[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

COTS exploits noted in recent report

I wanted to bring everyone's attention to the recently released
Raba report that was commissioned by the State of Maryland.
A "Red Team" exercise was conducted to see whether security
breaches were possible on the Diebold AccuVote-TS system.  They
revealed (among other exploits) that the Canvas vulnerability (used
by "Blaster" against Microsoft products) could be used to provide full
system administrator privileges to remotely upload, download, and execute
files from the server used to accumulate the election results.  They also
noted that 15 Microsoft patches had not been installed on the server.
This points out the types of problems related to COTS products that
can have a serious impact on voting system security.

The Raba report can be downloaded from their website at raba.com
and I would urge all to review it, even though it is product-specific,
it has general applicability to the tasks at hand.

Rebecca Mercuri.