its voter registration system. It seems that a hacker can easily change voter registration information for other people. <read>
Online voter registration PDFs are left unsecured on the server for anyone to access. Simply change the request ID at the end of the URL. Valid IDs appear to be working from 50000 and up to 58500+ This was discovered after filling out a registration myself. Being a security conscious programmer, I decided to test. Very bad PA…very very bad!
The entire application has since been replaced with a message that says the site is temporarily offline, but the basis of the flaw was that an attacker could force the application to retrieve arbitrary PDF voter registration files of other voters by simply modifying a request parameter sent in a request to the PrintVoterApplication.aspx page.
Brad Friedman sums up the bipartisan problems with dangerous voting ideas and lack of technical knowlege: <read>
We can’t even do online registration securely, and yet Democrats have been talking about actually voting by Internet?! There is, apparently, no bad voting idea (touch-screen voting machines, “paper-trails,” vote-by-mail, now Internet voting) that Democrats aren’t all too willing to leap at before bothering to look.
Of course, where Democrats fail with often the best of intentions, Republicans often aim to “fail” in the first place with such systems. We’re still not sure exactly which of those is worse. Either way, there seems to be plenty of failure to go around these days. Luckily, there’s nothing important coming up for voters in Pennsylvania anytime soon.
I have been disturbed by the Democratic Party’s use of internet voting for the selection of eleven convention delegates to represent expats. Also by the suggestions of vote by mail primaries and also that the selection of our president is partially determined by states with vote by mail. If we believe in a secret ballot that cannot be bought or intimidated then we cannot tolerate Internet and mail-in voting.
Nothing to worry about in Connecticut. We can be assured that at least on the day before an election our voter registration system is almost impossible to access by anyone, including hackers and registrars <read>.
