Slashdot Mirror
Diebold Security Foiled Again
XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"
How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?
It's time to look at some other vendor for voting machines and whatever else they make. Our future is too important to leave to stumbling bumblers like that. Anything can be defeated but shouldn't be as easy as this.
Most of the stuff on
It's because the exit polling was a much closer match to the actual results, rather than having substantial irregularities or, as in the case of the 2004 election, actual instances of election fraud.
Having both sides being extremely skeptical of the computer returned election counts is the only thing keeping anyone honest.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Yes. From the article:
" ... and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes."
Why are people ignoring what is going on in Florida House District 13?
The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).
There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.
Links Below:n ?CATEGORY=NEWS0521&template=ovr2 e ssional_district h p?id=6423 i nterview_chris_1.html
http://www.heraldtribune.com/apps/pbcs.dll/sectio
http://en.wikipedia.org/wiki/Florida's_13th_congr
http://www.verifiedvotingfoundation.org/article.p
http://www.cqpolitics.com/2006/12/the_cqpolitics_
"The bass, the rock, the mic, the treble. I like my coffee black, just like my metal" - Mindless Self Indulgence
Last I checked, it was called "milling", not "bridgeport operating". And you can go to a community college and gather the requisite skills in a three unit, one-semester class. Frankly milling is not very hard, it's not even slightly hard. The hardest part is remembering which way the table will move when you turn the crank.
In fact it's probably harder to get accurate measurements with which to make your own key than it is to actually make the key.
Frankly you don't even need to take a class. Everything you need to know is in the Machinery's Handbook, which is why it has over 2600 pages. All you need to know about appropriate cutting tools for different materials, feeds and speeds, it's all in there. It gives you the formulas AND the numbers to plug into them. But if you take that route, you will spend more time noodling around and fucking up than if you just take a class. Regardless, I received very little instruction on the vertical mill and was able to turn out some cute little parts that had no particular utility but were within half-a-thousandth tolerances. (We had learned the basics on the lathe. Most of the concepts are the same.)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.
So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.
FATMOUSE + YOU = FATMOUSE
There are always a lot of complaints about the security of any Diebold voting machines. Then there's the constant complaint of a paper trail (my county now has paper-trail making diebold machines).
What people should be pushing for is a voting system on commodity hardware. There's no sense in putting a million dollars forward for a small amount of "proprietary" machines that are all crap anyways. The only reason for wrapping a software solution in proprietary hardware like this is security through obscurity.
Instead of complaining all the time about Diebold et all, what we should be doing is putting together a GPL voting solution. Once it is mature and stable, push our representatives to make the move.