cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Seattle smartphone voting

Seattle-area voters will be able to cast votes (for board of electors) by smartphone.

 

I am generally on the "online voting is a really, really stupid idea" side.  Using your name and birthdate to log in to vote seems rather weak authentication (and authorization, for that matter).  I will allow that generating a digitized signature as a check provides some additional validation, but a) it's going to be time-consuming to check (although, since the original balloting was by mail, it seems it has to be done anyway), and b) you can simply call up UPS and buy their database of digitized signatures and use those to submit fake ballots.  (Actually, lots of companies will have databases of digitized signatures by now, but I know UPS has offered theirs for sale.)

 

I suppose someone will say that you have to use the app to submit votes through the app and that it has protections against that, but, quite apart from any weakness in the app, does anybody really think that, in this day and age, nobody can analyse the traffic and figure out how to hack the API?


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
0 Replies