> I'm talking in the context of checking the Automated Election System, as to,
Alright, let's use the buffer overrun vulnerabilities in the context of AES, because it happened before in an AES system used by a state in US. The AES machine proposed in our country is using an optical scanner to count votes from a ballot. Over the years, several buffer overrun vulnerabilities have been discovered on image processing libraries. An existing AES from another country shipped with image processing libraries with these kind of vulnerabilities. And someone found out a way to create an input (on paper to be scanned) tat will exploit this buffer overrun vulnerabilities to execute any kind of instruction. Those instructions can be "dada-g-bawas" routine. There's no way in the world you can catch that using "outcome based" only tests. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
