Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes

From: Atom 'Smasher' (atom_at_suspicious.org)
Date: 09/22/04

Next message: Andrew Daviel: "Promiscuous email printing in Canon imageRunner"

Previous message: javier falbo: "Example of JPG Exploit & Shellcode"
In reply to: pressinfo_at_diebold.com: "Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Sep 2004 03:43:11 -0400 (EDT)
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 21 Sep 2004 pressinfo@diebold.com wrote:

> Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software. These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database. These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations.
>
> In addition to the facts stated above, a paper and an electronic record of all cast ballots are retrieved from each individual voting machine following an election. The results from each individual machine are then tabulated, and thoroughly audited during the standard election canvass process. Once the audit is complete, the official winners are announced. Any alleged changes to a vote count in the election management software would be immediately discovered during this audit process, as this total would not match the true official total tabulated from each machine.
==================

oops, looks like no one told you that this is a forum of computer security
professionals who understand the difference between a insecure machine and
a press release. you can "strongly refute" all you want: until the code is
available for public scrutiny it will remain suspect. but if it's written
as poorly as is rumored, exposing it to public scrutiny would only confirm
that it's insecure either through carelessness or intent.

...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

         "I am committed to helping Ohio deliver its electoral
          votes to the president [Bush] next year"
                 -- Walden O'Dell, CEO of Diebold
                 August 2003
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBUS0VAAoJEAx/d+cTpVcippgIAI8Ska514i55Gc2qUp5ohOlD
AB98+5njJg6dEkNiCw3B6jQSm3WHSWxX45KMlvJypa+na1wNaloNZ6IsrMpqwwRq
O64blBv6s54uexIHw0oZcPqf/LTyg3CV4BtClZl+DZ7VjC/lWRl8PMTGj5tUTfD+
oXB8h7UdrycqsWubrG8UJ0JJeFWbVy98cvw3rjdTFSZXykai5PC8hFkwEHcqc848
7i93d4Qya3DdAAOFqaLWQt2wyegCDv8+r/qJa9VzDq9m7WNVshPyPfSiedh87gwo
81YzVqglhEdjE+gfjKFYXQub5TM3CppV99bsyd1oTLK3l86Jdtbz7ks/Uyn0Vs0=
=Dfkb
-----END PGP SIGNATURE-----

Next message: Andrew Daviel: "Promiscuous email printing in Canon imageRunner"

Previous message: javier falbo: "Example of JPG Exploit & Shellcode"
In reply to: pressinfo_at_diebold.com: "Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]