Slashdot Mirror

← Back to Stories (view on slashdot.org)

Master Diebold Key Copied From Web Site

Posted by CmdrTaco on from the this-can't-be-real dept.

Harrington writes "In another stunning blow to the security and integrity of Diebold's electronic voting machines, someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company's own website. " Update: 02/06 17:40 GMT by Z : We previously discussed this story, early last year.

23 of 100 comments (clear)

  1. Déjà vu? by daveschroeder · · Score: 5, Informative

    Hmm, I seem to recall this story from somewhere...it sounds somehow strangely familiar...almost as if this exact thing had occurred before...

    Oh, that's right, this story was covered -- right here on slashdot, no less -- a year ago, complete with a link to the very same now-year-old blog post, which was significantly updated at the time, and caused Diebold to remove the photo in question! (A very generic key form was used.) Might want to update this post...

    Archives - January 2007 should be a clue. Or at least one would hope.

    While you guys are at it, can you fix your patently incorrect story about Iran being "offline", when it clearly and provably isn't, thereby negating the main premise of the story? You know, since no one seems to care about anything sent to the on-duty editor email.

    Slashdot is really on fire today!

    1. Re:Déjà vu? by Deanalator · · Score: 2, Insightful

      Yes, if slashdot did some automated submission comparison like digg, we might actually be able to avoid some of these dupes. Slashdot has a lot to learn from digg, and should copy it in every possible way. Maybe they can keep the cowboy Neal polls just for the nostalgia.

    2. Re:Déjà vu? by dattaway · · Score: 4, Funny

      The real story is someone hacked a Diebold voting machine to host Slashdot. Notice how this site is running slower than usual, turning out false stories, and running dupes?

    3. Re:Déjà vu? by gnick · · Score: 2, Insightful
      Do you know what you get when you

      copy [digg] in every possible way ?

      You get digg. If you prefer digg, the address is: http://www.digg.com/.

      Although I agree - An automated dupe checker seems appropriate for things like this...
      --
      He's getting rather old, but he's a good mouse.
    4. Re:Déjà vu? by Megane · · Score: 2, Insightful

      Except that this was a dupe on digg yesterday. Oops! So much for the "automated submission comparison"!

      Maybe if the submitters (and /. editors) would actually pay attention to URLs with obvious dates in them?

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    5. Re:Déjà vu? by elrous0 · · Score: 3, Funny

      The truth is that "Zonk," "CowboyNeal," etc. are actually just programs running on a server in Wisconsin. But the programs have a serious memory leak problems which only get worse if the server isn't rebooted ever few months. The guy who was supposed to reboot it this time couldn't afford the gas to Wisconsin.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
  2. Details of picture in case of slashdotting by Anonymous Coward · · Score: 3, Funny

    The picture was of a piece of luggage with the combination of "12345."

    Pretty damn stupid to use that as a master key.

  3. USA to the rescue by rdradar · · Score: 2

    Soon on Slashdot: USA bans images on the internet as a safety method, "Evil hackers posting these so called images danger our protections, and we have to ban them all".

  4. Slashdotted - link to google cache by dk90406 · · Score: 2, Informative

    http://64.233.183.104/search?q=cache:FcvferlnsJAJ:www.bradblog.com/%3Fp%3D4066+site:.bradblog.com+diebold&hl=en&strip=1

  5. Slashdot by Taimat · · Score: 2, Funny

    With the way it's gone so far today, apparently, slashdot is hosted in Iran.

    --
    The above comments are not guaranteed to make sense to anyone other than the author...
    1. Re:Slashdot by TubeSteak · · Score: 4, Funny

      I keep getting this error message
      Am I reading too much into it?

      503 Service Unavailable
      The service is not available. Please try again later.

      --
      [Fuck Beta]
      o0t!
  6. Spreading Democracy Begins at Home by Doc+Ruby · · Score: 4, Insightful

    Any country making both democracy and security its highest priorities for years, even at cost of a perpetual state of emergency, suspended liberty, thousands dead and many tens of thousands wounded (multiplied in the non-American casualties), unsupportable debts, alienating allies and activating enemies, would immediately remove these untrustworthy machines and never allow their vendors or technologies into the critical path of its government again.

