[hcs-d] uc election result testimony

Jeremy Hoon jeremy.d.hoon at gmail.com
Mon Nov 23 15:12:52 EST 2009


Ok, so I just read this
http://www.thecrimson.com/article/2009/11/23/seiler-email-mcleod-voting/
(sent over hcs-p ~10 minutes ago)

So where was this SQL database hanging out? Was it accepting remote
connections (e.g. not just listening on 127.0.0.1)? Who had shell access to
the machine?


On Mon, Nov 23, 2009 at 3:07 PM, Kevin Lee <kevlee at fas.harvard.edu> wrote:

> Hi,
>
> I'd be somewhat interested in attending this and helping out. I've pretty
> interested in computer security, and delving into a security breach
> investigation sounds like fun.
>
> Based on the UC minutes that were just sent out, I don't think point 2 is
> completely accurate. There was access to certain portions of the system, but
> purportedly this was isolated from the voting application.
>
> Kevin
>
> On Mon, Nov 23, 2009 at 2:58 PM, Jeremy Hoon <jeremy.d.hoon at gmail.com>wrote:
>
>> Hello HCS,
>>
>> I was just asked by Andrea Flores, the current UC president, if a few of
>> us could stop by a UC meeting tonight to discuss the tech issues surrounding
>> the election debacle. I think we can agree that vote tampering is unlikely
>> for the following reasons:
>>
>> - Brad verified the results (unfortunately it appears that for political
>> reasons this rationale is not being accepted by certain parties).
>> - Candidates did not have access to the voting application.
>> - It would have been very difficult to hack the voting application.
>> - The final vote total was very close. It seems unlikely that an attacker
>> could have manipulated the votes with the precision necessary to achieve
>> only a slim margin of victory.
>>
>> It might make sense to discuss the voting software implementation on-list
>> beforehand. Does anyone know if/where it lives in SVN?
>>
>> Brad, I assume you are on this list (if not, could someone please forward
>> him this message). You are obviously the number one authority on this
>> subject, and your input would be invaluable.
>>
>> The meeting is tonight at 7:30 in Sever 113. Please respond on-list if you
>> plan to attend. A group of 2-3 people would be ideal.
>>
>> Jeremy
>>
>> _______________________________________________
>> hcs-discuss mailing list
>> hcs-discuss at lists.hcs.harvard.edu
>> http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20091123/216b275a/attachment-0001.htm 


More information about the hcs-discuss mailing list