Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Voting Systems Grossly Insecure

Posted by michael on from the vote-early-vote-often dept.

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

29 of 534 comments (clear)

  1. Ah-ha! by grub · · Score: 5, Funny


    voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.

    Were they testing these in Florida a few years ago?

    --
    Trolling is a art,
    1. Re:Ah-ha! by Mr+Teddy+Bear · · Score: 2, Funny

      YAY! Now I can finally get Mickey Mouse to take a state!

      Or another one: Maybe with this installed Perot could have had a chance! :-P

    2. Re:Ah-ha! by Glonoinha · · Score: 5, Funny

      Dammit, that's a bug.

      Unlimited voting was supposed to be restricted to the elite voters that have insider privileges.

      Expect a patch.

      --
      Glonoinha the MebiByte Slayer
    3. Re:Ah-ha! by Patrick13 · · Score: 4, Funny
      Reporter: One voter, 16,472 votes -- a slight anomaly...?

      Black Adder: ...The number of votes I cast is simply a reflection of how firmly I believe in his policies.

      From the Black Adder
      --
      ::.. check out some Cell Phone Reviews
    4. Re:Ah-ha! by Anonymous Coward · · Score: 2, Funny

      I have a gift for you:

      </a>

    5. Re:Ah-ha! by Entropius · · Score: 3, Funny

      Mickey Mouse already has a senate seat... what state is Fritz Hollings (D-Disney) from again?

  2. So it's only a matter of time by Hayzeus · · Score: 4, Funny

    till I ascend to the Governorship of Louisiana. Start reaching into your pockets, now folks -- Big Daddy's open for Bidness!

    --

    Roving Web-Teleoperated Robot
  3. *sigh* by Ummagumma · · Score: 5, Funny

    You would think, with all the qualified unemployed software engineers out there, they could at least hire a few...

    --
    "The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
    1. Re:*sigh* by Trolling4Dollars · · Score: 2, Funny

      That would make our election system a lot like Slashdot. Especially where trolling is concerned. No matter. That's what Scalia was in the 2000 elections anyway. ;P

      --
      Un-news
    2. Re:*sigh* by nelsonal · · Score: 2, Funny

      If voting were like slashdot

      Ladies and Gentlemen... THE PRESIDENT OF THE UNITED STATES... the Goatse guy.

      --
      Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
    3. Re:*sigh* by leeet · · Score: 3, Funny

      Duuuude, 70k? Oooaahh, whatever dude, you're so, just like way under paid dude. Where are your expectations man?

      I won't take anything under a totally cool 100k dude.

      Chill out man, 70k... geee....
      BTW, I learned java *AND* MSCE (whatever) in toootally insane 14 days dude. Top that!

      --
      -- Leeeter than leet
  4. Well yeah! by cspenn · · Score: 5, Funny

    You can't expect a secure voting machine! I mean, how else can [insert current party in power] rig the next election unless the machines are grossly insecure?

    What, you were expecting fairness?

    --
    Subscribe for free to my show!
  5. Aha! by TerryAtWork · · Score: 4, Funny

    That explains why the L337 P4rt'/ swept the last elections....

    --
    It's Christmas everyday with BitTorrent.
  6. Feature? by fraudrogic · · Score: 2, Funny

    For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal

    Diebold Salesman: "This is a feature, an unintentional extra for your customers!"

    --
    I only mod up parents of "mod parent up" posts...
  7. CBN2004 by blowhole · · Score: 4, Funny

    Cowboyneal for office!

    Reporter: "Mr. Neal, under what platform are you running?"
    CBN: "Redhat Linux 9"
    Reporter: "..."

    --
    "Ask me about Loom"
  8. Yay! by JanusFury · · Score: 4, Funny

    It says in the article that this company makes ATMs. I think I'm going to go get some free money.

    --
    using namespace slashdot;
    troll::post();
  9. Look at the bright side by Gzip+Christ · · Score: 3, Funny

    In practical terms, this means that elections will go from being controlled by corporations to being controlled by script kiddies. Cool! CowboyNeal for president in 2004!

  10. Poor choice of words by PontifexPrimus · · Score: 5, Funny

    "This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said, "so this is a step forward."
    Isn't that a rather poor choice of words when talking about program code? And is hacking an iceberg permissible under the DMCA?

    --
    -- Language is a virus from outer space.
  11. Re:Flaws still unfixed after ***5 Years*** by TopShelf · · Score: 2, Funny

    Flaws? I thought they were features...

    --
    Stop by my site where I write about ERP systems & more
  12. Don't you realize that ... by burgburgburg · · Score: 3, Funny
    if you continue to question the legitimacy of the 2000 elections, the terrorists win? He was clearly selected.

    Now turn off your computer, sit there calmly and wait for the soldiers to cart you off as the enemy combatant that you obviously are.

  13. Solution? by Aluvus · · Score: 2, Funny

    If the system is insecure, why not have someone boost its ego?

    --
    Never mistake "can" for "should".
  14. Chads == Pointers ?? by SkiddyRowe · · Score: 2, Funny

    If recounts came about due to a close race, would they count dangling pointers?

  15. You see why a Republic is more efficient? by Rogerborg · · Score: 2, Funny

    In a democracy, we'd have to go to the expense of counting the actual votes. In our brave Republic, our leaders save our tax money by deciding in advance who will win and how many votes they'll get, so we can get back to our bread and circuses. God save the Ki- President!

    --
    If you were blocking sigs, you wouldn't have to read this.
  16. Re:Open Source? by Patrick13 · · Score: 3, Funny

    Okay so who's going to port the "Hot or Not" code to run on these Diebold voting machines.

    --
    ::.. check out some Cell Phone Reviews
  17. ... allows the voter to cast unlimited votes by fulldecent · · Score: 2, Funny

    And this year's voting turnout is: 500%

    --

    -- I was raised on the command line, bitch

  18. This explains the Republican congress and senate by HanzoSan · · Score: 3, Funny


    I thought it was kinda strange for republicans to have all these easy landslide victories suddenly.

    Interesting.

    --
    If you use Linux, please help development of Autopac
  19. the insecure code by Frymaster · · Score: 4, Funny
    the code line that was regarded as insecure:

    if(bush)
    bush++;
    else
    bush++;

    --

    2 1337 4 u!

  20. In Maryland You can Register Your Dog To Vote by mcwop · · Score: 3, Funny
    It happened

    See Here

    --

    "I don't think it's selfish, to eat defenseless shellfish." -NOFX

  21. Re:DMCA in action! (related side note) by Anonymous Coward · · Score: 1, Funny
    AC, I know, I know.

    I thought of a very interesting consequence of the DMCA recently that I haven't seen mentioned anywhere else. The DMCA can actually be used against itself.

    Okay, follow me here. It's no crime to create a word processor that looks exactly like Microsoft Word, as long as it has all things Microsoft removed from it. So let's just say that I hacked out the word Microsoft from the binary, and put in Cardshark instead, making it Cardshark Wordmaker.

    Now I encrypt the binary, and add a decryptor at run-time to load it into memory. Now I start selling pirated versions of Word. The only way for Microsoft to prove that it's a pirated Word is by circumventing my copyright device.

    Obviously this is example has holes in it, but consider a similar situation where only a small amount of code was stolen, rather than a whole application. How can legitimate software companies be sure no one is stealing their work, without running afoul of the DMCA? You would have to break the law to prove someone else was breaking the law.