Interesting People mailing list archives
More Diebold Voting Machine Security Problems
From: dave () farber net
Date: Thu, 20 May 2004 15:35 -0400
...... Forwarded Message ....... From: EEkid () aol com To: dave () farber net Date: Mon, 17 May 2004 18:27:30 -0400 (EDT) Subj: More Diebold Voting Machine Security Problems "What we found was that all the [Diebold] voting machines used the same secret encryption key code, that the code had never been changed and that all of the developers had access to it," "What I am surprised about, though, is that unlike previous discoveries such as SDMI or WEP, where the companies changed what they were doing because of the papers published, Diebold has done little to fix these problems." Profile: Adam Stubblefield By Niall McKay, Contributing Writer 17 May 2004 | Security Wire Perspectives Last year, Adam Stubblefield was driving home from his summer internship at Microsoft Research in Redmond, Wash., thinking of how to find alternative password mechanisms, when it hit him. "I realized that the shape of clouds reminded me of objects in the real world," he said. He had read that people presented with the same inkblot over a number of months said that it reminded them of the same set of words. The same technique, Stubblefield reasoned, could be used to help people remember forgotten passwords. So the college student spent the rest of his summer proving his theory, and Microsoft filed a patent. The method, it seems, has a better than 95% success rate, and the software giant is planning to include it in future products. Stubblefield, now a second year doctoral student at Johns Hopkins University, is one of the rising stars in the world of computer security research. At 23, he was the youngest speaker at the IEEE Symposium on Security and Privacy in Oakland, Calif., last week, where he presented a paper on electronic voting technology. Computer security has always been his calling. Even as a math undergraduate at Rice University, Stubblefield interned at Wang, Xerox's PARC and AT&T. He reverse engineered MP3.com's Beamit, a digital rights management software program, as a freshman. He was part of the team that cracked SDMI digital watermarking technology and co-authored a number of academic papers on topics from Web security to IP traceback. As a senior he also took an academic paper on a theoretical hole in the cipher RC4, used for encrypting WiFi (using WEP), and created an attack. His paper has given rise to use of new ciphers such as WPA as well as WiFi hacking tools like AirSnort. Last summer, it was Stubblefield and UC San Diego's Yosh Kohno working with and under the guidance of professors Avi Rubin of Johns Hopkins University and Dan Wallach of Rice University who produced a report detailing the security problems with Diebold's electronic voting system, which created a great deal of controversy. "What we found was that all the voting machines used the same secret encryption key code, that the code had never been changed and that all of the developers had access to it," he said. Other problems with the technology have led states to reconsider e-voting in the upcoming presidential election. Stubblefield dismisses conspiracy theories that surround Diebold. "In some ways it's far worse than that, they just did not know what they were doing," he said. For example, they were able to analyze the Diebold voting machine source code because the company had accidentally left it on an open FTP server. He is uninterested in the political activism that has emerged as a result of the report. "I do not have a political point of view that I am trying to prove. I am just interested in what I can contribute from a technical point of view," he said. "What I am surprised about, though, is that unlike previous discoveries such as SDMI or WEP, where the companies changed what they were doing because of the papers published, Diebold has done little to fix these problems." As an undergraduate, Stubblefield was one of the eight researchers that cracked SDMI technology. The researchers had taken part in the SDMI public challenge in 2001, which offered $10,000 to anybody who could crack one of four digital watermarking technologies. The team cracked them all but rather than take ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- More Diebold Voting Machine Security Problems dave (May 20)