[ale] OT: NYT on Diebold voting machines

Jim Philips jcphil at mindspring.com
Fri Jan 30 06:45:14 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In Maryland, they commissioned a study of the machines and it was carried out 
by real security experts. These are some of the vulnerabilities they found:

"In the security exercise, members of the attack team said they were surprised 
to find that the touch-screen machines used by voters all used the same 
physical key to the two locks that protect their innards from tampering. With 
hand-held computers and a little sleight of hand, they found, the touch 
screens could be reprogrammed to make a vote for one candidate count for an 
opponent, or results could be fouled so that a precinct's tally could not be 
used.

 In addition, they said, communications between the terminals and the larger 
server computers that tally results from many precincts do not require that 
machines on either end of the line prove that they are legitimate, an 
omission that could allow someone to grab information that could be used to 
falsify whole precincts worth of votes.

 And the server computers do not have the latest protection against the 
security holes in the Microsoft operating systems, and they are vulnerable to 
hacker attacks that would allow an outsider to change software, the group 
found. 

The authors of the report also said smart cards that are shipped with the 
system for voters and supervisors to use during elections have standard 
passwords that are easily guessed. That problem was cited in the original 
Johns Hopkins report, and it could allow anyone with a hand-held card reader 
and small computer to get the access of an election official. The company 
said that it has provided the capability for election officials change those 
passwords and increase security, though it still ships the products with the 
easily broken password."

http://www.nytimes.com/2004/01/29/technology/29CND-SECU.html

Original report at:

http://www.raba.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAGkITmqVh/g13CaoRAhtvAJ9sZWvXieliUCgobqle3vMpna84ZgCgnhW5
XcAjvnu5uBfjT6V0sBBw2us=
=EUH4
-----END PGP SIGNATURE-----



More information about the Ale mailing list