A hacker claims to have discovered an important weakness in canton Geneva’s e-voting system to attacks that could redirect online voters to malicious websites. The canton says it is aware of the issue and introduced countermeasures years ago. Last week, Volker Birk of the Chaos Computer Club Switzerland said he had discovered that the Geneva online voting system – the biggest in Switzerland – uses an insecure procedure to protect its web address. Birk told Swiss public television, SRF, that it took only a few minutes to discover the system’s weakness to so-called DNS cache poisoning – an attack that exploits vulnerabilities in the domain name to divert internet traffic away from legitimate servers and towards fake ones. He added that the problem had been known for decades. In a public statement on Saturdayexternal link, canton Geneva said it had been informed by SRF about the fake site, which it admitted “did not allow people to vote electronically”.Full Article: Flaw reported in Switzerland’s biggest e-voting system - SWI swissinfo.ch.
Nov 6 2018