Slashdot Mirror
Voting Machine Manual Instructed Election Officials To Use Weak Passwords (vice.com)
An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.
The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.
The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.
Paper ballot, voter ID, absentee ballots need to be applied for each election. No need for anything else.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
The that biggest idiots always end up handling the most important tasks?
Ever seen the people who volunteer to staff polling places? Do you want to budget for the tech support staff needed to reset passwords when Aunt Eugenia forgot it again?
Have gnu, will travel.
That's how we do it here in California, which has the fairest and most secure elections in the country.
You are welcome on my lawn.
In Russia they use paper ballots, and the number of people through the door is about 1/3rd of the total claimed vote count.
When a candidate wins that Putin doesn't like, he cancels the election due to ballot stuffing (because they didn't stuff enough ballots in to rig the vote, they have to cancel it due to their own ballot stuffing!).
You also need the structures in place to verify the count, verify the votes correspond to the people who voted and so on.
Once you decide to put party before country, and manage to seize power over the judicial processes that control the election you are lost.
You end up with elections run by the people who are running for election (Kemp in Georgia), decided by partisan judges (like Kavanaugh), with news outlets telling lies they know are lies. (Fox News).
You probably wouldn't last 20 seconds in front of Robert Mueller without blurting out some retarded falsehood and getting insta-carted off to Federal prison, just like Trump is about to...
With Trump there are two possibilities.
1. He knows 100% what he is saying. He is on top of things but chooses to lie about everything, even when it makes no sense to do so.
2. He is mentally unfit for the position he is in, but not stupid. He is a very accomplished con man and is going with his gut and his wits to find the levers necessary to move the electorate, mo matter the cost, particularly with respect to keeping the senate, which are really the only ones who could really stop him.
Notice that (1) doesn't make sense. His own actions sometimes don't make sense from this viewpoint, and his own lawyers have said, you can't testify. You will be convicted of perjury. I think it is really 2. We have someone in office who thinks the ends justify the means, if the result is Trump wins, and really only has two skills. 1. He is an accomplished con man. 2. He never gives up. Have you noticed that several times lately his only defence is, "It worked," as if that is all he needs? That is his ends justify the means stuff.
Oh, we have all three. When I registered to vote earlier this year, I had to show proof of my citizenship and a photo ID, and we have vote-by-mail that you don't have to be "absent" to use.
By the way, the states that experts have ranked as the worst for electoral integrity are Arizona, Oklahoma, Wisconsin and Tennessee. Also, Texas, Georgia and South Carolina rank pretty low.
You are welcome on my lawn.
Nothing to misunderstand. A voting machine manual was insecure by design, and the only states where it was used were states run by Republican jackoffs. It's all right there in the article.
You are welcome on my lawn.
Texas doesn't require voter ID, so why aren't you complaining about them? Neither do South Carolina, West Virginia, Utah and a bunch of other states.
"Most of the rest of the world" has universal, single-payer healthcare. I don't see you calling for that you dumb fuck-whistle.
You are welcome on my lawn.
T wasn't blaming the "rigging" on Russia, but on Democrats/illegals. It was T's burden to show evidence for them doing such.
I suppose if you claim everything is rigged/bugged/fake, you'll accidentally be right roughly 10% of the time in a general sense.
Table-ized A.I.
Few obvious questions.
First, with aren't they using smart cards with passwords on the keys?
Second, why did the software permit weak choices? Manual be damned.
Third, why are infosec officers not replacing those pages in the manual, training users in proper procedures, rejecting the products at user acceptance or running tools for weak password detection?
This is a failure of the entire procurement procedure, start to finish.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
You idiot. OpenElect is used in Illinois and Virginia both of which went for Hillary! Just go away - you're wrong all over the place, provably so...
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Should not be too hard making a good voting system?
Sweden (and many Europeans do it like this): Every citizen get sent a physical voting card to their home address (including information on where and how to vote). No need for registration, just being a citizen (national elections) or at least legal resident (local elections). Election places are all over towns, usually in schools of libraries. They are staffed by volunteer respected citizen.
On election day, you go to the election place, take some ballots and envelope, and put one ballot in one envelope per election. Then you show your card at the front desk (always staffed by several volunteers), and get ticket off in the electoral roll. If you have lost your card, you can use some ID. The envelopes are put in sealed boxes (one per election) under your supervision. (Oh, you can also hand in you vote in advance, at advance election places anywhere in the country (and at consulates). They will be sent to your election place, and used if you haven't voted physically)
The boxes are kept under supervision, and when election closes, counting starts. Everyone is welcome supervising the opening of boxes and envelopes, as well as the counting. Results are usually presented the same evening. The ballots are then handed in and re-counted once at a central location for each county just to be sure.
