| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Sep 2004 03:55:28 -0400 From: Adam Jacob Muller <adam@...linux.us> To: bugtraq@...urityfocus.com Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes This is very true... At a recent family gathering I spent about an hour trying to explain to various people why "open source" voting machines are more secure. Everyone perceived "open" as being able to go in and change votes... The fact that I was trying to explain the open source model for the first time did not help... I simply don't understand why a company doesn't do open source voting machines... you could sell the hardware and the software.. and get the open source community to write the software for you.... It seems like a perfect arrangement. Adam Jacob Muller "They [conservatives] don't get it. We [liberals] love America just as much as they do. But in a different way. You see, they love America the way a four-year-old loves her mommy. Liberals love America like grown-ups. To a four-year-old, everything Mommy does is wonderful and anyone who criticizes Mommy is bad. Grown-up love means actually understanding what you love, taking the good with the bad, and actually helping your loved one grow." - Al Franken, Lies and The Lying Liars Who Tell Them: A Fair and Balanced Look at the Right On Sep 27, 2004, at 10:01 AM, David Brodbeck wrote: >> -----Original Message----- >> From: Claudius Li [mailto:aprentic@...tae.net] > >> So my question is, given that this seems to be a solved >> problem why is there so much debate on finding the solution? >> Surely I am missing something obvious. > > You're missing the social dynamics around it. There are several > parties > involved: > > - State officials who actually pick the voting equipment. They > generally > are politicians, with a background in law or business. They don't > understand the complicated technical issues behind electronic voting. > > - Companies who build the voting equipment. Their motive is profit. > They > want to get a marketable product out quickly and cheaply. They > perceive > (correctly) that the audience they're selling to does not understand > or care > about complicated security issues, and can be easily impressed by > trivial > but sophisticated-looking features. > > - The public. They don't understand these issues either, and they > have a > short attention span. > > - The news media. They don't push security issues because they lack > good > visuals and don't fit into a 15-second news spot. Anything longer and > they'll lose their audience (see above.) > > - Computer scientists and voting activists. They *do* understand the > issues, but are unable to explain them in a way the news media, the > public, > and state officials find compelling and understandable. The companies > who > build the equipment can easily label them as alarmists or conspiracy > theorists.
Powered by blists - more mailing lists