Master Diebold Key Copied From Web Site

Harrington writes "In another stunning blow to the security and integrity of Diebold's electronic voting machines, someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company's own website. " Update: 02/06 17:40 GMT by Z : We previously discussed this story, early last year.

Déjà vu?

[daveschroeder (516195)]

Hmm, I seem to recall this story from somewhere...it sounds somehow strangely familiar...almost as if this exact thing had occurred before...

Oh, that's right, this story was covered -- right here on slashdot, no less -- a year ago [slashdot.org], complete with a link to the very same now-year-old blog post [bradblog.com], which was significantly updated [bradblog.com] at the time, and caused Diebold to remove the photo in question! (A very generic key form [freedom-to-tinker.com] was used.) Might want to update this post...

Archives - January 2007 should be a clue. Or at least one would hope.

While you guys are at it, can you fix your patently incorrect story [slashdot.org] about Iran being "offline", when it clearly and provably isn't [slashdot.org], thereby negating the main premise of the story? You know, since no one seems to care about anything sent to the on-duty editor email [wisc.edu].

Slashdot is really on fire today!

Re:

[Deanalator (806515)]

Yes, if slashdot did some automated submission comparison like digg, we might actually be able to avoid some of these dupes. Slashdot has a lot to learn from digg, and should copy it in every possible way. Maybe they can keep the cowboy Neal polls just for the nostalgia.

Re:

[gnick (1211984)]

Do you know what you get when you

copy [digg] in every possible way

?

You get digg. If you prefer digg, the address is: http://www.digg.com/ [digg.com].

Although I agree - An automated dupe checker seems appropriate for things like this...

Re:

[Megane (129182)]

Except that this was a dupe on digg yesterday. Oops! So much for the "automated submission comparison"!

Maybe if the submitters (and /. editors) would actually pay attention to URLs with obvious dates in them?

Re:Déjà vu?

[dattaway (3088)]

The real story is someone hacked a Diebold voting machine to host Slashdot. Notice how this site is running slower than usual, turning out false stories, and running dupes?

Re:Déjà vu?

[elrous0 (869638)]

The truth is that "Zonk," "CowboyNeal," etc. are actually just programs running on a server in Wisconsin. But the programs have a serious memory leak problems which only get worse if the server isn't rebooted ever few months. The guy who was supposed to reboot it this time couldn't afford the gas to Wisconsin.

Details of picture in case of slashdotting

[by Anonymous Coward]

The picture was of a piece of luggage with the combination of "12345."

Pretty damn stupid to use that as a master key.

Re:

[Nimey (114278)]

And change the combination on my luggage!

USA to the rescue

[rdradar (1110795)]

Soon on Slashdot: USA bans images on the internet as a safety method, "Evil hackers posting these so called images danger our protections, and we have to ban them all".

Slashdotted - link to google cache

[dk90406 (797452)]

http://64.233.183.104/search?q=cache:FcvferlnsJAJ:www.bradblog.com/%3Fp%3D4066+site:.bradblog.com+diebold&hl=en&strip=1 [64.233.183.104]

Slashdot

[Taimat (944976)]

With the way it's gone so far today, apparently, slashdot is hosted in Iran.

Re:Slashdot

[TubeSteak (669689)]

I keep getting this error message
Am I reading too much into it?

503 Service Unavailable
The service is not available. Please try again later.

Spreading Democracy Begins at Home

[Doc Ruby (173196)]

Any country making both democracy and security its highest priorities for years, even at cost of a perpetual state of emergency, suspended liberty, thousands dead and many tens of thousands wounded (multiplied in the non-American casualties), unsupportable debts, alienating allies and activating enemies, would immediately remove these untrustworthy machines and never allow their vendors or technologies into the critical path of its government again.

Such a country would never have allowed such a risk at all, either before or after such vulnerabilities were publicly exposed.

But instead, this story will become a footnote. Precisely because there's an election going on. An election that is threatened by these untrustworthy machines.

Since those priorities were set and executed by a government installed on the reports of these kinds of untrustworthy machines, I guess we've got everything we deserve.

Re:

[bughunter (10093)]

You seem to be misunderstanding the plan. The easiest way of "spreading Democracy" to the parts of the world under the rule of despots and corrupt plutocrats is not ridding the world of despotism and corruption.

No, it's by redefining "Democracy at home" to include despotism and corruption.

So far, their plan is working well.

Re:

[mi (197448)]

But instead, this story will become a footnote. Precisely because there's an election going on. An election that is threatened by these untrustworthy machines.

