[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Fri Jan 30 06:45:14 2004 -->
- <!--x-from-r13: wpcuvy ng zvaqfcevat.pbz (Xvz Buvyvcf) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] OT: NYT on Diebold voting machines -->
- <li><em>date</em>: Fri Jan 30 06:45:14 2004</li>
- <li><em>from</em>: jcphil at mindspring.com (Jim Philips)</li>
- <li><em>subject</em>: [ale] OT: NYT on Diebold voting machines</li>
- Hash: SHA1
In Maryland, they commissioned a study of the machines and it was carried out
by real security experts. These are some of the vulnerabilities they found:
"In the security exercise, members of the attack team said they were surprised
to find that the touch-screen machines used by voters all used the same
physical key to the two locks that protect their innards from tampering. With
hand-held computers and a little sleight of hand, they found, the touch
screens could be reprogrammed to make a vote for one candidate count for an
opponent, or results could be fouled so that a precinct's tally could not be
used.
In addition, they said, communications between the terminals and the larger
server computers that tally results from many precincts do not require that
machines on either end of the line prove that they are legitimate, an
omission that could allow someone to grab information that could be used to
falsify whole precincts worth of votes.
And the server computers do not have the latest protection against the
security holes in the Microsoft operating systems, and they are vulnerable to
hacker attacks that would allow an outsider to change software, the group
found.
The authors of the report also said smart cards that are shipped with the
system for voters and supervisors to use during elections have standard
passwords that are easily guessed. That problem was cited in the original
Johns Hopkins report, and it could allow anyone with a hand-held card reader
and small computer to get the access of an election official. The company
said that it has provided the capability for election officials change those
passwords and increase security, though it still ships the products with the
easily broken password."
<a rel="nofollow" href="http://www.nytimes.com/2004/01/29/technology/29CND-SECU.html";>http://www.nytimes.com/2004/01/29/technology/29CND-SECU.html</a>
Original report at:
<a rel="nofollow" href="http://www.raba.com";>http://www.raba.com</a>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAGkITmqVh/g13CaoRAhtvAJ9sZWvXieliUCgobqle3vMpna84ZgCgnhW5
XcAjvnu5uBfjT6V0sBBw2us=
=EUH4
-----END PGP SIGNATURE-----
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="01378" href="msg01378.html">[ale] OT: NYT on Diebold voting machines</a></strong>
<ul><li><em>From:</em> attriel at d20boards.net (attriel)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg01368.html">[ale] Indian outsourcing</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg01370.html">[ale] LindowsOS 4.5 - not bad for a newbie OS</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg01341.html">[ale] Oops</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg01378.html">[ale] OT: NYT on Diebold voting machines</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#01369"><strong>Date</strong></a></li>
<li><a href="threads.html#01369"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>