The District of Columbia subjected their online voting system to penetration testing. Some college kids hacked the thing in about a day. Doh! Part of the voting process was to upload a file which got encrypted.Guess how the hack worked? The students could name the file their were uploading whatever they wanted. Turns out they embedded UNIX commands within in the filename. This allowed them to run whatever commands they wanted. The result was that they totally owned the web server.
LOL. They are trying hard to spin this pwnage. Luckily this was not a system for everybody in the nation's capital to vote online. It was just an absentee ballot voting system. People like the troops overseas have to vote through absentee ballot. I hear they are still going to use this system to distribute ballot electronically. However you will have to print out the form and mail it back. Can't have any more server hackage going on in Washington DC.