Although, indeed, appalling, the threat is overblown. AFAIU, it would still require someone to visit each machine in person in order to affect its results. This simply is not enough to sway the overall results of an important election.

Even if the "swingiest" district of the "swingiest" State is attacked via this exploit, the "winner" would still n

Stupid tags

[Buran (150348)]

Dupes aside, WTF is with the insane and stupid tags? I thought a system was implemented that would wipe out crap like "haha". It's driven me nuts for a long time and I was glad when the system was "fixed". Looks like it re-broke.

But then, this from the software that STILL doesn't have an edit button!

Well...

[Black Parrot (19622)]

What's the problem? We've all been demanding "open" elections.

Social Engineering

[ObiWanStevobi (1030352)]

While this story may be old, it was not a major election year when it ran, and all the e-voting problems still have not been fixed. So it is at least worth mentioning again, I think. Also, this story serves as a reminder that the most fearsome element of malicious "hacking" is not some geek with uber skills in a dark room, it's the information we willingly give out without realizing the danger.

Ok, I done trying to be constructive. I always was mostly a crowd follower, so here goes: Slashdot sucks and I hate them for posting this story.

If they'd post the vote...

[fahrbot-bot (874524)]

...the machines are pre-programmed to cast, someone could photocopy that and save us all the trouble of actually voting.

Bad move

[Z00L00K (682162)]

First it's a bad move to post the actual key on the website. Maybe it works on their ATM:s too?

Second, from the appearance of the key it seems to be a lock that's EXTREMELY easy to pick so the effort to make a copy - even by trial and error - would be small.

So if everybody that knows that Diebold machines are in use during an election makes their own key and just unlocks it and leaves the machine open... That could be for some interesting news. Votes dismissed due to irregularities - 50%. Just make sure that the machines is in the counties populated mostly by your opponent.

And - what stops one from ordering keys from Diebold?

Re:

[bughunter (10093)]

Indeed. We all recall the Princeton report earlier this year that described the locks as so ineffective that they could be picked with a "common office implement" in under 30 seconds. Don't we?

SFX: WAVY FLASHBACK LINES

The lock is easily picked--one member of our group, who has modest locksmithing skills, can pick the lock consistently in less than 10 seconds. Alternatively, this slot can be reached by removing screws and opening the machine. Some attackers will have access to keys that can open the lock

Re:

[Jugalator (259273)]

Yeah, either this is from Digg, or from Reddit. I saw the same old today on Reddit... I haven't bothered comparing the dates to see who was first though.

But it's an interesting new problem in social news reporting. News tend to spread like wildfire, but that also includes bad or confusing reporting. This isn't the first time it has happened, at I predict it will become tremendously more common in the future, the more interconnected and popular social news sites like Slashdot (it now is one too especially si

Re:

[Miseph (979059)]

I've got an even better one for stamping out abuse... use paper ballots designed such that each potential vote is listed on one line with a hollow oval at the far end, then have each voter fill in the appropriate dot with a provided pen and run the ballots through a machine designed to read such ballots and compile the results as appropriate.

You know, the same way that many institutions grade multiple choice exams.

The best part is that this is not only comprised entirely of existing technology, but that it

Re:Please explain

[epsalon (518482)]

The major difference here is a subtle but important one. With the banking system, if someone manages to get money or goods they are not entitled to, someone will be missing that money or goods and that someone will know about it once they take inventory or reconcile the numbers. These systems are routinely attacked and banks do lose money to fraud, and they invest in security enough so that the cost of fraud is less than the cost of the security measures.

With voting, the party that loses due to fraud is the public, and especially if there is no paper trail, there is no way to prove that any fraud did actually take place. It's very easy to make machines that count votes, it's basically impossible to make those machines such that no one involved could manipulate the results from the election officials, executives, programmers, and voters. With a paper election, the fraud-proofness is guaranteed though the fact that votes are opened with representatives of the various parties in place, and tallies are signed and published so that any fraud could be easily detected by the interested parties.

You trust ATMs?

[argent (18001)]

Can someone please explain to me why an electronic voting machine is a Bad Thing(tm)?

If something goes wrong with your ATM you know it happened right there when it happened, you contact your bank and get it fixed right then. And even then, you don't really *trust* the ATM. At least I hope you take your paper receipt, and check your balance, and if they don't match you can STILL call the bank about it.

If something goes wrong with your voting machine you NEVER know about it, because you don't get any feedback