lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040922033349.Q344@willy_wonka>
Date: Wed, 22 Sep 2004 03:43:11 -0400 (EDT)
From: Atom 'Smasher' <atom@...picious.org>
To: bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor   
 Account    Allows Authenticated Users to Modify Votes


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 21 Sep 2004 pressinfo@...bold.com wrote:

> Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software.  These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database.  These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations.
>
> In addition to the facts stated above, a paper and an electronic record of all cast ballots are retrieved from each individual voting machine following an election. The results from each individual machine are then tabulated, and thoroughly audited during the standard election canvass process. Once the audit is complete, the official winners are announced.  Any alleged changes to a vote count in the election management software would be immediately discovered during this audit process, as this total would not match the true official total tabulated from each machine.
==================

oops, looks like no one told you that this is a forum of computer security 
professionals who understand the difference between a insecure machine and 
a press release. you can "strongly refute" all you want: until the code is 
available for public scrutiny it will remain suspect. but if it's written 
as poorly as is rumored, exposing it to public scrutiny would only confirm 
that it's insecure either through carelessness or intent.


  	...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"I am committed to helping Ohio deliver its electoral
 	 votes to the president [Bush] next year"
 		-- Walden O'Dell, CEO of Diebold
 		August 2003
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBUS0VAAoJEAx/d+cTpVcippgIAI8Ska514i55Gc2qUp5ohOlD
AB98+5njJg6dEkNiCw3B6jQSm3WHSWxX45KMlvJypa+na1wNaloNZ6IsrMpqwwRq
O64blBv6s54uexIHw0oZcPqf/LTyg3CV4BtClZl+DZ7VjC/lWRl8PMTGj5tUTfD+
oXB8h7UdrycqsWubrG8UJ0JJeFWbVy98cvw3rjdTFSZXykai5PC8hFkwEHcqc848
7i93d4Qya3DdAAOFqaLWQt2wyegCDv8+r/qJa9VzDq9m7WNVshPyPfSiedh87gwo
81YzVqglhEdjE+gfjKFYXQub5TM3CppV99bsyd1oTLK3l86Jdtbz7ks/Uyn0Vs0=
=Dfkb
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