| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Sep 2004 08:38:58 -0400 From: "Polazzo Justin" <Justin.Polazzo@...ilities.gatech.edu> To: "Jeremy Epstein" <jeremy.epstein@...methods.com>, <bugtraq@...urityfocus.com> Subject: RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Nice call with the MD6 checksums(MD5 might be cracked, as a recent letter to bugtraq demonstrated :) ran on the electronic voting systems. That would be a good way to verify the authenticity of the code, after it was posted on sourceforge. As for the paper trails, does it really matter? An earlier post pointed out that if your code isnt open source, whats to stop you from coding your SW to print one thing while entering another into the database? I know of at least 5 companies I could hire to independently verify anything I would like them to. What scares me most about GEMS is the fact that the systems are networked. If we are going to have an election system that communicates with a central repository, then there will be the chance that 1 person/group of people/company can hijack an election unless there are major steps taken (or any steps taken) to verify and secure the process. Might as well have a website at whitehouse.gov where we can log in and post our vote via PKI authentication if we are going that route :) -JP -----Original Message----- From: Jeremy Epstein [mailto:jeremy.epstein@...methods.com]
Powered by blists - more mailing lists