The District of Columbia subjected their online voting system to penetration testing. Some college kids hacked the thing in about a day. Doh! Part of the voting process was to upload a file which got encrypted.
Guess how the hack worked? The students could name the file their were uploading whatever they wanted. Turns out they embedded UNIX commands within in the filename. This allowed them to run whatever commands they wanted. The result was that they totally owned the web server.
LOL. They are trying hard to spin this pwnage. Luckily this was not a system for everybody in the nation's capital to vote online. It was just an absentee ballot voting system. People like the troops overseas have to vote through absentee ballot. I hear they are still going to use this system to distribute ballot electronically. However you will have to print out the form and mail it back. Can't have any more server hackage going on in Washington DC.
Password Problems - All the members of my old team had their own development schemas. We were give the schema password so we could make changes as we saw fit. These schemas w...