Send a Tweet
Most Popular Choices
Share on Facebook Share on Twitter Share on LinkedIn Share on Reddit Tell A Friend Printer Friendly Page Save As Favorite View Favorites
General News

Hursti Report Update today: more bad news

By Bev Harris, Black Box Voting  Posted by Joan Brunwasser (about the submitter)       (Page 1 of 3 pages)     Permalink    (# of views)   No comments

Related Topic(s): ; ; ; ; ; ; ; ; ; , Add Tags
Add to My Group(s)

View Ratings | Rate It

opednews.com

- Advertisement -
On May 11, 2006 the Black Box Voting "Hursti II" report was released,
showing devastating security flaws in the Diebold touchscreen
machines. This study has now been covered by Newsweek and the New York
Times.

A small supplemental report was issued today pointing out additional
concerns and high priority areas for further study.

The supplemental study can be found here:
http://www.blackboxvoting.org/bbvtsxstudy-supp.pdf

Excerpts:
1. Flash memory erasure:

- Advertisement -
There seems to be a memory card-triggered feature to erase the
contents of flash memory. This destructive function was started in the
TS6 with the file [redacted], and there are indications that the
feature is carried over to the TSx with trigger file [redacted], if it
is found on the memory card. This feature was not tested in Emery
County and should be examined further.

2. Further study needed on macros:

TS6 and TSx machines have as built-in features new kinds of macro
capabilities. These capabilities make use of a simplistic Windows
Window Manager Message recording and play function. Presumably the
feature has been designed for automation of volume testing. If this is
the case it is important to understand that this approach bypasses
part of the system and therefore is by no means equal to end-to-end
testing. There are a number of concerns around this feature
functionality warranting further studies.

- Advertisement -
- The files are stored on the removable memory card as unprotected
plain-text files. There are no protection mechanisms against
modifications to these files.

- Are the WM_message filters adequate?

- Is the processing function secure against buffer overflow / boundary
overflow attacks and/or string format attacks?

- Are the message parameters passed back to windows boundary checked,
is there proper exception handling in place?

Creation and access to the macros is available with poll worker level
access, under some circumstances even without any smart card
authentication.

In preliminary testing the following issues were identified :

- Advertisement -
- The macro is not contained in the user interface logic. Because of
this, the macro can access settings, changing the telephone number /
ip address and initiating calls.

- Two machines with completely identical software release numbers had
different behavior with the same macro. Machine A just had a software
crash and become unstable, while machine B produced an error message
on the system log and contained the error while still resulting in
loss of software functionalities. There were also other examples of
different, but reproducible, software behaviors between machines with
both modified and unmodified macros.

- File handle processing seems to be flawed and interrupted by
exception macro processing, producing open file handles.

Next Page  1  |  2  |  3

 

- Advertisement -

View Ratings | Rate It

opednews.com

Joan Brunwasser is a co-founder of Citizens for Election Reform (CER) which since 2005 existed for the sole purpose of raising the public awareness of the critical need for election reform. Our goal: to restore fair, accurate, transparent, secure elections where votes are cast in private and counted in public. Because the problems with electronic (computerized) voting systems include a lack of (more...)
 

Joan Brunwasser Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Follow Me on Twitter     Writers Guidelines
Contact EditorContact Editor

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Interview with Dr. Margaret Flowers, Arrested Tuesday at Senate Roundtable on Health Care

Renowned Stanford Psychologist Carol Dweck on "Mindset: The New Psychology of Success"

Howard Zinn on "The People Speak," the Supreme Court and Haiti

Fed Up With Corporate Tax Dodgers? Check Out PayUpNow.org!

Snopes confirms danger of Straight Ticket Voting (STV)

Literary Agent Shares Trade Secrets With New Writers