The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
Monkey Hacks Diebold Voting Machine...

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
douglas reilly

Posts: 108
Nickname: dougreilly
Registered: Oct, 2003

douglas reilly is the owner of Access Microsystems Inc., a small software development consulting fir
Monkey Hacks Diebold Voting Machine... Posted: Sep 25, 2004 4:29 PM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by douglas reilly.
Original Post: Monkey Hacks Diebold Voting Machine...
Feed Title: Doug Reilly's Weblog
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/dreilly/rss.aspx
Feed Description: ASP.NET and More... 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by douglas reilly
Latest Posts From Doug Reilly's Weblog

Advertisement

This really is technology related, even though it is also about the election and politics.  Fox News reports on a video showing a monkey hacking a Diebold vote tabulating machine.

OK, so the monkey has to actually get to the vote tabulating machine, but inside the article has somewhat more disturbing news about the GEMS program that handles the tabulation of votes:

GEMS requires users to enter a password to access the vote totals, but Harris showed that the totals can also be opened -- and altered -- with Access, without ever running GEMS.

If you are familiar with Access and how it is used and misused, then you know that the developer of this system did not even use the incredibly hackable Access security on this application.  While there are password crackers aplenty for Access user security (a Google search for "Jet Security Crack" shows about 83,000 results), Diebold did not even use that!  They rely on the application security only, ignoring even the most basic of security offered by the database system they are using. 

A Maryland Election official is also quoted:

But Maryland election officials agreed with Bear that no hacking can happen unless the hacker is physically at the computer.

This sort of thinking makes my head explode!  Of course you need to have access to the machine.  And no one in the Board of Elections has any possible interest in the outcome of an election, right?  And all Board of Election workers are aware of the need to watch these machines, right?  Yea, right.  Anyone besides me want to pick up a copy of the .NET Developer's Guide to Security by Keith Brown and mail it to the software development group at Diebold?  I am reading it now, and there is an execellent section on Defense in Depth, as well as Countermeasures that would hopefully bring the developers to their senses.  Is there any Diebold software developer out there that can defend deploying an election database without at least using all the security tools provided by the database system?  How about defending use of Access rather than MSDE or some other more secure database?  

I have long opposed licensing for Software Developers, however, I think that situations like this, where the scary bad programmers we often have living in the next cubicle are actually the ones controlling the election, perhaps the time has come, at least for elections, clinical applications and other government threatening or life threatening systems.

 

Read: Monkey Hacks Diebold Voting Machine...

Topic: I got my stuff Previous Topic   Next Topic Topic: Code Camp II updates
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use