More Diebold E-Voting Vulnerabilities

presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

A Better Voting Machine

After reading all these stories on Slashdot about Diebold voting machines having security holes, I did a little bit of research on my own. I believe I finally found the perfect voting tabulation and candidate selection system, impervious to cheating. Here is the website; it includes video of the machines in operation (Windows ASX format).

Perhaps some of you security experts could evaluate whether this machine is more or less accurate and secure than Diebold's machines, but I'm pretty confident in its ability to surpass Deibold's accuracy. (Note to foreign readers: To interpret the results from the videos: if the red ball 21 or less, that's a vote for Kerry; 22 or more, Bush.)

And in a related story...

[Weaselmancer]

George Bush and John Kerry sign up for MSDN subscriptions.

Bow to your next president...

[siskbc]

...Me. After 150,324,123 mysterious write-in votes.

Re:Bow to your next president...

[IronicCheese]

Welcome to Slashdot, Mister Bush.

hchange?

Is that in Hungarian notation? A handle to a change object?

Priceless

[TheJavaGuy]

From Yakov Shafranovich's blog:

Microsoft Windows 2000: $200
Microsoft Access 2000: $200
PC: $500
Hiring an embezzler to put in three set of election results into your voting software controllable by a hidden combination of keys known only to you: $60,000 Changing the election results in favor of your candidate: priceless

"Of course, there are some elections that money can't buy. For everything else, there is Diebold."

Re:Priceless

From Yakov Shafranovich's [shaftek.org] blog...

In Soviet Russia, voting machines el-- oh, wait. My mistake.

Re:Another good example

[mrpuffypants]

Any representatives reading this?

No.

It's not BREAKABLE!

Why, it's used by the FAA to for radio communications! They wouldn't use something like Windows if it wasn't safe...

uh-oh

[ch3ch2oh]

President CowboyNeal?

Re:Blimey

[ackthpt]

Getting a warm and fuzzy feeling yet?

I think it's nausea.

You know... Diebold does a lot of work with financial systems. Is this what they call the Harbinger of Doom?

What will this do to homecomming?

The only real question is how will this effect the homecomming king and queen selections this fall? If geeks only need five lines to get whoever they want will they nominate their friends and win?

What will become of the High School social scene? Horror or Horrors.

In other news...

[blcamp]

I now have been elected governor in 15 states, plus chief justice in 4 others (but not in Caleefornya). I'm also now hold 22 of the Senate seats, 134 of the House, and I'm the Drain Commissioner in 2/3 of all counties in the US... ...and I am now also the Magistrate and/or District Judge everywhere I normally drive my car.

Re:Another good example

Any representatives reading this?

If you make a reference to Guybrush Threepwood in your comment I always mod it up. Go Monkey Island!

So what you're saying is, we should elect Guybrush Threepwood for president? Viva la Threepwood!!!

Re:diebold

[ackthpt]

I hope no one uses them again.

'Diebold' is probably some obscure germanic dialect for

Lowest Cost Bidder

VBScript?

[ottergoose]

You have to do:
VoteForGuyA = VoteForGuyA + 1

Instead of:
VoteForGuyA++;

God I hate VBScript.

On another note, how much money does Microsoft stand to make from this? If they're running VBScript, they're using Windows (I suppose they could use DOS, but I doubt they do) - I would imagine MS makes quite a bit when hundreds of thousands of these voting machines all need a copy of Windows.

Nice Diebold quote

"Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

Yeah, that's why there's never been any vote fraud in this country...I gotta remember to keep my shotgun loaded this November, that's when the dead people come out to vote in Chicago...

Re:Nice Diebold quote

[spitzak]

Aha! That's why nobody murders or robs anybody else. It's that heavy penalty! Thanks for explaining it, mr Bear!

Well now

[TiggertheMad]

Hey Dibold, you ever hear that old saying, 'Vote early, vote often'?

Well, don't worry, I will...

why not this

[codepunk]

del stupidaccess.mdb

US Elections 2004: Battle of the Scripts

[Control-Z]

What's the big deal about voting machine fraud? If you see any fraud being commited, just write an NEGATIVE SCRIPT to offset those fraudulent votes. That way we'll keep the election nice and balanced.

BSOD

[sleepnmojo]

I don't see a problem here. No one will be able to use the machines anyway. They will all be blue screened, so we will have to go back to the old way.

Voting machines designed by Sting?

[FunWithHeadlines]

"You go in and press buttons and then hit "cast vote" and it goes "doo doo doo"

Then it goes "de da da da," and finally it tells you, "is all I want to say to you."

Re:Blimey

[TheCaptain]

"I am committed to helping Ohio deliver its electoral votes to the President next year."

Well...the president next year will likely have deserved them. Not sure if it'll be Bush or Kerry though...certainly not Nader, IMHO.

