Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
United States Crime Government Security Politics

Pennsylvania's Voting Machines Are Running Windows XP (cbsnews.com) 140

Slashdot reader rmurph04 writes: As reported by CBS News, the battleground state of Pennsylvania might as well have a target on its back as Election Day nears, the cybersecurity company Carbon Black warned in a new report released Thursday. Across the state, most Pennsylvania counties use particularly high-risk electronic voting machines that leave behind zero paper trails, which could be useful to audit the integrity of votes cast. In addition, many of these machines -- called "direct-recording electronic" machines -- are running on severely outdated operating systems like Windows XP, which has not been patched by Microsoft since 2014.

According to the survey more than one in five registered U.S. voters may stay home on Election Day because of fears about cybersecurity and vote tampering. Respondents believe a U.S. insider threat poses the most risk (28%), followed by Russian hackers (17%) and then the candidates themselves (15%).

This discussion has been archived. No new comments can be posted.

Pennsylvania's Voting Machines Are Running Windows XP

Comments Filter:
  • Desktop XP or XP POS (Score:5, Interesting)

    by lister king of smeg ( 2481612 ) on Saturday October 01, 2016 @05:38PM (#52995569)

    Are they running the POS or embeded that are still getting updates? Just saying XP isn't exactly helpful.

    • by Anonymous Coward

      You are right, XP is a piece of shit.

  • by thegarbz ( 1787294 ) on Saturday October 01, 2016 @05:39PM (#52995571)

    What a dumb thought process. Someone may try rig the election so I'm not going to bother going to vote? Who's brain works like this?

    • by Anonymous Coward on Saturday October 01, 2016 @05:49PM (#52995631)

      What a dumb thought process. ... Who's brain works like this?

      The same idiots who gave us a choice between Ms. repulsive and Mr. truly scary.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        What a dumb thought process. ... Who's brain works like this?

        The same idiots who gave us a choice between Ms. repulsive and Mr. truly scary.

        What's "truly scary" about Trump? The press will do it's job if Trump wins, and keep him honest.

        Crooked Liar Hillary! is the truly scary one - the press has already completely abdicated it's role in keeping Crooked Liar HIllary! honest.

        The press is so fawning over Crooked Liar Hillary! that she's allowed to get away with lying over and over again about commiting multiple felonies with her mishandling of classified data that "never existed" on a personal server that also "never existed".

        "They weren't marked

      • Try watching George Carlin's video on why he doesn't vote.

        We have no choices. They're both idiots and the American population seems to believe that they can't vote for anyone but a Democrap or a Repugnican.

        • He's not funny, and he's not insightful.

          In my experience only truly stupid people find him to be either.

          Also, in my experience truly stupid people think that not voting is somehow political action.

        • by Sique ( 173459 )
          Not voting always means voting with the majority. Not voting means agreeing with whoever wins. Whatever George Carlin thinks he's doing, the arithmetics of elections means that he just becomes a majority voter.
    • Someone may try rig the election so I'm not going to bother going to vote? Who's brain works like this?

      Someone who wasn't going to vote anyway, but this makes a better excuse than "Luke Cage is on."

    • by Hognoxious ( 631665 ) on Saturday October 01, 2016 @05:51PM (#52995643) Homepage Journal

      Who's brain works like this?

      I have no idea who is brain. Pinky's friend?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Who's brain works like this?

        I have no idea who is brain.

        No, the OP seems to be questioning whether the brain of "Who" works like this. Unfortunately, we're no closer to knowing who's Who.

        • by Anonymous Coward

          He's on first base

      • Who's brain works like this?

        I have no idea who is brain. Pinky's friend?

        Whose Pinky?

      • by Bob_Who ( 926234 )

        Who's brain works like this?

        I have no idea who is brain. Pinky's friend?

        My Brain, that's Whose...
        Who's me
        Horton Hears me.
        He never forgets a dinky pinky.

    • by rtb61 ( 674572 )

      Apparently the corporate executive team that asked the questions. Going from link to link, finally to get some of the question, it is pretty clear the correlation between fears the vote will likely be hacked by the current US government and not bothering to vote is purely speculation, not going to vote actually reflects the dissatisfaction with the current election cycle.

      It makes much more sense to vote third party than not to vote at all. It will be a very messy four years after the election, whom ever

    • Who's brain works like this?

      Clinton's big problem is voter indifference. People don't like Trump, but they don't like Clinton enough to vote for her.

      Articles like this are intended to nudge tepid Clinton supporters to get out and vote.

