Re: Sun Ray and alternative hardware (was rudy de haas)

From: Liam Helmer <lists_at_strongboxlinux_dot_com>
Date: Fri May 28 2004 - 13:20:17 CDT

On Fri, 2004-05-28 at 15:29, charlie strauss wrote:
> I wonder if there are any concepts here OVC could steal to make a
> better system. OVC does not need the "hot desking" feature of being
> able to move from one terminal to another. But Instead of every
> computer being standalone in the current OVC scheme, one could have a
> single computer that was broadcasting VNC sessions to a fleet of
> voting stations via ethernet. The advantage here might be that the
> terminals could be even dumber which is good from a
> security-by-infrastructure point of view. VNC was in fact developed
> with really really dumb toaster like terminals in mind (ATM machines,
> store kiosks). So by limiting the complexity of the end terminal one
> has less to worry about in terms of software security. and also it
> makes upgrades, code review, and parallel testing a snap since there
> aren't any on the voting stations.

We've talked very specifically about NOT networking the voting systems.
It's simply too difficult to create a really secure system, and it makes
to great a target. Once you network a precinct together, an attacker can
compromise a whole precinct, instead of having to compromise every
computer individually. At that point, the benefits of launching an
attack are far greater. Plus, the modes of injection are more prevalent.

Also, once you've networked together the precinct, it becomes
increasingly tempting to send the election results electronically to a
central location. That's exactly what I'd like to hear... if I was a
hacker!

One has to ask, what is the net benefit of networking the computers?
Saving 10 minutes at the end of the day of walking a CD-Rom from a
voting station to a reporting station? Doesn't sound like a big deal to
me. And yet, it opens up a whole realm of new liabilities.

This is one of the reasons that the Diebold machines are so insecure ->
MSSQL server for tallying and clients on the voting machines. They make
ATMs too... What if we heard a story like this after election day:

http://www.computercops.biz/article-4418-nested-0-0.html&foo=Experts%20Worried%20After%20Worm%20Hits%20Windows-Based%20ATMs%2012--09

Or worse: what if someone crafted a worm that wasn't detected but
changed all the voting results. That's the real worry.

> My own preference however is not to use PCs at all but to use
> something like a palm pilot. These compact devices could literally be
> locked in a safe between elections and even delivered to poling places
> in safes. their small foot print means fewer delivery men involved
> (lower cost, more security) and lower storage costs: most counties
> would not even fill a broom closet.

I think the whole point of using PCs is so that they could be used after
elections as normal PCs. Then, a new set of PCs would be purchased for
the next election, perhaps just re-using the screens. At $300/PC (or
less), this doesn't seem like a big cost, especially when it can get
re-used in a school afterwards.

Cheers,
Liam

-- 
----------
StrongBox Linux
http://www.strongboxlinux.com
"Making Security Friendly"
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Mon May 31 23:18:11 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:17 CDT