Diebold Security Foiled Again

XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"

National Election Commision

[ghoul]

The way to get rid of election controversies is to have a national election commission like in India. India has a lot more voters than the US and a much lower level of education but it manages to pull off general elections a lot more cleanly and fairly just because the standards are same for all elections and all precincts. The decentralized form of elections might have made sense for the age of horse coaches but in the age of internet it is not too tough to have thge same standards everywhere in the US

Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

Re:Still in business

[aquabat]

Two words: Government Contracts.

Re:National Election Commision

[Midnight Thunder]

Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

In many ways Diebold et al. are all showing symptoms of not realising that they are trying to add technology to the wrong part of the process. In many ways the punch card system or optical card reader systems are the better systems, since the paper trail exists before the vote is taken into account: WYSIWYG. The proposed solutions provide a paper trail as a result of the process, if at all. The problem with this is that the paper trail may not be a result of what you inputted.

Remember just because technology can be used for a process, it does not necessarily mean that technology is needed for the process. Technology is there to make a complex task simple, not the other way round.

This is a security company?

[Schraegstrichpunkt]

Do they even have any security-minded people working at this company? Publishing a picture of a real key is an understandable mistake, but why does the same key open every single voting machine?

Re:the only thing..

[truthsearch]

Funny how you only seem to be responding to the average media coverage and not the facts. Was no one interested or was the media (even non-mainstream) not interested? Plenty of investigations occurred. You apparently just didn't hear about them.

Re:What concerns me even more

[Anonymous Coward]

What, are you serious? You think they'd ever put out a system that would lose them money? Sure, every once in a while you hear about an ATM that had the factory default password still in place or took some common key but those are usually the fault of lazy/incompetent banks. Well, maybe not with the key.

But think about it, how often is it that anything errs in your favor? Bank magically gives you an extra $20? Phone company charges you at half rate?

Remember that story about the ATM that was pumping out $20s in place of some other bill? Free money right? Except they had records of every transaction.

If you want to worry about your bank account, place your worries on those holding your money.

Re:Still in business

[pilgrim23]

In the early 20th century, most cities had Trolly Lines. Most were electric. there was no need for road crowding, smoke billowing Buses. But Detroit realized building buses was a gold mine as long as City planning departments, the Mayor's urban task force and other such public servants could be persuaded to rip up the trolly lines. Thus our public leaders made decisions for the good of us all. The more it changes, the more it stays the same....

Re:Google

[Anonymous Coward]

Not only that, but the structure of the key has already been compromised. The only 'secure' answer here would be a recall of all Diebold machines which can be opened by that key. Every last one of them.

Sigh.

Re:What concerns me even more

[wpegden]

No, fear not. Like you, the people up top are much more concerned about correctly counting pennies than votes. Rest assured, your bank account is much more secure than any of your "freedoms" or "rights".

Re:It's a pin-based lock?

[bhsx]

Yeah, I guess if you were really serious about trying to rig an election it'd be hard to find someone with those skills... Oh wait...

The real world

[Kilz]

In the real world there are Election Judges. People who watch whats going on. This unlocking and tampering isnt going to happen in front of them. This is a proof of concept idea, and like a lot of them it takes some things for granted. Like "you will be able to do this and no one is looking, or will stop you". But in the real world that isnt the case. Try this in a real polling place and go to jail, go directly to jail, do not pass go , do not collect 200 dollars.

Re:Still in business

[jc42]

The people who are making those decisions continue to want to have the voting machines due to all of the evidence showing how unsecure/not-tamper-proof these things really are.

There; fixed it for you.

If you think the politicos making the purchase decisions are ignorant of the documented problems, you're incredibly naive.

Re:It's a pin-based lock?

[Tim C]

it requires some training and experience to actually know what you're doing.

So? How much time do you think you have between elections anyway?

Re:the only thing..

[Sj0]

What does it matter who wins or loses a single election if you hold the keys to the gate?

It's troubling that so many people are such linear thinkers. It makes it really easy to pull off Machiavellian subterfuge.

Re:Still in business

[cheezedawg]

Halliburton's (specifically Kellog, Brown, and Root) involvement in Iraq is a part of the multi-year LOGCAP contract that they won in 2001 after a competive bidding process. This was the second time that they had won the LOGCAP contract- the first time was during the Clinton administration. The Clinton administration also awarded several other contracts to Halliburton, such as the logistical support for the military action in the Balkans, and praised KBR for their work.

You can choose to see this as a conspiracy if you want, but it doesn't make you look very rational.