Re: Left off the ballot?

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Thu Apr 15 2004 - 14:50:50 CDT

On Apr 15, 2004, at 11:04 AM, Alan Dechert wrote:

> Couldn't we also hide much of this code in special DLLs we substituted
> for
> DLLs that came with the OS?
>
> Do examiners look at how OS DLLs get used?

These days, it seems that anything that is commercial off-the-shelf
software is ignored, and I'm not sure anyone is doing checks that
would effectively examine a system for substitutions of this sort.
It's clear that the 1990 FEC/NASED standards never anticipated
a real OS as part of a voting system. The 2002 standards understand
this, but they don't understand that dynamic linkage of any kind is
a very special threat, just as dangerous as self-modifying code.

Some folks have claimed to me that there's a DLL Diebold is using
that includes a backdoor that's really interesting.

                Doug Jones
                jones@cs.uiowa.edu
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:07 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT