Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Diebold Global Election Management System (GEMS) Backdoor Account

from [Craig Paterson] Network Security [Permanent Link]
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Date: Wed, 22 Sep 2004 09:09:52 -0700 
pressinfo@diebold.com wrote:

<>In-Reply-To: <20040831203815.13871.qmail@www.securityfocus.com>

In addition to the facts stated above, a paper and an electronic record of all cast ballots are retrieved from each individual voting machine following an election. The results from each individual machine are then tabulated, and thoroughly audited during the standard election canvass process. Once the audit is complete, the official winners are announced. Any alleged changes to a vote count in the election management software would be immediately discovered during this audit process, as this total would not match the true official total tabulated from each machine.


Something with a legitimate purpose may not always be used in a legitimate fashion. If "legitimate" features exist which could pervert the primary purpose of the system -- to accurately record and collate votes -- and those features could forseeably be used in such a way with the collusion of only a small number of individuals, then that system is broken.

Your second point here has got nothing to do with security of the GEMS software -- it's talking about election processes as a whole, of which the software is only a part. The assumption in the design and implementation of your voting machines and software should be that the other parts of the process might *not* work, not that they are perfect and will excuse any flaws in your system.

Craig.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jay Hennigan
Next by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Homer
Previous by Thread:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jacob Appelbaum
Next by Thread:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Homer
Indexes:  [Date] [Thread] [Top] [All Lists]