Re: Diebold on eBay

From: Jim March <jmarch_at_prodigy_dot_net>
Date: Fri Jun 16 2006 - 16:17:40 CDT

David Jefferson wrote:

>For the record, as we clearly stated, we did not have access to a TSx in the
>writing of that report, or an AV-OS either (the primary subject of the report).
>We had nothing but source code--no hardware.
>
>David
>
>
>----- Original Message ----
>From: Jim March <jmarch@prodigy.net>
>
>One primary thought is to photograph the innards for oddball data ports and
>connections. Failure to do that was the single most glaring error from
>the "Berkeley Report" of Febuary '06 on the TSx.
>

Right. So you had no idea the back pops off with eight standard
phillips screws making a joke of the "keylocks".

Did you know there was an active SD memory card slot? One long enough
to hold a WiFi adapter meant for a Palm Pilot or whatever? Or that the
internal modem socket had dual sets of interface pins and could hold a
wide array of comm gear?

I'm curious: why didn't you demand physical access to a TSx? You must
have known the possibility for oddball ports existed?

While we're at it...Black Box Voting obtained the Wyle report for the
TSx version 4.6.4 (latest rev):

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/2197/32746.html

There's two noteworthy things in it:

1) The "ABinterp" files were analysed. That's the Accubasic
interpreter. The interpreter is banned, but they examined it and passed
it. In the Bowen hearing of 3-29-06 the Wyle reps denied this - they
claimed that Accubasic had mistakenly been declared "COTS". Why did
they lie to Bowen? My guess is, they didn't want to admit to having
examined Accubasic and not spotting it as illegal. I think rather than
doing source code review with human eyeballs they threw automated code
review tools at it that were OK at checking some basic syntax issues but
blew it completely when looking at the "big picture". I think they
ended up declaring the structure of the code legal but missed that the
whole thing was top-to-bottom illegal. Which means they had no clue how
ANY of this stuff really worked.

2) What's not in there is any mention of examining customized Windows CE
code. Bev Harris, myself and Doug Jones and God knows how many others
have been screaming about Windows CE since 2003...yet here it is late
2005 and Wyle isn't checking CE? In the Bowen hearing Wyle said they
rely on the vendor to declare items "COTS" and once they do, the labs
don't check them at all. The FEC2002 specs says the ITA checks to see
what is COTS and whether or not the COTS is unmodified.

At the Bowen hearings Wyle and Systest reps claimed there was no way to
make sure COTS files are actually unmodified. They've never heard of
file compares? Load the same alleged "commercial off the shelf" program
from a trusted source other than the vendor on the same box, see if the
files are the same as the vendor's. They're not doing it.

According to the Wyle people at the Bowen hearing, the CE files were
withheld from scrutiny by Diebold. That's fraud.

What the hell kind of bad joke is this?

If custom code in the TSx hasn't been examined by anybody outside
Diebold, the entire certification system at the state and fed levels has
broken. If the certification system was defrauded by Diebold, their
"NASED number" isn't legally worth a rusted dime.

This is top to bottom sick, twisted, diseased.

Professor Jefferson, did you even try and get access to a TSx?

Jim
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Jun 30 23:17:07 2006

This archive was generated by hypermail 2.1.8 : Fri Jun 30 2006 - 23:17:12 CDT