Argentinian police have reportedly raided a programmer who went public with vulnerabilities in the electronic voting system used in Buenos Aires elections last June. Joaquín Sorianello has told La Nacion that police raided both his home and that of a friend, looking for computers and storage devices. Argentina’s e-voting system comprises a terminal that prints out a ballot (tagged with an RFID chip), and a separate communications terminal to send votes for counting. Security problems in the system have reached GitHub here (discussed here) and include poor security and the chance to cast multiple votes.
The flaws hit the media ten days after the election, with the most serious being SSL keys being held on an unsecured server.
As the GitHub description notes, the SSL certificates were “available through a public HTTP server, no password” and that they were obtained through wget.
Full Article: Argentine finds messenger to shoot after e-vote vuln allegations • The Register.