Preserved Topic: Poll scripts: a detail I had never thought of... $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21190" title="Pages that link to Preserved Topic: Poll scripts: a detail I had never thought of..." rel="nofollow" >Preserved Topic: Poll scripts: a detail I had never thought of...\$

Author	Thread
InI Paranoid (IV) Mad Scientist From: Somewhere over the rainbow Insane since: Mar 2001	posted 03-10-2003 11:13 The poster has demanded we remove all his contributions, less he takes legal action. We have done so. Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future. Don't follow his example - seek real life help first.
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 03-10-2003 11:20 It is possible to make a 'reliable' voting system on the net... user accounts authentified by postal adress springs to mind... But if someone really wants to get a couple of identities and vote multiple times in whatever (even general elections... it is possible, you know), from a certain number of voters on, it is no longer usefull to change the outcome. Just make sure that the voting can't be scripted...
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 03-10-2003 17:36 Social Security Number. I am not sure what this would be in other countries, but I am sure you have some unique identifying number. That would be cross referenced to another form of ID, birth certificate number, address and telephone number. For large scale, low budget, there is no viable solution to this. If you want to do this on the govenmental level it is doable. But you better be damn sure you are using some pretty intense encryption, have those fire walls working over time, and those security patches installed. Me
poi Paranoid (IV) Inmate From: France Insane since: Jun 2002	posted 03-10-2003 18:03 Even the social security number can be faked or stolen. The only method to indentify a person is to use some bio-metrics systems such as retinal-recognition ( some methods requires the eye to be irigated ). Obviously such systems are quite expensive. Mathieu "POÏ" HENRI
DmS Paranoid (IV) Inmate From: Sthlm, Sweden Insane since: Oct 2000	posted 03-11-2003 10:52 I'd say the key here is to decide how secure you really need to be. Do a simple analisys based of what is the worst that can happen if this function is compromised, what would it cost to restore (man hours + $$) then place that in relation to the amount of time+$$ needed to secure it. To get a reasonable and usable security level an any web application that recieves sensitive personal information I'd probably recommend a smartcard + cardreader with a personal certificate either issued by the government (electronic id) or by the company in question. Then encrypted lines of course. That way access is protected by something you have (the card) plus something you know (the code to the card) an it's not connected to the PC as regular certificates are. This kind of security needs some more time before the infrastructure (cards and reader) is in place with enough people though. Here in Sweden this (smartcard electronic id issued by the government) is now legally binding just as a regular handwritten signature on a paper. As for a polling system I can't see a situation where something like this would be needed though, unless you are talking about voting for president and things like that. /Dan {cell 260} -{ a vibration is a movement that doesn't know which way to go }-
InI Paranoid (IV) Mad Scientist From: Somewhere over the rainbow Insane since: Mar 2001	posted 03-11-2003 11:15 The poster has demanded we remove all his contributions, less he takes legal action. We have done so. Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future. Don't follow his example - seek real life help first.
DmS Paranoid (IV) Inmate From: Sthlm, Sweden Insane since: Oct 2000	posted 03-11-2003 11:34 Valid points InI. Personally I don't refuse online services such as payment, online banks things like that. There is always a risk, yes. However, a lot of ppl that say they would never ever leave their creditcard nr on the web will leave it in a bar to charge as they drink, or give it to a waiter that walks around the corner to draw the slip... To me that's more risky. As for this: quote: Imagine you're on the highway, at 200mph, in the middle of other automatic cars, Wonderful! I can see the BSOD coming... "The operating system as performed an illegal operation, please reboot..." AAAAAAAAAAAAARRRRRGGGGHHHHHHHH.... /Dan {cell 260} -{ a vibration is a movement that doesn't know which way to go }-
InI Paranoid (IV) Mad Scientist From: Somewhere over the rainbow Insane since: Mar 2001	posted 03-11-2003 11:51 The poster has demanded we remove all his contributions, less he takes legal action. We have done so. Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future. Don't follow his example - seek real life help first.

Preserved Topic: Poll scripts: a detail I had never thought of...\$

Author

Thread

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted 03-10-2003 11:13

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 03-10-2003 11:20

It is possible to make a 'reliable' voting system on the net...
user accounts authentified by postal adress springs to mind...
But if someone really wants to get a couple of identities and vote multiple times in whatever (even general elections... it is possible, you know), from a certain number of voters on, it is no longer usefull to change the outcome.
Just make sure that the voting can't be scripted...

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 03-10-2003 17:36

Social Security Number. I am not sure what this would be in other countries, but I am sure you have some unique identifying number. That would be cross referenced to another form of ID, birth certificate number, address and telephone number.

For large scale, low budget, there is no viable solution to this. If you want to do this on the govenmental level it is doable. But you better be damn sure you are using some pretty intense encryption, have those fire walls working over time, and those security patches installed.

Me

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted 03-10-2003 18:03

Even the social security number can be faked or stolen. The only method to indentify a person is to use some bio-metrics systems such as retinal-recognition ( some methods requires the eye to be irigated ). Obviously such systems are *quite* expensive.

Mathieu "POÏ" HENRI

DmS
Paranoid (IV) Inmate

From: Sthlm, Sweden
Insane since: Oct 2000

posted 03-11-2003 10:52

I'd say the key here is to decide how secure you really need to be.
Do a simple analisys based of what is the worst that can happen if this function is compromised, what would it cost to restore (man hours + $$) then place that in relation to the amount of time+$$ needed to secure it.

To get a reasonable and usable security level an any web application that recieves sensitive personal information I'd probably recommend a smartcard + cardreader with a personal certificate either issued by the government (electronic id) or by the company in question. Then encrypted lines of course.

That way access is protected by something you have (the card) plus something you know (the code to the card) an it's not connected to the PC as regular certificates are.

This kind of security needs some more time before the infrastructure (cards and reader) is in place with enough people though.
Here in Sweden this (smartcard electronic id issued by the government) is now legally binding just as a regular handwritten signature on a paper.

As for a polling system I can't see a situation where something like this would be needed though, unless you are talking about voting for president and things like that.
/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted 03-11-2003 11:15

DmS
Paranoid (IV) Inmate

From: Sthlm, Sweden
Insane since: Oct 2000

posted 03-11-2003 11:34

Valid points InI.
Personally I don't refuse online services such as payment, online banks things like that.
There is always a risk, yes.
However, a lot of ppl that say they would never ever leave their creditcard nr on the web will leave it in a bar to charge as they drink, or give it to a waiter that walks around the corner to draw the slip...
To me that's more risky.

As for this:

quote:
Imagine you're on the highway, at 200mph, in the middle of other automatic cars,

Wonderful! I can see the BSOD coming... "The operating system as performed an illegal operation, please reboot..." AAAAAAAAAAAAARRRRRGGGGHHHHHHHH....

/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted 03-11-2003 11:51