From NYT: Computer scientists from California universities have hacked into three electronic voting systems used in California and elsewhere in the nation and found several ways in which vote totals could potentially be altered, according to reports released yesterday by the state. The California reports said the scientists, acting at the state’s request, had hacked into systems from three of the four largest companies in the business: Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems. [Makers of Los Angeles County's InkaVote system did not submit its equipment in time, so it wasn't included.] Thousands of their machines in varying setups are in use. Matt Bishop said his group was surprised by how easy it was not only to pick the physical locks on the machines, but also to break through the software defenses meant to block intruders. All the machines had problems, and one of the biggest was that the manufacturers appeared to have added the security measures after the basic systems had been designed. By contrast, he said, the best way to create strong defenses is "to build security in from the design, in Phase 1."
From the LA Times: "Right now, I don't see any smoking gun, honestly," said Stephen L. Weir, Contra Costa County's clerk-recorder and registrar of voters, and president of the California Assn. of Clerks and Election Officials. Diebold also condemned the review, questioning why no election officials were included in the testing.
The review: Secretary of State Debra Bowen began her top-to-bottom review of the voting machines certified for use in California on May 31, 2007. The review is designed to restore the public's confidence in the integrity of the electoral process and is designed to ensure that California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible.
The review includes David Wagner, Matt Blaze, Eric Rescorla, and many others: When exactly did House of Blues cross over the line between tribute and parody? Hey kids, let's commit a felony! We suggest that the technology exists to render format string vulnerabilities extinct in the near future.
|