Diebold Security Foiled Again

XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"

the only thing..

[User+956]

Yet again, Diebold has shown their security prowess.

The only thing Diebold is good at securing is victory for the GOP.

Re:the only thing..

[jfengel]

Apparently they're not very good at that, either.

Re:the only thing..

[Jeff+DeMaagd]

I think the additional scrutiny made cheating harder to pull off without noticing.

Re:the only thing..

[truthsearch]

Funny how you only seem to be responding to the average media coverage and not the facts. Was no one interested or was the media (even non-mainstream) not interested? Plenty of investigations occurred. You apparently just didn't hear about them.

Re:the only thing..

[SatanicPuppy]

It's because the exit polling was a much closer match to the actual results, rather than having substantial irregularities or, as in the case of the 2004 election, actual instances of election fraud.

Having both sides being extremely skeptical of the computer returned election counts is the only thing keeping anyone honest.

Re:the only thing..

[dan828]

Actually, I'm just talking about the groups and people that make grandious statements and public acusations (Jesse Jackson comes to mind, he was making public statements about how they were going to investigate this and that, then was no where to be seen after the results came in and his guys won).

Anyone with even a bit of intellegence would want independent oversite of elections. But the media whoring, FUD mongering, jackasses on both sides I can do without. In recent years, with the House, Senate, and Whitehouse in Republican hands, that's mostly come from the left, but I have no doubt that the Right will do the same thing in a similar situation. But it's incredibly hypocritical talk about problems with election systems when your guys lose.

Re:the only thing..

Guess that explains the democratic sweep of congress.

Yep. GOP cheated.

Re:the only thing..

"even a bit of intellegence"

Um, yeah.

Re:the only thing..

[dan828]

Yeah, even with the typo the point still stands.

Re:the only thing..

[Sj0]

What does it matter who wins or loses a single election if you hold the keys to the gate?

It's troubling that so many people are such linear thinkers. It makes it really easy to pull off Machiavellian subterfuge.

Re:the only thing..

grandious statements and public acusations grandiose
accusations

oversite oversight

hypocritical talk hypocritical to talk

lot of typos there, jeenyus.

Re:the only thing..

[User+956]

Guess that explains the democratic sweep of congress. Yep. GOP cheated.

Study Kissinger and the Vietnam war, and get back to me on that. (the Key concept: Kissinger's "Decent Interval")

Re:the only thing..

[Schraegstrichpunkt]

It makes it really easy to pull off Machiavellian subterfuge.

Shhh! Don't tell them that!

-- Canada

Re:the only thing..

Hi AC. Do you have a point or just want to be a dick?

Still in business

[j00r0m4nc3r]

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

Re:Still in business

[MagicM]

Why don't they die?

Because they're called Diebold. Not Diebold.

Duh.

Re:Still in business

[aquabat]

Two words: Government Contracts.

Re:Still in business

[Joe+The+Dragon]

There ATM's if they where to post the atm key then they may go down fast.

Re:Still in business

[gstoddart]

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

That's because they aren't being viewed with a critical eye by the people buying voting machines.

The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are.

Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.

Cheers

Re:Still in business

[drinkypoo]

What's with Diebold? Why don't they die?

I believe the following will explain: "The company came under fire last year for a letter that Diebold CEO Walden O'Dell wrote as a fundraising pitch to Republicans. In the letter, O'Dell said he was "committed to helping Ohio deliver its electoral votes to the president." Diebold is based in North Canton, Ohio." (http://money.cnn.com/2004/08/30/technology/electi on_diebold/index.htm)

Frankly no one in power really seems to want a fair election. If they did, they'd be fighting these e-voting machines all the way - as there is absolutely no need for them.

Re:Still in business

[endianx]

I don't know, but I was at my bank the other day and on the window there was a Diebold sticker. Made me less eager to hand them my checks.

Re:Still in business

[jo42]

Because it goes something like this:

"You buy our stuff and we'll do something for you."

Like kickbacks. Or free holiday trips. Or employment at a much higher salary after leaving gov't service. The list goes on...

Re:Still in business

[grant420]

The same reason it took the government over 3 years to start handing Iraq contracts to companies besides Haliburton.

Re:Still in business

[pilgrim23]

Ever checked your bank balance? Diebold makes ATM machines, and many other accounting and tabulating devices used in modern banking.. Every one of us can point to our bank balance which is $4-$20 off every month, always in the bank's favor. That is, all hundred millions of us...
The only real question is: what is the percentage of the cut?

Stuffing the mattress would be a solution, if only the actual dollar could maintain the same value it had last Tuesday....

Re:Still in business

"DieBold, Die" is German for "The, Bold, The" - Bob

Re:Still in business

[pilgrim23]

In the early 20th century, most cities had Trolly Lines. Most were electric. there was no need for road crowding, smoke billowing Buses. But Detroit realized building buses was a gold mine as long as City planning departments, the Mayor's urban task force and other such public servants could be persuaded to rip up the trolly lines. Thus our public leaders made decisions for the good of us all. The more it changes, the more it stays the same....

Re:Still in business

[LinuxGeek]

Hmmm, you may want to change banks. My account balance is always accurate, with two different banks. I don't know anyone that has a consistent problem with their account balance.

Re:Still in business

[chord.wav]

1 - It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again.

Question: How can these guys still be in business?
Answer: See point 1

Re:Still in business

[KDR_11k]

Or, the more obvious offer, having the voting machines favour your party.

Re:Still in business

[pilgrim23]

I have WORKED in a bank. and I do/did....THOUSANDS.

Re:Still in business

[GoodbyeBlueSky1]

Another two words: blow jobs

Re:Still in business

"Detroit" had nothing to do with it. At the time, they had more important things to worry about, like making cars fast enough to keep their dealers supplied. As the number of car-owning Americans increased, streets became increasingly crowded. Eventually, it came down to eliminating curbside parking, or ditching the trolleys (both consumed 2 potential traffic lanes). Eliminating parking would have enraged middle-class voters, plus the city's entire entrepreneurial class of small business owners. Eliminating the trolleys sent the poor to buses, and gave middle-class commuters more room to drive.

There's no great conspiracy, folks. Trolleys and cars both competed for twenty foot wide ribbons of travel space, and cars won. The fact is, building light rail down the middle of a street has never, ever, in the history of the entire world, improved driving conditions along that road. *NEVER* It might be touchie-feelie-nice, and it might make mother Earth smile, but it's NOT going to make life any nicer for the drivers who now have to share the road with it, and anyone who claims that it will is being intellectually dishonest.

Light rail REALLY belongs about 250-400 feet to the left or right of major roads... running between the outparcels and main storefronts in plazas, or down the middle of medium- or high-density residential streets a block away from major arterial roads (going up and over, or down and below major arterials it crosses). Far enough from the major road so as to not screw up its traffic flow, and depositing riders right next to the door. In Miami Beach terms, this means running down the middle of Pennsylvania Avenue (residential street a short block ~250 feet west of Washington Ave), not Washington Ave itself.

Re:Still in business

[operagost]

Maybe it's because Diebold has other lines of business. Or did you think they popped out of the ground yesterday?

This only makes me more puzzled, really, when I see what kind of impenetrable tanks they use to store money (cash dispensers and ATMs) but they use flimsy pre-teen diary locks on voting machines.

Re:Still in business

[operagost]

Every one of us can point to our bank balance which is $4-$20 off every month, always in the bank's favor. That is, all hundred millions of us...

