PA Voter Registration Security Fail

March 21, 2008

The vulnerability – if it can be called that (open door would be more appropriate) – was identified on Digg. It’s gone now, but you can read about it here and here.

What’s ridiculous is that registering online never saved you the trouble of sending in a paper form – you were still required to print, sign, and mail your registration. They’re apparently worried about the number of people who might not have even realized they needed to complete that second step. If one could not actually fully register online, why were they saving user data at all? Was that information even passed on to the registration roles? Probably not. Even if it was, was it worth the risk of compromise? Obviously not.

More links: Reg, Jeremiah Grossman.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: