Slashdot Mirror
Pennsylvania's Voting Machines Are Running Windows XP (cbsnews.com)
Slashdot reader rmurph04 writes: As reported by CBS News, the battleground state of Pennsylvania might as well have a target on its back as Election Day nears, the cybersecurity company Carbon Black warned in a new report released Thursday. Across the state, most Pennsylvania counties use particularly high-risk electronic voting machines that leave behind zero paper trails, which could be useful to audit the integrity of votes cast. In addition, many of these machines -- called "direct-recording electronic" machines -- are running on severely outdated operating systems like Windows XP, which has not been patched by Microsoft since 2014.
According to the survey more than one in five registered U.S. voters may stay home on Election Day because of fears about cybersecurity and vote tampering. Respondents believe a U.S. insider threat poses the most risk (28%), followed by Russian hackers (17%) and then the candidates themselves (15%).
According to the survey more than one in five registered U.S. voters may stay home on Election Day because of fears about cybersecurity and vote tampering. Respondents believe a U.S. insider threat poses the most risk (28%), followed by Russian hackers (17%) and then the candidates themselves (15%).
WES 2009 is basically XP with security updates, and the average user can't tell the difference.
Are they running the POS or embeded that are still getting updates? Just saying XP isn't exactly helpful.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
What a dumb thought process. Someone may try rig the election so I'm not going to bother going to vote? Who's brain works like this?
Granted, XP sucked SO bad when it launched. It was nearly unusable for the first year, then it just became tolerable to switch from Windows 2000 with SP1. But why the complaint? These are not network connected, so the concerns of the OS are really pointless. If there's a security threat, like open physical ports, then address those. XP isn't some boogey man. Be specific.
I would have figured Win98 or maybe WinME.
Lacking <sarcasm> tags,
Please.
Unpatched XP? So what? What's the threat model? Are these things online? I'd be worried about the latest OS running today's patch set online. Are they worried about tampering by election officials? Physical access is access. Again, the latest patches won't help. What threat do they think will be thwarted by current software?
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
Why would anyone expect otherwise in PA? Their record speaks for itself.
So is my laptop.
(And I haven't got a single virus yet.)
...and before this voting machine fiasco, I was going to vote for Hillary, but now I'm definitely going to vote for Trump.
I vote early. If you can't vote early in your state it's because somebody doesn't want you to. Let that thought sink in for a moment.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Historical turnout data
This "survey" is useless, since the number that normally don't turn out is more than the most hyperbolic security threat number they offer. If they said 50% were going to stay home, then i'd start to take notice.
Sounds like an excuse for laziness.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Where I live they have the rapid counting of electronic voting, along with the paper trail. When you vote, after they check that you are really you, you get a blank ballot (both you and the person giving it to you see that it is blank with just the names of the politicos on it). They slip the blank ballot into a cardboard sleeve so just the top is sticking out, and hand you both. You take it to the little booth, pull the ballot out, pick up the pencil pick your horse, put it back into the sleeve. Then you take it back to them. You then both to to the machine, you put the paper in (it goes in like paper going into a photocopier), scans your ballot and with them standing behind the electronic display, they tell you to push yes or no on the button if what it is displaying is correct. Regardless, it stores the paper ballot, and tabulates (or not). A second later the display is blank. Voting completed. They have the paper trail, they have the electronic count (for quick results). The electronic reader is pretty dumb. They don't even need a network connection. They take the electronic reader to a central location where results from that machine are read. If they got a lot of mis-read ballots, they can re-read all the paper ballots in bulk (using 3 machines to verify). They verify that the vote is secret, there is an audit trail, no one can take a ballot and say its yours, and you can do it all offline.
Voting machines should be open-source coded in assembly language to run directly on the hardware, and the hardware should be open source - something like a clean-room recreation of a 6502 or Z80. Every gate, every mask, should be verified by hand against the schematics, and every machine code in ROM disassembled by hand and compared against the source listings.
Nothing in the voting mechanisms should be capable of being hidden, nor should it be so complex that one person can't understand and verify the whole thing in a reasonable time, say 1 year.
That means no OS, no proprietary hardware or software, nothing but obvious routines running on "metal".
Contribute to civilization: ari.aynrand.org/donate
Georgia, which in 2002 set out to be an early national model for the transition to computerized voting, shows the unintended consequences. It spent $54 million in HAVA funding to buy 20,000 touchscreen voting machines from Diebold, standardizing its technology across the state. Today, the machines are past their expected life span of 10 years. (With no federal funding in sight, Georgia doesn’t expect to be able to replace those machines until 2020.) The vote tabulators are certified to run only on Windows 2000, which Microsoft stopped supporting six years ago. To support the older operating system, the state had to hire a contractor to custom-build 100 servers—which, of course, are more vulnerable to hacking because they can no longer get current security updates.
Nothing wrong with XP. What is this ridiculous preoccupation with constant renewal? Sometimes certain things work adequately to do the job. An axe can still chop wood, a spade can still dig a hole. Get used to it!
Are Slashdot employees THAT busy that they can't properly check front-page posts? Or do they do it because they want to improve their Apple shares? So sick of hearing these constant Microsoft bashing stories (and I don't even use Windows, I prefer Linux). A huge number of them are exaggerated BS. This is slowly turning into Engadget 2.0..
We seriously see this story posted once a year at least. And every year, its the same thing.. Windows XP EMBEDDED != Windows XP. Even if it was, having a brand new OS can be more insecure for some types of exploits..
"These are not network connected, so the concerns of the OS are really pointless"
Uh, it's been documented for awhile now that even air gapped computers are vulnerable to a lot of exploits. RF is one of them. If you haven't been keeping up with recent events in computer OPSEC then perhaps you shouldn't post. The information available at your fingertips includes but is not limited to the Wikileaks hack files (NSA).
There are many reasons why some people who have air gapped computers choose to use ancient systems like Apple ][, C64, and others. I'm not saying they're magically free of vulnerabilities, but meh.
My favorite Nathan for you running joke is Windows 95. "You're still running Windows 95? My parents got rid of their Windows 95 computer because minesweeper stopped working."
It's possible I'll get to vote anyway, but they rejected my ballot application the first time with several BS reasons (selected from a long list on the rejection form). Over the last few elections, it has been getting harder and harder to vote, and this latest voter-ID bogosity makes it much more difficult. And stupid.
The hilarious part is that my vote had already been rendered meaningless by the partisan gerrymandering and double-gerrymandering. My so-called Representative is such a worthless tool that they had to rejigger his district to keep it "safe". They are running out of room in the sacrificial districts where they pack in and waste the Democratic votes. They can't draw the district boundaries house by house! Or can they?
I sure hope it's worse than that from the dictators' perspective. The so-called Republicans (really former Dixiecrats "betrayed" by LBJ) have been driving Texas to the bottom so hard and making the state so cheap that a lot of damn Yankees have moved south. Maybe they are about to flip the state back to the Dems, even though the polls have trouble tracking and accounting for first-time-in-district voters. No evidence, but "some people are saying", as the Donald says.
(Also hurts them that Trump is killing the Hispanic vote. This latest insane TwitterWar is NOT the temperament of a potentially great president. If she would have just given him the damn blowjob as payback for maker her a winner, then none of this would have happened!)
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
The voting machines are NOT connected to the internet. They are also running EMBEDDED XP not desktop XP. No they can not be infected easily unless someone has physical access... and at that point every OS on the planet is easily cracked wide open if the attacker has their hands on the device.
Do not look at laser with remaining good eye.
What's wrong with optical scan? We use it in my country and its great. Just fill in the line. What's nice is you can 50 people in a room filling out the forms and one or two scanning machines that read then in a second and depot the paper in a locked box. Instant check to make sure you votes and o dublicates and easy to rescan later or manually count.
I love Jesus, except for his foreign policy.
Either it's running an old OS and it's vulnerable to unpatched exploits or it's always running the latest and greatest and it's vulnerable to code breaking because of changes to the OS. Can't have latest and greatest AND high reliability.
AS INTENDED.
"...are running on severely outdated operating systems like Windows XP, ..."
So? News flash: Software doesn't wear out.
The fact that any voting machine leaves no paper record is criminal.
The machines I work with run MS DOS. Although the servers that count the votes run really old Windows Server, Ancient SQL versions and of course Windows XP clients. But that is because it costs over a million to get any upgrades approved by our security conscious overlords.
But all things considered, nobody has internet access to these systems or unfettered physical access to really exploit any imagined bugs in the software. And if anyone altered votes statistical patterns would make that tampering evident and a re-vote in the precinct would be ordered and the falsified votes replaced.
Everyone just calm down.... Russians are not hacking the vote.
Pennsylvania will probably find itself electing Ruth From Card Services, or some guy in India who promises to repair your PC.
"Try watching George Carlin's video on why he doesn't vote."
To be fair: Why he DIDN'T vote. The guy's dead.
"We have no choices. They're both idiots and the American population seems to believe that they can't vote for anyone but a Democrap or a Repugnican."
Right - we have no choices. Trying to convince the average person they have more choices is insane. They won't believe you. You'll just spoil the election if you vote for anyone but the two chosen puppets. Too many people still believe and trust what they see on old one eye (TV).
This post is not brought to you by CNN, NBC, FOX, or ....
*(&@#$)( @
" So? News flash: Software doesn't wear out."