Learn how to balance a checkbook.

You clearly don't even know what kinds of products Diebold makes for banks. They don't sell core processing software, thus it is unlikely that they could slipping "$4-20" out of your account every month, unnoticed. Can you say, "Superman III?"

Re:Still in business

[operagost]

One entire bank? Well, that settles it then! They're all thieves!* Hide your money in the fridge!

* Not to say banks aren't all thieves, just a different sort than this poster claims! Please patronize your local credit union!

Re:Still in business

[Zordak]

People would be modding this "Funny" if they only got the joke. Go on mods---look up the proper pronunciation of "Diebold" and compare it to how you thought it was supposed to be pronounced.

Re:Still in business

[elBart0]

Wow.
It was funny, right up until you had to explain it.

Re:Still in business

[drinkypoo]

Besides, the conflict between cars and trains came on the interstate. Not only did we lose that battle but we also lost the battle of freight on trucks vs. trains. Not that lots of freight doesn't still go by train, but it doesn't go as far.

The place for light rail is in the trash. We should be using the sky loop concept. It could be used to move both people and freight and would not interfere with vehicles, yet could be installed in essentially the same space.

Re:Still in business

Two words: Government Contracts.

I think it's more than that. How about "contributions to the political party in charge."

They obviously have friends in high places.

Re:Still in business

[jc42]

The people who are making those decisions continue to want to have the voting machines due to all of the evidence showing how unsecure/not-tamper-proof these things really are.

There; fixed it for you.

If you think the politicos making the purchase decisions are ignorant of the documented problems, you're incredibly naive.

Re:Still in business

[Joebert]

The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are. Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.

The people making the decisions aren't complete morons for cryin out loud, they would have scrapped the machines if the machines made the situation any worse than it already was.

Just goes to show, the voting process has never been as secure as it's been assumed to be.

Re:Still in business

Any other company would have been history long ago. What's with Diebold? Why don't they die?

Replace "company" with politician, party, government, CEO, PHB etc. of your choice and you might notice that something in this world is seriously f*cked up. No accountability = no consequences; no checks nor balances = arbitrariness.

Re:Still in business

[mspohr]

Actually, GM, Firestone, and Standard Oil went around to various cities and bought up the trolley lines, ripped out the tracks and replaced them with GM buses.

I believe they called it a "triumph of the free market". http://en.wikipedia.org/wiki/General_Motors_street car_conspiracy

Re:Still in business

[jafiwam]

Not getting in one of those things unless Homer Simpson is at the controls.

Re:Still in business

[RexRhino]

Because they sell to the government! Selling a functioning product is less important than having good political connections. Most of the shit the government buys is overpriced and barely works... it just doesn't usually get the same attention.

Re:Still in business

[cheezedawg]

Halliburton's (specifically Kellog, Brown, and Root) involvement in Iraq is a part of the multi-year LOGCAP contract that they won in 2001 after a competive bidding process. This was the second time that they had won the LOGCAP contract- the first time was during the Clinton administration. The Clinton administration also awarded several other contracts to Halliburton, such as the logistical support for the military action in the Balkans, and praised KBR for their work.

You can choose to see this as a conspiracy if you want, but it doesn't make you look very rational.

Re:Still in business

[Tapi]

"But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!" Two words: Google Cache?

Re:Still in business

[+PhilipMarlowe9000]

Yeah, I think that this is the point where Diebold passed from complete incompetence to an utter farce.

Re:Still in business

Are Diebold's ATMs as easy to hack as their voting machines?

Re:Still in business

[orielbean]

Don't you mean "Lowest Bidder?" Occam's Razor points to simple cheapness and incompetence vs any malign influence of pushing votes one way or another.

Re:Still in business

[limecat4eva]

What belongs in the trash is the automobile, along with federal policies that encourage sprawl along highways and single-family homeownership—sprawl can be pleasant if controlled, but dispersal economies, not to mention long-established social patterns of human settlement, make it almost impossible to plan for efficient growth if current suburban automobile habits are to be retained.

London's rocketing ahead of New York as the financial metropole of the West; the congestion charge is supposed to be a major factor in having made London more attractive to talent and less expensive in which to commute. Imagining Manhattan with the streets given back to pedestrians is almost as appealing, to me, as imagining this fucktard being sent to Gitmo for sabotaging the party line on energy independence.

Re:Still in business

[limecat4eva]

Go back to Uncyclopedia.

Re:Still in business

[imroy]

Google only caches HTML and possibly other formats that they can index (PDF, Word DOC, Powerpoint, etc). They don't cache images.

Re:Still in business

(Reply to undo a bad moderation. Sorry!)

Re:Still in business

[ultranova]

Google only caches HTML and possibly other formats that they can index (PDF, Word DOC, Powerpoint, etc). They don't cache images.

Actually, they cache image thumbnails. Granted, that's propably not sufficient to make the key from... But at least I found this gem from this page. Should help drive the message home to the people who don't see a problem with unverifiable electronic voting... Assuming that they know who Josef Stalin was, which, since this is the American public we're speaking of, might be an unreasonable expectation.

Maybe something simpler, like: "When you're voting with Diebold machines, you're voting for communism." Good enough for the old RIAA poster, good enough for this.

Re:Still in business

[gstoddart]

If you think the politicos making the purchase decisions are ignorant of the documented problems, you're incredibly naive.

Oh, I don't think that at all. I just didn't feel like sounding like my tin-foil hat was a little too snug. :-P

At best, this is a political favour that just won't go away; at worst it's an attempt to undermine voting (but that feels unlikely, I'm more inclined to believe it's stupidity or naivete on their behalf that this will all work out.)

Cheers

Re:Still in business

[mpe]

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

Presumably, as with SCO, they have some other entity propping them up...

Re:Still in business

[XenoPhage]

Two words: Google Cache?

Google apparently doesn't cache the picture, but it does have a cache of the original page where it showed the description and price for the keys. The actual picture was preserved by bradblog.

My original submission has a link to both the new Diebold page for the electronic key, as well as the Google cache version with the original description. I guess the editors didn't like my links. :)

Re:Still in business

[sakasune]

Google [doesn't] cache images

But engadget does...

Re:Still in business

Huh? When did the streets ever get taken from pedestrians in Manhattan? As someone writing from my office in Tribeca, I assure you that pedestrians have more than an upper hand here.

If you want to see a city where cars are in control, go to LA. Jaywalking will get you much more than a $20 fine there, it will probably get you killed.

Re:Still in business

[drinkypoo]

If you want to see a city where cars are in control, go to LA. Jaywalking will get you much more than a $20 fine there, it will probably get you killed.

I don't think you have any idea what you are talking about. If we look at the statistics we see that depending on what year you look at, New York is either far and away higher than California, or just a touch lower.

My understanding is that in the city of Los Angeles, anywhere but the freeway, pedestrians have the right of way, any time, any place. This is definitely true in the city of Santa Cruz, from whence I come, but the population's not all that high there so it's not very exciting.

Note that even if you have the right-of-way, crossing anywhere but where you are supposed to is still jaywalking and can come with a fine. Also note that ANYWHERE in the state of California, pedestrians ALWAYS have the right of way in a crosswalk, MARKED OR NOT. That means if a pedestrian is crossing from corner to corner, you are required to stop whether there is a marked crosswalk there or not. Furthermore, California state law prevents crossing a crosswalk while there is a pedestrian anywhere in it, although that is seldom enforced.

