[ale] OT: NYT on Diebold voting machines
Jim Philips
jcphil at mindspring.com
Fri Jan 30 06:45:14 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In Maryland, they commissioned a study of the machines and it was carried out
by real security experts. These are some of the vulnerabilities they found:
"In the security exercise, members of the attack team said they were surprised
to find that the touch-screen machines used by voters all used the same
physical key to the two locks that protect their innards from tampering. With
hand-held computers and a little sleight of hand, they found, the touch
screens could be reprogrammed to make a vote for one candidate count for an
opponent, or results could be fouled so that a precinct's tally could not be
used.
In addition, they said, communications between the terminals and the larger
server computers that tally results from many precincts do not require that
machines on either end of the line prove that they are legitimate, an
omission that could allow someone to grab information that could be used to
falsify whole precincts worth of votes.
And the server computers do not have the latest protection against the
security holes in the Microsoft operating systems, and they are vulnerable to
hacker attacks that would allow an outsider to change software, the group
found.
The authors of the report also said smart cards that are shipped with the
system for voters and supervisors to use during elections have standard
passwords that are easily guessed. That problem was cited in the original
Johns Hopkins report, and it could allow anyone with a hand-held card reader
and small computer to get the access of an election official. The company
said that it has provided the capability for election officials change those
passwords and increase security, though it still ships the products with the
easily broken password."
http://www.nytimes.com/2004/01/29/technology/29CND-SECU.html
Original report at:
http://www.raba.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAGkITmqVh/g13CaoRAhtvAJ9sZWvXieliUCgobqle3vMpna84ZgCgnhW5
XcAjvnu5uBfjT6V0sBBw2us=
=EUH4
-----END PGP SIGNATURE-----
More information about the Ale
mailing list