lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <OF8DF60A8F.F9C07802-ON85256F49.004DFDAD-85256F49.00735867@mailrouter.net>
Date: Thu, 11 Nov 2004 09:37:28 -0500
From: Matt.Carpenter@...icor.com
To: jei@...hut.fi
Cc: Bugtraq <bugtraq@...urityfocus.com>, full-disclosure@...ts.netsys.com,
   "Jay D. Dyson" <jdyson@...achery.net>
Subject: Re: Evidence Mounts that the Vote Was Hacked





Jei <jei@...hut.fi> wrote on 11/10/2004 01:40:45 AM:

> On Tue, 9 Nov 2004, Jay D. Dyson wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Mon, 8 Nov 2004, Atom 'Smasher' wrote:
> >
> >> Evidence Mounts that the Vote Was Hacked
> >
> >    Read the whole thing and didn't see any evidence.  Just wild
> > speculation and baseless conjecture.  Hell, there were countless
counties
> > across the nation in which more people were registered to vote than
were
> > eligible residents, but -- for some reason -- that ain't news.
>
> It would be _major_ news, were it not America where it happened.
> Even India managed to hold a secure digital election recently,
> without any such major exit poll or other discrepancies happening.

We have sufficient paranoia and cry-baby syndrome around here that if
(particularly in the case of the allegedly slighted party) there were any
validity to this claim the major media would be having a hayday.  The fact
is, we are reading second-hand information, of fir-sthand people obviously
not even credible enough in their own circles to make news.  I'm not saying
we aren't stupid enough to allow ourselves to get hacked... we are indeed
running these systems on the most hackable/targetted OS/services known in
todays hacker community.  But the realities are that we are paranoid enough
to watch access to said systems to avoid at least 99% of local hacking,
eliminating that from feasibility.  The network is a possibility but
without more true details other than "we know who did it" it sounds more
like sabre-rattling than news.  At least Kerry had the decency to *not*
call foulplay.

As for exit polls?  One must consider just how many absentee- and
provisional-ballots were lodged.  And from what I'm being told, many exit
polls were not exactly "in-your-face" as you walk out, but often simply a
table set up outside where curious people could ask about.

> Also note that Americans aren't the only people in the world with
> capable intelligence agencies. Teenage kid hackers aren't the only
> people who might influence US elections' outcomes, given a viable
> chance. You need to consider all the factors.

Who outside the US want's Bush to be president?

> Digital voting needs to be as secure and reliable as bank accounts
> are from an independent (democratic) nation's national security point
> of view. A digital vote discrepancy == national bank account discrepancy,

> in it's importance, in this regard.

Totally agreed.  I would require a good deal more detail about the admins
who are responsible for these voting machines, and their bosses.  If
security was in any way taken lightly they need to be shot.  However, there
will have to be an investigation which proves they were not doing due
dilligence before I'll follow that rabbit-trail.

> Arguing that vote discrepancies don't really matter, is like a system
> admin arguing that system binary checksum discrepancies do not matter.
>
> In any case, it means you're royally f*cked, and although you may wish
> to fantasize otherwise, it doesn't change the reality.
>
> You need to know that you're secure, or your security people aren't
> doing their job.

really?  Where are you pulling that information from?  What what's all this
about secure voting in India?  Would anyone claim otherwise?  No offense
intended, but why would we use election information from arguably one of
the more corrupt governmental bodies?

I'd not say we're f*cked.  Win or lose, we are a country that continues to
"go on".  We would have survived Kerry had he won.  We'll survive Bush.
The fact that we don't have anyone overwhelmingly better to choose from is
the sad part.  But they'll do.  The American people may like to complain
and whine at times (mostly in small but vocal groups), but many of the
differences are secondary.  Aside from our judicial side, there are enough
checks and balances in our government that even extremo's and whack-jobs
are kept relatively in line, however embarrassing they are.  The Bush
administration has done better than we give them credit for, as did
Clinton.  We take issue with what they stand for.  But overall they have
limited power and a limited impact.  That's how our government was
designed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists