Still fired up, politically
Sep. 4th, 2003 01:27 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
womzillaBut this issue is nominally non-partisan, so bear with me.
Diebold manufactures electronic voting machines and the software that runs on them. A lot of regions use Diebold machines for their voting.
For several months, reports have been circulating that Diebold's software is slightly less secure than hiding your spare key under the welcome mat which says "Spare Key Not Hidden Under Here".
Well, someone's finally demonstrated it. Jim Marsh (a name previously unknown to me) downloaded Diebold's software ("GEMS") from Diebold's FTP site--which had no password protection--and is distributing it here so that you can see for yourself how insecure it is.
He has a step-by-step explanation of how to use Microsoft's database program Access to get password access to GEMS. It's trivially simple if you can get to the machine the GEMS software is installed on--and note that "get to" doesn't necessarily mean "sit in front of", since all of this software can be run remotely. But you don't even need the password; MS-Access will allow you to manipulate the vote totals with no password necessary. You can freely delete the audit trail (the coded numbers which are supposed to notify GEMS that the numbers have been tampered with) without upsetting GEMS in the slightest. Because of the way that the information is stored in the databases--which is extremely non-standard and suspicious, very similar to using two sets of books to cover your accounting irregularities--it takes a lot of work to notice that vote totals have been manipulated.
This is the death of democracy, folks.
Diebold manufactures electronic voting machines and the software that runs on them. A lot of regions use Diebold machines for their voting.
For several months, reports have been circulating that Diebold's software is slightly less secure than hiding your spare key under the welcome mat which says "Spare Key Not Hidden Under Here".
Well, someone's finally demonstrated it. Jim Marsh (a name previously unknown to me) downloaded Diebold's software ("GEMS") from Diebold's FTP site--which had no password protection--and is distributing it here so that you can see for yourself how insecure it is.
He has a step-by-step explanation of how to use Microsoft's database program Access to get password access to GEMS. It's trivially simple if you can get to the machine the GEMS software is installed on--and note that "get to" doesn't necessarily mean "sit in front of", since all of this software can be run remotely. But you don't even need the password; MS-Access will allow you to manipulate the vote totals with no password necessary. You can freely delete the audit trail (the coded numbers which are supposed to notify GEMS that the numbers have been tampered with) without upsetting GEMS in the slightest. Because of the way that the information is stored in the databases--which is extremely non-standard and suspicious, very similar to using two sets of books to cover your accounting irregularities--it takes a lot of work to notice that vote totals have been manipulated.
This is the death of democracy, folks.
