Have y'all seen the Berkeley report on Diebold code yet?

apologies if this is already posted, but I didn't see it on a search.

This has to be one of the most damning reports on Diebold ever.



Security Analysis of the Diebold AccuBasic Interpreter

David Wagner, David Jefferson, Matt Bishop
Voting Systems Technology Assessment Advisory Board (VSTAAB)
with the assistance of:
Chris Karlof, Naveen Sastry

University of California, Berkeley
February 14, 2006

1 Summary
This report summarizes the results of our review of some of the source code for the Diebold AV-OS
optical scan (version 1.96.6) and the Diebold AV-TSx touchscreen (version 4.6.4) voting machines.

<snip>

 Memory card attacks are a real threat: We determined that anyone who has access to a
memory card of the AV-OS, and can tamper it (i.e. modify its contents), and can have
the modied cards used in a voting machine during election, can indeed modify the election
results from that machine in a number of ways. The fact that the the results are incorrect
cannot be detected except by a recount of the original paper ballots.

 Harri Hursti's attack does work: Mr. Hursti's attack on the AV-OS is denitely real. He was
indeed able to change the election results by doing nothing more than modifying the contents
of a memory card. He needed no passwords, no cryptographic keys, and no access to any
other part of the voting system, including the GEMS election management server.

 Interpreter bugs lead to another, more dangerous family of vulnerabilities: However, there is
another category of more serious vulnerabilities we discovered that go well beyond what Mr.
Hursti demonstrated, and yet require no more access to the voting system than he had. These
vulnerabilities are consequences of bugs|16 in all|in the implementation of the AccuBasic
interpreter for the AV-OS. These bugs would have no eect at all in the absence of deliberate
tampering, and would not be discovered by any amount of functionality testing; but they
could allow an attacker to completely control the behavior of the AV-OS. An attacker could
change vote totals, modify reports, change the names of candidates, change the races being
voted on, or insert his own code into the running rmware of the machine.

 Successful attacks can only be detected by examining the paper ballots: There would be no
way to know that any of these attacks occurred; the canvass procedure would not detect any
anomalies, and would just produce incorrect results. The only way to detect and correct the
problem would be by recount of the original paper ballots, e.g. during the 1 percent manual
recount.

 The bugs are classic, and can only be found by source code review: Finding these bugs was only
possible through close study of the source code. All of them are classic security
aws, including buffer overruns, array bounds violations, double-free errors, format string vulnerabilities, and
several others. There may, of course, be additional bugs, or kinds of bugs, that we did not
find.



full report:
http://www.solarbus.org/election/docs/security_analysis_of_diebold.pdf

spread it around.

how could any election official use Diebold after reading this report?

since the slimy Arnold appointed republican Bruce McPherson, CA Secretary of State... and republican McPherson quietly pushed through the Diebold machines on a Friday night of a three day week-end without the promised hearings...This of course is all Rove & White House sponsored tactics to steal the nations most populous democratic state for republican control!!!

…remember how their referenda went DOWN IN FLAMES in California last November.
They just couldn't steal enough votes to push them through.

They want to make it like Ohio, where Blackwell can make the results be anything he wants --
losing by a landslide 2-1 margin? No problem! Presto Changeo and the 'Thugs "won" by 2-1!

have also played a major role, and not just in Florida 2000 - READ THIS if you haven't already:

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=132x2489123
title: Ohio '04 308,000 VOTERS CUT FROM THE ROLLS PRIOR TO THE VOTE

Read the whole Fitrakis/Wasserman article cited in the opening post. We have to fight the machines and we also have to fight the other routes to election fraud. Exposure and publicity is an important step for all of this.

Basically if the vote is too close to steal electronically without alerting voters that something is suspicious, they have to manipulate the vote in other ways too. Voter registration purging is one of those ways.

K & R - more visibility with 20 votes

from receiving absentee ballots. 58 THOUSAND voters, in Broward alone, didn't receive their ballots.

counting and the owned Corporate Press to suppress all news. The evidence of the stolen election just comes at you from every direction. I hope their arrogant assumption that they can keep this crime - like their others - buried proves to be spectacularly overconfident and that the American public finally sees the truth and acts on it.

Why not just hand count them also? I don't get this 1% stuff. The people who like speed in the count get it(optiscan) and the people who want accuracy, and don't give a shit how long it takes, so long as it is within reason also get it(hand count).

This way everyone gets their way, and the only time there is a problem is when the machine count and the hand count don't mesh.

It seems simple enough I just don't get what the problem is.

use the damn machines to verify the hand count, not the other way around.

Why do you hate our election machine vendors. :rofl:

I could use some help clarifying this.

I know David Jefferson was the head of the technology committee that reported to the CA Voting Systems and Procedures Panel, which reported to the CA Secretary of State. Now that the VSPP has been disbanded, I'm not up to date on what replaced it. Was it the VSTAAB?

Anyway, my understanding is that these are the "techies" who the SOS is supposed to be listening to about the voting machines. They work for the State, as I understand it.

Someone please correct me if I'm wrong here.

Garybeck, thanks for posting this.

And they are the "techies" who the SOS is supposed to be listening to.

And they told McPherson the machines have big problems.

They also answered McPherson's question that went something like, even if the machines are messed-up, what bandaid could be put on them.

They shouldn't have been asked that.

thanks for posting garybeck!

:yourock:

ps thanks for the newsletter as well.

it never hurts to call it to people's attentiona again who haven't seen it.

They determine our representatives. They determine our leaders. They determine our laws.

One Corporation.

How weak is our Democracy when it can be held hostage by ONE Corporation?

who is funding the corporation?

where is the money flowing?

it's not Diebold per se that is doing this. they are the mechanism.

follow the money.

earlier about it.

Did you also see that the Gems Tabulator wasn't covered AT ALL?!

Excerpt from page 6:

Though it does seem logical to review the entire system.

Still, the aim of the study was to look at the interpreted code and memory card.

ITA didn't touch it either, did they?
How can they legally usher in the use of these vote-fraud machines, when one of the most widely-acknowledged problems isn't even addressed?

(Though we could ask which version.)

It was the memory cards that hadn't been reviewed. McPherson cited that as his reason for sending Diebold back to the ITA.

In that way, McPherson wasn't asking the ITA to review what they had already reviewed (however carelessly or not).

if every precinct posts their results publicly BEFORE they are sent to the tabulator, doesn't that solve the problem?

But then, what part of the Diebold system isn't.

I wonder too why this isn't being addressed:
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=203&topic_id=378552&mesg_id=378674



So Diebold *is* making changes to their equipment. They're making them easier to hack -- and making it more difficult to detect any hacking.

The cards were sent back because they never should have been certified in the first place (interpreted code).
Obviously, GEMS should not have been certified either.

TSx machines' crashing & freezing printers weren't addressed either.
It's all so slipshod and corrupt.

ie: It had been tested, and McPherson was pointing to the interpreted code.

Fact is, he didn't ask them to re-look at anything else. I really didn't expect him to anymore than I expect him to send all the machines back, regardless of vendor.

I can only recommend this thread once. :(

...surprised this hasn't made a bigger splash.

It's all in there.

The ITA's report just came out.

http://www.ss.ca.gov/elections/voting_systems/security_analysis_of_the_diebold_accubasic_interpreter.pdf


An article about that.
http://votetrustusa.org/index.php?option=com_content&task=view&id=991&Itemid=113

program that is undectable.

STOP DIEBOLD!