Diebold Source Code Leaked Again -- Is That Such A Bad Thing?
from the should-be-secure-either-way,-right? dept
The e-voting mess continues to get messier, as the FBI is looking into the possible theft (and leak) of Diebold's e-voting source code. Various articles on this are pointing out how problematic this is, as the source code could help someone discover a vulnerability and cause problems in next month's elections. Of course, to be totally honest, it doesn't seem like it takes all that much work to find security vulnerabilities in Diebold e-voting machines these days with or without the source code. At the same time, it also sounds like this particular source code is a bit old. More importantly, though, if Diebold is really so confident that their e-voting machines are safe (as silly as that may sound), shouldn't they be comfortable with the machines' security even if the source code is public?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Well...
It's more how the person got the source code that I would be worried with. If they managed to get that, what else can they get hold of?
(First)
[ link to this | view in thread ]
Possibly the best theing to happen to them.
[ link to this | view in thread ]
diebold security
[ link to this | view in thread ]
Collusion
[ link to this | view in thread ]
The sad thing is...
[ link to this | view in thread ]
Frankly,
The ONLY way I could trust voting machines is if the source code is available. It doesn't have to be open source or free or whatever (ie: available to EVERYONE). But I'd like it available to a LARGE number of people...in other words, too many for a cover up...AND I'd like some sort of process wherein people could verify and certify that the code being shown is the code being run.
If we can't look at it...then there's a chance (and the way Diebold has been acting I'm almost CONVINCED its happening) that the company can "sell" elections to the highest bidder.
[ link to this | view in thread ]
Re: Collusion
[ link to this | view in thread ]
Re: Re: Collusion
Of course, in Maryland, the vast majority of our politicians usually form opinions just to fight against the other party, not because of what they're fighting for. We're seeing some *weird* races this year...
[ link to this | view in thread ]
Security
Small could not gain access to the GEMS software because the material on two of the disks was protected by a password.
Radke, the Diebold spokesman, said the versions of Ballot Station released since the version identified on the disks have many new security features. The Diebold statement said "it would take years for a knowledgeable scientist" to break the encryption used on the software apparently contained on the disks delivered to Kagan. But Rubin said "the data and files were not encrypted" on the Ballot Station disk he reviewed.
Interesting.
[ link to this | view in thread ]
Re: diebold security
[ link to this | view in thread ]
Good scam
[ link to this | view in thread ]
Coincidence??? What Movie?
[ link to this | view in thread ]
I concur...
[ link to this | view in thread ]
Yeah...I'd rather not know
Just tell me it works and I'll be happy. DO NOT prove it to me!
[ link to this | view in thread ]
It's sad to see how slow the US has been to solve
[ link to this | view in thread ]
Anyone who has taken ten minutes of an internet security course could tell you that information passing through a network is never 100% safe. Why should we allow a system that isn't 100% safe to be entrusted to the integrity of our votes? The answer is that we should not.
That's what raises my eyebrow as a Security guru and a voter. Now, as a Programmer, anyone who isn't comfortable with their "secure" program's source code being public is someone who does not have a secure program and they know it. If this program's source code was leaked, let us be thankful. Hopefully, some teenage kid hyped up on Starbucks double-shot espressos and Twizzlers will stay up until three in the morning until he finally works out every single security issue. I'd be willing to bet more money than I have that he'd produce something more secure than Diebold's beta testers and top programmers ever will given their uncomfort about the source code being public. Public code shows that you have no flaws whatsoever, because if you did, someone would find it and send you a nice email about it. Most "hackers" will actually tell you how to fix things you missed.
So why do systems like e-voting come around? Laziness. It's that simple. What is wrong with just getting off our butts and going to register and actually stand in line to cast a vote?
[ link to this | view in thread ]
a better system
[ link to this | view in thread ]
Frankly....
My only real worry is poll workers who palm the memory card and substitute another one, or an insider conspiracy to steal an election. Thats very likely to happen.
Hackers have more ethics and probably would just substitute "Saddam Hussein" for George Bush in the election results central computer just to prove their point.
[ link to this | view in thread ]