- Good Morning Silicon Valley

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Fri Jan 26 2007 - 17:05:51 CST

I suppose we should pull down that "How to Throw an Election" PDF
too, eh?I'm not sure which is more imbecilic -- posting a photo of
the key to your electronic voting system to the Web, or making that
key a universal one designed to access any machine you manufacture
and the hotel mini-bar to boot (see
bourbon, one scotch, one election"). In the end, it doesn't really
matter because our doltish friends at Diebold have done both. Until
Diebold slammed the barn door shut on a horse that's by now halfway
to Katherine Harris' summer home, the voting machine manufacturer
offered for sale on its Web site replacement keys to its AccuVote-TS.
On the product page sat a photo of the key so detailed it could be
used to create a working copy. Which is precisely what Ross Kinard of
SploitCast did. "I bought three blank keys from Ace,"
<>Kinard told J. Alex
Halderman at Princeton's Center for Information Technology Policy.
"Then a drill vise and three cabinet locks that used a different type
of key from Lowes. I hoped that the spacing and depths on the cabinet
locks' keys would be similar to those on the voting machine key. With
some files I had I then made three keys to look like the key in the
picture." Kinard sent those keys to Halderman, who found that
<>two could be used to open
Diebold machines. Nice, eh? As Halderman notes, the shape of a key
is like a password -- only a fool, or Diebold, would post it to the
Web (see
-- that's an oxymoron, right?"). "Security experts advocate designing
systems with 'defense in depth,' multiple layers of barriers against
attack," Halderman writes. "The Diebold electronic voting systems,
unfortunately, seem to exhibit 'weakness in depth.' If one mode of
attack is blocked or simply too inconvenient, there always seems to
be another waiting to be exposed."
on this post

Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Jan 1 14:12:49 2008

This archive was generated by hypermail 2.1.8 : Tue Jan 01 2008 - 14:12:51 CST