Interesting People mailing list archives
more on Diebold Source Code!!!
From: David Farber <dave () farber net>
Date: Thu, 11 Nov 2004 06:59:21 -0500
Begin forwarded message: From: Larry Tesler <tesler () pobox com> Date: November 11, 2004 1:36:41 AM EST To: dave () farber net Subject: Re: [IP] Diebold Source Code!!! Dave,Simson Garfinkel reported the same discovery over a year ago on your mailing list after he had met with Ted Selker:
"A few months ago, the source code for a voting machine manufactured by Diebold was inadvertently left on a Web site. A group of researchers at Johns Hopkins downloaded the code and analyzed it. They found many software errors and poor design methodology. One of the most glaring problems had to do with encryption: although the computer used the DES algorithm to encrypt the votes, the encryption key was hard-coded into the program and unchangeable. A key that can’t be changed offers little more security than using no encryption at all."
Larry
no confirmation djf Begin forwarded message: From: Jay Fenello <Jay () Fenello com> Date: November 10, 2004 6:58:20 PM EST To: dave () farber net Cc: Ken Deifik <kenneth.d () adelphia net> Subject: Diebold Source Code!!! ...Diebold Source Code!!! --by ouranos (dailykos.com) "Dr. Avi Rubin is currently Professor of Computer Science at John Hopkins University. He 'accidentally' got his hands on a copy of the Diebold software program--Diebold's source code--which runs their e-voting machines. Dr. Rubin's students pored over 48,609 lines of code that make up this software. One line in particular stood out over all the rest: #defineDESKEY((des_KEY8F2654hd4" All commercial programs have provisions to be encrypted so as to protect them from having their contents read or changed by anyone not having the key... The line that staggered the Hopkins team was that the method used to encrypt the Diebold machines was a method called Digital Encryption Standard (DES), a code that was broken in 1997 and is NO LONGER USED by anyone to secure programs. F2654hd4 was the key to the encryption. Moreover, because the KEY was IN the source code, all Diebold machines would respond to the same key. Unlock one, you have then ALL unlocked.
... ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Diebold Source Code!!! David Farber (Nov 11)
- <Possible follow-ups>
- more on Diebold Source Code!!! David Farber (Nov 11)