| |
LawMeme - Voting Machines Compromised in Election Simulation
by ryan is the supernicety at 6:10 pm EST, Jan 29, 2004 |
] Eight security experts held a Red Team exercise on
] January 19, using a GEMS server and six AccuVote-TS
] terminals, replicating an election scenario with no prior
] knowledge of source code. As suggested by the earlier,
] Hopkins report, the team quickly guessed the hardcoded
] passwords to administrator and voter smart cards. At a
] cost of less than $750, they were able to reset voter
] cards to allow multiple votes with the same card and
] suggested similar abuses with forged supervisor and voter
] cards. All 32,000 statewide terminal locks are identical,
] and the team picked them in less than 10 seconds,
] allowing physical access to the PCMCIA bay, which
] contains cards for the modem and the ballot definitions
] and results. These cards could be tampered with,
] destroyed, or stolen for their valuable data. Attaching a
] keyboard to the terminals allowed resetting of all
] counters in the PCMCIA bay without an administrator card
] needed.
]
] The server was missing over 15 Microsoft security
] updates, and the team was able to use the flaws used by
] the "Blaster" worm. By using insecure USB ports or more
] secure CD drives, the team was able to modify results and
] databases |
| |
RE: LawMeme - Voting Machines Compromised in Election Simulation
by Shannon at 6:43 pm EST, Jan 29, 2004 |
ryan is the supernicety wrote:
] ] Eight security experts held a Red Team exercise on
] ] January 19, using a GEMS server and six AccuVote-TS
] ] terminals, replicating an election scenario with no prior
] ] knowledge of source code. As suggested by the earlier,
] ] Hopkins report, the team quickly guessed the hardcoded
] ] passwords to administrator and voter smart cards. At a
] ] cost of less than $750, they were able to reset voter
] ] cards to allow multiple votes with the same card and
] ] suggested similar abuses with forged supervisor and voter
] ] cards. All 32,000 statewide terminal locks are identical,
] ] and the team picked them in less than 10 seconds,
] ] allowing physical access to the PCMCIA bay, which
] ] contains cards for the modem and the ballot definitions
] ] and results. These cards could be tampered with,
] ] destroyed, or stolen for their valuable data. Attaching a
] ] keyboard to the terminals allowed resetting of all
] ] counters in the PCMCIA bay without an administrator card
] ] needed.
] ]
] ] The server was missing over 15 Microsoft security
] ] updates, and the team was able to use the flaws used by
] ] the "Blaster" worm. By using insecure USB ports or more
] ] secure CD drives, the team was able to modify results and
] ] databases You know that if these things ever get used, It basically gives hackers control of government. Thats better than the electorate college or the supreme court. At least we know hackers generally dont subscribe to whatever's on fox. Perhaps this will do good things. |
|
| | |
RE: LawMeme - Voting Machines Compromised in Election Simulation
by Rattle at 11:27 am EST, Jan 30, 2004 |
terratogen wrote:
] You know that if these things ever get used, It basically
] gives hackers control of government. Thats better than the
] electorate college or the supreme court. At least we know
] hackers generally dont subscribe to whatever's on fox.
] Perhaps this will do good things. I would not be so fast to decided you want the hackers to have full control. Take it from me, I'm one of them. That's the core problem, we don't want any one group or perspective to have full control of anything, let alone our leader selection process. Problems like these allow that possibility. Don't think you will see it happening either. There is a reason that every hacker is concerned with securing the voting system. We realize we can be easily manipulated, brainwashed, or forced to do the bidding of others. Ethics do not necessarily come with skills. Furthermore, don't assume "we" have all the hackers. |
|
There are redundant posts not displayed in this view from the following users: Decius, Rattle.
|
|
