Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Diebold Security Foiled Again

Zonk posted more than 7 years ago | from the please-think-then-vote dept.

Security 201

XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"

Sorry! There are no comments related to the filter you selected.

the only thing.. (0, Flamebait)

User 956 (568564) | more than 7 years ago | (#17758358)

Yet again, Diebold has shown their security prowess.

The only thing Diebold is good at securing is victory for the GOP.

Re:the only thing.. (4, Funny)

jfengel (409917) | more than 7 years ago | (#17758380)

Apparently they're not very good at that, either.

Re:the only thing.. (1)

Jeff DeMaagd (2015) | more than 7 years ago | (#17758530)

I think the additional scrutiny made cheating harder to pull off without noticing.

Re:the only thing.. (-1, Troll)

dan828 (753380) | more than 7 years ago | (#17758562)

Funny how all of those "independent" groups were all gearing up to challenge the election results and had allready begun to talk of "irregularities" in the last election. Then, when the as the results came in and it became obvious that the Repubs had had their asses handed to them, no one seemed to be all that interested and any irregularities or supposed disinfranchisment.

Funny how the left only talks about such things when they lose an election, and couldn't care less when they win.

Re:the only thing.. (3, Insightful)

truthsearch (249536) | more than 7 years ago | (#17758652)

Funny how you only seem to be responding to the average media coverage and not the facts. Was no one interested or was the media (even non-mainstream) not interested? Plenty of investigations occurred. You apparently just didn't hear about them.

Re:the only thing.. (1)

dan828 (753380) | more than 7 years ago | (#17758942)

Actually, I'm just talking about the groups and people that make grandious statements and public acusations (Jesse Jackson comes to mind, he was making public statements about how they were going to investigate this and that, then was no where to be seen after the results came in and his guys won).

Anyone with even a bit of intellegence would want independent oversite of elections. But the media whoring, FUD mongering, jackasses on both sides I can do without. In recent years, with the House, Senate, and Whitehouse in Republican hands, that's mostly come from the left, but I have no doubt that the Right will do the same thing in a similar situation. But it's incredibly hypocritical talk about problems with election systems when your guys lose.

Link, please? (0)

Anonymous Coward | more than 7 years ago | (#17759340)

You can't complain about someone not knowing facts if you don't show them where to learn them.

Re:the only thing.. (3, Interesting)

SatanicPuppy (611928) | more than 7 years ago | (#17758654)

It's because the exit polling was a much closer match to the actual results, rather than having substantial irregularities or, as in the case of the 2004 election, actual instances of election fraud.

Having both sides being extremely skeptical of the computer returned election counts is the only thing keeping anyone honest.

No No No (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17758410)

thats simply not true. typical liberal entitlement mentality

Still in business (5, Interesting)

j00r0m4nc3r (959816) | more than 7 years ago | (#17758362)

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

Re:Still in business (2, Funny)

MagicM (85041) | more than 7 years ago | (#17758402)

Why don't they die?

Because they're called Diebold. Not Diebold.

Duh.

Re:Still in business (5, Insightful)

aquabat (724032) | more than 7 years ago | (#17758406)

Two words: Government Contracts.

Re:Still in business (0, Flamebait)

GoodbyeBlueSky1 (176887) | more than 7 years ago | (#17759248)

Another two words: blow jobs

Re:Still in business (1)

Joe The Dragon (967727) | more than 7 years ago | (#17758420)

There ATM's if they where to post the atm key then they may go down fast.

This parent has the answer to the problem (1)

technoextreme (885694) | more than 7 years ago | (#17758610)

There ATM's if they where to post the atm key then they may go down fast.

Thank you. I now remember every atm machine I see is a Diebold machine. I remember specifically that fact if only because of the voting machine problems.

Re:Still in business (5, Interesting)

gstoddart (321705) | more than 7 years ago | (#17758444)

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

That's because they aren't being viewed with a critical eye by the people buying voting machines.

The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are.

Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.

Cheers

Re:Still in business (5, Informative)

drinkypoo (153816) | more than 7 years ago | (#17758448)

What's with Diebold? Why don't they die?

I believe the following will explain: "The company came under fire last year for a letter that Diebold CEO Walden O'Dell wrote as a fundraising pitch to Republicans. In the letter, O'Dell said he was "committed to helping Ohio deliver its electoral votes to the president." Diebold is based in North Canton, Ohio." (http://money.cnn.com/2004/08/30/technology/electi on_diebold/index.htm [cnn.com] )

Frankly no one in power really seems to want a fair election. If they did, they'd be fighting these e-voting machines all the way - as there is absolutely no need for them.