      • In PA, where Trump has been talking non stop about the trade deals, there is likely to be a surprise blue collar support for him. The people who don't like him are the politicos anyway
  • by ArtemaOne ( 1300025 ) on Saturday October 01, 2016 @05:44PM (#52995597)
    Granted, XP sucked SO bad when it launched. It was nearly unusable for the first year, then it just became tolerable to switch from Windows 2000 with SP1. But why the complaint? These are not network connected, so the concerns of the OS are really pointless. If there's a security threat, like open physical ports, then address those. XP isn't some boogey man. Be specific.
    • The person making the claim can't be specific. Being specific would not only get him exposed to hacking charges, but XP Embedded Standard is supported by Microsoft until 2019. The guy is an attention whore. OMG say it isn't so - an obscure CyberSecurity company trying to get attention and a TV station falling for it?
  • by overshoot ( 39700 ) on Saturday October 01, 2016 @05:48PM (#52995623)
    I would have figured Win98 or maybe WinME.
    • My favorite Nathan for you running joke is Windows 95. "You're still running Windows 95? My parents got rid of their Windows 95 computer because minesweeper stopped working."
    • At least it isn't Win10, so we don't have to worry about them forcing an update on themselves the day before election day, then failing and going into an update loop.
  • by Chelloveck ( 14643 ) on Saturday October 01, 2016 @06:00PM (#52995677) Homepage
    Unpatched XP? So what? What's the threat model? Are these things online? I'd be worried about the latest OS running today's patch set online. Are they worried about tampering by election officials? Physical access is access. Again, the latest patches won't help. What threat do they think will be thwarted by current software?
    • by dwywit ( 1109409 )

      Exactly. Imagine the collective *gasp* if the machines were running Win 10!

      • No we'd be perfectly secure in that case. They would receive an update and reboot on election day, after coming up the touchscreen driver would magically have disappeared and all voting would cease. It's about the best possible outcome.

    • by jrumney ( 197329 )
      Any OS patch made since the candidates were announced should be considered suspect. Voting machines should be offline an not allowed to be patched during the election cycle.
      • by Bert64 ( 520050 )

        Voting machines should be simple devices for counting votes, not full blown computers running a general purpose OS. With a bare minimum of functionality there is less attack surface and less need to patch anything.

        • by fgouget ( 925644 )

          Voting machines should be simple devices for counting votes, not full blown computers running a general purpose OS. With a bare minimum of functionality there is less attack surface and less need to patch anything.

          Even the simplest electronic voting machine can cheat and yet even they cannot be audited by voters on election day. So you're telling us that voters should trust the people they are voting out of office to organize fair elections! That's quite insane.

    • Physical access is access. Again, the latest patches won't help.

      You're ignoring an entire world of security upgrades and patches that have been released to countless OSes over the year to patch security holes that help prevent escalations when you have physical access. Not everything is about being online.

      • all that gets you nothing in an election polling machine. the OS is almost irrelevant for this use case.

        Any computer can be compromised with physical access regardless of OS

    • by fgouget ( 925644 )

      Unpatched XP? So what? What's the threat model?

      Right. Patched or unpatched does not make much difference. The important thing is that they run a full blown OS, specifically Windows XP, which means 45 million lines of proprietary unauditable code [wikipedia.org] (trade secret). And that's not counting all the other software the manufacturer added on top of it to turn it into a voting computer.

      So an attacker has a wealth of juicy targets: the display driver, touchscreen controller, hundreds of drivers, etc. Anything he changes will be a straw in the middle of a haystack

  • Not a problem (Score:5, Informative)

    by rsilvergun ( 571051 ) on Saturday October 01, 2016 @06:24PM (#52995765)
    I vote early. If you can't vote early in your state it's because somebody doesn't want you to. Let that thought sink in for a moment.
    • by shanen ( 462549 ) on Saturday October 01, 2016 @07:05PM (#52995905) Homepage Journal

      It's possible I'll get to vote anyway, but they rejected my ballot application the first time with several BS reasons (selected from a long list on the rejection form). Over the last few elections, it has been getting harder and harder to vote, and this latest voter-ID bogosity makes it much more difficult. And stupid.

      The hilarious part is that my vote had already been rendered meaningless by the partisan gerrymandering and double-gerrymandering. My so-called Representative is such a worthless tool that they had to rejigger his district to keep it "safe". They are running out of room in the sacrificial districts where they pack in and waste the Democratic votes. They can't draw the district boundaries house by house! Or can they?

      I sure hope it's worse than that from the dictators' perspective. The so-called Republicans (really former Dixiecrats "betrayed" by LBJ) have been driving Texas to the bottom so hard and making the state so cheap that a lot of damn Yankees have moved south. Maybe they are about to flip the state back to the Dems, even though the polls have trouble tracking and accounting for first-time-in-district voters. No evidence, but "some people are saying", as the Donald says.

      (Also hurts them that Trump is killing the Hispanic vote. This latest insane TwitterWar is NOT the temperament of a potentially great president. If she would have just given him the damn blowjob as payback for maker her a winner, then none of this would have happened!)

      • by shanen ( 462549 )

        Hate typos. Meant to say "making", not "maker" near the bottom.

        Also thinking I should have mentioned that the tool is question is McCaul. He serves on 4 committees, including "Science, Space and Technology" and has frequently proved he knows NOTHING about science. However, the big laugh is the "Ethics" committee, since one of my degrees included philosophy of the Socratic sort. What a SAD joke, though Trump is the biggest joke to day.

