[IP] more on Diebold Source Code!!!

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on Diebold Source Code!!!
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 11 Nov 2004 06:59:21 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Larry Tesler <tesler@xxxxxxxxx>
Date: November 11, 2004 1:36:41 AM EST
To: dave@xxxxxxxxxx
Subject: Re: [IP] Diebold Source Code!!!

Dave,

Simson Garfinkel reported the same discovery over a year ago on yourmailing list after he had met with Ted Selker:

"A few months ago, the source code for a voting machine manufactured byDiebold was inadvertently left on a Web site. A group of researchers atJohns Hopkins downloaded the code and analyzed it. They found manysoftware errors and poor design methodology. One of the most glaringproblems had to do with encryption: although the computer used the DESalgorithm to encrypt the votes, the encryption key was hard-coded intothe program and unchangeable. A key that can’t be changed offers littlemore security than using no encryption at all."


Larry

no confirmation djf


Begin forwarded message:

From: Jay Fenello <Jay@xxxxxxxxxxx>
Date: November 10, 2004 6:58:20 PM EST
To: dave@xxxxxxxxxx
Cc: Ken Deifik <kenneth.d@xxxxxxxxxxxx>
Subject: Diebold Source Code!!!

...
Diebold Source Code!!! --by ouranos (dailykos.com) "Dr. Avi Rubin iscurrently Professor of Computer Science at John Hopkins University. He'accidentally' got his hands on a copy of the Diebold softwareprogram--Diebold's source code--which runs their e-voting machines.Dr. Rubin's students pored over 48,609 lines of code that make up thissoftware. One line in particular stood out over all the rest:#defineDESKEY((des_KEY8F2654hd4" All commercial programs haveprovisions to be encrypted so as to protect them from having theircontents read or changed by anyone not having the key... The line thatstaggered the Hopkins team was that the method used to encrypt theDiebold machines was a method called Digital Encryption Standard(DES), a code that was broken in 1997 and is NO LONGER USED by anyoneto secure programs. F2654hd4 was the key to the encryption. Moreover,because the KEY was IN the source code, all Diebold machines wouldrespond to the same key. Unlock one, you have then ALL unlocked.

...

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Diebold Source Code!!!
Next by Date: [IP] more on DO LOOK AT THE DATE OF THE NYTIMES ARTICLE -- Concurrency in the real world
Previous by thread: [IP] more on Diebold Source Code!!!
Next by thread: [IP] WTO Turns Up Heat on US Online Gambling Ban
Index(es):
- Date
- Thread