[ale] OT: Voting machines cracked in California

Charles Shapiro hooterpincher at gmail.com
Thu Aug 2 14:01:42 EDT 2007


Argh. Don't accuse me of minimizing the voting machine troubles which have
been published. I agree with you entirely.  I also believe that access to
the source is an advantage for this kind of endeavor.   So is unlimited
access to the physical hardware.  Neither is a necessary precondition for a
successful penetration of security.

-- CHS


On 8/2/07, Jeff Lightner <jlightner at water.com> wrote:
>
>  Not having source didn't prevent folks from reverse engineering the IBM
> BIOS in the original IBM PC which was the only IBM unique part it had.
>
>
>
> The idea one has to have source to hack is laughable indeed.  Even more
> laughable is the idea that it would be difficult to get the source if you
> were determined to get it.
>
>
>
> This reminds me of the old Lou Grant show where they did a story about
> nuclear weapons.   The folks that had access to the weapons design
> information said it was easy to get but thought it was hard to get the
> fissionable material.   The people who were custodian of fissionable
> material said it would be easy to get but thought it was to get the design
> information.   Essentially the guys guarding each side both said their side
> was fairly easy to compromise but weren't worried because they "assumed" the
> other side was hard to compromise.
>
>
>
> One might stuff ballot boxes or deliberately miscount paper ballots but
> there would still be a way to verify the results after the fact using
> completely different counters.   If you don't believe that, you'd have to
> explain why Republicans and Democrats alike thought it necessary to be
> present at the recounts in Florida.
>
>
>  ------------------------------
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Steve
> Brown
> *Sent:* Thursday, August 02, 2007 1:21 PM
> *To:* Atlanta Linux Enthusiasts
> *Subject:* Re: [ale] OT: Voting machines cracked in California
>
>
>
>
>
> On 8/2/07, *Charles Shapiro* <hooterpincher at gmail.com> wrote:
>
>   The guys who wrote this report had a bunch of advantages -- among them
> were access to the source code and unlimited time to investigate the
> physical machines.  I'm not tryin' to discount the severity of the flaws
> they found, which were pretty way badd.  But there are two other reports
> from two other teams which have yet to be published. Felten suspects that
> these reports are even more damning.
>
>
> The thing is, these people seem to be assuming that since the source code
> is not publicly released that no one has access to it. What about the
> programmers that worked on the project? What about the people with the
> access keys? They are just as capable of compromising the system and they
> would have easier access to the system than any voter. I bet that Steve Weir
> guy buries his money in his back yard to keep it safe. Open Source is like
> giving a burglar your house keys? Give me a break... This thing should have
> been built from the ground up with security in mind, instead of slapped on
> as an afterthought. Was this one of those things that gets sent to the
> lowest bidder?
> -Steve Brown
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list