GistTree.Com
Entertainment at it's peak. The news is by your side.

Hacking Sweden’s election with pen and paper

0

In Sweden’s newest election, a minute assortment of crafty programmers appear to devour attempted to hack the balloting database with a pen-and-paper assault.

While most folk exercise pre-printed pollpapers to vote with, the country’s election law dictates that you’re allowed to jot down your vote out by hand, and one person seems to devour attempted to handle shut excellent thing about this, to exercise an SQL injection to abolish the database.

The election used to be very shut, and so the election authority has printed the total pen-and-paper votes on-line, anonymised, for corpulent transparency. Scanning thru them, blogger Jonas Elfström noticed the next line: “;13;Hallands län;80;Halmstad;01;Halmstads västra valkrets;0904;Söndrum 4;pwn DROP TABLE VALJ;1“.

The DROP TABLE repeat in an SQL database deletes the total desk of votes when it be set in, which methodology that had the electoral fee now not been careful, it will devour wiped the total election records. This has develop to be is named a “Small Bobby Tables assault”, after webcomic XKCD brought it to greater attention. It requires you to know, or succesfully guess, the title of the database, nonetheless, that will devour been why it failed.

Others tried to secure Javascript into the listing, with one person balloting for: “R;14;Västra Götalands län;80;Göteborg;03;Göteborg, Centrum;0722;Centrum, Övre Johanneberg;(Script src=http://hittepa.webs.com/x.txt);1“. There were just a few hyperlinks to on-line outlets and other web sites too. These were all foiled, nonetheless, since the checklist of votes used to be printed in undeniable textual notify, moderately than HTML.

Let this be a lesson to all you coders available in the market. Sanitise your database inputs.

Attributable to Karolina and Andy for support with this story.

Read More

Leave A Reply

Your email address will not be published.