votingtouchscreen I recently blogged about a new type of browser vulnerability called ClickJacking aimed at tricking you into clicking on something you weren't aware you were clicking on.  The idea is that the bad guy hides a button by making it invisible and then "moves" it under you mouse right before you click thus causing you to either submit information, download something harmful, or start a process on your computer such as a webcam.  Luckily there is a FireFox plugin to help protect you from those bad guys.

But what happens when the bad guys move away from the browser and into the polling booths?  As far as I know this hasn't happened yet but according to a team from Rice University, ClickJacking your way into office is entirely possible.

hackers The team of hackers from Rice University conducted a exercise to test the security of touch screen voting machines.  They created an invisible touch-screen button that ensured that one contender would receive 90 percent of the vote.

As reported on, start_quoteDan Wallach, an associate professor of computer science and director of Rice's Computer Security Lab, said his class's exercise reconfirmed his believe that anyone with a little know-how and the right access could easily do considerable damage.  Despite the classroom setting, students said the vote tampering was eye-opening not only because of how straightforward it was to cause damage, but also because of how easy it was to get away with it — despite the scrutiny of other classmates primed to look for mischief.end_quote

At least my vote will be safe.  That is, unless they find a way to ClickJack my absentee ballot.