Most Popular Choices
Share on Facebook 5 Printer Friendly Page More Sharing
General News   

Hursti Report Update today: more bad news

By Bev Harris, Black Box Voting  Posted by Joan Brunwasser (about the submitter)       (Page 1 of 3 pages)   No comments
Follow Me on Twitter     Message Joan Brunwasser
On May 11, 2006 the Black Box Voting "Hursti II" report was released,
showing devastating security flaws in the Diebold touchscreen
machines. This study has now been covered by Newsweek and the New York

A small supplemental report was issued today pointing out additional
concerns and high priority areas for further study.

The supplemental study can be found here:

1. Flash memory erasure:

There seems to be a memory card-triggered feature to erase the
contents of flash memory. This destructive function was started in the
TS6 with the file [redacted], and there are indications that the
feature is carried over to the TSx with trigger file [redacted], if it
is found on the memory card. This feature was not tested in Emery
County and should be examined further.

2. Further study needed on macros:

TS6 and TSx machines have as built-in features new kinds of macro
capabilities. These capabilities make use of a simplistic Windows
Window Manager Message recording and play function. Presumably the
feature has been designed for automation of volume testing. If this is
the case it is important to understand that this approach bypasses
part of the system and therefore is by no means equal to end-to-end
testing. There are a number of concerns around this feature
functionality warranting further studies.

- The files are stored on the removable memory card as unprotected
plain-text files. There are no protection mechanisms against
modifications to these files.

- Are the WM_message filters adequate?

- Is the processing function secure against buffer overflow / boundary
overflow attacks and/or string format attacks?

- Are the message parameters passed back to windows boundary checked,
is there proper exception handling in place?

Creation and access to the macros is available with poll worker level
access, under some circumstances even without any smart card

In preliminary testing the following issues were identified :

- The macro is not contained in the user interface logic. Because of
this, the macro can access settings, changing the telephone number /
ip address and initiating calls.

- Two machines with completely identical software release numbers had
different behavior with the same macro. Machine A just had a software
crash and become unstable, while machine B produced an error message
on the system log and contained the error while still resulting in
loss of software functionalities. There were also other examples of
different, but reproducible, software behaviors between machines with
both modified and unmodified macros.

- File handle processing seems to be flawed and interrupted by
exception macro processing, producing open file handles.

Next Page  1  |  2  |  3

(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).

Rate It | View Ratings

Joan Brunwasser Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

Joan Brunwasser is a co-founder of Citizens for Election Reform (CER) which since 2005 existed for the sole purpose of raising the public awareness of the critical need for election reform. Our goal: to restore fair, accurate, transparent, secure elections where votes are cast in private and counted in public. Because the problems with electronic (computerized) voting systems include a lack of (more...)

Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Follow Me on Twitter     Writers Guidelines

Contact EditorContact Editor
Support OpEdNews

OpEdNews depends upon can't survive without your help.

If you value this article and the work of OpEdNews, please either Donate or Purchase a premium membership.

If you've enjoyed this, sign up for our daily or weekly newsletter to get lots of great progressive content.
Daily Weekly     OpEd News Newsletter
   (Opens new browser window)

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Interview with Dr. Margaret Flowers, Arrested Tuesday at Senate Roundtable on Health Care

Renowned Stanford Psychologist Carol Dweck on "Mindset: The New Psychology of Success"

Howard Zinn on "The People Speak," the Supreme Court and Haiti

Snopes confirms danger of Straight Ticket Voting (STV)

Fed Up With Corporate Tax Dodgers? Check Out!

Literary Agent Shares Trade Secrets With New Writers

To View Comments or Join the Conversation:

Tell A Friend