BradBlog/John Gideon: Diebold's Deliberate Security Vulnerability

DIEBOLD'S DELIBERATE SECURITY VULNERABILITY

EXPERTS AGREE: 'It's the Most Serious Security Breach Ever Discovered in a Voting System"

3 States Issue Mitigation Plans, Georgia Ignores The 'Black Hole', AP Ignores BRAD BLOG Reporting...

by John Gideon

5/11/2006

snip

This is a 'feature' that was knowingly installed by Diebold. It was not a mistake or something that was overlooked in the design of the software. It is not a 'bug', 'glitch', 'flaw', 'error in programming' or any other simplistic name. Michael Shamos, a Carnegie Mellon University computer science professor and veteran voting-systems examiner for the state of Pennsylvania has said this:


Johns Hopkins University computer science professor Avi Rubin, who published the first security analysis of Diebold voting software in 2003 had this to say:



snip/links

http://www.bradblog.com/archives/00002814.htm

Our uniter and decider has stolen too much, lied too much, sneered too much and an xxxxxxxxxxx who lives to take revenge.

That is the only way they will listen. Public exposure has been used many times with security exploits involving software like Microsoft Windows. The vendors cannot ignore a serious security flaw that is in the wild and nor can election supervisors.

on these POS vote eaters and let a precinct full of voters get an eyeful.

:)

It's not hacktivism, and it's not grey-hatting. Does anyone know what I barely know what I'm talking about?

There are many kinds. Basically there is a set time limit till the exploit is released publicly. This gives the vendor time to fix their problem. In this case, I don't believe Diebold should have this opportunity since it is a built in feature and not a "glitch".

http://www.cert.org/kb/vul_disclosure.html

http://www.wiretrip.net/rfp/policy.html

and deal with touchscreens all day long. Of the 6 of them in our store 4 of them need to be turned off in a specific way. I touch the top right hand corner of the screen and hold my finger down for 2 seconds and up pops the administrative menu... from there i can get to anything in the system. Customer orders and addresses, machine settings, the Delete All Orders button, etc... all just by knowing that i can press and hold on the top right corner of the screen... makes you think.

Also, when i was in high school (late 80's) i had a neighbor who programmed video games for Sega(?)... and he told me that EVERY video game had a backdoor. There was ALWAYS a secret combination of joystick/button presses that released the "deposit 25 cents" header and got you FREE GAMES until the machine was restarted. Course he never told me any of those combos, but he claimed to know a few...

:scared:

Thank.You. Brad! K&R!