Electronic voting feasibility
Peter Hansen
peter at engcorp.com
Tue Sep 14 08:13:23 EDT 2004
Alan Kennedy wrote:
> [JanC]
>
>> They are very competent security gurus:
>> <http://www.theregister.co.uk/2003/11/25/nachi_worm_infected_diebold_atms/>
>
> Hmm, I read the content of that link, and I can't see anything that
> would reassure me that Diebold are/employ competent security people.
You snipped JanC's winkey ;-) from the above... it was clearly
sarcasm, not a serious comment.
> Quite the opposite in fact:
Agreed... the fact that a company would use Windows as the basis for
their ATMs is a direct indication of incompetence in the security
field. :-(
> And their performance in keeping watch on vulnerabilities doesn't
> inspire confidence: "A patch for the critical RPC DCOM hole had been
> available from Microsoft for over a month at the time of the attack, but
> Diebold had neglected to install it in the infected machines."
To be fair, though why I would want to be to these bumbling fools
is beyond me, they did say that they were testing the patch. If
we believe that (and I don't, but I'll give them the benefit of the
doubt here anyway), then it's a pretty reasonable and professional
thing to do and a one-month delay, while lengthy, is perhaps not
excessive.
> Interesting that Diebold are now installing firewalls in their ATMs. It
> seems to me that any "security guru" with a basic clue about network
> security would have been doing that since the first day the ATMachines
> were connected to a network.
Firewalls in this case seem more like a bandaid, unfortunately.
Better to design the things to be secure in the first place
and you wouldn't even *need* the firewall.
-Peter
More information about the Python-list
mailing list