lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 12 Nov 2004 15:02:26 -0500
From: Valdis.Kletnieks@...edu
To: Paul Schmehl <pauls@...allas.edu>
Cc: Bugtraq <bugtraq@...urityfocus.com>, full-disclosure@...ts.netsys.com
Subject: Re: Re: Evidence Mounts that the Vote Was Hacked

On Fri, 12 Nov 2004 11:53:59 CST, Paul Schmehl said:
> --On Thursday, November 11, 2004 02:22:18 PM -0500 Valdis.Kletnieks@...edu 
> wrote:
> >
> > At least some of the machines used had active wireless on them
> 
> Do you know this for a fact?  Can you identify the states/locations where 
> this was implemented?

Well.. OK. You have me here.  *THIS* particular model cited below was only on
*display* in our county (apparently, we've bought them, but not in time to
deploy them county-wide - the polling place I personally voted at had 1 of
these in demo mode, and 2 old lever-mechanical machines doing the real work).
However, I'd be most surprised if *none* were actually deployed in this
election in any precincts nationwide....

Quote from a co-worker on a local mailing list:

> While not exactly on topic, I'm going to share a quick check of the new
> voting machined displayed in Montgomery County Precincts today.

> WinVOTE, mode W003246 relies on 802.11b to communicate with other
> machines in the polling location (no I didn't war drive to test the
> security, but I'm tempted to.  Certain legal things keep me away from
> that).

> There is a printer for each machine, and it is integrated in the unit.

> The Open Poll and Close Poll instructions are simple, yet revealing in
> what the machine does, or doesn't do

> http://clients.enfocom.com/avs/home.html
> http://www.verifiedvoting.org/article.php?id=5138

(End quote)

So I have to conclude that if the manufacturer's documentation on how to
fire the system up *SAYS* it hunts on a wireless network, that if *any* of
these were used in the election, that people were voting on machines that
had wireless on them.

Also, go back and look at the scandal that Diebold got into when they posted
partial results before the polls closed, courtesy of a wireless uplink in
the machines - *THAT* was one of the things they were trying to suppress in
their "copyright of memos" legal battle a ways back.  Were *all* of that model
either pulled from service or had the wireless disabled?

So there you go - at least 2 examples of voting machines that had wireless
on them.

> What does physical access to the polling booth gain a "hacker"?  They would 
> need physical access to the tabulator that counts the individual votes, 
> would they not?

If you can jigger the thing that inputs the votes, you don't need access
to the tabulator, because then you're feeding the tabulator bad things to count.



Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists