Even More Trouble For E-Voting Firms: Source Code Review Finds All Sorts Of Scary Vulnerabilities
from the doesn't-look-good dept
This has not been a good week for e-voting companies. First came the report out of California that the security had problems on every machine tested by independent security experts, followed quickly by security experts finding problems with other machines in Florida. This should come as no surprise. Every time a security expert seems to get a chance to check out these machines, they find problems. What was odd, though, about the announcement on Monday coming out of California, was that the state had only released some of the reports. It left out the source code review. However, late Thursday, the source code reports were finally released and things don't look much better. Apparently all of the e-voting machines are vulnerable to malicious attacks that could "affect election outcomes." The report also points out: "An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive -- malicious code could spread to every voting machine in polling places and to county election servers." This, of course, is what others have been saying for years, and which Diebold always brushes off. Ed Felten has gone through the reports and is amazed to find that all of the e-voting machines seem to have very similar security problems -- and that many problems that Diebold had insisted it fixed in 2003 were still present. Remember how Diebold had used the master password "1111" in their machines? Now their machines use hard-coded passwords like "diebold" and (I kid you not) "12345678." At some point, isn't it time for Diebold (and the other e-voting machine makers) to stand up and admit that their machines aren't secure and, in fact, were never secure? At the very least, the company owes the world a huge apology -- but somehow, given its past behavior whenever its machines are shown as insecure, that seems unlikely to happen.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, security, vulnerabilities
Companies: diebold
Reader Comments
Subscribe: RSS
View by: Time | Thread
The reason there is not more outrage is
I have noticed for years that no one votes, in fact the younger you are the more likely you are to brag about not voting.
It will take a Democrat clearly loosing an election to fraud/crack voting machine before something will be done. And that something will be worse that what is present now.
I have no faith in the US Government ability to do anything right and it seems that millions of US voters share that feeling.
[ link to this | view in chronology ]
Re: The reason there is not more outrage is
I'm sorry. You appear to have misused the word "loose."
Hopefully the above site will help you on your quest to better understand the differences between "loose" and "lose"
[ link to this | view in chronology ]
Re: The reason there is not more outrage is
Don't blame it on the youth though. It isn't their fault politicians do not pay attention to them and have ignored the majority of the US in general.
Politicians and the political system is broken and it will take a peaceful revolution and a complete restructuring of our electoral system to solve the problems we face. The simple fact is that politicians, especially on the federal level, are completely out of touch with what it is like to be a typical person in the US.
I would hazard to say that the Federal Government is no longer capable of controlling the country effectively. I do not think our founding fathers could imagine a single government body in control of almost 300 million people. With the concentration of any power there is corruption and our system should be designed to limit it not encourage it.
The simple answer may very well be to allow the states more power and take it away from the federal government. At the very least the presidential powers should be taken completely away and he should return to being a figured head and our foreign representative.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Voting Machines
Every party has scrutineers at every polling station who supervise the counting and everywhere, two or more people are watching each other to make sure there's no funny business. Every position or proposition uses a different colour of paper, which go into different boxes that are supervised by two little old ladies or students who are picking up a couple of extra bucks for working that day and a couple of evenings previously for 'training'. How can any machine beat that idiot-proof, low-tech, inexpensive, extremely simple system?
While personally I think the overall system of party-based democracy has lots of problems, the one thing I don't doubt is that the vote totals reported are legitimate and represent the intention of those who have chosen to vote. If I had to trust a machine, I would be extremely leery of trusting the results...
[ link to this | view in chronology ]
Re: Voting Machines
[ link to this | view in chronology ]
Re: Voting Machines
But the question needs to be asked about voting is, is it appropriate?
Keep in mind that voting is ANONYMOUS and that fact means we cannot follow our vote as we can in other computer transactions.
Ergo, no electronics at all should be allowed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Subverting all the Devices in a County...
be limited to the votes recorded on that machine. At the very minimum,
this would force the attacker to compromise a large number of machines in
order to affect an election result.
"The damage could be extensive -- malicious code could spread to every voting
machine in polling places and to county election servers."
Holy ****! They've made it easy to compromise enough machines to
compromise an election. Nevermind the bad default password...
[ link to this | view in chronology ]
One vulnerability they've overlooked...
