Of course, the software would need to be installed for this kind of
communications.
Unfortunately, we could find no way for elections officials to find
out whether inappropriate
software is in the touch-screen.
"I haven't asked any 'pins' (Personal ID Number). It hasn't been
hostile to me at all.
It's a very friendly guy," Hursti reports.
Hursti made a number of observations about the touch-screen, and
connected it to
his laptop for further "conversation."
In the interest of brevity, we will return to this issue in a later
article in this series.
A "SHOCKING" DISCOVERY
It's common for polling places to have too few outlets for a bank of
voting machines.
The normal cure is to set up hook the computers up in a daisy-chain
configuration, with
one plug to the wall, and the rest of the plugs linking voting
machines together.
Diebold's output plug falls out readily, exposing live 110 volt wall
outlet power on
bare wires.
This happened on every TSx we tested, and presents a significant
safety hazard for
poll workers, especially the elderly. According to Hursti, the
electrocution might only
result in a burned hand, and probably wouldn't be fatal.
This is a design flaw worthy of a general recall for standard
consumer and office electronics.
DIEBOLD: DOWN FOR THE COUNT?
While analyzing the memory storage problem, Hursti discovered a
critical security
hole in the foundation of the touch-screen. Then he found another in
the "lobby,"
and another on the "first floor." Taken together, these present a
potentially catastrophic
security hole.
These are not programming errors, but architectural design decisions.
Black Box Voting is turning the "road map" of the most dangerous
security findings
over to the proper authorities. We won't let anybody sit on this for
very long because
elections are looming and elections officials need to know what to do now.
A concise and more formal report will be released in a few weeks, and
this will
discuss the procedures for preparing a recovery path for these security holes.
TWO THINGS WE HAVE LEARNED ALREADY:
1. Source code reviews alone are NOT sufficient. Access to fully functional
systems MUST accompany source code reviews.
communications.
Unfortunately, we could find no way for elections officials to find
out whether inappropriate
software is in the touch-screen.
"I haven't asked any 'pins' (Personal ID Number). It hasn't been
hostile to me at all.
It's a very friendly guy," Hursti reports.
Hursti made a number of observations about the touch-screen, and
connected it to
his laptop for further "conversation."
In the interest of brevity, we will return to this issue in a later
article in this series.
It's common for polling places to have too few outlets for a bank of
voting machines.
The normal cure is to set up hook the computers up in a daisy-chain
configuration, with
one plug to the wall, and the rest of the plugs linking voting
machines together.
Diebold's output plug falls out readily, exposing live 110 volt wall
outlet power on
bare wires.
This happened on every TSx we tested, and presents a significant
safety hazard for
poll workers, especially the elderly. According to Hursti, the
electrocution might only
result in a burned hand, and probably wouldn't be fatal.
This is a design flaw worthy of a general recall for standard
consumer and office electronics.
DIEBOLD: DOWN FOR THE COUNT?
While analyzing the memory storage problem, Hursti discovered a
critical security
hole in the foundation of the touch-screen. Then he found another in
the "lobby,"
and another on the "first floor." Taken together, these present a
potentially catastrophic
security hole.
These are not programming errors, but architectural design decisions.
Black Box Voting is turning the "road map" of the most dangerous
security findings
over to the proper authorities. We won't let anybody sit on this for
very long because
elections are looming and elections officials need to know what to do now.
A concise and more formal report will be released in a few weeks, and
this will
discuss the procedures for preparing a recovery path for these security holes.
TWO THINGS WE HAVE LEARNED ALREADY:
1. Source code reviews alone are NOT sufficient. Access to fully functional
systems MUST accompany source code reviews.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