Re:Still in business (3, Insightful)

pilgrim23 (716938) | more than 7 years ago | (#17758774)

In the early 20th century, most cities had Trolly Lines. Most were electric. there was no need for road crowding, smoke billowing Buses. But Detroit realized building buses was a gold mine as long as City planning departments, the Mayor's urban task force and other such public servants could be persuaded to rip up the trolly lines. Thus our public leaders made decisions for the good of us all. The more it changes, the more it stays the same....

Re:Still in business (0)

Anonymous Coward | more than 7 years ago | (#17759484)

"Detroit" had nothing to do with it. At the time, they had more important things to worry about, like making cars fast enough to keep their dealers supplied. As the number of car-owning Americans increased, streets became increasingly crowded. Eventually, it came down to eliminating curbside parking, or ditching the trolleys (both consumed 2 potential traffic lanes). Eliminating parking would have enraged middle-class voters, plus the city's entire entrepreneurial class of small business owners. Eliminating the trolleys sent the poor to buses, and gave middle-class commuters more room to drive.

There's no great conspiracy, folks. Trolleys and cars both competed for twenty foot wide ribbons of travel space, and cars won. The fact is, building light rail down the middle of a street has never, ever, in the history of the entire world, improved driving conditions along that road. *NEVER* It might be touchie-feelie-nice, and it might make mother Earth smile, but it's NOT going to make life any nicer for the drivers who now have to share the road with it, and anyone who claims that it will is being intellectually dishonest.

Light rail REALLY belongs about 250-400 feet to the left or right of major roads... running between the outparcels and main storefronts in plazas, or down the middle of medium- or high-density residential streets a block away from major arterial roads (going up and over, or down and below major arterials it crosses). Far enough from the major road so as to not screw up its traffic flow, and depositing riders right next to the door. In Miami Beach terms, this means running down the middle of Pennsylvania Avenue (residential street a short block ~250 feet west of Washington Ave), not Washington Ave itself.

Re:Still in business (1)

endianx (1006895) | more than 7 years ago | (#17758520)

I don't know, but I was at my bank the other day and on the window there was a Diebold sticker. Made me less eager to hand them my checks.

Re:Still in business (1)

jo42 (227475) | more than 7 years ago | (#17758534)

Because it goes something like this:

"You buy our stuff and we'll do something for you."

Like kickbacks. Or free holiday trips. Or employment at a much higher salary after leaving gov't service. The list goes on...

Re:Still in business (1)

KDR_11k (778916) | more than 7 years ago | (#17758890)

Or, the more obvious offer, having the voting machines favour your party.

Re:Still in business (1)

grant420 (985416) | more than 7 years ago | (#17758574)

The same reason it took the government over 3 years to start handing Iraq contracts to companies besides Haliburton.

Re:Still in business (0, Troll)

pilgrim23 (716938) | more than 7 years ago | (#17758676)

Ever checked your bank balance? Diebold makes ATM machines, and many other accounting and tabulating devices used in modern banking.. Every one of us can point to our bank balance which is $4-$20 off every month, always in the bank's favor. That is, all hundred millions of us...
The only real question is: what is the percentage of the cut?

Stuffing the mattress would be a solution, if only the actual dollar could maintain the same value it had last Tuesday....

Re:Still in business (1)

LinuxGeek (6139) | more than 7 years ago | (#17758800)

Hmmm, you may want to change banks. My account balance is always accurate, with two different banks. I don't know anyone that has a consistent problem with their account balance.

Re:Still in business (1)

pilgrim23 (716938) | more than 7 years ago | (#17758996)

I have WORKED in a bank. and I do/did....THOUSANDS.

Re:Still in business (1)

operagost (62405) | more than 7 years ago | (#17759668)

Every one of us can point to our bank balance which is $4-$20 off every month, always in the bank's favor. That is, all hundred millions of us...

Learn how to balance a checkbook.

You clearly don't even know what kinds of products Diebold makes for banks. They don't sell core processing software, thus it is unlikely that they could slipping "$4-20" out of your account every month, unnoticed. Can you say, "Superman III?"

Re:Still in business (5, Funny)

Anonymous Coward | more than 7 years ago | (#17758750)

"DieBold, Die" is German for "The, Bold, The" - Bob

Re:Still in business (1)

chord.wav (599850) | more than 7 years ago | (#17758854)

1 - It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again.

Question: How can these guys still be in business?
Answer: See point 1

Re:Still in business (1)

operagost (62405) | more than 7 years ago | (#17759594)

Maybe it's because Diebold has other lines of business. Or did you think they popped out of the ground yesterday?

This only makes me more puzzled, really, when I see what kind of impenetrable tanks they use to store money (cash dispensers and ATMs) but they use flimsy pre-teen diary locks on voting machines.

