Log in

No account? Create an account
Diebold - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Diebold [Oct. 17th, 2003|11:37 pm]
Brad Fitzpatrick
Another Diebold article:
As for other patches, Williams said, "We have no idea what Diebold or anybody else does when they go in their warehouse and shut that door."

Williams said they compare the system when it comes out of the Diebold warehouse to make sure it's the same software version that was certified by the ITAs. But he acknowledges that this does not include reading the source code.
Fucking hell, people! Compare digests of the disk image after certification, and right before they're put into public use.

But just checking the "version number" in a dialog box? Gimme a break.

From: ex_kalyan
2003-10-18 07:05 am (UTC)
I dont even know if they have anyone inside who understands security. I dont know if you went though the analysis of their FTP code, serious scary things stand out

1. Hard coded DES defined key in the source code. ( which people got hold off) - note that they use this only to encrypt the poll results

2. the data that it sends to central server is send over dial-up and *without* encryption.

And why is it so painful for them to have paper trail
(Reply) (Thread)
[User Picture]From: whitaker
2003-10-18 12:18 pm (UTC)
hehehe... Diebold was interviewing people on campus the other day. I didn't know who they were though.
(Reply) (Thread)
[User Picture]From: jwz
2003-10-18 12:24 pm (UTC)
Don't be so hard on them, I'm sure they mean well.
(Reply) (Thread)
[User Picture]From: brad
2003-10-18 04:38 pm (UTC)
Perhaps. I suppose some verification is better than none.

Still, I wish we had more technically capable people in all places of government.
(Reply) (Parent) (Thread)
[User Picture]From: jwz
2003-10-18 04:42 pm (UTC)
Sorry, I think my sarcasm wasn't dripping enough...
(Reply) (Parent) (Thread)