Re:Still in business

[grant420]

If by competitive bidding process you mean Haliburton got awarded contracts when bidding much higher than their competitors, than yes it was "competitive".

DieBold Security.....

[Prysorra]

To Boldy die where no security has died before!

National Election Commision

[ghoul]

The way to get rid of election controversies is to have a national election commission like in India. India has a lot more voters than the US and a much lower level of education but it manages to pull off general elections a lot more cleanly and fairly just because the standards are same for all elections and all precincts. The decentralized form of elections might have made sense for the age of horse coaches but in the age of internet it is not too tough to have thge same standards everywhere in the US

Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

Re:National Election Commision

[ghoul]

BTW the last Indian general election was an all electronic election with EVMs used in all precincts.

Re:National Election Commision

[truthsearch]

The problem isn't the decentralized standards. Once they're centralized the standards will probably still be inadequate.

Re:National Election Commision

[Midnight+Thunder]

Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

In many ways Diebold et al. are all showing symptoms of not realising that they are trying to add technology to the wrong part of the process. In many ways the punch card system or optical card reader systems are the better systems, since the paper trail exists before the vote is taken into account: WYSIWYG. The proposed solutions provide a paper trail as a result of the process, if at all. The problem with this is that the paper trail may not be a result of what you inputted.

Remember just because technology can be used for a process, it does not necessarily mean that technology is needed for the process. Technology is there to make a complex task simple, not the other way round.

Re:National Election Commision

[cdrguru]

Yes, but...

You are talking about one more area where the federal government intrudes, takes over and replaces a function that is left to the states now. This is not just a little troublesome for some people. The "War Between the States" was essentially over state's rights in one form or another. You should be prepared to believe that many states do not like losing out to the federal government powers that they have held for 200 years and will call out the National Guard (a state militia) to defend their powers.

You might get it elevated from a county to a state level, but that is as far as it is going to go. Today it is that way in many states already so it wouldn't be that big a leap. But no way could it be taken away from the states.

Re:National Election Commision

[MichaelSmith]

You might get it elevated from a county to a state level, but that is as far as it is going to go.

As with the Indian example we have a federal election commission in Australia, and it works very well. Votes are cast by pencil on paper, counted by casual workers, and the count is mostly finished in a couple of hours. Manual counting doesn't really cost anything because the same people who do the counting are also needed to man the polling places during the day.

I can't see how any kind of count or survey could be done by using different equipment or methodology in every county. Nobody would trust the result if that was done. For federal elections at least the exact same proceedures must be used everywhere, otherwise you would never trust the result.

Re:National Election Commision

[Gropo]

You might get it elevated from a county to a state level, but that is as far as it is going to go. Today it is that way in many states already so it wouldn't be that big a leap. But no way could it be taken away from the states.

That may not be necessary. Strongarm states that don't conform their own laws to national 'standard' election laws by threatening Federal funding sanctions. That's been the common practice for quite a while, as far as I understand it. For instance, when the legal drinking age was raised from 18 to 21 across the board.

Re:National Election Commision

[Zordak]

There is no such thing as a "federal election" in the United States. The very broadest elections are state-wide. That includes electing the President. There is no national "popular vote." It is a fiction created by newscasters, I assume to gauge the popularity of the candidates. The only thing that matters is whom you elect to the Electoral College. And I don't think MORE centralization will be a good thing. Power is already too heavily concentrated in Washington, D.C. If we had a single election system, it creates a single point of failure. Figure out how to rig that one system, and you win the whole bag (for an interesting exercise, I guess you could think about what would happen if BOTH candidates rigged the system---something like 50 million people voted, with 33 million voting for the Democrat and 35 million voting for the Republican). Look at how hard it is right now to get rid of bad voting machines. Now think how hard it would be if, instead of fighting a single county or state, you were fighting the entire nation. And let's not forget that one of the primary reasons we have this EVM mess right now is the Help America Vote Act, which was a federal law that gave states lots of money to help them fix their broken election systems. Give me a choice between disorganized chaos and a well-oiled political machine, and I'll take the chaos any day.

Re:National Election Commision

[nuzak]

Tell that to the Nevada Gaming Commission. They have tough standards, but that's because the state's revenue depends on it.

Re:National Election Commision

[amRadioHed]

The proposed solutions provide a paper trail as a result of the process, if at all. The problem with this is that the paper trail may not be a result of what you inputted. That's why a user verified paper trail is important. A paper trail that is dumped into a ballot box unseen by the voter is entirely useless.

Re:National Election Commision

[Ungrounded+Lightning]

The decentralized form of elections might have made sense for the age of horse coaches but in the age of internet it is not too tough to have thge same standards everywhere in the US.

The US is not a country. It is a confederation of countries ("the several States") united by a set of treaties (ratifications of the Constitution or treaties of incorporation, depending on when/how they joined up).

Each of these treaty-bound but independent countries has its own election procedures, and they did not give up their right to control their own election procedures when they joined. The constitution doesn't authorize the Fed to control election procedures in general (though there are things it DOES authorize that let the Federal courts to intervene in details occasionally).

Part of the reason that the president is chosen by the electoral college, rather than the popular vote, is to provide a firewall between election corruption in particular states and the selection of the president (the one case where the population of the whole country votes on a common federal-level decision).

With each state selecting only its own electors, a corrupt voting system can only affect the electors from that state. A state can do no more than throw all its electors to one candidate (which most of them do) and even in close races most of the states aren't in a position to swing the election. (Political machines are run by the party in power, which generally has a significant majority among the overall population of the state. So the state's electors will generally be chosen their way and there's nothing to be gained by election fraud beyond the point that insures it.) If things were close (typically when the machine has lost the population but isn't out yet due to election corruption or jerrymandering) and they swung their own state's election through vote fraud, you only have to recount that state to try to fix things. Also: If the electoral college vote is close, you only have to recount the particular states that were close AND could have swung it.

If the president were chosen by a national popular vote, a corrupt machine in just one of the large states (NY, CA, etc.) could dump a bunch of fake or switched popular votes into the common pool, essentially controlling the presidency. Further, if the election is close and fraud or error is suspected, you may have to recount the whole COUNTRY to see if you "correct" enough votes to change or clarify the outcome. (If you thought Florida was a disaster: imagine that multiplied by fifty.)

Re:National Election Commision

[Ungrounded+Lightning]

(If you thought Florida was a disaster: imagine that multiplied by fifty.)

AND happening EVERY TIME!

Re:National Election Commision

[Ungrounded+Lightning]

Strongarm states that don't conform their own laws to national 'standard' election laws by threatening Federal funding sanctions. That's been the common practice for quite a while, as far as I understand it.

They did that with speed limits and highway funds, and some states resisted or ignored it. (The states collect much of the federal money - such as gas taxes - and they can turn the tables and refuse to turn it in.)

Interference in election procedures is a MUCH bigger hotbutton issue for state officials than traffic laws. It's fundamental to the governmental underpinning and their own selection. States with honest politicians will resist on constitutional issues. (States with political machines in place will resist to maintain their lock on elections and claim to be resisting on constitutional issues. B-) )

Even if the change were benign it might affect the outcome. The people in charge in the states were elected by the old procedures and have an interest in not sinking the boat that ferries them into their offices every election cycle.

