Imagine you’re an ordinary citizen who wants to vote online. As an IT security conscious user knowing that in 2012 the majority of vulnerabilities are found in third-party applications compared to Microsoft’s products, you regularly check Mozilla’s Plugin Check service to ensure that you’re not using outdated browser plugins exposing you to client-side exploitation attacks served by web malware exploitation kits. What seems to be the problem? According to Benoit Jacob, the problem starts if you’re a French citizen wanting to vote online, as the country’s E-voting portal currently doesn’t support the latest version of Java. If that’s not enough, the portal recommends users to switch to an alternative browser since Firefox blocks older Java plugins for security reasons, or use the insecure Java version 1.6.0_32.
What we’ve got here is a great example of a security trade off. Basically if you want to vote online you would have to expose yourself to the client-side exploits targeting older Java versions. The administrators behind the E-voting portal could not be reached for a comment. Let’s hope the situation will be resolved soon.