Diebold Voting Systems Grossly Insecure

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

Ah-ha!

[grub]

voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.

Were they testing these in Florida a few years ago?

So it's only a matter of time

[Hayzeus]

till I ascend to the Governorship of Louisiana. Start reaching into your pockets, now folks -- Big Daddy's open for Bidness!

*sigh*

[Ummagumma]

You would think, with all the qualified unemployed software engineers out there, they could at least hire a few...

Well yeah!

[cspenn]

You can't expect a secure voting machine! I mean, how else can [insert current party in power] rig the next election unless the machines are grossly insecure?

What, you were expecting fairness?

Aha!

[TerryAtWork]

That explains why the L337 P4rt'/ swept the last elections....

Feature?

[fraudrogic]

For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal

Diebold Salesman: "This is a feature, an unintentional extra for your customers!"

CBN2004

[blowhole]

Cowboyneal for office!

Reporter: "Mr. Neal, under what platform are you running?"
CBN: "Redhat Linux 9"
Reporter: "..."

Yay!

[JanusFury]

It says in the article that this company makes ATMs. I think I'm going to go get some free money.

Re:Ah-ha!

[Mr Teddy Bear]

YAY! Now I can finally get Mickey Mouse to take a state!

Or another one: Maybe with this installed Perot could have had a chance! :-P

Re:Ah-ha!

[Glonoinha]

Dammit, that's a bug.

Unlimited voting was supposed to be restricted to the elite voters that have insider privileges.

Expect a patch.

Look at the bright side

[Gzip Christ]

In practical terms, this means that elections will go from being controlled by corporations to being controlled by script kiddies. Cool! CowboyNeal for president in 2004!

Poor choice of words

[PontifexPrimus]

"This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said, "so this is a step forward."
Isn't that a rather poor choice of words when talking about program code? And is hacking an iceberg permissible under the DMCA?

Re:*sigh*

[Trolling4Dollars]

That would make our election system a lot like Slashdot. Especially where trolling is concerned. No matter. That's what Scalia was in the 2000 elections anyway. ;P

Re:Flaws still unfixed after ***5 Years***

[TopShelf]

Flaws? I thought they were features...

Don't you realize that ...

[burgburgburg]

if you continue to question the legitimacy of the 2000 elections, the terrorists win? He was clearly selected.

Now turn off your computer, sit there calmly and wait for the soldiers to cart you off as the enemy combatant that you obviously are.

Solution?

[Aluvus]

If the system is insecure, why not have someone boost its ego?

Chads == Pointers ??

[SkiddyRowe]

If recounts came about due to a close race, would they count dangling pointers?

Re:Ah-ha!

[Patrick13]

Reporter: One voter, 16,472 votes -- a slight anomaly...?

Black Adder: ...The number of votes I cast is simply a reflection of how firmly I believe in his policies.

From the Black Adder [dar.net]

You see why a Republic is more efficient?

[Rogerborg]

In a democracy, we'd have to go to the expense of counting the actual votes. In our brave Republic, our leaders save our tax money by deciding in advance who will win and how many votes they'll get, so we can get back to our bread and circuses. God save the Ki- President!

Re:Ah-ha!

[Anonymous Coward]

I have a gift for you:

</a>

Re:Open Source?

[Patrick13]

Okay so who's going to port the "Hot or Not" code to run on these Diebold voting machines.

Re:Ah-ha!

[Entropius]

Mickey Mouse already has a senate seat... what state is Fritz Hollings (D-Disney) from again?

Re:*sigh*

[nelsonal]

If voting were like slashdot

Ladies and Gentlemen... THE PRESIDENT OF THE UNITED STATES... the Goatse guy.

Re:*sigh*

[leeet]

Duuuude, 70k? Oooaahh, whatever dude, you're so, just like way under paid dude. Where are your expectations man?

I won't take anything under a totally cool 100k dude.

Chill out man, 70k... geee....
BTW, I learned java *AND* MSCE (whatever) in toootally insane 14 days dude. Top that!

... allows the voter to cast unlimited votes

[fulldecent]

And this year's voting turnout is: 500%

This explains the Republican congress and senate

[HanzoSan]

I thought it was kinda strange for republicans to have all these easy landslide victories suddenly.

Interesting.

the insecure code

[Frymaster]

the code line that was regarded as insecure:

if(bush)
bush++;
else
bush++;

In Maryland You can Register Your Dog To Vote

[mcwop]

It happened

See Here [papillonsartpalace.com]

Re:DMCA in action! (related side note)

[Anonymous Coward]

AC, I know, I know.

I thought of a very interesting consequence of the DMCA recently that I haven't seen mentioned anywhere else. The DMCA can actually be used against itself.

Okay, follow me here. It's no crime to create a word processor that looks exactly like Microsoft Word, as long as it has all things Microsoft removed from it. So let's just say that I hacked out the word Microsoft from the binary, and put in Cardshark instead, making it Cardshark Wordmaker.

Now I encrypt the binary, and add a decryptor at run-time to load it into memory. Now I start selling pirated versions of Word. The only way for Microsoft to prove that it's a pirated Word is by circumventing my copyright device.

Obviously this is example has holes in it, but consider a similar situation where only a small amount of code was stolen, rather than a whole application. How can legitimate software companies be sure no one is stealing their work, without running afoul of the DMCA? You would have to break the law to prove someone else was breaking the law.