Thread: OT. Hacking Democracy.
View Single Post
  #3   Report Post  
Posted to rec.woodworking
Greg G. Greg G. is offline
external usenet poster
  
Posts: 478
Default OT. Hacking Democracy.
Fred the Red Shirt said:

On Jan 17, 10:22 pm, Robatoy wrote:
Don't be a fool by pointing at a supposed tinfoil hat. I'm not wearing
one.
There are 9 episodes...... Truly mind-boggling.

http://www.youtube.com/watch?v=GzPXer7946E


Companies that sell movies on DVDs have the option of
including a 'regional code' on the DVD. DVD players also
have a regional code embedded in their firmware. Typically
the regional code in a DVD player can be changed to play
DVDs with a different regional code--but only five times.
After the fifth change the code is 'locked' in on the DVD
player and can only be changed by replacing a chip.

It is not possible to 'hack' a locked DVD player using code
embedded on a DVD, or even through the communications
interface used to control the DVD player or stream the
data.

Actually, there are several programs that allow a DVD drive to ignore
not only the region code, but break the CSS encryption code. There are
also firmware hacks that remove the region code check entirely.
And to demonstrate how secure this multi-million dollar DVD encryption
code engineering faux pas was, it took a 14 year old kid in Finland
about a week to break it - with the advantage of having one key to
work from. (Google DeCSS)

But it is possible to hack many voting machines using code
embedded on the flash card inserted into the machine to record
votes.

As well as other ways, including the tabulator software.

IOW, the regional code protection on a typical DVD player is
MORE secure than the essential software on many of our
voting machines!

Exponentially greater - and that is a thoroughly depressing thought.
I have a copy of the original GEMS tabulator software intended for use
in the FL 2000 election. While they most assuredly have rewritten
parts of it, it was a bad joke. Microsoft Access, no hashing or
encryption or security to speak of. MS Jet engine could directly
manipulate the tabulated votes. Bad stuff.

Were it my job to design a voting machine the first design
decision I would make would be to put the software on an
EPROM so that it could not be hacked without physically
removing the chip from the machine. People smarter than
I, and there are plenty of them, could probably come up
with less expensive intrinsicly secure methods.

Easily, and far cheaper. Dedicated hardware. No chance of
manipulation, till you get to the tabulator...

This leaves me concluding that incompetence alone is
not sufficient to explain why voting machines that can
be hacked by malware embedded on the flash cards are
being used. It is so easy and straightforward to incorporate
intrisic security into such a device that I have to conclude
that an instrinsicly secure design was deliberately rejected
during development.

Getting a product to market quick by a favored vendor so that they
could cash in on the new electronic Vote America mandates. And the
added possibility of subverting the vote. A gleam in their eyes both
ways. Diebold, AIR, still will not release the source for examination
by computer professionals. As a partial nerd, I am outraged. Watch
these guys carefully.

They should have given the job of design to computer science
departments at MIT, et al. Make the money put into education pay
something back to the citizens of the US.

FWIW,

Greg G.
Reply With QuoteReply With Quote