March 18, 2004

Losing All Trust In Diebold

Note to any computing device manufacturer still not paying attention:

Sooner or later someone will mess with your machine. When that happens what do you want your product to do?

a. Fail gracefully
b. Blow up a la mission impossible
c. Let college students play music

Apparently it's not bad enough that Diebold's voting machines have been dragged through the press lately. Next stop Diebold ATM machines. Should a purpose build machine really be running an general purpose operating system??

This email from Carnegie Mellon via Dave Farber's IP list:

>From: Carla Geisser <@andrew.cmu.edu>
>Subject: For your amusement: Broken ATM
>
>A Diebold ATM in Baker hall just crashed, and dropped to a Windows XP
>desktop.
>
>Several intrepid students started Windows Media player, and it was playing
>a variety of music with a nice visualizer.
>
>So much for security...
>
>Photos:
>http://www.coed.org/photodb/folder.tcl?folder_id=3334
>
>Movies (with audio):
>http://yogi.pdl.cmu.edu/~cgeisser/photos/
>

Posted by Abner at 02:42 PM | Comments (0)

March 03, 2004

More takes on e-voting

Avi Ruben, of Diebold voting machine penetration testing fame writes about his experience as an election judge. Election officals and voters love a new technology that was not designed with a decent threat model.

In other news voting machines in several towns didn't boot up this morning.

Posted by Abner at 02:45 PM | Comments (0)