Hi Johanne, Could you explain a bit about the approach you took in fixing the exploit, so we all can learn from it?
-- rgds, Reinier Battenberg Director Mountbatten Ltd. +256 758 801 749 www.mountbatten.net On Friday 28 January 2011 09:17:44 Johanne Banda wrote: > Firstly David, Thank you very much for the "Otunnu Exploit" > That is why we open sourced the project. To get as much feed back as > possible and make the best project possible. > > The Exploit has been patched. > > Please continue to test the site and find the holes (if you find them we > will patch them) > > Less than a month to the elections and the input of the Techie community is > sorely needed. > > Johanne > > > From: David Gelvin <[email protected]> > > Date: 26 January 2011 18:49 > > Subject: [LUG] Voting > > To: Linux Users Group Uganda <[email protected]> > > > > > > See the attached file for a quick proof of concept. > > > > If you check out http://www.voteug.com/details and tally by the national > > level, you'll see that Mr. Olara Otunnu is doing well. (Although I don't > > actually even know who he is) > > > > That's because he is currently getting every vote in the country- It's > > amazing what a python script can do. > > > > *Disclaimer*: > > Obviously this is just a very simple demonstration of http form > > interaction with python. Any reasonable site purporting to have > > accurate results would do things _completely_ differently. > > > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is > > believed to be clean. > > _______________________________________________ > > The Uganda Linux User Group: http://linux.or.ug > > > > Send messages to this mailing list by addressing e-mails to: > > [email protected] > > Mailing list archives: http://www.mail-archive.com/[email protected]/ > > Mailing list settings: http://kym.net/mailman/listinfo/lug > > To unsubscribe: http://kym.net/mailman/options/lug > > > > The Uganda LUG mailing list is generously hosted by INFOCOM: > > http://www.infocom.co.ug/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The mailing list host is not responsible for them in > > any way. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