    Such a country would never have allowed such a risk at all, either before or after such vulnerabilities were publicly exposed.

    But instead, this story will become a footnote. Precisely because there's an election going on. An election that is threatened by these untrustworthy machines.

    Since those priorities were set and executed by a government installed on the reports of these kinds of untrustworthy machines, I guess we've got everything we deserve.

    --

    --
    make install -not war

    1. Re:Spreading Democracy Begins at Home by bughunter · · Score: 2, Insightful
      You seem to be misunderstanding the plan. The easiest way of "spreading Democracy" to the parts of the world under the rule of despots and corrupt plutocrats is not ridding the world of despotism and corruption.

      No, it's by redefining "Democracy at home" to include despotism and corruption.

      So far, their plan is working well.

      --
      I can see the fnords!
    2. Re:Spreading Democracy Begins at Home by mi · · Score: 2, Interesting

      But instead, this story will become a footnote. Precisely because there's an election going on. An election that is threatened by these untrustworthy machines.

      Although, indeed, appalling, the threat is overblown. AFAIU, it would still require someone to visit each machine in person in order to affect its results. This simply is not enough to sway the overall results of an important election.

      Even if the "swingiest" district of the "swingiest" State is attacked via this exploit, the "winner" would still need to really win in a great many other places. This happened before. For example, in 1960:

      [...]
      • Fannin County, Texas had only 4,895 registered voters. BUT 6,138 votes were cast, 75% of which went to Kennedy.
      • Angelina County, Texas: In one precinct, only 86 people voted yet the final tally was 147 for Kennedy, 24 for Nixon.
      • [...] found a cemetary in one Chicago precinct where the names on the head stones were registered voters who had actually voted!
      • [...] visited the Chicago address where 56 Kennedy voters listed their address. What he found was an abandoned, demolished house.

      It did affect the outcome, but only because Nixon's real win was razor-thin to begin with... Unless a truly major force (like a foreign government) is financing the nation-wide hacking, the "razor-thin" is still a required quality. And a major force will, likely, find it easier to spend its money and efforts via (largely) legal covert and overt media-campaigning, rather than the highly illegal hacking.

      I wish such fraud was completely gone, but that may be impossible. Whether Diebold-machines make the situation worse is not immediately obvious...

      --
      In Soviet Washington the swamp drains you.
  7. Re:Old stories from Digg by Jugalator · · Score: 2, Insightful

    Yeah, either this is from Digg, or from Reddit. I saw the same old today on Reddit... I haven't bothered comparing the dates to see who was first though.

    But it's an interesting new problem in social news reporting. News tend to spread like wildfire, but that also includes bad or confusing reporting. This isn't the first time it has happened, at I predict it will become tremendously more common in the future, the more interconnected and popular social news sites like Slashdot (it now is one too especially since Firehose was implemented -- and no doubt have you seen the signs of this lately), Digg, Reddit, etc. :-(

    --
    Beware: In C++, your friends can see your privates!
  8. Well... by Black+Parrot · · Score: 5, Funny

    What's the problem? We've all been demanding "open" elections.

    --
    Sheesh, evil *and* a jerk. -- Jade
  9. Social Engineering by ObiWanStevobi · · Score: 4, Insightful

    While this story may be old, it was not a major election year when it ran, and all the e-voting problems still have not been fixed. So it is at least worth mentioning again, I think. Also, this story serves as a reminder that the most fearsome element of malicious "hacking" is not some geek with uber skills in a dark room, it's the information we willingly give out without realizing the danger.

    Ok, I done trying to be constructive. I always was mostly a crowd follower, so here goes: Slashdot sucks and I hate them for posting this story.

