Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

More Diebold Voting Machine Security Problems

From: dave () farber net
Date: Thu, 20 May 2004 15:35 -0400


...... Forwarded Message .......
From: EEkid () aol com
To: dave () farber net
Date: Mon, 17 May 2004 18:27:30 -0400 (EDT)
Subj: More Diebold Voting Machine Security Problems

"What we found was that all the [Diebold] voting machines used the same 
secret encryption key code, that the code had never been changed and that 
all of 
the developers had access to it," 

"What I am surprised about, though, is that unlike previous discoveries 
such 
as SDMI or WEP, where the companies changed what they were doing because of 
the papers published, Diebold has done little to fix these problems." 


Profile: Adam Stubblefield

By Niall McKay, Contributing Writer
17 May 2004 | Security Wire Perspectives 

 





Last year, Adam  Stubblefield was driving home from his summer internship 
at 
Microsoft Research in Redmond, Wash., thinking of how to find alternative 
password mechanisms, when it hit him. "I realized that the shape of clouds 
reminded me of objects in the real world," he said. 
He had read that people presented with the same inkblot over a number of 
months said that it reminded them of the same set of words. The same 
technique, 
Stubblefield reasoned, could be used to help people remember forgotten 
passwords. So the college student spent the rest of his summer proving his 
theory, and 
Microsoft filed a patent. The method, it seems, has a better than 95% 
success 
rate, and the software giant is planning to include it in future products. 
Stubblefield, now a second year doctoral student at Johns Hopkins 
University, 
is one of the rising stars in the world of computer security research. At 
23, 
he was the youngest speaker at the IEEE Symposium on Security and Privacy 
in 
Oakland, Calif., last week, where he presented a paper on electronic voting 
technology. 
Computer security has always been his calling. Even as a math undergraduate 
at Rice University, Stubblefield interned at Wang, Xerox's PARC and AT&T. 
He 
reverse engineered MP3.com's Beamit, a digital rights management software 
program, as a freshman. He was part of the team that cracked SDMI digital 
watermarking technology and co-authored a number of academic papers on 
topics from Web 
security to IP traceback. As a senior he also took an academic paper on a 
theoretical hole in the cipher RC4, used for encrypting WiFi (using WEP), 
and 
created an attack. His paper has given rise to use of new ciphers such as 
WPA as 
well as WiFi hacking tools like AirSnort. 
Last summer, it was Stubblefield and UC San Diego's Yosh Kohno working with 
and under the guidance of professors Avi Rubin of Johns Hopkins University 
and 
Dan Wallach of Rice University who produced a report detailing the security 
problems with Diebold's electronic voting system, which created a great 
deal of 
controversy. 
"What we found was that all the voting machines used the same secret 
encryption key code, that the code had never been changed and that all of 
the 
developers had access to it," he said. Other problems with the technology 
have led 
states to reconsider e-voting in the upcoming presidential election. 
Stubblefield dismisses conspiracy theories that surround Diebold. "In some 
ways it's far worse than that, they just did not know what they were 
doing," he 
said. For example, they were able to analyze the Diebold voting machine 
source 
code because the company had accidentally left it on an open FTP server. 
He is uninterested in the political activism that has emerged as a result 
of 
the report. "I do not have a political point of view that I am trying to 
prove. I am just interested in what I can contribute from a technical point 
of 
view," he said. "What I am surprised about, though, is that unlike previous 
discoveries such as SDMI or WEP, where the companies changed what they were 
doing 
because of the papers published, Diebold has done little to fix these 
problems." 
As an undergraduate, Stubblefield was one of the eight researchers that 
cracked SDMI technology. The researchers had taken part in the SDMI public 
challenge in 2001, which offered $10,000 to anybody who could crack one of 
four 
digital watermarking technologies. The team cracked them all but rather 
than take 

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: