Voting with Sasser - From the folks who brought you Netsky, MyDoom, Blaster, Slammer, etc ...

[Lou Puls <lpuls@xxxxxxxxxxxxx>]

Here's another reason (among many) that the Hart InterCivic (or any 
other Win32-based) voting system can never (in any practical sense) be 
certified:

http://www.eweek.com/article2/0,1759,1578684,00.asp
------------------------------------------------
Microsoft Confirms Bug in SSL Patch
By Larry Seltzer
April 29, 2004

Microsoft Corp. has confirmed in a knowledge base article that its patch 
for a critical bug can cause some Windows 2000 systems to lock up and 
fail at boot time.

The patch is for a particularly critical vulnerability of which experts 
have begun to see exploits in the last few days.

The knowledge base article goes by the unusually long name:

"Your computer stops responding, you cannot log on to Windows, or your 
CPU usage for the System process approaches 100 percent after you 
install the security update that is described in Microsoft Security 
Bulletin MS04-011."
------------------------------------------------

The April patch fails to be any kind of solution for a "certified" 
machine because Microsoft wrote it after seven months during which 
malware crackers have been working on countermeasures to the kluge-style 
patches M$ puts out.  Now an election judge is supposed to somehow 
reboot away the Blue Screen of Death while an impatient line of voters 
looks on.  The judge can't legally call for Hart to come patch it again 
(with what could be an unverified, quickly downloaded patch that might 
be (again?) the counterfeit patch from February that is itself a worm). 
Welcome to voting with the toyware blessings of the M$ Butterfly, 
bestowing its "benefits" with nothing approaching a professional, 
ethical, competent, honest, or objective system of checks and balances.

Lou