Diebold Voting Machines Vulnerable to Virus Attack 122
mcgrew writes "PC world is reporting that Diebold's super-popular voting machines are coming under even more scrutiny. A security review has revealed that they are simply 'not secure enough to guarantee a trustworthy election.' This is according to a report from the University of California Berkley, who did a two-month top-to-bottom review of all California e-voting systems. That's a subject we've discussed before, but Diebold's setup is truly unsettling. An attacker with access to a single machine could disrupt or change the outcome of an entire election using viruses. From the article: 'The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an election using the machines. "Malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day," it said. The source-code review went on to warn that commercial antivirus scanners do not offer adequate protection for the voting machines. "They are not designed to detect virally propagating malicious code that targets voting equipment and voting software," it said.' Oddly, my state of Illinois, long known for election fraud, has paper trails (at least in my county) and according to Black Box Voting doesn't use Diebold anywhere."
Re:Is it just me (Score:3, Interesting)
I would assume that these viral vulnerabilities are the contents of...
--
Toro
idea for an absolutely secure voting machine. (Score:5, Interesting)
Voting consists of dropping the Uranium into one of several lead boxes which contain giant magnets to keep someone from trying to alter votes by moving tokens from one box to another. At the end of the day, you read the results digitally with a geiger counter. Every party can be there with representatives, disagreements can be sorted out on the spot with a manual count in front of a multiparty committee. 100% foolproof.
Basically, I got the idea from Bruce Schnier, who observed that it's not such a bad idea for people to keep their passwords written down on a piece of paper in their wallet. After all, people already know how to keep their wallets secure.
The US Military already knows how to keep weapons-grade plutonium secure. Basically, my idea is to just piggy-back on that, to keep voting secure.
A lot of people like to stick with old, low-tech stuff, don't have the will to try anything new. "What about the radiation poisoning" they would no doubt whine. Well I say progress consists in throwing out what's old and "safe" and being bold. [diebold.com]
Why the hell use a "real" computer? (Score:3, Interesting)
Insecure (Score:2, Interesting)
And if so, should this not call into question the legitimacy of the reigning monar^H^H^H^H democratically elected Shrub on Pennsylvania Ave?
Re:MisUnderestimate (Score:2, Interesting)
Re:waht we've all been wondering... (Score:3, Interesting)
Programming Visual Basic over Access is first year Windows programming. I took this class, and I just wanted a networking education - worked out however since my current employer is married to SQL Server with Access front-ends for its OLTP (and their costly proprietary vendor is married to this idea too; $400 to edit some Visual Basic code, 10 lines max). Not very open, but we are managing to hack it daily. I'm sure this isn't allowed, per the license, but I'm already off on a tangent.
Point is, I hate working there.
Here's mine (Score:3, Interesting)
Machine prints ballot and shows it to the voter. Voter approves or discards it.
Ballot is fed into an optical scanner, which scans it. Scanner is implemented as absolutely simply as possible, by for example measuring levels of reflected light. No software.
Both the machine printing the vote and the scanner transmit their results to a comparator. This would be implemented in very simple electronics -- resistors, capacitors, and standard chips implementing logical functions. No custom components, or anything capable of running any sort of software. Comparator compares what the terminal said it printed, and what the scanner said it scanned. The result makes a simple mechanical component move (with a magnet for instance) so that the ballot is either stored or discarded. Comparator also increments a tamper-evident, mechanical counter.
Counter is built in such a way that each increment produces an audible sound, so that increments at the wrong time can be noticed.
Mechanism contains safeguards to verify that moving components actually moved to the intended position.
Interactions and interfaces between components are standarized. Each component is fabricated by a different manufacturer. Manufacturers are not notified who is working on the other parts. For best security, multiple manufacturers are asked to implement a solution, then the ones that passs the test are chosen at random.
Re:waht we've all been wondering... (Score:3, Interesting)
About 10 years ago in the City of Maroondah I received in the mail about five ballot papers addressed to names like "Jon Q Citizen, Jane C Jones", etc at my address. It looked like test data for training or testing purposes. Perhaps they forgot to delete the sample data before populating the database with a real electoral roll.
Needless to say, I didn't open the envelopes and use them to vote.