lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4464E823.9000400@sdf.lonestar.org>
Date: Fri May 12 20:55:27 2006
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Scientists Call Diebold Security Flaw 'Worst
	Ever'

lsi wrote:

>[I don't agree with the Professor, when he asserts that the best 
>treatment for this problem is denial.  I suggest that the best 
>treatment for this problem is dissemination, far and wide, so that 
>the broadest range of pressures is brought to bear. - Stu]
>
>http://www.commondreams.org/headlines06/0511-11.htm
>
>Published on Thursday, May 11, 2006 by Inside Bay Area 
>
>Scientists Call Diebold Security Flaw 'Worst Ever'
>
>Critics say hole created for upgrades could be exploited by someone 
>with nefarious plans
>
>by Ian Hoffman
> 	
>
>Computer scientists say a security hole recently found in Diebold 
>Election Systems' touch-screen voting machines is the "worst ever" in 
>a voting system. 
>
>  
>
And now is the appropriate time to remind people that in 2003 Walden 
O'Dell, CEO of Diebold at the time, said publicly that he was "committed 
to helping Ohio deliver its electoral votes to the president next year."

And what we have is a series of vulnerabilities discovered, the latest 
of which represents a mistake that a first year CSE student probably 
wouldn't make on a project of this magnitude.  Folks, people make 
mistakes... this particular one, though, is such a blatantly stupid 
mistake that it can't possibly have survived a design process without 
being intentional.

There are no coincidences here.  There are only two possibilities: These 
holes are intentional, or Diebold as a company is run as well as the 
administration it supports.

Either way, it's time for the states to dump Diebold as a supplier and 
return to verifiable methods of voting.

             -bkfsec

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