[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001801c4a372$52cf67e0$1600110a@pooptop>
Date: Sat, 25 Sep 2004 20:41:28 -0600
From: "Kurt Seifried" <bt@...fried.org>
To: "Jeremy Epstein" <jeremy.epstein@...methods.com>,
<bugtraq@...urityfocus.com>
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Why can't this all be done the same way Nevada handles modern slot machines?
For example if you are playing a slot in Nevada and feel it's not behaving
there is a 24 hour toll free number you can call and the Nevada Gaming
Commission and they will send someone out to tear the machine apart and
verify (among other things) that the software image in the machine
corresponds to an approved one that is on file with the Nevada Gaming
Commission. Slot machines undergo a torture test that involves 20,000 volt
tasers to the outer case, lights (to try and confuse the pay out mechanism)
and so on. The source code is reviewed and approved, kept on file with
approved binary images, etc.
Seriously folks, if it can be done right for a nickel slot machine you think
it could be done right for an electronic voting machine.
Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
Powered by blists - more mailing lists