Re:National Election Commision

[ghoul]

You are making my point for me. If we have an election commission which gets control over the police and other local law enforcement and civic officials for 15 days prior to a national election and after the election till the votes are ratified you are not giving up control to the federal government. India has a much worse record of outright booth-capturing(taking over of polling booths and allowing only your supporters to vote though some of it happened in Florida too where black voters were turned away) and double voting but ever since the National Election commision has received powers to conduct the election voting fraud has gone down. Also the Election Commision announces a model code of conduct 6 weeks prior to a major election and the Central and State governments are not allowed to announce major policies during the period so as to not unduely influence the voters.

Re:National Election Commision

[pipingguy]

Technology is there to make a complex task simple, not the other way round.

True, but once a task is simplified via technology it becomes necessary to complexify the technology (or the terminology) so that jobs are not lost.

Re:National Election Commision

[greed]

So you've figured out the key reason for the DST changes this year.

They'll have to change it back in a couple of years so everyone can work on the software updates and testing some more.

Re:National Election Commision

[mpe]

The way to get rid of election controversies is to have a national election commission like in India.

No need to even look that far away. It would be easier to have some Canadians come in and run the whole thing.

Google

[Daemonstar]

Diebold has removed the offending picture

However, it remains (scaled down) in Google's image cache. :) Might not be of much use, but it is there.

Re:Google

Not only that, but the structure of the key has already been compromised. The only 'secure' answer here would be a recall of all Diebold machines which can be opened by that key. Every last one of them.

Sigh.

Re:Google

This thread is useless without pictures.

Re:Google

Then get off your lazy ass and find it! It's the Internet; you can find everything on the Internet! Haven't you figured that out, yet? Geez!

Re:Google

[mastershake_phd]

Then get off your lazy ass and find it! It's the Internet.....

You mean- Then sit on your lazy ass and find it! It's the Internet!

Re:Google

[daddymac]

boingboing has a copy of the pic here.

Re:Google

[Emetophobe]

If you read the article you would also see this image: http://www.bradblog.com/Images/DieboldKeys.jpg

Re:Google

[Ollierose]

Heres a far scarier thought for you - I've got a dell poweredge server under my desk for development, which has a keylock to stop the case being opened. The key for that looks almost exactly the same, with the exception that the dell key has a pointed end.

New Vendor

[Divebus]

It's time to look at some other vendor for voting machines and whatever else they make. Our future is too important to leave to stumbling bumblers like that. Anything can be defeated but shouldn't be as easy as this.

Re:New Vendor

[symbolic]

They all suck. I say ditch the technology entirely.

Re:Its from the please-think-then-vote dept.

[dan828]

Yeah because in the last elec......um......the election before the last one, there were voting irregularities!!

Security through...

[griffjon]

Hey, at least we know they're not relying on security through obscurity!

This is a security company?

[Schraegstrichpunkt]

Do they even have any security-minded people working at this company? Publishing a picture of a real key is an understandable mistake, but why does the same key open every single voting machine?

Re:This is a security company?

[truthsearch]

Publishing a picture of a real key is an understandable mistake

How? I've never heard of anyone ever intentionally taking a picture of a key. And if it's a master key it's absolutely not an understandable mistake.

Re:This is a security company?

[cdrguru]

Can you actually imagine the operational nightmare that would ensue if every machine had a unique key?

Ignoring the potential for screwups in distribution (machine ships with no key, machine ships with wrong key), you have the wonderful situation of a large county (like Cook County, IL) with 10,000 machines and 10,000 unique keys.

Of course, you cannot access the machine to do anything without the single, unique, correct key.

I am sure that unique keys would be much, much worse than one key fits all.

Re:This is a security company?

[SatanicPuppy]

When you've only got seconds to doctor the votes, you can't be fumbling around with a big keychain.

Jeez. I'd have thought that was obvious... ;)

Re:This is a security company?

[MichaelSmith]

why does the same key open every single voting machine?

I am pretty sure that the same flat head screwdriver would open each of those locks as well.

Re:This is a security company?

[drinkypoo]

A better question would be why are they using a key? We all know that a simple key lock is not suitable security. You can defeat locks through bumping or picking. Or if you can get multiple people onto the same voting machine in sequence, one can spray into the lock, another can insert a blank and wiggle it, the key can then be cut out from the marks, and then the key can be brought back in and used. A key is simply not any kind of security whatsoever. It would make more sense just to put time locks on them. Or to use a digital security system using a smart card... Like the picture they replaced the keys with :D

Re:This is a security company?

[PitaBred]

But the key will open it without anyone knowing that it was done, which is the whole trick to rigging something. You don't want anyone to know it's been tampered with.

Re:This is a security company?

[Headcase88]

You're acting like there's one person who manges all of the voting machines in the entire state who would need a ring of 10 000 keys for this to work.

Cars have (effectively) unique lock, individual rooms in many building each have unique locks, little padlocks that are sold for $1 at school supply stores come with (sort of) unique locks. Hell, I'll bet even paper ballot boxes each have unique locks.

Diebold machines have poor security, the gov't doesn't care. Those who care can vote for someone else. Oh wait.

Re:This is a security company?

[e4g4]

I agree that a unique key for each machine would be a logistic nightmare, but a single key that can open every machine used in the US? That's a disaster waiting to happen. A reasonable solution would be a single key for every 10-20k units, or perhaps even more.

Re:This is a security company?

[rblum]

Yes, let me think about that. Secure elections, or convenience for the election officials? Clearly, we must choose the latter!

Re:This is a security company?

[joelpt]

Diebold is the leading manufacturer of ATM machines. Those machines are nigh-impossible to break into with physical access (magstripe hacks & minimart ATMs notwithstanding). Diebold has some serious security-minded people on staff, and they know what they're doing.

Which leads to the only rational conclusion: that Diebold used its extensive security knowledge to ensure that as many avenues of security penetration are available *as possible*. That so many security holes do exist is a matter of record, and it is plain to see from these reports that it would take someone with a deep understanding of security issues to enable such a variety of attack vectors.

I mean, polymorphable executable code can reside on the flash cards meant to hold the vote count totals. That functionality had to be specifically designed and implemented. This was no mistake.

Please watch Hacking Democracy: http://youtube.com/watch?v=yj530xW7PLE

Re:This is a security company?

[amRadioHed]

I think a key unique to each precinct would be a reasonable compromise. I agree a unique key for each machine would be cumbersome, but there is no excuse for every machine in the world having the same key. That's just stupid.

Re:This is a security company?

[megaditto]

Nah, the persons running the voting machine division (not the same making the ATMs) are just idiots. They were bought up and merged into Diebold, but that was about the only change. That, and removing the programmers with criminal records away from coding and into the management positions after the merger (since sometimes it's illegal for a felon to be involved in voting).

Re:This is a security company?

[Emetophobe]

Judging from the video, it looks like Diebold used the same type of cheap ass keys & locks that various PC case manufacturers use. Most likely to reduce production costs, they just build each machine with the same key+lock. I wonder if Diebold even cares about security judging from their past record, maybe secure machines don't matter since they modify the results at headquarters anyway... (/tinfoil)

It's a pin-based lock?

[RyanFenton]

As long as it's a normal lock, like 90+% of the locks out there (likely including your own front door), then Lock bumping is going to allow just about any person, regardless of skill, to defeat the lock using extremely simple tools, in a matter of seconds, likely with no signs of intrusion at all.