[ link to this | view in chronology ]
Re: One vulnerability they've overlooked...
Let's hope so, besides Sylar would be a better president than your current one ;-p
[ link to this | view in chronology ]
Re: One vulnerability they've overlooked...
[ link to this | view in chronology ]
Re: One vulnerability they've overlooked...
[ link to this | view in chronology ]
If it isn't open, it isn't secure.
[ link to this | view in chronology ]
Wanted: Former Diebold Salesperson for County Elec
[ link to this | view in chronology ]
What's the surprise here?
[ link to this | view in chronology ]
What's really needed...
The Cold War is not over; our foreign policy is still nothing but containment, and our own government is responsible for the "terrorist" attacks on 9/11. The majority of American citizens do not care to inform themselves of the truth of what’s going on around them. They will believe whatever they’re told from scripted news reports, from an even more corrupt and bent Media. The 2003 elections were rigged, and no one gave a shit then, so why should anyone now even when reports like these come out? World War III has already begun, and everyone’s too stupid to realize it. China is gearing up to become the next industrial superpower. Their foreign relations with the most prolific nations are becoming more and more favored.
The EU UN and the US keep pushing for “a New World Order” and are trying to dictate the rest of the world’s decisions. They say they’re policing the corrupt tyrannical governments, but really they’re just mobilizing troops. Granted most of this seems like a conspiracy theorists rant, but if you take a step back and look at the big picture you can see the steps are already being taken to try and implement some form of a global governing body. Much like how the US’s government gains more power with every new president, and becomes more and more federally controlled, NAFTA the EU, and the UN will keep slowly increasing their power until they’re the sole governing bodies of the world, which will likely be the result of another World War.
I wouldn’t be the least bit surprised if another “terrorist” attack were to happen sometime very close to the 2008 elections. More than likely a string of attacks to delay the election because “Our Nations Under Attack.” Considering Bush’s sole purpose as the president has been to do nothing but push for more and more legislation giving the Government the ability to do whatever it pleases with no repercussions whatsoever. The man refuses to pass any legislation that he doesn’t agree with. Not what the people of the US want, but what he specifically decrees as the “right” thing to do. The Patriot Act has become the new constitution, and if the FICA reforms being considered go into effect everyone’s rights become void. All the government has to do is say they believe you’re part of a terrorist organization and they can whisk you away never to be seen again.
Never before, and never since, has a steel structure building ever collapsed due to fire. 110-story buildings don’t fall straight down if they’re going to collapse. Thousands of reinforced joints don’t simultaneously fail at the same time, even if they are weakened. WTC building 7 we’re told collapsed because of fires as well. But WTC buildings 3, 4, 5, and 6 were left standing even though they took the brunt of thousands of tons of falling debris. The owner of the WTC buildings obtained the rights no less than six weeks prior to the incident, made exclusively sure that his insurance policy covered terrorists attacks, and received billions of dollars in return for the few millions he invested. Wake up, open your eyes, ask questions, and get involved. The youth is our future, but so long as we keep pulling the wool over their eyes, they will never be anything more than sheep herald to do the Sheppard’s whims.
[ link to this | view in chronology ]
Re: What's really needed...
So long as you realize it....
"Never before, and never since, has a steel structure building ever collapsed due to fire" --- And yet steel buildings need to have fireproofing....Also no steel building of that height has EVER been hit that high up by a 737 size craft, fully laden with jet fuel, with that type of force.
My point? Just because it hasn't happened before does not mean it has to be conspiracy. Bridges collapse as we have seen both recently and in the past due to stress and sudden impacts, why would a steel building be any different?
[ link to this | view in chronology ]
Re: Re: What's really needed...
As far as a plane running into the building, as noted it was designed for the impact. Not only that but the towers were built to withstand hurricane force winds in excess of 140 miles per hour. So one lonely plane smacking into the side of the building has nowhere near the amount of stress that winds can produce for days on end.
Flight 93 we're told to believe crashed into the ground. However if you've ever seen an actual plane crash, most of the wreckage is in a fairly close proximity to the crash site. Flight 93's was spread out over a very large area, more indicative of it being shot-down mid-air. At the pentagon; no damage done to the building would indicate a plane hit it. No engines were found, no 4-story tail section, no nothing. More importantly is how a plane hours later after the initial attacks could ever get through the most heavily air-traffic controlled region of US airspace. Also we're to believe that only one camera at the very center of our military could have seen the event. If you have ever been to the pentagon, you can clearly see they have cameras along the roofline spaced apart from each other about every 50ft. or so. Not to mention all the ones in the parking lots, and more than likely all the others they don’t want you to see.
Not a truth that's easy to swallow but if you allow yourself to just accept whatever the government tells you, then you're already failing as a true American in my eyes. Do some research, look up "steel building fires" and you'll notice that some buildings have had infernos, literally 10-stories engulfed in flames burning for over 24 hours. Yet they remain standing, in EVERY instance since and after. However, the fires in the WTC were starved of oxygen, which is why they put out such thick black smoke. Firefighter communication recordings say they encountered small pockets of fire that could have been put out with as little as two lines. As I said before, ask questions, get involved, become informed, and don’t just simply accept whatever the most power-hungry government in the world spoon-feeds you.
[ link to this | view in chronology ]
Re: Re: What's really needed...
[ link to this | view in chronology ]
Re: What's really needed...
There was no precedent of that so you can't say it's impossible.
Go watch Loose Change again or something. You obviously arn't going to believe the reality of the situation.
P.S: You may enjoy this one too, if you believe that crap. Unfastened Coins
[ link to this | view in chronology ]
Re: Re: What's really needed...
[ link to this | view in chronology ]
Re: What's really needed...
[ link to this | view in chronology ]
Re: Re: What's really needed...
[ link to this | view in chronology ]
Given the US President is pulling the strings of the world's most powerful country.
[ link to this | view in chronology ]
FP nailed it
> The reason there is not more outrage is an indication of
> the apathy of the US electorate.
I didn't understand voter apathy until I got involved with politics. Those pampered figureheads either don't have any idea what people want, or they truly believe that the people are fools. See also, you know, any government regulatory agency.
We are not represented in our government any more than we are represented in mainstream media. We are not the customers, and there's no room at the table for us because all of the seats have been bought and paid for by lobbyists who represent wealthy clients.
I don't see any grand conspiracy--just a widening disconnect between the government and the governed.
I do think that the GOP has conspired in the same way that it did in the 1970s, on a much larger scale. If they're caught, the party's over; if not, their influence will reach across political party lines. It's not a great time for democracy--but then again, it wasn't 100 years ago, when Teddy Roosevelt decided to screw J.P. Morgan and the rest of the capitalists. Hundred-year cycle, anyone?
[ link to this | view in chronology ]
password
[ link to this | view in chronology ]
Re: password
[ link to this | view in chronology ]
It's not hopeless
Other countries have succeeded in building trustworthy e-voting systems. this article cites the Australians as a good example.
[ link to this | view in chronology ]
Yes, the WTC was designed to be able to absorb a plane hit, but they never calculated that the fire-coating sprayed on the steel would blow off in the impact. The engineers knew that steel would melt in a fire and coated it, but now it's gone and only a matter of time until structural failure.
Wake up and realize the only pawns in this whole debate are the gullible people who believe the first, worst ideas they herar, and then are manipulated to try to undermine the world's greatest country which is under attack from terrorists, and now from idiots. For God's sake, LET IT GO!
CDR R., United States Navy
[ link to this | view in chronology ]
Re:
For reference jet fuel burns at a lower temperature than even regular petrol
I agree that there a certain amount of generalised conspiracy nonsense muddling the whole thing and to be honest I'm not sold on either story, but I have seen WTC7 collapse after a few sporadic (non kerosene fueled) fires in a top corner
It collapsed straight down which architects and engineers tell me is unlikely (actually they told me it was absofuckinglutley impossible for the type and amount of damage sustained)
If you want your country to remain the greatest country on earth it may be a good idea to have a proper analysis of what happened that day because somebody (terrorist or traitor) knows something that has so far gone unexplained and unnoticed - the first step in protecting yourself against any threat is to find out EXACTLY what you are protecting against
[ link to this | view in chronology ]
The world? Oh, you mean 'cos they helped put an absolute moron in charge of the supposed 'greatest country on earth' and now he's out of control and bashing up whichever country catches his fancy?
[ link to this | view in chronology ]