lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1095883991.27573.22.camel@faustus>
Date: Wed, 22 Sep 2004 13:13:11 -0700
From: Jacob Appelbaum <jacob@...ifiedvoting.org>
To: Jay Hennigan <jay@...t.net>, bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor   
	Account    Allows Authenticated Users to Modify Votes


On Wed, 2004-09-22 at 09:19, Jay Hennigan wrote:
> On Tue, 21 Sep 2004 pressinfo@...bold.com wrote:
> 
> > In-Reply-To: <20040831203815.13871.qmail@....securityfocus.com>
> >
> > Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software.  These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database.  These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations.
> 
> > >Vendor URL:  www.diebold.com/dieboldes/GEMS.htm (Links to External Site)
> 
> Heh.  If the above URL indicates the competence level of Diebold, be
> very afraid.  Note the prominent photo of a Sun server with the text
> touting Microsoft Windows.

What scares me is that the people at black box voting demonstrated using
a monkey to hack the election. An actual honest to go monkey as part of
their five (!) different methods to hack the vote.

For those that missed it five POC attacks on Die Bold:
http://www.blackboxvoting.org/?q=node/view/114&PHPSESSID=de909c061d97a933df77534fe04dc883

Five different methods to hack the vote, one of which uses a zoo animal.
It's so easy that it can almost be done accidentally. But it's important
to note, it's by *design* that it can be tampered with. The system was
designed without any regard to security.

If you or someone you know is interested in stopping things like this
from actually affecting the next election, you should call your
representatives *NOW*. Even if you aren't entirely interested in the
issue, you should ask them why they are buying products that are
demonstrably flawed. Ask them to change their systems before the next
election. People need to be held accountable for this. If the response
you are given is that it's not possible to implement it in time before
the election, simply ask for a paper ballot. A voter verified paper
trail makes voting accountable. It makes recounts possible, it means we
as a country make the choice, not Die Bold as a company.

Verified Voting Foundation (www.verifiedvoting.org) is also going to
provide an Election Incident Reporting System (EIRS) for the day of the
election. If you see something fishy, someone hacking the vote, someone
turning away voters, someone tampering, report it!

-- 
Jacob Appelbaum <jacob@...ifiedvoting.org>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