Voting machine hacking episode: "Security Now"

From: Greg Christopher <stork_at_electronify_dot_com>
Date: Sat Sep 12 2009 - 17:31:21 CDT

Hey folks,
        There is a great weekly show on software security called "security
now". It
has claimed best technical podcast on the web previously and has tens of
thousands of listeners. They recently took an entire episode to
explain how
a relatively secure system by sequoia was hacked:

http://www.grc.com/securitynow.htm (see episode 211)

Besides some of the cool techniques used to hack this system, which
was done
without source code by a team of academics, there were a few striking
aspects:

-They seemed to treat this as "news"; in other words, were more
surprised
then any of us would be about this
-They seemed to think that this was a first time that machines were
hacked
without source (apparently they heard about the stanford study, but
perhaps
missed news on other successful attempts such as Hugh Thompson's smart
card
attack (see http://en.wikipedia.org/wiki/Herbert_Hugh_Thompson), or Bev
Harris showing Howard Dean how to change voting tallies with Excel.

The interesting stuff starts about 30 minutes in. If you haven't heard
the
show before, it's fun to listen to them blather at the beginning about
everything from GSM hacking, vitamin D, to ads. The remainder of the
show is
devoted to this issue and takes an in-depth look at how the research was
done.

None of the above is interesting really to this group, except the part
about
the listenership. It's a very large base. And they read every letter
that
comes in through their feedback page ( http://www.grc.com/feedback.htm )

I have had one of my own letters read back on this show. I think it
would
be "nice" (to say the least) if some of us wrote them about:

- ovc
- ClearCount
- information that points to the likelihood that these weaknesses have
already been exploited (can you say OHIO?)
- any other blanks that seem to need filling in.

I also think it would be interesting to offer them a "panel" of
episodes for
another episode, who could offer even more interesting information to
their
listeners on this issue.

It's a very wide audience and an awesome opportunity to spread the word.
There are a lot of people on there who would likely contribute either to
ClearCount or monetarily to the effort.

Greg

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Sep 30 23:17:11 2009

This archive was generated by hypermail 2.1.8 : Wed Sep 30 2009 - 23:17:12 CDT