Diebold Security Foiled Again 201
XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"
Still in business (Score:5, Interesting)
New Vendor (Score:3, Interesting)
Re:Still in business (Score:5, Interesting)
That's because they aren't being viewed with a critical eye by the people buying voting machines.
The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are.
Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.
Cheers
Re:the only thing.. (Score:4, Interesting)
Having both sides being extremely skeptical of the computer returned election counts is the only thing keeping anyone honest.
Re:Isn't this... (Score:4, Interesting)
Yes. From the article:
" ... and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes."
Florida House 13 (Score:5, Interesting)
Why are people ignoring what is going on in Florida House District 13?
The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).
There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.
Links Below:n ?CATEGORY=NEWS0521&template=ovr2 [heraldtribune.com] e ssional_district [wikipedia.org] h p?id=6423 [verifiedvo...dation.org] i nterview_chris_1.html [cqpolitics.com]
http://www.heraldtribune.com/apps/pbcs.dll/sectio
http://en.wikipedia.org/wiki/Florida's_13th_congr
http://www.verifiedvotingfoundation.org/article.p
http://www.cqpolitics.com/2006/12/the_cqpolitics_
Re:It's a pin-based lock? (Score:3, Interesting)
Last I checked, it was called "milling", not "bridgeport operating". And you can go to a community college and gather the requisite skills in a three unit, one-semester class. Frankly milling is not very hard, it's not even slightly hard. The hardest part is remembering which way the table will move when you turn the crank.
In fact it's probably harder to get accurate measurements with which to make your own key than it is to actually make the key.
Frankly you don't even need to take a class. Everything you need to know is in the Machinery's Handbook [amazon.com], which is why it has over 2600 pages. All you need to know about appropriate cutting tools for different materials, feeds and speeds, it's all in there. It gives you the formulas AND the numbers to plug into them. But if you take that route, you will spend more time noodling around and fucking up than if you just take a class. Regardless, I received very little instruction on the vertical mill and was able to turn out some cute little parts that had no particular utility but were within half-a-thousandth tolerances. (We had learned the basics on the lathe. Most of the concepts are the same.)
You're barking up the wrong tree (Score:4, Interesting)
Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.
So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.
Security... Paper Trail... (Score:3, Interesting)
What people should be pushing for is a voting system on commodity hardware. There's no sense in putting a million dollars forward for a small amount of "proprietary" machines that are all crap anyways. The only reason for wrapping a software solution in proprietary hardware like this is security through obscurity.
Instead of complaining all the time about Diebold et all, what we should be doing is putting together a GPL voting solution. Once it is mature and stable, push our representatives to make the move.