lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 25 Sep 2004 20:41:28 -0600
From: "Kurt Seifried" <bt@...fried.org>
To: "Jeremy Epstein" <jeremy.epstein@...methods.com>,
	<bugtraq@...urityfocus.com>
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor    Account    Allows Authenticated Users to Modify Votes


Why can't this all be done the same way Nevada handles modern slot machines? 
For example if you are playing a slot in Nevada and feel it's not behaving 
there is a 24 hour toll free number you can call and the Nevada Gaming 
Commission and they will send someone out to tear the machine apart and 
verify (among other things) that the software image in the machine 
corresponds to an approved one that is on file with the Nevada Gaming 
Commission. Slot machines undergo a torture test that involves 20,000 volt 
tasers to the outer case, lights (to try and confuse the pay out mechanism) 
and so on. The source code is reviewed and approved, kept on file with 
approved binary images, etc.

Seriously folks, if it can be done right for a nickel slot machine you think 
it could be done right for an electronic voting machine.


Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