| CP's profileRandom OracleBlogLists |  Tools  Help |
|
|
September 19 Moving to WordPressThis blog will be continued at a new location hosted by WordPress: http://randomoracle.wordpress.com/ cemp April 19 Ballot stuffing online: script kiddies vs Washington stateWashington state discovers the disruptive power of automated scripts. The salmon and orca whale faced off in a contest to decide the design for quarters in Washington state but the winner was script kiddies who disrupted the voting process. Link to Seattle Times article. Ballot stuffing is not new. (Just ask the baseball fans about the All Star team selection.) The article discusses mitigations around limiting number of votes from a single IP address. Problem is that IP addresses do not correlate one-to-one with individual users. Proxies can act on behalf of multiple PCs and sometimes a single shared PC in a library or school could be legitimately used to cast multiple votes. And botnets distributed across hundreds of machine would still have an advantage. Part of the problem is lack of good identity system to identify voters. Online identities detached from any real world connection are fragile; users can register for as many as necessary. In the absence of a single-voter unique identity guarantee, only ad hoc rate limitations work. This would have been a good opportunity to use a CAPTCHA or HIP to rule out automated scripts. It is the same technology used to combat blog-comment spam here on MSN Spaces and on Blogger. cemp |
|
|
