The council made a brief comment about Computable know that the examination of a security expert, which include RTL News published, contains incomplete data and is based on assumptions. " What, then, that the spokeswoman could not say now. However, they reported that the Electoral Council would come back at a later stage, after the bustle of the nomination of political parties for the upcoming Lower House elections are over.
Monday, 30 January RTL News reported vulnerabilities . The research, conducted by independent security expert seame Ruwhof and then checked by two other researchers, focused on the risks of fraud surrounding elections in the Netherlands. Ruwhoff came after sifting through source code and design documents and instructional videos on OSV 23 vulnerabilities . According to the researcher, the security of the software, which local polling stations and twenty constituencies in the country by giving results to the central electoral committee, very weak.
It's about the product Supporting Software Elections (OSV) of the German supplier Traffic Technologies. Both the security (authentication) and processes would rattle, so there are possibilities to manipulate the election results. In a brief response notify the representatives of the supplier to Computable that the software meets all requirements set by the Electoral Council. According to Yahoo! News chose them deliberately for publication in the week that the Electoral Council is very busy with the nominations of political parties. For further details refer them to the Electoral Council.
Master's thesis and SQS
RTL News reported in a later message that the security risks of OSV had known for some time. Already in 2011 was a student of Radboud University Nijmegen have shown weaknesses in the software. It is currently unclear what made the Electoral Council with the findings.
Also, software tester SQS, which is released periodically functional tests on different parts of the Electoral Board software in 2015 warned the organization all the risk that users results can customize the charts without having to figure out that's who made those changes. SQS tested various components of OSV in the run-up to the referendum on Ukraine, which was held in early 2016.
Germany
According Ruwhof used the same kind of supporting software in Germany, but the software serves as a control for the counting of votes on paper. In the Netherlands, the situation would be reversed. The software is used to hand counted results which each district be put on a USB stick, send via one of the twenty constituencies to the central electoral committee of the Electoral Council.
Thus there will at a certain moment, a conversion takes place of the hand counted numbers to a digital result. Only proceeding to a manual sample of suspicions of fraud.
Lack of authentication would not go check who has adapted certain results in the digital charts. According to security experts by the weak security that suit rash with the ease with which someone in an Excel table may change a grade.
Early this year, said the court in a case where after an incomplete installation of a software update and restore a backup are lost all the data from a general practice. The doctors say that the IT service provider is shot imputably and make him liable for the damage. How judges the judge?
The court has fixed on the basis of the agreement between the parties that the IT service provider (not the supplier of said software) was not without the obligation to check that the backups were usable. These GPs had not chosen specific to the option 'Internet Backup "in this agreement. Well there are three external drives supplied for making backups. The judge cares for that, "a well-informed, observant and circumspect trader must understand that constant monitoring of daily backups cost more connected than those included in a monthly fee of 219 euros excluding VAT."
The judge found that when the IT service provider to the doctors a script for making backup copies had been made available and could see that the daily command to make the backup was given through the logs that he or had a duty to warn GPs irregularities. According to the court, however, there was no such irregularities.
In case it goes wrong when the IT service provider installs an update of software and back up attempts to restore. The price of this software supplier had recommended in its offer letter to make a backup before installing the update. The IT service provider claims that it had made no difference, because the backup external drives still were not usable. The court then examined whether this is correct defense.
To be continued for these parties, but it is clear that it is good to make clear agreements on (control of usefulness) backups.
No comments:
Post a Comment