Slashdot Mirror
Voting Machine Manual Instructed Election Officials To Use Weak Passwords (vice.com)
An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.
The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.
The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.
Paper ballot, voter ID, absentee ballots need to be applied for each election. No need for anything else.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
The that biggest idiots always end up handling the most important tasks?
That's how we do it here in California, which has the fairest and most secure elections in the country.
You are welcome on my lawn.
In Russia they use paper ballots, and the number of people through the door is about 1/3rd of the total claimed vote count.
When a candidate wins that Putin doesn't like, he cancels the election due to ballot stuffing (because they didn't stuff enough ballots in to rig the vote, they have to cancel it due to their own ballot stuffing!).
You also need the structures in place to verify the count, verify the votes correspond to the people who voted and so on.
Once you decide to put party before country, and manage to seize power over the judicial processes that control the election you are lost.
You end up with elections run by the people who are running for election (Kemp in Georgia), decided by partisan judges (like Kavanaugh), with news outlets telling lies they know are lies. (Fox News).
Oh, we have all three. When I registered to vote earlier this year, I had to show proof of my citizenship and a photo ID, and we have vote-by-mail that you don't have to be "absent" to use.
By the way, the states that experts have ranked as the worst for electoral integrity are Arizona, Oklahoma, Wisconsin and Tennessee. Also, Texas, Georgia and South Carolina rank pretty low.
You are welcome on my lawn.
Nothing to misunderstand. A voting machine manual was insecure by design, and the only states where it was used were states run by Republican jackoffs. It's all right there in the article.
You are welcome on my lawn.
T wasn't blaming the "rigging" on Russia, but on Democrats/illegals. It was T's burden to show evidence for them doing such.
I suppose if you claim everything is rigged/bugged/fake, you'll accidentally be right roughly 10% of the time in a general sense.
Table-ized A.I.
Few obvious questions.
First, with aren't they using smart cards with passwords on the keys?
Second, why did the software permit weak choices? Manual be damned.
Third, why are infosec officers not replacing those pages in the manual, training users in proper procedures, rejecting the products at user acceptance or running tools for weak password detection?
This is a failure of the entire procurement procedure, start to finish.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
in Australia (apparently a nazi country since we have govt regulation of business, gun control, national healthcare?) we also have the Electoral commission.
They run the voting system.
Everyone votes the same way, on paper.
They hire extra staff from existing public service agencies, experienced & arguably trustworthy govt workers.
Voting is too important to let states or cities make up their own rules, or to let just anyone work in the polls.
And boy, am I curious to see the results and hysteria of these US midterm elections, it is going to make Bush vs Gore look like a couple of toddlers fighting over a toy!
Should not be too hard making a good voting system?
Sweden (and many Europeans do it like this): Every citizen get sent a physical voting card to their home address (including information on where and how to vote). No need for registration, just being a citizen (national elections) or at least legal resident (local elections). Election places are all over towns, usually in schools of libraries. They are staffed by volunteer respected citizen.
On election day, you go to the election place, take some ballots and envelope, and put one ballot in one envelope per election. Then you show your card at the front desk (always staffed by several volunteers), and get ticket off in the electoral roll. If you have lost your card, you can use some ID. The envelopes are put in sealed boxes (one per election) under your supervision. (Oh, you can also hand in you vote in advance, at advance election places anywhere in the country (and at consulates). They will be sent to your election place, and used if you haven't voted physically)
The boxes are kept under supervision, and when election closes, counting starts. Everyone is welcome supervising the opening of boxes and envelopes, as well as the counting. Results are usually presented the same evening. The ballots are then handed in and re-counted once at a central location for each county just to be sure.
The system is easy to audit, and hard to cheat - especially on a systematic nation-wide level (which is much easier if there is a electronic system to attack)
No, Voting is too important to let centrals run it. I don't think you understand how voting works in the US. Nationally, no one votes directly but same safeguards as states.
State level, you need a LOT of corruption across a highly distributed network of independent voluntary organizations to impact a vote. That complex non-standard setup is the primary safeguard against vote results tampering. The second is the volunteers who have a self interest in making sure the other isn't cheating and many independents who ensure no one cheats.
At the local level, you do have independent and committee based outsiders who ensure the few locals aren't cheating the local population.
The paper based voting system in the US that has been used for decades is pretty good. It was the State level discrimination laws and more recently end voter manipulation via social media that has been their only real threats. A "committee" would have made both worse.
BTW, we do have many committees here, they just aren't the only thing the system relies on.
Greetings from the rest of the world. Here in Finland we do in fact have to provide ID upon voting, and we do not have to to register to vote because your ID is checked against a list of eligible voters upon arrival to the voting site. However, social services also funds the cost of the ID for those who cannot afford it (which is why essentially everyone in Finland has an ID). This being the case, the ID requirement does not prevent anyone from voting regardless of income status. This point is often conveniently left out in the american discussions over voter IDs when the 'pretty much everyone else does it' -argument is presented because from what I've seen so far, voter ID proposals in the States don't have provisions for providing an ID for people who can't pay for it, and that's the crux of the problem.
Voting is such a fundamental right that it should never be gated behind a financial barrier of any kind, wouldn't you agree?
"It is the business of the future to be dangerous" -Alfred North Whitehead
Do they? 'Cause that's news to me. I asked an American living here in Finland that I have befriended about this and he said it's BS. So one of you guys is wrong. I tend to trust my friends more than strangers on the internet but because I wanted to make sure I went to Google and 10 seconds later found this in the wiki
The study in question is a 2014 study from Harvard Law School titled The High Cost of ‘Free’ Photo Voter Identification Cards '
So a trusted and informed friend and a dude from Harvard Law against 1 anonymous coward... damn, this is a tough one but I do think you may in fact be full of shit, because I did crunch the numbers and came tot he conclusion that a 'free card' costing anywhere from 75 $ upwards is not in fact free.
This reminds me of that quote from Hitchiker's Guide to the Galaxy:
"It is the business of the future to be dangerous" -Alfred North Whitehead
This depends entirely on what is accepted as an ID, and how hard it is to get. I recently moved, and it was quite a hassle, partially because I can't drive. ... and they never did do anything that would really check that I was who I said I was.
The new state wouldn't accept the ID from the old state, and demanded a birth certificate. And the one issued by the hospital wasn't acceptable, it had to be a government issued birth certificate. And the place where I was born raised a large number of obstacles to getting the certificate without going there. (I don't know what it would have been like if I'd gone there in person.) Eventually they issued one after paying money, waiting, filling out forms, etc.
So. The issuing of the ID was free. The getting of it took a modest amount of money (not enough to pay for the paperwork), but a tremendous amount of bureaucratic shuffling, and didn't really prove anything anyway except that I'd gone through the bureaucratic paper shuffling.
So I'm not really impressed with the "ID requirements". They don't provide actual ID and they cause a tremendous amount of hassle. Photo + digitized fingerprints would be much better as unique IDs, or any of various other biometric markers. They should always be needed to be tested in person for any significant trust, because the "coded id" could be duplicated, so this should only be used to issue secondary ids from. And the database should never be connected to the internet, even indirectly, but the "coded id" should be matchable against any other reading.
Even so, you couldn't trust this system, because eventually there would be illicit copies made. And in a way this lack of trust is valid, because I'm certainly not the same person I was a decade ago.
I think we've pushed this "anyone can grow up to be president" thing too far.