    • I let it sink in and I don't get your point. You're implying early voting is some arbitrary switch rather than a long complicated and expensive process requiring systems and infrastructure in place to allow it.

      Money talks and makes a far more compelling reason than any rigging scenario you could come up with.

    • The funny thing is that early votes are counted last. Not sure how voting early helps.
      • Not everybody can just take time off from work on a Tuesday. Red states have given early voting a hard time. I wonder why.
  • Historical turnout data [electproject.org]

    This "survey" is useless, since the number that normally don't turn out is more than the most hyperbolic security threat number they offer. If they said 50% were going to stay home, then i'd start to take notice.

    Sounds like an excuse for laziness.

  • Why OS? (Score:4, Interesting)

    by ChrisMaple ( 607946 ) on Saturday October 01, 2016 @06:38PM (#52995813)

    Voting machines should be open-source coded in assembly language to run directly on the hardware, and the hardware should be open source - something like a clean-room recreation of a 6502 or Z80. Every gate, every mask, should be verified by hand against the schematics, and every machine code in ROM disassembled by hand and compared against the source listings.

    Nothing in the voting mechanisms should be capable of being hidden, nor should it be so complex that one person can't understand and verify the whole thing in a reasonable time, say 1 year.

    That means no OS, no proprietary hardware or software, nothing but obvious routines running on "metal".

    • by sinij ( 911942 )

      Voting machines should be open-source coded in assembly language.

      You can backdoor hardware just like you can backdoor compiler. Assembly only wins you lack of code readability so it is easier to hide code-based backdoors.

      • by Bert64 ( 520050 )

        Assembly is only less readable than higher level source code, in many cases no source code is provided at all which is just as bad if not worse than providing assembly.

    • by fgouget ( 925644 )

      Voting machines should be open-source coded in assembly language to run directly on the hardware, and the hardware should be open source

      Open-source software and hardware is useless for voting computers. What matters is allowing voters to verify that the hardware and software used on election day is the one that was audited. But of course nobody in their right mind would allow a random voter to hook up a hardware probe or run his own code(*) on the voting computer on election day!

      (*) I hope you were not thinking of letting the (lying?) voting computer audit itself!

  • Georgia, which in 2002 set out to be an early national model for the transition to computerized voting, shows the unintended consequences. It spent $54 million in HAVA funding to buy 20,000 touchscreen voting machines from Diebold, standardizing its technology across the state. Today, the machines are past their expected life span of 10 years. (With no federal funding in sight, Georgia doesn’t expect to be able to replace those machines until 2020.) The vote tabulators are certified to run only on Win
  • by Lumpy ( 12016 ) on Saturday October 01, 2016 @07:14PM (#52995919) Homepage

    The voting machines are NOT connected to the internet. They are also running EMBEDDED XP not desktop XP. No they can not be infected easily unless someone has physical access... and at that point every OS on the planet is easily cracked wide open if the attacker has their hands on the device.

    • by Anonymous Coward

      On the contrary, it's super-easy to infect them by infecting the developer machines first, because these guys patch the machines manually and there is no additional safeguard that protects against running untrusted code. For an effective attack you need to have the source code anyway, so you pawn the developer machines first in any case. I guarantee you that this is fairly doable even for private and fairly unorganized attackers.

  • What's wrong with optical scan? We use it in my country and its great. Just fill in the line. What's nice is you can 50 people in a room filling out the forms and one or two scanning machines that read then in a second and depot the paper in a locked box. Instant check to make sure you votes and o dublicates and easy to rescan later or manually count.

  • Either it's running an old OS and it's vulnerable to unpatched exploits or it's always running the latest and greatest and it's vulnerable to code breaking because of changes to the OS. Can't have latest and greatest AND high reliability.
  • AS INTENDED.
  • zOMG! Old Is Bad! (Score:2, Insightful)

    by kackle ( 910159 )
    "...are running on severely outdated operating systems like Windows XP, ..."

    So? News flash: Software doesn't wear out.
  • by Anonymous Coward

    The fact that any voting machine leaves no paper record is criminal.

  • by Applehu Akbar ( 2968043 ) on Saturday October 01, 2016 @09:01PM (#52996265)

    Pennsylvania will probably find itself electing Ruth From Card Services, or some guy in India who promises to repair your PC.

  • XP embedded doesn't get security updates. Because it is pick-and-mix, windows update doesn't work. Trying to make a Sasser fix was VERY hard work.

  • by Anonymous Coward

    Don't be fooled with claims of paper backup trails and the like, it is not possible to verify a vote on any electronic black box voting machine.

    The only way to verify a vote is using hand counted paper ballots.

    prsdntl

  • "most Pennsylvania counties use particularly high-risk electronic voting machines that leave behind zero paper trails, which could be useful to audit the integrity of votes cast."

    Why not use the same machines as state lotteries. They're reliable and secure and produce a fully audited paper trail.
  • It's whose hacks will be the most effective?

    And I'm not referring just to people playing with code. The people playing with money have been hacking pretty effectively as well.

I am more bored than you could ever possibly be. Go back to work.

Working...