Ryan Fenton

Re:It's a pin-based lock?

[morgan_greywolf]

And if it's not an it uses a registered or otherwise restricted key blank, like, say, a mailbox or P.O. Box key, then bumping is next to impossible because you simply can't get a blank without permission.

Re:It's a pin-based lock?

[drinkypoo]

And if it's not an it uses a registered or otherwise restricted key blank, like, say, a mailbox or P.O. Box key, then bumping is next to impossible because you simply can't get a blank without permission.

All I need is one cut key and an upright mill and I can make as many blanks as you want. How many do you need? You can score a nice BIG bridgeport upright mill on ebay, typically with some tooling, for around $1500 plus an obscene charge for shipping something that heavy. And you'll need three phase power or a converter to hook it up... so you're looking at under $3000 for a piece of equipment that will let you make any kind of key blanks you want provided you have even a cut key to measure from.

Re:It's a pin-based lock?

[morgan_greywolf]

You, uh, also have to know how to operate a bridgeport upright mill.

Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

Re:It's a pin-based lock?

Pshah. They should do like I did and just install a keyless deadbolt.

What's that, you say? Speak up. I can't hear you. Something about you can't put a keyless deadbolt on the inside of a voting machine?

'Tis a mere formality. You're just not using small enough technicians.

Re:It's a pin-based lock?

[bhsx]

Yeah, I guess if you were really serious about trying to rig an election it'd be hard to find someone with those skills... Oh wait...

Re:It's a pin-based lock?

[drinkypoo]

Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

Last I checked, it was called "milling", not "bridgeport operating". And you can go to a community college and gather the requisite skills in a three unit, one-semester class. Frankly milling is not very hard, it's not even slightly hard. The hardest part is remembering which way the table will move when you turn the crank.

In fact it's probably harder to get accurate measurements with which to make your own key than it is to actually make the key.

Frankly you don't even need to take a class. Everything you need to know is in the Machinery's Handbook, which is why it has over 2600 pages. All you need to know about appropriate cutting tools for different materials, feeds and speeds, it's all in there. It gives you the formulas AND the numbers to plug into them. But if you take that route, you will spend more time noodling around and fucking up than if you just take a class. Regardless, I received very little instruction on the vertical mill and was able to turn out some cute little parts that had no particular utility but were within half-a-thousandth tolerances. (We had learned the basics on the lathe. Most of the concepts are the same.)

Re:It's a pin-based lock?

[pigwiggle]

Doubt it's a pin based lock. It's a cam lock, which is most likely a wafer based lock. However, wafer locks are real easy to pick, so ...

Re:It's a pin-based lock?

[morgan_greywolf]

Around here people put in ads for 'Bridgeport Operator' when they mean they want someone who can operate a manual lathe like the Bridgeport. Otherwise, the ads are for 'NC Machinist' or 'CNC Machinist', when they are looking for an operator skilled with a computer-operated mill.

Re:It's a pin-based lock?

[modecx]

You, uh, also have to know how to operate a bridgeport upright mill.

Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

First of all, the best tool to do this job is called a horizontal mill, not an "upright mill", whatever that is. A key cutting machine, the tool the locksmith uses to duplicate keys, is basically a specialized version of a horizontal mill. Secondly, a somewhat intelligent person can learn to successfully operate said machinery to do a similar task in the timespan of, oh five to ten minutes. Dimensioning the part would be the hardest part of the job. Thirdly, anyone with stable hands, decent spacial ability and a bit of time could successfully replicate the key that engages that cheap-ass lock, from a photo, with nothing more than a key blank, a small vise, a Dremel tool, and/or a file.

Re:It's a pin-based lock?

[drinkypoo]

Around here people put in ads for 'Bridgeport Operator' when they mean they want someone who can operate a manual lathe like the Bridgeport.

that's pretty hilarious. I guess they figure that people willing to work churning out parts may or may not even know that it's called a "vertical mill", but that a significant (maybe dramatic is a better word) percentage of vertical mills are made by bridgeport.

After all, an actual "machinist", someone who can make things by hand on horizontal mill, or vertical mill, or lathe, is a rare beast these days. Mostly people let the computer build things for them and then you only need enough machining to make fixtures and do setups - and once you've made one fixture, the computer can make the rest anyway.

Re:It's a pin-based lock?

It's a wafer lock. Standard pin tumbler cam locks are non-existant as far as I know. The hassle to make one would be pointless considering the lack of reasons to want to. The cam would have to be gear driven, and you would have to use a micro sized pin tumbler mechanism like one from the back of a Master combination lock. If a cam lock is a pin tumbler, it has to use a sidebar mechanism and those are exclusive to high security locks. If it doens't go without saying, bumping does not work on wafer locks. That's OK though, because the options that will work on a wafer lock, are 10X easier anyway.

As for Key Blank duplication, it's easy to use clay to take an impression of the wards of the keyway, go to the hardware store, find a close match blank, and hand file the difference to make a functioning blank in the event of a restricted keyway. The only keyblanks that resist this form of duplication are undercut, or have some sort of interactive element. The first is usually possible to work around with a 2 part key, and the second is hardly an issue either.

In short, once the key to a mechanical lock has had it's bitting compromised, game over if the attacker isn't an idiot.

Re:It's a pin-based lock?

[Tim+C]

it requires some training and experience to actually know what you're doing.

So? How much time do you think you have between elections anyway?

Re:It's a pin-based lock?

In fact it's probably harder to get accurate measurements with which to make your own key than it is to actually make the key.

I read about the auto auctions in King County, Washington (the county that has Seattle in it). Many of the vehicles being auctioned were abandoned and most simply do not have keys. On auction days, locksmiths show up with key blanks and hand tools. Using a simple rattail file, one of these locksmiths can whip out a working key in about a minute.

Now, that is starting with a key blank, not with a bare hunk of metal, but I think it shows that keys really aren't that hard to make.

Re:It's a pin-based lock?

[xenocide2]

Don't worry. It can't be lock bumped: the same key opens every machine.

Re:It's a pin-based lock?

[Tom]

Speaking as someone who does this at times for fun (and no profit), there are many different kinds of locks. I can get most simple padlocks open in under 30 seconds, and most simple locks, like those for bicycles, in around 10.
However, good padlocks (I play with padlocks most of the time, they are good to handle and you can sit on the couch while opening them), good padlocks can take several minutes to open. And the top-of-the-line locks (seldom in padlocks, but quite common in door locks especially where a professional made the decision, i.e. companies, government offices, etc.) are very hard to defeat without special tools. Simple pin bumping doesn't get you anywhere with them as they were specifically designed to defeat this technique. There are other techniques, but as I said they require special tools, and many of the very good locks are imperverous to these as well. You have pins on both top and bottom, you have pins at the sides, some expensive locks use small magnets in addition to pins and lots of other trickery. Pin bumping really is just the top of the iceberg.

Re:It's a pin-based lock?

[Tom]

More info: Just in case anyone was wondering if it's just pin placement, no it isn't, that was just an example. In more expensive locks, the pins are shaped in a mushroom shape to defeat the bumping process (which relies on pressure keeping the bumped pins aligned). There's a lot more going on in locks.

Re:It's a pin-based lock?

[drinkypoo]

On auction days, locksmiths show up with key blanks and hand tools. Using a simple rattail file, one of these locksmiths can whip out a working key in about a minute.

