more on Diebold Source Code!!!

[David Farber <dave () farber net>]

Begin forwarded message:

From: Larry Tesler <tesler () pobox com>
Date: November 11, 2004 1:36:41 AM EST
To: dave () farber net
Subject: Re: [IP] Diebold Source Code!!!

Dave,

Simson Garfinkel reported the same discovery over a year ago on your 
mailing list after he had met with Ted Selker:

"A few months ago, the source code for a voting machine manufactured by 
Diebold was inadvertently left on a Web site. A group of researchers at 
Johns Hopkins downloaded the code and analyzed it. They found many 
software errors and poor design methodology. One of the most glaring 
problems had to do with encryption: although the computer used the DES 
algorithm to encrypt the votes, the encryption key was hard-coded into 
the program and unchangeable. A key that can’t be changed offers little 
more security than using no encryption at all."

Larry

> no confirmation djf
>
>
> Begin forwarded message:
>
> From: Jay Fenello <Jay () Fenello com>
> Date: November 10, 2004 6:58:20 PM EST
> To: dave () farber net
> Cc: Ken Deifik <kenneth.d () adelphia net>
> Subject: Diebold Source Code!!!
>
> ...
>
> Diebold Source Code!!! --by ouranos (dailykos.com) "Dr. Avi Rubin is 
> currently Professor of Computer Science at John Hopkins University. He 
> 'accidentally' got his hands on a copy of the Diebold software 
> program--Diebold's source code--which runs their e-voting machines. 
> Dr. Rubin's students pored over 48,609 lines of code that make up this 
> software. One line in particular stood out over all the rest: 
> #defineDESKEY((des_KEY8F2654hd4" All commercial programs have 
> provisions to be encrypted so as to protect them from having their 
> contents read or changed by anyone not having the key... The line that 
> staggered the Hopkins team was that the method used to encrypt the 
> Diebold machines was a method called Digital Encryption Standard 
> (DES), a code that was broken in 1997 and is NO LONGER USED by anyone 
> to secure programs. F2654hd4 was the key to the encryption. Moreover, 
> because the KEY was IN the source code, all Diebold machines would 
> respond to the same key. Unlock one, you have then ALL unlocked.
...

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/