[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1095883991.27573.22.camel@faustus>
Date: Wed, 22 Sep 2004 13:13:11 -0700
From: Jacob Appelbaum <jacob@...ifiedvoting.org>
To: Jay Hennigan <jay@...t.net>, bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor
Account Allows Authenticated Users to Modify Votes
On Wed, 2004-09-22 at 09:19, Jay Hennigan wrote:
> On Tue, 21 Sep 2004 pressinfo@...bold.com wrote:
>
> > In-Reply-To: <20040831203815.13871.qmail@....securityfocus.com>
> >
> > Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software. These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database. These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations.
>
> > >Vendor URL: www.diebold.com/dieboldes/GEMS.htm (Links to External Site)
>
> Heh. If the above URL indicates the competence level of Diebold, be
> very afraid. Note the prominent photo of a Sun server with the text
> touting Microsoft Windows.
What scares me is that the people at black box voting demonstrated using
a monkey to hack the election. An actual honest to go monkey as part of
their five (!) different methods to hack the vote.
For those that missed it five POC attacks on Die Bold:
http://www.blackboxvoting.org/?q=node/view/114&PHPSESSID=de909c061d97a933df77534fe04dc883
Five different methods to hack the vote, one of which uses a zoo animal.
It's so easy that it can almost be done accidentally. But it's important
to note, it's by *design* that it can be tampered with. The system was
designed without any regard to security.
If you or someone you know is interested in stopping things like this
from actually affecting the next election, you should call your
representatives *NOW*. Even if you aren't entirely interested in the
issue, you should ask them why they are buying products that are
demonstrably flawed. Ask them to change their systems before the next
election. People need to be held accountable for this. If the response
you are given is that it's not possible to implement it in time before
the election, simply ask for a paper ballot. A voter verified paper
trail makes voting accountable. It makes recounts possible, it means we
as a country make the choice, not Die Bold as a company.
Verified Voting Foundation (www.verifiedvoting.org) is also going to
provide an Election Incident Reporting System (EIRS) for the day of the
election. If you see something fishy, someone hacking the vote, someone
turning away voters, someone tampering, report it!
--
Jacob Appelbaum <jacob@...ifiedvoting.org>
Powered by blists - more mailing lists