lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FEBC66CCD411744381228574BAB53A9B9E8F6C@MAIL.fac.gatech.edu>
Date: Tue, 28 Sep 2004 08:38:58 -0400
From: "Polazzo Justin" <Justin.Polazzo@...ilities.gatech.edu>
To: "Jeremy Epstein" <jeremy.epstein@...methods.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: Diebold Global Election Management System (GEMS) Backdoor    Account    Allows Authenticated Users to Modify Votes


Nice call with the MD6 checksums(MD5 might be cracked, as a recent
letter to bugtraq demonstrated :) ran on the electronic voting systems.
That would be a good way to verify the authenticity of the code, after
it was posted on sourceforge. 

As for the paper trails, does it really matter? An earlier post pointed
out that if your code isnt open source, whats to stop you from coding
your SW to print one thing while entering another into the database? I
know of at least 5 companies I could hire to independently verify
anything I would like them to.

What scares me most about GEMS is the fact that the systems are
networked. If we are going to have an election system that communicates
with a central repository, then there will be the chance that 1
person/group of people/company can hijack an election unless there are
major steps taken (or any steps taken) to verify and secure the process.
Might as well have a website at whitehouse.gov where we can log in and
post our vote via PKI authentication if we are going that route :)

-JP

-----Original Message-----
From: Jeremy Epstein [mailto:jeremy.epstein@...methods.com] 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