What we're talking about here is not making keys from key blanks, but making the blanks themselves.

I've read that you can make a key by squirting graphite into the lock, inserting a key, wiggling it around, and removing it very carefully. If you do it properly you get a pattern on the key that you can then file off. But I've never tried.

Also, auto dealers make keys based on a code book. Nissan in particular has a four digit code (Xnnnn), where X is the letter X and n is a digit 0-9) in the glove box from which keys are made. Unfortunately Subaru has a code on the key so I don't know how the hell I'm getting keys made, but the keys I have are worn-down copies of a worn-down copy and you have to wiggle them around quite a bit in the ignition to get it to work...

Undaunted

[imaginaryelf]

Our hero copied the smartcard from their photo on the website and keyed in the password 12345, the master password that unlocks all diebold machines.

Re:Undaunted

[ptbarnett]

Our hero copied the smartcard from their photo on the website and keyed in the password 12345, the master password that unlocks all diebold machines.

1 2 3 4 5? That's amazing! I've got the same combination on my luggage!

Re:Undaunted

[Goaway]

You know, if you look at the photo of that key, it sure looks a lot like it encodes a value very similar to "12345".

Re:Undaunted

[The+MAZZTer]

I used to on mine as well, but I foiled any potential hackers by changing it to 5 4 3 2 1! HA!

Re:Undaunted

"12345". Ha! That sounds like something an IDIOT would use as the combination to their luggage!

What concerns me even more

[Iphtashu+Fitz]

... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...

Re:What concerns me even more

[Stripe7]

Maybe that is how they stay in business. :D

Re:What concerns me even more

What, are you serious? You think they'd ever put out a system that would lose them money? Sure, every once in a while you hear about an ATM that had the factory default password still in place or took some common key but those are usually the fault of lazy/incompetent banks. Well, maybe not with the key.

But think about it, how often is it that anything errs in your favor? Bank magically gives you an extra $20? Phone company charges you at half rate?

Remember that story about the ATM that was pumping out $20s in place of some other bill? Free money right? Except they had records of every transaction.

If you want to worry about your bank account, place your worries on those holding your money.

Re:What concerns me even more

[wpegden]

No, fear not. Like you, the people up top are much more concerned about correctly counting pennies than votes. Rest assured, your bank account is much more secure than any of your "freedoms" or "rights".

Re:What concerns me even more

[zakezuke]

... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...

I would *think* if someone managed to open an ATM, I think the money would be the first thing to grab. I don't know how much cash your average cash machine holds but
http://www6.diebold.com/gssssps/pdfs/DBD_ATM_Cash_ Mgt_PC.pdf
Diebold machines do employ cash maangement, making sure to keep track of how much is needed.

Besides, and pointed out in other slashdot articals, phishing schemes seem to be most effective.

Re:What concerns me even more

... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...

Not that this is any excuse for Diebold as a whole, but the entire e-voting company was formally known as Global Elections Systems before Diebold purchased them in 2002.

Diebold made ATM systems long before that and they remain among the safest publicly accessible machines around. Especially when you consider they're full of money.

The decision to purchase GES was a pure money play by Diebold.

According to those in the industry, GES was pretty shady/sloppy/arrogant before. Diebold was only interested in getting the huge government contracts mandated by the HAVA (Help America Vote Act) after the...ahem...interesting presidential election in 2000. They allowed GES to run as they have before as their own entity.

It's no surprise the problems continued.

Re:What concerns me even more

[SpaceLifeForm]

$20,000 is a good guess. It depends upon the volume,
and many are loaded with less cash than that.

Re:What concerns me even more

[anthony_dipierro]

Diebold made ATM systems long before that and they remain among the safest publicly accessible machines around. Especially when you consider they're full of money.

They may be safe, but they sure are crappy. My credit union just installed new Diebold ATMs a few months ago. They've got some neat features: a check scanner that prints a copy of your checks onto your receipt, and a money counter which counts your bills a whole stack at a time. The problem is that the ATM machine pretty much never works. The check deposits are down about half the time, and I've gotten the bill counter to work exactly once since the new machine was put in place.

Isn't this...

[SnarfQuest]

Isn't this the same key that will open mini-bars?

I think the hotel owners should be able to sue over this release.

Re:Isn't this...

[Physics+Dude]

Isn't this the same key that will open mini-bars?

Yes. From the article:

" ... and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes."

Re:Isn't this...

[pla]

Isn't this the same key that will open mini-bars? I think the hotel owners should be able to sue over this release.

For the non-refridgerated mini-bars, you don't actually need the key. Grasp the handle firmly and push/rotate it outward (hard to describe but trivial to do - Basically you want to put torque on it so the bolt of the lock on the inside rotates away from the door jamb).

As an aside, this works on a lot of simpler locks on thin-metal cases - The weakness comes from the fact that the door and outer case will easily flex (elastically - You don't need to rip the door off to do this) far enough to open without bothering to unlock it first. "Tamper-proof" fire extinguisher boxes such as you find at schools... Some electrical panels (usually they use heavier gauge steel though and won't bend enough), many mini-bars (the refridgerated ones usually have an entirely different setup and this won't work), most thermostat covers such as you see at hotels, paper towel and toilet dispensers... Once you see how this works once, you'll see how to apply it everywhere.

Welcome to the real-world application of chapter one of the MIT lockpicking guide, namely, "it may be easier to bypass the bolt mechanism than to bypass the lock. It may also be easier to bypass some other part of the door or even avoid the door entirely. Remeber: There is always another way, usually a better one". It impresses your friends to actually pick a lock; It gets you free booze to just ignore the lock and open the door with the right flick of the wrist.

Re:Isn't this...

[inKubus]

It would be cool if they ACTUALLY PUT a mini-bar in each Diebold EVM so you could get drunk while playing games.

Re:Isn't this...

[inKubus]

It would be cool if they ACTUALLY PUT a mini-bar in each Diebold EVM so you could get drunk while playing games.

I mean VOTING! Sorry!

Bait and switch?

Did anyone else notice that the key used to open the machine in the video is significantly different than the keys in the photo?

This parent has the answer to the problem

[technoextreme]

There ATM's if they where to post the atm key then they may go down fast.

Thank you. I now remember every atm machine I see is a Diebold machine. I remember specifically that fact if only because of the voting machine problems.

Winner

[liak12345]

This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.

Diebold just won the golden "Are You Fucking Kidding Me?" Award of 2007.

Re:Winner

[imsabbel]

Dont they every year?

Re:Winner

[miro+f]

Sony won it for 2006

Re:Winner

[SeaFox]

We thought they would, but the votes came out strangely skewed for Sony in several key states.

Diebold's slogan is "We Won't Rest"

[8127972]

..... So will they not rest until our security is completely compromised?

Re:Diebold Machines Are Safe

[MECC]

Diebold voting machines are safe.

Even whey they publish openly all but explicit instructions on how to break into them. This may be a good thing, however, since it may compel them to actually put good locks on their machines. Probably not, though. As per the usual closed-source mentality, they'll just take the pic down and somehow believe that will somehow make the problem go away. Security through obscurity never works.

In effect, a closed source Diebold has been put through the ringer.

Perhaps, but not the PHBs.

Fear not, indeed

[ReverendLoki]

But fear not, Diebold has removed the offending picture [CC], replacing it with a picture of their digital card key.