  10. Re:Well... by Miseph · · Score: 2, Insightful

    I've got an even better one for stamping out abuse... use paper ballots designed such that each potential vote is listed on one line with a hollow oval at the far end, then have each voter fill in the appropriate dot with a provided pen and run the ballots through a machine designed to read such ballots and compile the results as appropriate.

    You know, the same way that many institutions grade multiple choice exams.

    The best part is that this is not only comprised entirely of existing technology, but that it is already how at least one state does things, demonstrating that the methodology works just fine. It's how I voted just yesterday.

    It's completely obscene that ballot design has become so convoluted and messy that people can reasonably cast an incorrect vote, and it's just stupid to leave yourself without any means for a manual recount.

    --
    Try not to take me more seriously than I take myself.
  11. If they'd post the vote... by fahrbot-bot · · Score: 3, Insightful

    ...the machines are pre-programmed to cast, someone could photocopy that and save us all the trouble of actually voting.

    --
    It must have been something you assimilated. . . .
  12. Bad move by Z00L00K · · Score: 3, Interesting
    First it's a bad move to post the actual key on the website. Maybe it works on their ATM:s too?

    Second, from the appearance of the key it seems to be a lock that's EXTREMELY easy to pick so the effort to make a copy - even by trial and error - would be small.

    So if everybody that knows that Diebold machines are in use during an election makes their own key and just unlocks it and leaves the machine open... That could be for some interesting news. Votes dismissed due to irregularities - 50%. Just make sure that the machines is in the counties populated mostly by your opponent.

    And - what stops one from ordering keys from Diebold?

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Bad move by bughunter · · Score: 2, Informative
      Indeed. We all recall the Princeton report earlier this year that described the locks as so ineffective that they could be picked with a "common office implement" in under 30 seconds. Don't we?

      SFX: WAVY FLASHBACK LINES

      The lock is easily picked--one member of our group, who has modest locksmithing skills, can pick the lock consistently in less than 10 seconds. Alternatively, this slot can be reached by removing screws and opening the machine. Some attackers will have access to keys that can open the lock--all AccuVote-TS machines in certain states use identical keys [24], there are thousands of keys in existence, and these keys can be copied at a hardware or lock store.

      From Security Analysis of the Diebold AccuVote-TS Voting Machine: A.Feldman, J.Halderman, E. Felten: Princeton University (September 13, 2006).

      --
      I can see the fnords!
  13. Re:Please explain by epsalon · · Score: 3, Informative

    The major difference here is a subtle but important one. With the banking system, if someone manages to get money or goods they are not entitled to, someone will be missing that money or goods and that someone will know about it once they take inventory or reconcile the numbers. These systems are routinely attacked and banks do lose money to fraud, and they invest in security enough so that the cost of fraud is less than the cost of the security measures.

    With voting, the party that loses due to fraud is the public, and especially if there is no paper trail, there is no way to prove that any fraud did actually take place. It's very easy to make machines that count votes, it's basically impossible to make those machines such that no one involved could manipulate the results from the election officials, executives, programmers, and voters. With a paper election, the fraud-proofness is guaranteed though the fact that votes are opened with representatives of the various parties in place, and tallies are signed and published so that any fraud could be easily detected by the interested parties.

    --

    Make even shorter URLs - 8LN.org

  14. You trust ATMs? by argent · · Score: 2, Insightful

    Can someone please explain to me why an electronic voting machine is a Bad Thing(tm)?

    If something goes wrong with your ATM you know it happened right there when it happened, you contact your bank and get it fixed right then. And even then, you don't really *trust* the ATM. At least I hope you take your paper receipt, and check your balance, and if they don't match you can STILL call the bank about it.

    If something goes wrong with your voting machine you NEVER know about it, because you don't get any feedback (like, you know, the money doesn't come out). So what you need to do is to take your paper ballot from the machine and put it in a box and make sure that the boxes and the papers are safe and *those* are what need to be retained for a recount when someone thinks things don't match and needs to "call the bank about it".