Sure it does - it does all the time! Especially for proprietary software. If it's open source you can pick up development or fork it if you want to take it in a different direction.
Very often when people stop supporting proprietary software, they often drop it and leave it. No one continues development. You can't continue development (in most cases, excluding some RE specialists) and the security vulnerabilities begin to stack up. And what about the old hardware? Bingo! Another source of vulnerabilities.
But continue to run old versions of Windows, people, and beat your chest like you're secure.
They should let people vote through Steam. I want to vote against other people online. Or vote with my friends in co-op mode.
XP embedded doesn't get security updates. Because it is pick-and-mix, windows update doesn't work. Trying to make a Sasser fix was VERY hard work.
I personally feel Hillary should already be in prison. However Trump already intimated that he would try as hard as possible to, after shredding the constitution, sue into oblivion any member of the press that is critical of him.
The Fonz.
Don't be fooled with claims of paper backup trails and the like, it is not possible to verify a vote on any electronic black box voting machine.
The only way to verify a vote is using hand counted paper ballots.
prsdntl
"No they can not be infected easily unless someone has physical access"
Who said anything about easily? Also, one man's difficult is another man's easy! Ha Ha! You see? It's beautiful isn't it, when you really "get it".
Most of the leaked info at Wikileaks and elsewhere about software and hardware available to governments upon purchase (or maybe request!) contain abilities to gain access and/or monitor or otherwise exploit, harvest, etc. hardware and/or software! So what? Well direct your satellite serving EEGs right here, "he was a quiet man"! Most people talking about these types of attacks on hardware/software which these products were/are capable of were LAUGHED off the net! Now that these abilities (at least the public ones) are CONFIRMED, you can shove those tin foil hat suggestions up your DIRTY ASSHOLE, fuckers! (not the OP or anyone on /.)
WE TOLD you for YEARS about this shit and now the proof is out! Guess who's fucked in the head? yeah, it's you - various mods and sysops and shit for brains with powers over message forums, mailing lists, etc.! Fuck you! Your ass was HANDED to you.
old SQL? time for write in candidate drop tables!
I first thought the heading was "Fantasyland Voting Machines running Windows XP". But it's not, it's "Pennsylvania voting machines" ... I am greatly relieved!
I don't see very many voting humans being held accountable for the votes they cast. Why should the voting machines be treated any differently?
He's not funny, and he's not insightful.
In my experience only truly stupid people find him to be either.
Also, in my experience truly stupid people think that not voting is somehow political action.
Of course not. Microsoft stopped introducting new bugs to it in 2014.
Having Microsoft stop dicking around with it is a benefit, not a shortcoming.
I think what I don't hear from any Presidential candidate is a commitment to revitalizing our country. No talk about rebuilding roads, bridges, infrastructures. Improving our local government facilities such as good water supplies, improved sanitation plants, replacing outdated sewer and water service lines. Replacing crumbling schools and ineffective and outdated learning materials. I mean the list goes on for the improvements becoming very much a dire need not a want.
Hillary Clinton doesn't have a record worth shit on anything. She screwed up everything she did at the State Department. Can't run on any record there. She only sponsored a handful of legislation as senator one was to rename a post office. Trump is a businessman with obviously little experience in world affairs other than what he did with his golf courses and hotels. But his lack of government experience has actually been a benefit for Trump with his supporters. Who see him as a messenger for change in government corruption. Would that reflect on a more focus on spending on America and improving life here? I don't know, but clearly governments running Windows XP on important systems is just a small example of what is wrong with America that all politicians keep ignoring.
Who's brain works like this?
Clinton's big problem is voter indifference. People don't like Trump, but they don't like Clinton enough to vote for her.
Articles like this are intended to nudge tepid Clinton supporters to get out and vote.
Goddamn I hate Hillary Clinton.
I live in PA and we use an optical scanner that reports the numbers at the end of the election day. Each precinct calls in the numbers to the County Election office. The machines with the paper ballots sealed inside are then transported to the county seat Election office for official counting. It's been very reliable and even if the scanner failed to the record the correct votes there is paper trail to audit.
"most Pennsylvania counties use particularly high-risk electronic voting machines that leave behind zero paper trails, which could be useful to audit the integrity of votes cast."
Why not use the same machines as state lotteries. They're reliable and secure and produce a fully audited paper trail.
It's whose hacks will be the most effective?
And I'm not referring just to people playing with code. The people playing with money have been hacking pretty effectively as well.
opinion from outside the USA: both options are scary. But while Hilary is likely to "only" make wars in predictable places like Middle East so SE Asia, Trump seems like the guy who would for example make alliance Russia to nuke China, sacrificing Europe for Russian support.
I mean, many past presidents were horrible scum and liars; but DT makes no slightest trace of consistency, he denies obvious facts, invents stats etc.