Aside

What else could have been done in insti elections ?

Now that the elections have come to an end. Congratulations to the new office bearers, your hard work sure did pay back ;) (I guess I should wait for this)Let me make this clear at the very outset that I’m NOT pointing at any possible security exploits or breaches that have happened or could have happened at a level where the numbers could be tampered. For one I’m not an expert in any of it and also be informed that the below mentioned can NOT, in any way, be exploited to tamper the counts.

Now that I have done with the ‘putting myself on safe side’. Here it is, what else could have been done, may be not in all places (voting hubs) but definitely at few places.



  1. Anonymity in voting :
    Problem

    This sure is a big concern. This I believe, though has been maintained to its extremes at the server end, went missing to a certain extent when it comes to the voter end (again not in all places). I could just press the back button and see the previous 4-5 candidates votes (or may be more) depending on the browser caching !
    Solution
    Simple and obvious ! Just ask them to close the browser or do it using script (if that can be done). Enable incognito mode by default and last but not least set the election portal to be the home page.
  2. URL visibility :
    Problem
    I could see the URL of the election portal. It went something like 10.$.*.* This doesn’t seem to be a big problem because the person who wrote the election schema might have taken care of the access restriction only certain ips but there is a catch ! We have dynamic ips presently. We all are aware that our Subnet mask : 255.255.224.0 and it means I can possibly set the ip to that of a comp room pc and vote from my room ! (UPDATE : Voting from room is not possible. Read in comments.)
    “Well, go a head and do it !”, a few may say. But that could mean a comp goes down ! or even worse ! Guess ! What if a person in H$ has set his ip to the 10.$.*.* ! Holy cow ! I’m afraid that means the election portal is down !

    Solution
    Simpler than what you may expect but I’m afraid I don’t have a complete solution for this. Just disable the navigation bar and change the comp room ips to something not so obvious as the regular ones. Only Joker would attempt to actually try out the possible ips to take each pc down. But however the possibility of election portal down might still remain so long as the url is not kept secret, which I think is tough.


I’m not claiming I’m right about what I said. All I intend to do is to show the possibilities of how things can possibly go wrong. I would be more than happy if some one could comment better solutions or may be prove that such a problem is not going to arise.

Hope the one(s) who ‘just want to watch the world burn’ is not reading this :P

 

2 thoughts on “What else could have been done in insti elections ?

  1. Well first point is valid if true.

    However the second point is not true. There is two step system. One is LDAP password , second is the token they give. So you cannot just vote from your room.

Leave a Reply