| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Sep 2004 09:21:41 -0500 (GMT-05:00) From: gandalf@...ital.net To: DavidB@...l.interclean.com Cc: bugtraq@...urityfocus.com Subject: RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Greetings and Salutations: From: David Brodbeck > You're missing the social dynamics around it. There are > several parties > involved: <snip> > - The public. They don't understand these issues either, and > they have a short attention span. Let me add one more social dynamic. The public will want to see instantaneous vote results, so eventually these computers will be networked to send the results back to a central voting computer ... And we are all familiar with how easily networked computer can be compromised if they aren't locked down. Now we are also discussing Man In The Middle attacks, etc. (Which to me adds yet another social dynamic, if people see one person is winning that might change or sway their vote) The OSes had *better* be locked down and secure. The only way to verify that is to either blindly attacked the box or have a open box that is inspected by real independent observers. Ken ------------------------------------------------------------------ Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC WWW Page - http://gandalf.home.digital.net/ Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html
Powered by blists - more mailing lists