Electronic voting feasibility
Alan Kennedy
alanmk at hotmail.com
Tue Sep 14 08:02:05 EDT 2004
[Istvan Albert]
>>>Looking at what they claim, that in 2003 they discovered a back door
>>>affecting every evoting machine, a backdoor that requires
>>>a 2 digit code to overwrite the votes stored in the system,
>>>moreover even a year later every system has this same flaw...
>>>
>>>I don't find this credible, ...
[Peter Hansen]
>>Maybe, but I've found other articles that said that the Diebold
>>machines *all* had a hardcoded password of "1111" at one point...
>>not a stretch to think they also had a simplistic backdoor like that.
>>
>>The president of the company says they "are not incompetent", so
>>we might as well believe him, though, and not Bev Harris. ;-)
[JanC]
> They are very competent security gurus:
> <http://www.theregister.co.uk/2003/11/25/nachi_worm_infected_diebold_atms/>
Hmm, I read the content of that link, and I can't see anything that
would reassure me that Diebold are/employ competent security people.
Quite the opposite in fact:
"""
At both affected institutions the ATMs began aggressively scanning for
other vulnerable machines, generating anomalous waves of network traffic
that tripped the banks' intrusion detection systems, resulting in the
infected machines being automatically cut off, Diebold executives said.
"The outbound traffic from the ATM was stopped -- limited, from a
network standpoint -- and effectively isolated,"
"""
From the way I read it, the Diebold systems were completely helpless in
the face of the attack. It was the owning bank's IDS that spotted the
problem and cut the Diebold ATMs off from the network. If the banks IDS
hadn't taken that action, perhaps there might have been more serious
implications for the banks?
If I were in Diebold's position, I would feel extremely embarrassed that
my dedicated hardware "began aggressively scanning for other vulnerable
machines, generating anomalous waves of network traffic" and "the
infected machines being automatically cut off" by someone else's
actions, not mine.
And their performance in keeping watch on vulnerabilities doesn't
inspire confidence: "A patch for the critical RPC DCOM hole had been
available from Microsoft for over a month at the time of the attack, but
Diebold had neglected to install it in the infected machines."
Interesting that Diebold are now installing firewalls in their ATMs. It
seems to me that any "security guru" with a basic clue about network
security would have been doing that since the first day the ATMachines
were connected to a network.
regards,
--
alan kennedy
------------------------------------------------------
email alan: http://xhaus.com/contact/alan
More information about the Python-list
mailing list