The system is easy to audit, and hard to cheat - especially on a systematic nation-wide level (which is much easier if there is a electronic system to attack)
Anyone wanna bet that this was done deliberately to make them easier to hack? Whoever made these things should know damn well how to keep it secure. Especially with the shenanigans around Diebold and so on. Election fraud is big news with the people who make the damned machines so there's no way they are doing this out of ignorance. These rules seem specifically designed with the OPPOSITE of security in mind.
You know, you can have one orange finger and you'll get the benefit of the doubt. Two orange fingers and you'll still get the innocent until proven guilty treatment. But when your whole hand is orange and there's cheese powder on your lips and teeth? Dude, I didn't have to see you do it to know that you stole the fucking cheetos!
Greetings from the rest of the world. Here in Finland we do in fact have to provide ID upon voting, and we do not have to to register to vote because your ID is checked against a list of eligible voters upon arrival to the voting site. However, social services also funds the cost of the ID for those who cannot afford it (which is why essentially everyone in Finland has an ID). This being the case, the ID requirement does not prevent anyone from voting regardless of income status. This point is often conveniently left out in the american discussions over voter IDs when the 'pretty much everyone else does it' -argument is presented because from what I've seen so far, voter ID proposals in the States don't have provisions for providing an ID for people who can't pay for it, and that's the crux of the problem.
Voting is such a fundamental right that it should never be gated behind a financial barrier of any kind, wouldn't you agree?
"It is the business of the future to be dangerous" -Alfred North Whitehead
Do they? 'Cause that's news to me. I asked an American living here in Finland that I have befriended about this and he said it's BS. So one of you guys is wrong. I tend to trust my friends more than strangers on the internet but because I wanted to make sure I went to Google and 10 seconds later found this in the wiki
The study in question is a 2014 study from Harvard Law School titled The High Cost of ‘Free’ Photo Voter Identification Cards '
So a trusted and informed friend and a dude from Harvard Law against 1 anonymous coward... damn, this is a tough one but I do think you may in fact be full of shit, because I did crunch the numbers and came tot he conclusion that a 'free card' costing anywhere from 75 $ upwards is not in fact free.
This reminds me of that quote from Hitchiker's Guide to the Galaxy:
"It is the business of the future to be dangerous" -Alfred North Whitehead
Damnit, the link to the study is broken, sorry people. Here's a working one.
I clearly need more coffee.
"It is the business of the future to be dangerous" -Alfred North Whitehead
This depends entirely on what is accepted as an ID, and how hard it is to get. I recently moved, and it was quite a hassle, partially because I can't drive. ... and they never did do anything that would really check that I was who I said I was.
The new state wouldn't accept the ID from the old state, and demanded a birth certificate. And the one issued by the hospital wasn't acceptable, it had to be a government issued birth certificate. And the place where I was born raised a large number of obstacles to getting the certificate without going there. (I don't know what it would have been like if I'd gone there in person.) Eventually they issued one after paying money, waiting, filling out forms, etc.
So. The issuing of the ID was free. The getting of it took a modest amount of money (not enough to pay for the paperwork), but a tremendous amount of bureaucratic shuffling, and didn't really prove anything anyway except that I'd gone through the bureaucratic paper shuffling.
So I'm not really impressed with the "ID requirements". They don't provide actual ID and they cause a tremendous amount of hassle. Photo + digitized fingerprints would be much better as unique IDs, or any of various other biometric markers. They should always be needed to be tested in person for any significant trust, because the "coded id" could be duplicated, so this should only be used to issue secondary ids from. And the database should never be connected to the internet, even indirectly, but the "coded id" should be matchable against any other reading.
Even so, you couldn't trust this system, because eventually there would be illicit copies made. And in a way this lack of trust is valid, because I'm certainly not the same person I was a decade ago.
I think we've pushed this "anyone can grow up to be president" thing too far.
You can get jobs without ID. You need a social security number, but you don't need ID for that. The problem is that the people for whom voter IDs are difficult to get tend to be the sorts of people who don't vote the way the powers that be want them to. Ie, the poor, the elderly shut-ins, the homeless, widows who never needed this stuff until after the husbands died, etc.
When elections are tight, disenfranchising a very tiny minority is enough to sway elections.
Getting a driver's license is a royal pain in the ass in many places. A identity card from the DMV is similar. People are reporting 8 hour waits at the DMV in California (because of the increased demand for the ridiculous Real ID cards that you can only get in person), and I had to book an appointment 3 months in advance for the DMV!
I think this is because Republican states are the most intent to prevent those who might lean Democratic from voting. That's the poor, minorities, college students, etc. In Democratic leaning states it is much more difficult to prevent or discourage rich whites from voting.