On 1/4/06, Greg Brown <[EMAIL PROTECTED]> wrote: > Oh, yes, this is *exactly* the kind of OS I want on my voting > machines. There's nothing like a crafty SOB to load a meta file of a > candidate into the system that would alter votes entered into the > underlying database. I'm not saying that would even be possible with > this particular vulnerability, but it seems very do-able.
No need for this vulnerability, it appears to be a "feature" of certain electronic voting machines. http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15696.html http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15711.html Most (probably all) of these devices use non-volatile memory to customize them for a particular ballot, in the Diebold machines (and perhaps others) a removable memory device contains both the totals, and PROGRAMS which do things like verifying that the vote totals are clear before the vote, and audit the totals. The Diebold machines which were tested used standard memory cards for which writers are fairly easily obtained. Black Box Voting demonstrated that the machines used in Leon County, FL could be hacked to steal an election with no special access other than that given to precinct workers. It's interesting that the first proof that certain electronic voting machines currently in use can hacked was done with Diebold optical scan machines. Of course a manual recount would expose any fraud, but manual counts aren't normally done, and in most cases as I understand it, jurisdictions normally do recounts of these types of ballots by rescanning. They're now looking at both Diebold touch-screen machines as well as some older machines from other manufacturers. -- Rick DeNatale Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
