Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Government Politics

Diebold Security Foiled Again 201

Posted by Zonk from the please-think-then-vote dept.
XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"
This discussion has been archived. No new comments can be posted.

Diebold Security Foiled Again More

Diebold Security Foiled Again

Comments Filter:

  • Still in business (Score:5, Interesting)

    by j00r0m4nc3r ( 959816 ) on Thursday January 25, 2007 @05:16PM (#17758362)
    How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

  • New Vendor (Score:3, Interesting)

    by Divebus ( 860563 ) on Thursday January 25, 2007 @05:20PM (#17758426)
    It's time to look at some other vendor for voting machines and whatever else they make. Our future is too important to leave to stumbling bumblers like that. Anything can be defeated but shouldn't be as easy as this.

  • Re:Still in business (Score:5, Interesting)

    by gstoddart ( 321705 ) on Thursday January 25, 2007 @05:20PM (#17758444) Homepage
    How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

    That's because they aren't being viewed with a critical eye by the people buying voting machines.

    The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are.

    Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.

    Cheers

  • Re:the only thing.. (Score:4, Interesting)

    by SatanicPuppy ( 611928 ) * <SatanicpuppyNO@SPAMgmail.com> on Thursday January 25, 2007 @05:32PM (#17758654) Journal
    It's because the exit polling was a much closer match to the actual results, rather than having substantial irregularities or, as in the case of the 2004 election, actual instances of election fraud.

    Having both sides being extremely skeptical of the computer returned election counts is the only thing keeping anyone honest.

  • Re:Isn't this... (Score:4, Interesting)

    by Physics Dude ( 549061 ) on Thursday January 25, 2007 @05:54PM (#17758956) Homepage
    Isn't this the same key that will open mini-bars?



    Yes. From the article:

    " ... and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes."


  • Florida House 13 (Score:5, Interesting)

    by bloodstar ( 866306 ) <blood_star@ya[ ].com ['hoo' in gap]> on Thursday January 25, 2007 @06:05PM (#17759136) Journal

    Why are people ignoring what is going on in Florida House District 13?

    The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).

    There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.

    Links Below:
    http://www.heraldtribune.com/apps/pbcs.dll/section ?CATEGORY=NEWS0521&template=ovr2 [heraldtribune.com]
    http://en.wikipedia.org/wiki/Florida's_13th_congre ssional_district [wikipedia.org]
    http://www.verifiedvotingfoundation.org/article.ph p?id=6423 [verifiedvo...dation.org]
    http://www.cqpolitics.com/2006/12/the_cqpolitics_i nterview_chris_1.html [cqpolitics.com]

  • Re:It's a pin-based lock? (Score:3, Interesting)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday January 25, 2007 @06:09PM (#17759192) Homepage Journal
    Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

    Last I checked, it was called "milling", not "bridgeport operating". And you can go to a community college and gather the requisite skills in a three unit, one-semester class. Frankly milling is not very hard, it's not even slightly hard. The hardest part is remembering which way the table will move when you turn the crank.

    In fact it's probably harder to get accurate measurements with which to make your own key than it is to actually make the key.

    Frankly you don't even need to take a class. Everything you need to know is in the Machinery's Handbook [amazon.com], which is why it has over 2600 pages. All you need to know about appropriate cutting tools for different materials, feeds and speeds, it's all in there. It gives you the formulas AND the numbers to plug into them. But if you take that route, you will spend more time noodling around and fucking up than if you just take a class. Regardless, I received very little instruction on the vertical mill and was able to turn out some cute little parts that had no particular utility but were within half-a-thousandth tolerances. (We had learned the basics on the lathe. Most of the concepts are the same.)

  • You're barking up the wrong tree (Score:4, Interesting)

    by inviolet ( 797804 ) <slashdot@@@ideasmatter...org> on Thursday January 25, 2007 @06:38PM (#17759620) Journal
    This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.

    Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.

    So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.

  • Security... Paper Trail... (Score:3, Interesting)

    by Evets ( 629327 ) on Thursday January 25, 2007 @07:02PM (#17759938) Homepage Journal
    There are always a lot of complaints about the security of any Diebold voting machines. Then there's the constant complaint of a paper trail (my county now has paper-trail making diebold machines).

    What people should be pushing for is a voting system on commodity hardware. There's no sense in putting a million dollars forward for a small amount of "proprietary" machines that are all crap anyways. The only reason for wrapping a software solution in proprietary hardware like this is security through obscurity.

    Instead of complaining all the time about Diebold et all, what we should be doing is putting together a GPL voting solution. Once it is mature and stable, push our representatives to make the move.

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close