RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes

From: Polazzo Justin (Justin.Polazzo_at_facilities.gatech.edu)
Date: 09/28/04

  • Next message: trh: "Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes" 
    Date: Tue, 28 Sep 2004 08:38:58 -0400
To: "Jeremy Epstein" <jeremy.epstein@webmethods.com>, <bugtraq@securityfocus.com>

    Nice call with the MD6 checksums(MD5 might be cracked, as a recent
    letter to bugtraq demonstrated :) ran on the electronic voting systems.
    That would be a good way to verify the authenticity of the code, after
    it was posted on sourceforge.

    As for the paper trails, does it really matter? An earlier post pointed
    out that if your code isnt open source, whats to stop you from coding
    your SW to print one thing while entering another into the database? I
    know of at least 5 companies I could hire to independently verify
    anything I would like them to.

    What scares me most about GEMS is the fact that the systems are
    networked. If we are going to have an election system that communicates
    with a central repository, then there will be the chance that 1
    person/group of people/company can hijack an election unless there are
    major steps taken (or any steps taken) to verify and secure the process.
    Might as well have a website at whitehouse.gov where we can log in and
    post our vote via PKI authentication if we are going that route :)

    -JP

    -----Original Message-----
    From: Jeremy Epstein [mailto:jeremy.epstein@webmethods.com]

  • Next message: trh: "Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes"
    • Quantcast