[ale] OT: man in the middle on diebold machines

Bob Toxen transam at VerySecureLinux.com
Wed Sep 28 20:20:58 EDT 2011


On Wed, Sep 28, 2011 at 04:59:51PM -0400, Michael H. Warfield wrote:
> On Wed, 2011-09-28 at 15:38 -0400, Cameron Kilgore wrote: 
> > I still wonder the need to complicate and put at risk the reliability
> > of our one measure of democracy. Paper ballots seem more reliable and
> > less prone to a politician's whim.

> On that, we may have to agree to disagree.
Yes, we will.  Paper ballots as currently done in most of the honest
world is VERY hard to cause deliberate widespread fraud and the
accidental error rate is very low.

The "hanging chads" were an error rate of about 0.5% and much of that
was due to elderly too infirm or to senile to properly use them.  The
former (infirm) were allowed to have assistants.  I'm not sure the
senile are legally allowed to vote and if so probably vote more or less
randomly (no disrespect is meant).

> On one hand, there have certainly been sufficient examples of "hanging
> chads" and misplaced bags of ballots and ballot count mismatches to
> argue that paper ballots are neither reliable nor less prone to a
> politician's will.
I'll take the 0.5% hanging chad error rate over the potential 100% error
rate of the insecure DRE machines.

> OTOH, there have been proposals for voting protocols down through the
> years which can insure authenticity and authorization while preserving
> anonymity while still providing end to end verification and auditing
> confirmation.  I've seen some such proposed at security conferences such
> as NDSS, Usenix Security Symposium, and RSA over the last decade or so.
> We know how to do it right.
Until then there is paper.

> The problem is that these protocols are "open" and, as such, can not be
> held for ransom by companies wanting to leverage the maximum number of
> tax dollars out of pockets for their proprietary solutions and they are
> too good for those people who don't want something that good...
Yup.  Bush wanted DRE for the money his buddies made not for committing
fraud (IMO AFAIK).

> We can agree that the current field of voting machines are an abysmal
> and embarrassing lot of junk that should have been rejected out of hand
> by anyone with any respect for the institution.  Trouble is, that's not
> those with the vested interests.
Yup.  Junk 'em and bring back trustworthy, reliable, and cheap paper!

> Regards,
> Mike
Bob

> > --Cameron <http://ghostfreeman.net>
> > 
> > 
> > On Wed, Sep 28, 2011 at 3:34 PM, Geoffrey Myers <lists at serioustechnology.com
> > > wrote:
> > 
> > > Anyone else catch this?
> > >
> > >
> > > http://hardware.slashdot.org/story/11/09/28/0241201/man-in-the-middle-remote-attack-on-diebold-voting-machines
> > >
> > > --
> > > Later, Geoffrey
> > > Sent from my iPhone
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
Quality spam and virus filters.

"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond where
the shadows lie...and the Eye is everwatching"
-- The Silicon Valley Tarot Henrique Holschuh with ... Bob


More information about the Ale mailing list