[TriLUG] OT: www.hexblog.com - a fix for the WMF vulernability.

[Rick DeNatale]

On 1/4/06, Greg Brown <gwbrown1 at gmail.com> wrote:
> Oh, yes, this is *exactly* the kind of OS I want on my voting
> machines.  There's nothing like a crafty SOB to load a meta file of a
> candidate into the system that would alter votes entered into the
> underlying database.  I'm not saying that would even be possible with
> this particular vulnerability, but it seems very do-able.

No need for this vulnerability, it appears to be a "feature" of
certain electronic voting machines.

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html
http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15696.html
http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15711.html

Most (probably all) of these devices use non-volatile memory to
customize them for a particular ballot,  in the Diebold machines (and
perhaps others) a removable memory device contains both the totals,
and PROGRAMS which do things like verifying that the vote totals are
clear before the vote, and audit the totals.  The Diebold machines
which were tested used standard memory cards for which writers are
fairly easily obtained. Black Box Voting demonstrated that the
machines used in Leon County, FL could be hacked to steal an election
with no special access other than that given to precinct workers.

It's interesting that the first proof that certain electronic voting
machines currently in use can hacked was done with Diebold optical
scan machines. Of course a manual recount would expose any fraud, but
manual counts aren't normally done, and in most cases as I understand
it, jurisdictions normally do recounts of these types of ballots by
rescanning.

They're now looking at both Diebold touch-screen machines as well as
some older machines from other manufacturers.

--
Rick DeNatale

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/