Using this picture as a base, I have crafted three digital card keys...

Anyone

[Dude163299]

Anyone else in the Slashdot community up to making a real voting machine, an ATM machine if we get bored. I'm pretty sure we won't make that many slip ups. After all they set the bar low for us.

Hmm I wonder if this be modded Troll, or Insightful, or mabey have replies "Sad, but true".

Re:Anyone

[wtansill]

Anyone else in the Slashdot community up to making a real voting machine, an ATM machine if we get bored. I'm pretty sure we won't make that many slip ups. After all they set the bar low for us.

Call this guy: http://yro.slashdot.org/article.pl?sid=04/08/04/19 51202

diebold: dumber than you can measure

[swschrad]

these guys cannot accidentally conjure up this many screwups in a row. it has to be by design. the interesting question is, what are they pulling while we're laughing ourselves onto the floor over this butch?

hillary vs cheney, perhaps, in 2008?

Summary title fix:

[rts008]

Must be a typo- here's the fix:

"Diebold foils security again"

There, that's more accurate.

Your welcome!

Re:Summary title fix:

You're welcome.

Its Amazing

[JustNiz]

How many total F-ups this company can make, how many times their claim they fix their security and it's proven still broken, or worse, how strangely it seems that all the states using Diebold machines have developed a strange skew towards a high Republican vote count, ...and still the government will use their equipment.

Re:Its Amazing

[Runefox]

And the current government is...?

Could be worse

[Jon+Luckey]

It could have been this Diebold key that provided access

http://images.google.com/images?svnum=10&hl=en&lr= &q=GS-567331-1000_d.jpg&btnG=Search

At least with the key under discussion, one had to do some metal work to duplicate it from a photo.

For the key in that image, I suspect that the same trick using a bic pen to open that kind of lock would work.

Hmm.... I wonder what that GS-567331 was supposed to open..... The page isn't working right now :)

Re:Diebold Machines Are Safe

Safe? Safe?

Safe how? Like, a parked car oppose to a one possessed and gunning its engine to encourage you to run so it can run you down in a more sporting fashion?

While troll you obviously are, let's just cover the problems with e-voting...

1) Making a ton of ballots disappear takes longer to do, requires more people to do it, and will leave evidence SOMEWHERE compared to changing some data on a flashcard.

Actually, that's all the reason I need to want paper ballots. Oh, there's probably other reasons but isn't that one a big enough problem to kinda think, "Whoa, that makes it way too easy!"

Florida House 13

[bloodstar]

Why are people ignoring what is going on in Florida House District 13?

The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).

There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.

Links Below:
http://www.heraldtribune.com/apps/pbcs.dll/section ?CATEGORY=NEWS0521&template=ovr2
http://en.wikipedia.org/wiki/Florida's_13th_congre ssional_district
http://www.verifiedvotingfoundation.org/article.ph p?id=6423
http://www.cqpolitics.com/2006/12/the_cqpolitics_i nterview_chris_1.html

Re:Florida House 13

I especially loved the recount. Basically they just hit the "print results" button again.

Re:Its from the please-think-then-vote dept.

[PeeAitchPee]

Perhaps you can explain why Maryland's previous Republican governor Robert Ehrlich fought against the Diebold machines tooth and nail, even asking for millions of dollars instead to support a traditional election process, only to have them rammed down his throat by the (Democratic) MD legislature and state board of elections? Our state elections administrator, Democrat Linda H. Lamone is still fighting their removal and even against adding a paper trail! Hell, she doesn't even want printers because she says adding printers to the existing equipment "would disrupt the voting system."

If you think the Republicans are the only ones who want to use Diebold machines to manipulate votes, you're an idiot.

Re:Diebold Machines Are Safe

[Trails]

Yeah, it's the anarchists! And the commies! And the terrorists! And Kin Jong Il! And Mahmoud Ahmadieboldsucksdonkeyballsinejad! They all want to hax0|2 Diebold, and elect the democrats!

Find a tool and die maker

[vinn01]

There are plenty of tool and die makers around. I could order a few blanks ^W, - I mean custom metal parts, for a hell of a lot less than $3,000.

Re:Find a tool and die maker

[drinkypoo]

I'm just pointing out that the technology is neither expensive nor hard to acquire. I'm aware that there are already people out there who have the technology. If you make the blanks yourself, though, you eliminate other people from the mix. You keep a secret by not telling anyone and there's a zillion legitimate business uses for a milling machine.

Link, please?

You can't complain about someone not knowing facts if you don't show them where to learn them.

Re:Link, please?

[truthsearch]

Come on. I got details from the Democracy Now radio program, but a search is not difficult:

http://www.google.com/search?hl=en&lr=&client=safa ri&rls=en&as_qdr=all&q=%222006+election%22+investi gation+OR+stolen&btnG=Search

its rather upsetting...

[Grinin]

Having read enough about black box to know that it would extremely simple to rig any election in any district at any given time is just so frustrating. It completely nullifies our "democratic" system if anyone can tamper with these machines, and worse, rig an election whether local or presidential. Honestly, is there anything we can do?

The government regulates which companies get to "approve" the legitimacy or the votes themselves as well as the security of these machines, and recently banned a research company from giving their approval on the machines at all.

What kind of methods could we put in order to ensure that our government functions less corrupt. I mean, having these machines with such vulnerabilities and flaws in a political environment is like asking your child not to eat their Halloween candy, no?

Living up to the name

[Anon-Admin]

Determining
  Inaugural
  election
  Ballot
  Outcome (on)
  Lousy
  Data

DIEBOLD :)

MOD PARENT UP?

What's there to explain? Who they say they are doesn't matter when they try pulling this kind of shit. I'm a registered Democrat but I don't want to be affilliated with Lamone just the same as I don't want to be affilliated with whatshisname Jefferson (Demo rep, IIRC, from Lousianna) caught with thousands of dollars in his freezer. I want these people the fuck out of my party and the fuck out of congress. They are not doing this country any favors.

You're barking up the wrong tree

[inviolet]

This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.

Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.

So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.

Re:You're barking up the wrong tree

[T.E.D.]

Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, ...

I have a bit of EKMS experience, and I have to say that you really need both. At some point somewhere the information has to exist on the machine in unencrypted form, and an intruder could attack that point. The typical response to an intrusion is to zeorize all the encrypted data, but you certainly don't want to do that in a voting machine. That itself could become an attack.

But the real issue is that encryption has nothing to do with the problem. The problem is trust. I don't trust your machine, no matter what. How can I trust that the encryption algorithm doesn't also change %25 of all votes cast to a preferred candidate? You could show me your software (hint, Diebold won't). But then how can I be sure that the code didn't get modified, or I didn't miss some code somewhere? I can't. For example, there could be a purposely-written unchecked buffer, combined with a special card that the attacker inserts that overflows the buffer with modified vote-counting code just as voting gets underway.

The only way is to have a paper backup of the votes that can be counted by a different method of my choice. That way, when the machine cheats. I can catch it. However, if the machine creates or electronically stores the backup, then I can't trust the backup either. Thus the paper copy *has* to be the master copy that the voter filled out, physically stored somewhere.

Public Key?

[fahrbot-bot]

they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines

I hear Diebold is looking into different security measures and is interested in this new-fangled "Public/Private" key stuff. Perhaps this was their Public key...

