The entire article is worth reading (and has actual hot links), but I'll
call out how the design failure(?) was exploited by pollworkers to
change votes:
http://www.crypto.com/blog/vote_fraud_in_kentucky/
[...]
The Kentucky officials are accused of taking advantage of a somewhat
confusing
There are a number of confusing things that happen at the end of the
voting process on an iVotronic. And casting a ballot always takes two
steps on these machines.
1. There are *two* places where a voter can answer the call to action:
a physical button at the top of the screen that
Here's a picture of the interaction for the iVotronic on the ballot
summary/review step.
http://www.flickr.com/photos/danachisnell/493697218/in/photostream/
:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
Dana Chisnell
desk: 415.392.0776
mobile:
I'm curious, how many of you Ix designers actually work with, hire,
or consult with security experts before finishing a project? Of
course this wasn't even a high-tech attack but the equivalent of
telling the voters to use pencils and then erasing them. Does anyone
even have a user testing program
Speaking as someone who has done security in consumer electronics for
10+ years, I've never been asked by any sort of designer to be involved
in the design process. It's usually the case that engineering receives
the requirements docs, then I go through those and start looking for
problems.