[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FEBC66CCD411744381228574BAB53A9B9E8F6C@MAIL.fac.gatech.edu>
Date: Tue, 28 Sep 2004 08:38:58 -0400
From: "Polazzo Justin" <Justin.Polazzo@...ilities.gatech.edu>
To: "Jeremy Epstein" <jeremy.epstein@...methods.com>,
<bugtraq@...urityfocus.com>
Subject: RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Nice call with the MD6 checksums(MD5 might be cracked, as a recent
letter to bugtraq demonstrated :) ran on the electronic voting systems.
That would be a good way to verify the authenticity of the code, after
it was posted on sourceforge.
As for the paper trails, does it really matter? An earlier post pointed
out that if your code isnt open source, whats to stop you from coding
your SW to print one thing while entering another into the database? I
know of at least 5 companies I could hire to independently verify
anything I would like them to.
What scares me most about GEMS is the fact that the systems are
networked. If we are going to have an election system that communicates
with a central repository, then there will be the chance that 1
person/group of people/company can hijack an election unless there are
major steps taken (or any steps taken) to verify and secure the process.
Might as well have a website at whitehouse.gov where we can log in and
post our vote via PKI authentication if we are going that route :)
-JP
-----Original Message-----
From: Jeremy Epstein [mailto:jeremy.epstein@...methods.com]
Powered by blists - more mailing lists