Electronic voting feasibility

Alan Kennedy alanmk at hotmail.com
Tue Sep 14 14:02:05 CEST 2004

[Istvan Albert]
>>>Looking at what they claim, that in 2003 they discovered a back door
>>>affecting every evoting machine, a backdoor that requires
>>>a 2 digit code to overwrite the votes stored in the system,
>>>moreover even a year later every system has this same flaw...
>>>I don't find this credible, ...

[Peter Hansen]
>>Maybe, but I've found other articles that said that the Diebold
>>machines *all* had a hardcoded password of "1111" at one point...
>>not a stretch to think they also had a simplistic backdoor like that.
>>The president of the company says they "are not incompetent", so
>>we might as well believe him, though, and not Bev Harris. ;-)

> They are very competent security gurus:
> <http://www.theregister.co.uk/2003/11/25/nachi_worm_infected_diebold_atms/>

Hmm, I read the content of that link, and I can't see anything that 
would reassure me that Diebold are/employ competent security people.

Quite the opposite in fact:

At both affected institutions the ATMs began aggressively scanning for 
other vulnerable machines, generating anomalous waves of network traffic 
that tripped the banks' intrusion detection systems, resulting in the 
infected machines being automatically cut off, Diebold executives said.

"The outbound traffic from the ATM was stopped -- limited, from a 
network standpoint -- and effectively isolated,"

 From the way I read it, the Diebold systems were completely helpless in 
the face of the attack. It was the owning bank's IDS that spotted the 
problem and cut the Diebold ATMs off from the network. If the banks IDS 
hadn't taken that action, perhaps there might have been more serious 
implications for the banks?

If I were in Diebold's position, I would feel extremely embarrassed that 
my dedicated hardware "began aggressively scanning for other vulnerable 
machines, generating anomalous waves of network traffic" and "the 
infected machines being automatically cut off" by someone else's 
actions, not mine.

And their performance in keeping watch on vulnerabilities doesn't 
inspire confidence: "A patch for the critical RPC DCOM hole had been 
available from Microsoft for over a month at the time of the attack, but 
Diebold had neglected to install it in the infected machines."

Interesting that Diebold are now installing firewalls in their ATMs. It 
seems to me that any "security guru" with a basic clue about network 
security would have been doing that since the first day the ATMachines 
were connected to a network.


alan kennedy
email alan:              http://xhaus.com/contact/alan

More information about the Python-list mailing list