DieBold Security..... (5, Funny)

Prysorra (1040518) | more than 7 years ago | (#17758374)

To Boldy die where no security has died before!

Its from the please-think-then-vote dept. (-1, Troll)

antifoidulus (807088) | more than 7 years ago | (#17758376)

Those rules would make voting totally unfair to Republicans!

Karma to burn!

Re:Its from the please-think-then-vote dept. (1)

dan828 (753380) | more than 7 years ago | (#17758428)

Yeah because in the last elec......um......the election before the last one, there were voting irregularities!!

Re:Its from the please-think-then-vote dept. (5, Informative)

PeeAitchPee (712652) | more than 7 years ago | (#17759158)

Perhaps you can explain why Maryland's previous Republican governor Robert Ehrlich fought against the Diebold machines tooth and nail, even asking for millions of dollars instead to support a traditional election process, only to have them rammed down his throat by the (Democratic) MD legislature and state board of elections? Our state elections administrator, Democrat Linda H. Lamone is still fighting their removal and even against adding a paper trail! [gazette.net] Hell, she doesn't even want printers because she says adding printers to the existing equipment "would disrupt the voting system."

If you think the Republicans are the only ones who want to use Diebold machines to manipulate votes, you're an idiot.

MOD PARENT UP? (0)

Anonymous Coward | more than 7 years ago | (#17759550)

What's there to explain? Who they say they are doesn't matter when they try pulling this kind of shit. I'm a registered Democrat but I don't want to be affilliated with Lamone just the same as I don't want to be affilliated with whatshisname Jefferson (Demo rep, IIRC, from Lousianna) caught with thousands of dollars in his freezer. I want these people the fuck out of my party and the fuck out of congress. They are not doing this country any favors.

National Election Commision (5, Insightful)

ghoul (157158) | more than 7 years ago | (#17758384)

The way to get rid of election controversies is to have a national election commission like in India. India has a lot more voters than the US and a much lower level of education but it manages to pull off general elections a lot more cleanly and fairly just because the standards are same for all elections and all precincts. The decentralized form of elections might have made sense for the age of horse coaches but in the age of internet it is not too tough to have thge same standards everywhere in the US

Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

Re:National Election Commision (2)

ghoul (157158) | more than 7 years ago | (#17758456)

BTW the last Indian general election was an all electronic election with EVMs used in all precincts.

Re:National Election Commision (1)

truthsearch (249536) | more than 7 years ago | (#17758486)

The problem isn't the decentralized standards. Once they're centralized the standards will probably still be inadequate.

Re:National Election Commision (4, Insightful)

Midnight Thunder (17205) | more than 7 years ago | (#17758488)

Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

In many ways Diebold et al. are all showing symptoms of not realising that they are trying to add technology to the wrong part of the process. In many ways the punch card system or optical card reader systems are the better systems, since the paper trail exists before the vote is taken into account: WYSIWYG. The proposed solutions provide a paper trail as a result of the process, if at all. The problem with this is that the paper trail may not be a result of what you inputted.

Remember just because technology can be used for a process, it does not necessarily mean that technology is needed for the process. Technology is there to make a complex task simple, not the other way round.

Re:National Election Commision (1)

cdrguru (88047) | more than 7 years ago | (#17758906)

Yes, but...

You are talking about one more area where the federal government intrudes, takes over and replaces a function that is left to the states now. This is not just a little troublesome for some people. The "War Between the States" was essentially over state's rights in one form or another. You should be prepared to believe that many states do not like losing out to the federal government powers that they have held for 200 years and will call out the National Guard (a state militia) to defend their powers.

You might get it elevated from a county to a state level, but that is as far as it is going to go. Today it is that way in many states already so it wouldn't be that big a leap. But no way could it be taken away from the states.

Re:National Election Commision (1)

MichaelSmith (789609) | more than 7 years ago | (#17759018)

You might get it elevated from a county to a state level, but that is as far as it is going to go.

As with the Indian example we have a federal election commission in Australia, and it works very well. Votes are cast by pencil on paper, counted by casual workers, and the count is mostly finished in a couple of hours. Manual counting doesn't really cost anything because the same people who do the counting are also needed to man the polling places during the day.

I can't see how any kind of count or survey could be done by using different equipment or methodology in every county. Nobody would trust the result if that was done. For federal elections at least the exact same proceedures must be used everywhere, otherwise you would never trust the result.

Diebold Machines Are Safe (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#17758412)

Diebold voting machines are safe. We have so many political hacks and anarchists in our ranks who want to go back to the really insecure paper ballots, that Diebold is scrutinzied for every mistake that they make.

In effect, a closed source Diebold has been put through the ringer.

