Bugtraq mailing list archives
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
From: <pressinfo () diebold com>
Date: 21 Sep 2004 15:05:17 -0000
In-Reply-To: <20040831203815.13871.qmail () www securityfocus com> Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software. These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database. These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations. In addition to the facts stated above, a paper and an electronic record of all cast ballots are retrieved from each individual voting machine following an election. The results from each individual machine are then tabulated, and thoroughly audited during the standard election canvass process. Once the audit is complete, the official winners are announced. Any alleged changes to a vote count in the election management software would be immediately discovered during this audit process, as this total would not match the true official total tabulated from each machine.
Received: (qmail 16232 invoked from network); 31 Aug 2004 23:57:33 -0000 Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) by mail.securityfocus.com with SMTP; 31 Aug 2004 23:57:33 -0000 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id E09C823E6AA; Tue, 31 Aug 2004 14:57:44 -0600 (MDT) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 24082 invoked from network); 31 Aug 2004 14:29:26 -0000 Date: 31 Aug 2004 20:38:15 -0000 Message-ID: <20040831203815.13871.qmail () www securityfocus com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: "Jérôme" ATHIAS <jerome.athias () caramail com> To: bugtraq () securityfocus com Subject: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Date: Tue, 31 Aug 2004 00:38:05 -0400 Subject: http://www.blackboxvoting.org/?q=node/view/78 BlackBoxVoting.org reported a vulnerability in the Diebold GEMS central tabulator. A local authenticated user can enter a two-digit code in a certain "hidden" location to cause a second set of votes to be created on the system. This second set of votes can be modified by the local user and then read by the voting system as legitimate votes, the report said. GEMS 1.18.18, GEMS 1.18.19, and GEMS 1.18.23 are affected. The vendor was reportedly notified on July 8, 2003. Solution: No vendor solution was available at the time of this entry. Vendor URL: www.diebold.com/dieboldes/GEMS.htm (Links to External Site)
Current thread:
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes pressinfo (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Craig Paterson (Sep 22)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jaeson Schultz (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jay Hennigan (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Homer (Sep 22)
(Thread continues...)