* Note to the disfunctional moderators out there: This is what I pass off as humor.

Re:Amazing

[T3kno]

No no no, it's the other way around. You should always use Diebold ATMs in the hope that you get someone elses money :)

Re:Amazing

[XMyth]

Want to buy some tinfoil hats?

Re:obligitory plug for blackboxvoting.org

You are hereby found to be in contempt of the legally binding consumer protection laws as described hereforth at the Halfbakery:

http://64.233.179.104/search?q=cache:KXtKuHTgyksJ: www.halfbakery.com/lr/idea/Legally_20Binding_20Use _20of_20Factorials+factorial+halfbakery&hl=en

Utilising a factorial in an attemp to add hyperbole to your point is now a punishable offense. Unless you can prove the existance of (5! = 120) "Different demonstrations", we ask that you cease and desist in violating this new code.

Thank you,
Management

Re:Blimey

[Marxist+Hacker+42]

Given that- here's the five lines in pseudocode:

1. Set an ADODB Recordset
2. Open recordset with select statement for tables with the totals in them.
3. rs(fieldforcandidate)=new total
4. rs.update
5. rs.close

Or better yet, if you have a copy of access with you, skip the stupid script, open Access, and simply change whatever totals you want to.

Re:As an outside observer

Wtf is wrong with the US?

perhaps as a nation they just aren't ready for democracy and real freedom ?

in a nation that has more of its people in jail than the rest of the entire western world *combined* speaks volumes about the direction they are heading

Nothing new.

[ScytheBlade1]

At my school, I was asked to write a voting booth for the school. It's done via PHP and MySQL.

I wrote it. I've got the access which I technically don't have.

Pedro for President, anyone?

Re: "diebold" (German) == "theif old" (English)

[neitzsche]

Oh my, I thought that was pretty funny, and that you were just joking, but NO! translate.google.com really DOES translate that just so.

I blew my mod points a while ago, hopefully someone else will be gracious to you (even though you did post as AC.)

Re:Amazing

[Anonymous+Writer]

Want to buy some tinfoil hats?

Just make sure they're not made by Diebold.

Re:Blimey

[AuMatar]

In perl? More like 5 characters.

Re:Blimey

[John+Courtland]

Can someone explain me the exact problem with it ?

It doesn't ensure victory?

Re:Amazing

[c13v3rm0nk3y]

They are working for the govt in this case, which is notorious for not paying attention until it becomes and a campain issue.

Dude, I love this word you created:

Campain \Cam*pain"\, n. [F. campaigne, It. campagna, fr. L. Campainia the level country about Naples strewn with band-aids, fr. campus field. See Camp, and cf. Champaign, Champaigne.]

1. An field of pain; a large, open pain without considerable pills. See{Champaign. --Grath.
2. (Mil.) A connected series of military operations which cause significant pain.
3. The feeling one gets during and after a political operations preceding an election; a canvass. [Cant, U. S.]
4. (Metal.) The period during which a blast furnace is continuously in operation while your face is in it.

Re:Blimey

[AJWM]

The wealthier you are, the higher the likelyhood that it will be republican-leaning.

Well, except in Hollywood.

Re:Blimey

[BigT]

none of which will be alphanumeric.

Re:Die, democracy, Die

[Suidae]

And I think the selection of the leader of the most powerful country in the world should have a little more confidence than two ten-thousandths of a percent.

I agree. When it is that close we should force them to get married and share the oval office. They can alternate days in control and mud-wrestle for the monthly paycheck.

Re:Blimey

[NuclearDog]

<?
$db = mysql_connect("127.0.0.1", "diebold", "abcdef");
mysql_select_db($db, "votes");

while ($choice!='quit') {
echo "1) George Bush";
echo "2) John Kerry";
echo "3) CowboyNeal";

$vote = readline($vote);

if (!ereg("^[1-3]$", $vote) && $vote!='quit') {
echo "Invalid vote.\n";
} elseif ($vote=='quit') {} else {
$result = mysql_query("UPDATE `votes` SET `votes`=votes+1 WHERE `candidate`='$vote'", $db);
if (!$result) {
echo "Voting failed!\n";
} else {
echo "Vote successful!\n";
}
}

}

mysql_close($db);

?>

Of course, it would require much more error checking and the screen would have to be cleared after each vote, etc. etc.

If I 14 year old can program this in */me checks clock* 4 minutes, I'm sure Diebold could program something much better with the amount of time\money they have. If not, the only reason I can think of is that they are complete and total dumbasses.

Anyways, I know, being Slashdot, 10 other people will pipe up and tell me how I could have done it better. If not, I know someone will correct my grammar, and to you I say: 'telnet nucleardog.com'

That is all.

ND