Google link

[SpaceLifeForm]

Link

The real world

[Kilz]

In the real world there are Election Judges. People who watch whats going on. This unlocking and tampering isnt going to happen in front of them. This is a proof of concept idea, and like a lot of them it takes some things for granted. Like "you will be able to do this and no one is looking, or will stop you". But in the real world that isnt the case. Try this in a real polling place and go to jail, go directly to jail, do not pass go , do not collect 200 dollars.

Re:The real world

[grommit]

You're forgetting that in the real world many precincts allow election workers to take the voting devices home in the days prior to an election. This would give them both plenty of time and plenty of privacy to do whatever they want with the machines.

Re:The real world

[pilkul]

Great. So bank vault locks don't need to work properly either, since in the real world there will usually be people around. Antivirus programs aren't necessary, since the firewall ought to block everything. Restricted user accounts aren't necessary, since bad guys should be stopped from entering the system in the first place.

The point of multilayer security is that they provide essential fallbacks when other layers fail. If an inner layer fails, despite the fact that it is mitigated by the existence of upper layers, that is still a serious compromise not to be brushed off by anyone serious about security. And the fact that Diebold is pooh-poohing this tells me that they aren't serious at all.

Re:The real world

[a0+z-9*]

"But in the real world that isnt the case. Try this in a real polling place and go to jail, go directly to jail, do not pass go , do not collect 200 dollars." Apparently the watchful eye is sleeping. The point is to avoid having this and ALL of the many Diebold vulerabilities that have also already happened. It can also occur at the many sleep over locations and many other compromising vulnerable postions that these machines are put in. If an election gets thrown there will be a much bigger problem than this. Maybe they should be thinking about how well their security is working for them.

Re:The real world

[Kineticabstract]

In the real world, there are a small handful of election judges watching a dozen or more voting machines.

In the real world, those judges are currently busy trying to validate the voters who came in behind you, and aren't watching what you're doing.

In the real world, there are many polling places with screens around the voting machines to allow for privacy.

In the real world, most election judges don't know their arseholes from their elbows when it comes to this technology, and don't know what they should be watching for in the first place.

In the real world, hackers routinely make it past the safeguards that are designed to prevent unauthorized access. I'm glad that you're comfortable with the idea that an election judge can keep things all safe and secure in a typical polling place. It must be very warm and fuzzy in your world.

Better yet...

[eclectro]

A picture is worth a thousand votes.

Security... Paper Trail...

[Evets]

There are always a lot of complaints about the security of any Diebold voting machines. Then there's the constant complaint of a paper trail (my county now has paper-trail making diebold machines).

What people should be pushing for is a voting system on commodity hardware. There's no sense in putting a million dollars forward for a small amount of "proprietary" machines that are all crap anyways. The only reason for wrapping a software solution in proprietary hardware like this is security through obscurity.

Instead of complaining all the time about Diebold et all, what we should be doing is putting together a GPL voting solution. Once it is mature and stable, push our representatives to make the move.

Re:Security... Paper Trail...

[Danse]

There are always a lot of complaints about the security of any Diebold voting machines. Then there's the constant complaint of a paper trail (my county now has paper-trail making diebold machines).

It's not just about having a paper trail. It's about how that trail is created, and whether the procedures are sufficient to make it effective. From what I've seen, the paper trails in many places are unreliable, and practically useless for getting an accurate recount and preventing vote tampering.

Re:Security... Paper Trail...

[inKubus]

Instead of complaining, we should get up off our fat fucking asses and do something. It's not the machines, it's the people running them we can't trust. But they know from history we're not going to do shit about it, even take 8 hours out of our fucking busy 4 years to monitor the election ourselves IN PERSON. I guess we'll pay the piper when our rights are gone.

Government Corruption...

[Eric+Damron]

Prior to the 2004 election, Walter O'Dell, CEO of Diebold said that he would "deliver Ohio." He did.

Break them.

[SanityInAnarchy]

I'm dead serious.

I don't mean actually change the vote so these assclowns don't keep getting elected. I mean, bring your cracking kit (including a key and a printout of the screenshot of their website), and if you find one of these machines in your booth, walk out and complain to election officials. Don't just demand that you, yourself, be allowed to vote with something else -- demand that the machine be removed, and tell them that you are prepared to demonstrate just how insecure it is.

Then, if they don't listen to you, but still don't arrest you or steal your kit, go back into the booth and rig it so that 100% of the votes will go to whoever you want -- or 200%, if you can do that. The point, again, is not to make your guy win, but to force them to let everyone vote again, without the machines. (Of course, they could force everyone to re-vote on the same machines, but you just do the same trick again, and give the media an anonymous tip that you've rigged the election.)

We're at the point now of "I can't fucking believe this isn't front page news every goddamn day." In other words, this particular corruption is at the point where it's blindingly obvious enough that we should be able to bring it to the news, and eventually to "we the people" -- so that, eventually, no one in their right mind will allow their vote to be counted by a Diebold machine. Hopefully, this mistrust will extend to their ATM machines (which actually aren't nearly as bad), so that eventually, Diebold will have to die -- it's not that they can't do a good job, it's just that the company is so obviously run by corrupt fuckers -- or morons, but ultimately, there's not enough of a difference to matter here.

I Think It's Great!

[Greyfox]

Based on Diebold's actions in this area I think they must be an extreme case of an equal opportunity employer! Most employers do not disciminate on the basis of Race, Creed and Color. Diebold has obviously taken this to the next level in that they don't disciminate on the basis of Ability, either. We shouldn't be slamming them! We should be applauding them for taking bigotry down another notch! If it weren't for Diebold all those guys would be out on the street or having to work in the exfoliating scrubber factory or something! Hooray, Diebold!

What's the bet...

Prediction: Tomorrow's story will read:

Ross Kinard of Sploitcast arrested on terrorism charges, faces 55 years in maximum security prison.

Re:Its from the please-think-then-vote dept.

[Franklin+Brauner]

If you think the Republicans are the only ones who want to use Diebold machines to manipulate votes, you're an idiot.
Not just Republicans. I'm sure Al-Qaeda is looking to use it to inflict some real terror on the American people.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Take a look again

The key is clearly visible 4 seconds into the video and the features appear to match the diebold photo almost exactly. http://www.youtube.com/watch?v=UfGvSJA20-Y

Re:Its from the please-think-then-vote dept.

[Schraegstrichpunkt]

In the election before the last one, voting irregularities were discovered. In the last election, Diebold fixed that.

Re:Its from the please-think-then-vote dept.

[inKubus]

Reminds me of an old joke:
What's the difference between an honest politician and a lightbulb?
Lightbulbs exist.

Why are they still in business?

[Joce640k]

The government doesn't WANT hack-proof machines.

I mean, imagine not being able to hack the machines. Unthinkable.

Class action lawsuit possible??

I know it's nearly impossible to sue the government, but what about a class action lawsuit against Diebold? Since security issues don't stop our government from supporting Diebold, perhaps putting them out of business would protect us. I would think you might get a few US citizens to join the class action.

Key made from Stomach X-Ray

[ChrisLynx]

The worst part of this security lapse is that it isn't even novel. There was a widely-circulated story recently about a man who had swallowed the key to a truck. An X-Ray was taken, and a duplicate key was made from the X-Ray.

http://alslockandsafe.com/alslockandsafe_010.htm

Whomever was selecting pictures for the website needs to realize that a clear photo is even easier to work from than an X-Ray.