Security and Privacy Blog
Gregg Keizer Keeps You Up To Date
One Man, One Vote...One Machine, One Million Votes
Who would have thought we'd be looking back on chads, as in "chads, hanging" with fond memories?
Researchers have pegged a new bug in a widely-used electronic voting system as the "worst ever."
Great.
And I thought it was bad because a worm might hit Microsoft Exchange any day now...
It gets better. It's not really a bug, see, it's a feature. At least that's how it looks to Diebold Election Systems, the Ohio-based maker of the gizmos. The security hole was installed so updates could be quickly deployed. Here, however, "hole" sounds like "backdoor."
And according to several computer researchers -- as reported by yesterday's Oakland Tribune, which broke the story -- the backdoor can be accessed by anyone armed "with a common computer component and knowledge of Diebold systems," then used "to load almost any software without a password or proof of authenticity and potentially without leaving telltale signs of the change."
more...
http://techsearch.cmp.com/blog/archives/2006/05/one_man_one_vot.html?loc=security_and_privacyDiebold voting machine spurs security concerns
Thursday, May 11, 2006
Dan Goodin
Associated Press
San Francisco- Officials overseeing elections in three states have directed local authorities to take additional security measures with a popular type of electronic voting machine to prevent election fraud.
California, Iowa and Pennsylvania issued the voting directives in recent weeks after researchers discovered a feature that could allow someone to load unauthorized software on Diebold Election Systems computerized machines.
Diebold is a unit of Green, Ohio-based Diebold Inc.
A hacker theoretically could use the software to rig or sabotage an election or to perform some other unauthorized function, said Michael Shamos, a computer science professor at Carnegie Mellon University.
"It's worse than a hole," said Shamos, who has been briefed on the vulnerability of the Diebold machines. "It's a deliberate feature that was added by Diebold that we all believe is unwise."
In the wake of the ballot-tabulating problems that plagued the 2000 presidential election, electronic voting has become a flash point for many people concerned about fair elections. Critics charge that electronic voting machines are too susceptible to fraud and error to be trusted and should not replace traditional balloting until proper safeguards are installed.
http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1147347050148670.xml&coll=2Scientists call Diebold security flaw 'worst ever'
Critics say hole created for upgrades could be exploited by someone with nefarious plansBy Ian Hoffman, STAFF WRITER
Computer scientists say a security hole recently found in Diebold Election Systems' touch-screen voting machines is the "worst ever" in a voting system.
Election officials from Iowa to Maryland have been rushing to limit the risk of vote fraud or disabled voting machines since the hole was reported Wednesday.
Scientists, who have conferred with Diebold representatives, said Diebold programmers created the security hole intentionally as a means of quickly upgrading voting software on its electronic voting machines.
The hole allows someone with a common computer component and knowledge of Diebold systems to load almost any software without a password or proof of authenticity and potentially without leaving telltale signs of the change.
"I think it's the most serious thing I've heard to date," said Johns Hopkins University computer science professor Avi Rubin, who published the first security analysis of Diebold voting software in 2003. "Even describing why I think it's serious is dangerous. This is something that's so easy to do that if the public were to hear about it, it would raise the risk of someone doing it. ... This is the worst-case scenario, almost."
more...
http://www.insidebayarea.com/oaklandtribune/localnews/ci_3809493