| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Sep 2004 13:13:11 -0700 From: Jacob Appelbaum <jacob@...ifiedvoting.org> To: Jay Hennigan <jay@...t.net>, bugtraq@...urityfocus.com Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes On Wed, 2004-09-22 at 09:19, Jay Hennigan wrote: > On Tue, 21 Sep 2004 pressinfo@...bold.com wrote: > > > In-Reply-To: <20040831203815.13871.qmail@....securityfocus.com> > > > > Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software. These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database. These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations. > > > >Vendor URL: www.diebold.com/dieboldes/GEMS.htm (Links to External Site) > > Heh. If the above URL indicates the competence level of Diebold, be > very afraid. Note the prominent photo of a Sun server with the text > touting Microsoft Windows. What scares me is that the people at black box voting demonstrated using a monkey to hack the election. An actual honest to go monkey as part of their five (!) different methods to hack the vote. For those that missed it five POC attacks on Die Bold: http://www.blackboxvoting.org/?q=node/view/114&PHPSESSID=de909c061d97a933df77534fe04dc883 Five different methods to hack the vote, one of which uses a zoo animal. It's so easy that it can almost be done accidentally. But it's important to note, it's by *design* that it can be tampered with. The system was designed without any regard to security. If you or someone you know is interested in stopping things like this from actually affecting the next election, you should call your representatives *NOW*. Even if you aren't entirely interested in the issue, you should ask them why they are buying products that are demonstrably flawed. Ask them to change their systems before the next election. People need to be held accountable for this. If the response you are given is that it's not possible to implement it in time before the election, simply ask for a paper ballot. A voter verified paper trail makes voting accountable. It makes recounts possible, it means we as a country make the choice, not Die Bold as a company. Verified Voting Foundation (www.verifiedvoting.org) is also going to provide an Election Incident Reporting System (EIRS) for the day of the election. If you see something fishy, someone hacking the vote, someone turning away voters, someone tampering, report it! -- Jacob Appelbaum <jacob@...ifiedvoting.org>
Powered by blists - more mailing lists