Penetration Testing mailing list archives
Pen-testing Diebold's Voting Software
From: "Chuck Herrin" <me () chuckherrin com>
Date: Sat, 13 Nov 2004 16:11:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, Some of you may have seen the reports that Diebold's vote tabulation software was certified to run on a Windows machine without being pen-tested by the certifying organization(?!?!). When I read that, I took blackboxvoting.org up on their challenge to test it myself, and the results are staggering. I was able to change over 11,000 votes in my sample election in just a few minutes, then review the audit logs to make sure there were no traces. The full report, with screenshots and timestamped reports and audit logs, is available at my website, www.chuckherrin.com/hackthevote.htm. It was so easy, I hate to even call it "Hacking". Partisan politics aside - we've got to fix this. Thanks, Chuck Herrin, CISSP, CISA, MCSE, CEH All outgoing correspondence is digitally signed. Lack of a valid signature indicates possible forgery. My public key is available at http://www.chuckherrin.com/ChuckHerrin.asc -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBQZZ4hqbL2AcPBTOlEQKuYQCeOnghpidOET7Ukl4yVPohBls4ssUAn1/n qvMPM8cTxxTaMac95hzjeEow =nQmg -----END PGP SIGNATURE-----
Current thread:
- Pen-testing Diebold's Voting Software Chuck Herrin (Nov 16)