Electronic voting feasibility

Peter Hansen peter at engcorp.com
Tue Sep 14 14:13:23 CEST 2004


Alan Kennedy wrote:

> [JanC]
> 
>> They are very competent security gurus:
>> <http://www.theregister.co.uk/2003/11/25/nachi_worm_infected_diebold_atms/> 
> 
> Hmm, I read the content of that link, and I can't see anything that 
> would reassure me that Diebold are/employ competent security people.

You snipped JanC's winkey  ;-)  from the above... it was clearly
sarcasm, not a serious comment.

> Quite the opposite in fact:

Agreed... the fact that a company would use Windows as the basis for
their ATMs is a direct indication of incompetence in the security
field.  :-(

> And their performance in keeping watch on vulnerabilities doesn't 
> inspire confidence: "A patch for the critical RPC DCOM hole had been 
> available from Microsoft for over a month at the time of the attack, but 
> Diebold had neglected to install it in the infected machines."

To be fair, though why I would want to be to these bumbling fools
is beyond me, they did say that they were testing the patch.   If
we believe that (and I don't, but I'll give them the benefit of the
doubt here anyway), then it's a pretty reasonable and professional
thing to do and a one-month delay, while lengthy, is perhaps not
excessive.

> Interesting that Diebold are now installing firewalls in their ATMs. It 
> seems to me that any "security guru" with a basic clue about network 
> security would have been doing that since the first day the ATMachines 
> were connected to a network.

Firewalls in this case seem more like a bandaid, unfortunately.
Better to design the things to be secure in the first place
and you wouldn't even *need* the firewall.

-Peter



More information about the Python-list mailing list