Bugtraq mailing list archives
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
From: Jacob Appelbaum <jacob () verifiedvoting org>
Date: Wed, 22 Sep 2004 13:13:11 -0700
On Wed, 2004-09-22 at 09:19, Jay Hennigan wrote:
On Tue, 21 Sep 2004 pressinfo () diebold com wrote:In-Reply-To: <20040831203815.13871.qmail () www securityfocus com> Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software. These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database. These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations.Vendor URL: www.diebold.com/dieboldes/GEMS.htm (Links to External Site)Heh. If the above URL indicates the competence level of Diebold, be very afraid. Note the prominent photo of a Sun server with the text touting Microsoft Windows.
What scares me is that the people at black box voting demonstrated using a monkey to hack the election. An actual honest to go monkey as part of their five (!) different methods to hack the vote. For those that missed it five POC attacks on Die Bold: http://www.blackboxvoting.org/?q=node/view/114&PHPSESSID=de909c061d97a933df77534fe04dc883 Five different methods to hack the vote, one of which uses a zoo animal. It's so easy that it can almost be done accidentally. But it's important to note, it's by *design* that it can be tampered with. The system was designed without any regard to security. If you or someone you know is interested in stopping things like this from actually affecting the next election, you should call your representatives *NOW*. Even if you aren't entirely interested in the issue, you should ask them why they are buying products that are demonstrably flawed. Ask them to change their systems before the next election. People need to be held accountable for this. If the response you are given is that it's not possible to implement it in time before the election, simply ask for a paper ballot. A voter verified paper trail makes voting accountable. It makes recounts possible, it means we as a country make the choice, not Die Bold as a company. Verified Voting Foundation (www.verifiedvoting.org) is also going to provide an Election Incident Reporting System (EIRS) for the day of the election. If you see something fishy, someone hacking the vote, someone turning away voters, someone tampering, report it! -- Jacob Appelbaum <jacob () verifiedvoting org>
Current thread:
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes pressinfo (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Craig Paterson (Sep 22)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jaeson Schultz (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jay Hennigan (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Jacob Appelbaum (Sep 23)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Homer (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Rainer Duffner (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Mike Ely (Sep 22)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Claudius Li (Sep 25)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Seth Breidbart (Sep 27)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes David Schwartz (Sep 28)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Adam Shostack (Sep 29)
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes David Schwartz (Sep 29)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Seth Breidbart (Sep 29)
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Claudius Li (Sep 25)