General News

Fourth of July Fireworks: Unredacted Hursti reports, photos released

By Bev Harris, Black Box Voting  Posted by Joan Brunwasser (about the submitter)     Permalink       (Page 1 of 4 pages)
Related Topic(s): ; ; ; ; ; ; ; , Add Tags Add to My Group(s)

View Ratings | Rate It

opednews.com

Black Box Voting : Latest Consumer Reports from Black Box Voting: Fourth of July Fireworks: Unredacted Hursti reports, photos released
------------------------------------------------------------

Posted by Bev Harris on Monday, July 03, 2006 - 02:36 pm:

States and local jurisdictions did not take sufficient action to
mitigate risks.

Black Box Voting has provided the following to VoterAction.org for its
litigation. This will become a public record via the litigation filed
by Lowell Finley. Because public officials who have received the
unredacted reports have failed to take this risk seriously and arrange
for appropriate mitigations, and because Black Box Voting believes
this information is of critical public interest for pending litigation
and citizen actions, we are releasing it publicly now.

Here's an informal synopsis of the unmitigated risks in the Diebold
TSx

A huge risk to the integrity of elections is a contaminated
bootloader. Here's why: If you own the bootloader, you own the
machine. The source code for the TSx, along with the technical data
package, have been publicly released since 2003. Estimates are that it
would take approximately three months for a reasonably skilled
programmer to design a working malicious bootloader.


You cannot clean a maliciously designed bootloader with the
mitigations performed so far by state officials (replacing programs
via memory cards)

Here are some specific problems with the Diebold bootloader:

1) It appears not to have been examined by the Independent Testing
Authorities (ITAs). Therefore, we don't even know whether the original
bootloader contains malicious code.

2) There appears to be no authentication procedure when installing
"clean versions" to ensure that the code is the same as that which was
examined by the ITAs (and in this case, the ITAs didn't even examine
it).

3) There is no forensic test that will reveal a malicious bootloader

4) Because of the design of the Diebold TSx machine, a malicious
bootloader can be installed at any time from factory installation to
the election itself. Once a bootloader is contaminated, it can control
the machine permanently.

A contaminated bootloader, especially in combination with other
security issues in the TSx, has the potential to allow remote access
on an election-by-election basis, at any time during the election
cycle and even years in advance of the election.

5) The Diebold TSx machine's motherboard contains a JTAG connection
which can be used to take control of the motherboard. Although you
cannot reliably clean a malicious bootloader by reinstalling it with a
memory card, you can install a pristine version using the JTAG cable.

However, there appears to be no pristine version of the bootloader,
since it has never been examined by the ITAs.

6) Unfortunately, the JTAG connector can be used to overwrite a
so-called authentic and proper bootloader with a malicious one. Thus,
even if a so-called pristine bootloader is installed via the JTAG
connector, the same connector can be used to replace that one with a
new one at any time.

Next Page  1  |  2  |  3  |  4

 

The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Follow Me on Twitter

Contact Editor

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Interview with Dr. Margaret Flowers, Arrested Tuesday at Senate Roundtable on Health Care

Renowned Stanford Psychologist Carol Dweck on "Mindset: The New Psychology of Success"

Howard Zinn on "The People Speak," the Supreme Court and Haiti

Snopes confirms danger of Straight Ticket Voting (STV)

Fed Up With Corporate Tax Dodgers? Check Out PayUpNow.org!

Literary Agent Shares Trade Secrets With New Writers

Comments

The time limit for entering new comments on this article has expired.

This limit can be removed. Our paid membership program is designed to give you many benefits, such as removing this time limit. To learn more, please click here.

Comments: Expand   Shrink   Hide  
No comments