A “man in the middle” of electronic voting?

Sop will readily agree that I have a very basic understanding of technology – something slightly above “on” and “off”.  It troubles me so at times that I’ve even expressed a desire for my spirit to leave this earthly world by wire so I can see how fax machines, lazer printers, and so forth work.  Just fax me to Jesus.

As you might imagine, my trust level of electronic voting systems is pretty low and I just found a post on Raw Story that can explain my concern.

Information technology expert Stephen Spoonamore believes this architecture could have made possible a KingPin or “Man in the Middle” (MIM) attack — a well-defined criminal methodology in which a computer is inserted into the network of a bank or credit card processor to intercept and modify transactions before they reach a central computer.

In what I call my “read around” that followed, I linked to black box voting, a site that reassures me that people who do understand technology are at least paying attention to this security of the upcoming vote – leaving me, however, without the assurance that those who might tamper with the vote are not one step ahead of those working to keep it secure.

What makes the story even more interesting to me is that it also explains what I was trying to ask about Peridgao’s alleged hacking into the computer system at Adams & Reese.  As is my luck, the discussion was over before I learned what I needed to know to ask my question – “man in the middle” – as I continue to find it odd that he would file a motion asking about electronic surveillance while hacking into the firm’s computer system.  Of course, he could have been asking the wrong people.

The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

Something to think about for certain; but, please don’t let my electronic-voting-induced anxiety keep you from voting.  Vote and, then, join me in hoping that the “change we need” isn’t for every vote to be counted.