[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200411122002.iACK2Rl7022562@turing-police.cc.vt.edu>
Date: Fri, 12 Nov 2004 15:02:26 -0500
From: Valdis.Kletnieks@...edu
To: Paul Schmehl <pauls@...allas.edu>
Cc: Bugtraq <bugtraq@...urityfocus.com>, full-disclosure@...ts.netsys.com
Subject: Re: Re: Evidence Mounts that the Vote Was Hacked
On Fri, 12 Nov 2004 11:53:59 CST, Paul Schmehl said:
> --On Thursday, November 11, 2004 02:22:18 PM -0500 Valdis.Kletnieks@...edu
> wrote:
> >
> > At least some of the machines used had active wireless on them
>
> Do you know this for a fact? Can you identify the states/locations where
> this was implemented?
Well.. OK. You have me here. *THIS* particular model cited below was only on
*display* in our county (apparently, we've bought them, but not in time to
deploy them county-wide - the polling place I personally voted at had 1 of
these in demo mode, and 2 old lever-mechanical machines doing the real work).
However, I'd be most surprised if *none* were actually deployed in this
election in any precincts nationwide....
Quote from a co-worker on a local mailing list:
> While not exactly on topic, I'm going to share a quick check of the new
> voting machined displayed in Montgomery County Precincts today.
> WinVOTE, mode W003246 relies on 802.11b to communicate with other
> machines in the polling location (no I didn't war drive to test the
> security, but I'm tempted to. Certain legal things keep me away from
> that).
> There is a printer for each machine, and it is integrated in the unit.
> The Open Poll and Close Poll instructions are simple, yet revealing in
> what the machine does, or doesn't do
> http://clients.enfocom.com/avs/home.html
> http://www.verifiedvoting.org/article.php?id=5138
(End quote)
So I have to conclude that if the manufacturer's documentation on how to
fire the system up *SAYS* it hunts on a wireless network, that if *any* of
these were used in the election, that people were voting on machines that
had wireless on them.
Also, go back and look at the scandal that Diebold got into when they posted
partial results before the polls closed, courtesy of a wireless uplink in
the machines - *THAT* was one of the things they were trying to suppress in
their "copyright of memos" legal battle a ways back. Were *all* of that model
either pulled from service or had the wireless disabled?
So there you go - at least 2 examples of voting machines that had wireless
on them.
> What does physical access to the polling booth gain a "hacker"? They would
> need physical access to the tabulator that counts the individual votes,
> would they not?
If you can jigger the thing that inputs the votes, you don't need access
to the tabulator, because then you're feeding the tabulator bad things to count.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists