September 24, 2010

Bobby Tables lives in Söndrum

Rewinding the programDid Little Bobby Tables migrate to Sweden? - a cute attempt to hack the Swedish election by handwriting a SQL injection or a javascript. Looks more like a "just for the hell of it"-attempt than any serious hack attack (a serious attempt would have to dare the computers run by the tax agency - presumably a very tough target).

In a world where anybody and anything could be an attack it is pretty important to sanitize inputs. Having humans acting as firewalls like in the Swedish election is actually pretty safe. As long as the vote counters do not input quotation marks perfectly into the database (or it sanitizes them anyway) things are safe. It is fun to note that the explanation from the election agency why this attack couldn't work isn't true (although the error might of course be due to the filtering through an attempt of popular computer science and the further interpretation/explanation by the journalist): there is a link between what is written on the vote and what is done in the computer (the text), it is just that the translation likely renders any executable non-executable.

This kind of hacking is probably the only kind of hacking where anonymity of the hackers is guaranteed by law.

Posted by Anders3 at September 24, 2010 05:17 PM