Skip to main content

View Diary: Sequoia Voting Systems hacks self in foot (47 comments)

Comment Preferences

  •  Glad to see this, but... (3+ / 0-)
    Recommended by:
    alcorsu, John DE, zee2
    it's not clear to me that the existence of SQL statements proves any of the specific violations in question.  In the case of interpreted or machine modified code, it's open to interpretation; in the case of hash checks, there's no proof at all.

    It's perfectly possible to do a hash check of plain text or binaries with embedded strings.  Simply compute an SHA checksum of the image; if someone changes the SQL (unless they somehow know how to generate collisions with SHA), it will cause the checksum to miscompare.  So the existence of queries in textual format -- heck, even if it were written in interpreted BASIC -- wouldn't be proof of lack of hash protection.

    The case of interpreted or machine modified code is a bit murkier.  Embedded relational databases are awfully common; every single one of them uses SQL.  I suppose exec'ing a query could be considered interpreting it (or compiling it on the fly into a set of primitive database operations), but to the best of my knowledge (my familiarity with database programming is in passing), it's a pretty standard way of doing business.  Frankly, I'd be surprised if an electronic voting application didn't use an embedded database.

    In any event, there should be some very interesting analysis coming out of this.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site