Now if Diebold would only change their name to Microsoft, we'd have a twice as many wannabees purposely hacking their stuff to fullfill their Freudian need for acceptance.

Re:Diebold Machines Are Safe (1)

MECC (8478) | more than 7 years ago | (#17758664)

Diebold voting machines are safe.

Even whey they publish openly all but explicit instructions on how to break into them. This may be a good thing, however, since it may compel them to actually put good locks on their machines. Probably not, though. As per the usual closed-source mentality, they'll just take the pic down and somehow believe that will somehow make the problem go away. Security through obscurity never works.

In effect, a closed source Diebold has been put through the ringer.

Perhaps, but not the PHBs.

Re:Diebold Machines Are Safe (0)

Anonymous Coward | more than 7 years ago | (#17759106)

Safe? Safe?

Safe how? Like, a parked car oppose to a one possessed and gunning its engine to encourage you to run so it can run you down in a more sporting fashion?

While troll you obviously are, let's just cover the problems with e-voting...

1) Making a ton of ballots disappear takes longer to do, requires more people to do it, and will leave evidence SOMEWHERE compared to changing some data on a flashcard.

Actually, that's all the reason I need to want paper ballots. Oh, there's probably other reasons but isn't that one a big enough problem to kinda think, "Whoa, that makes it way too easy!"

Re:Diebold Machines Are Safe (1)

Trails (629752) | more than 7 years ago | (#17759180)

Yeah, it's the anarchists! And the commies! And the terrorists! And Kin Jong Il! And Mahmoud Ahmadieboldsucksdonkeyballsinejad! They all want to hax0|2 Diebold, and elect the democrats!

Google (4, Informative)

Daemonstar (84116) | more than 7 years ago | (#17758424)

Diebold has removed the offending picture
However, it remains (scaled down) in Google's image cache. :) Might not be of much use, but it is there.

Re:Google (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17758812)

Not only that, but the structure of the key has already been compromised. The only 'secure' answer here would be a recall of all Diebold machines which can be opened by that key. Every last one of them.

Sigh.

Re:Google (0)

Anonymous Coward | more than 7 years ago | (#17758970)

This thread is useless without pictures.

Re:Google (0)

Anonymous Coward | more than 7 years ago | (#17759030)

Then get off your lazy ass and find it! It's the Internet; you can find everything on the Internet! Haven't you figured that out, yet? Geez!

Re:Google (2, Funny)

mastershake_phd (1050150) | more than 7 years ago | (#17759442)

Then get off your lazy ass and find it! It's the Internet.....

You mean- Then sit on your lazy ass and find it! It's the Internet!

New Vendor (2, Interesting)

Divebus (860563) | more than 7 years ago | (#17758426)

It's time to look at some other vendor for voting machines and whatever else they make. Our future is too important to leave to stumbling bumblers like that. Anything can be defeated but shouldn't be as easy as this.

Security through... (4, Funny)

griffjon (14945) | more than 7 years ago | (#17758484)

Hey, at least we know they're not relying on security through obscurity!

This is a security company? (4, Insightful)

Schraegstrichpunkt (931443) | more than 7 years ago | (#17758498)

Do they even have any security-minded people working at this company? Publishing a picture of a real key is an understandable mistake, but why does the same key open every single voting machine?

Re:This is a security company? (1)

truthsearch (249536) | more than 7 years ago | (#17758840)

Publishing a picture of a real key is an understandable mistake

How? I've never heard of anyone ever intentionally taking a picture of a key. And if it's a master key it's absolutely not an understandable mistake.

Re:This is a security company? (1)

cdrguru (88047) | more than 7 years ago | (#17758846)

Can you actually imagine the operational nightmare that would ensue if every machine had a unique key?

Ignoring the potential for screwups in distribution (machine ships with no key, machine ships with wrong key), you have the wonderful situation of a large county (like Cook County, IL) with 10,000 machines and 10,000 unique keys.

Of course, you cannot access the machine to do anything without the single, unique, correct key.

I am sure that unique keys would be much, much worse than one key fits all.

Re:This is a security company? (1)

Headcase88 (828620) | more than 7 years ago | (#17759464)

You're acting like there's one person who manges all of the voting machines in the entire state who would need a ring of 10 000 keys for this to work.

Cars have (effectively) unique lock, individual rooms in many building each have unique locks, little padlocks that are sold for $1 at school supply stores come with (sort of) unique locks. Hell, I'll bet even paper ballot boxes each have unique locks.

Diebold machines have poor security, the gov't doesn't care. Those who care can vote for someone else. Oh wait.

Re:This is a security company? (1)

e4g4 (533831) | more than 7 years ago | (#17759478)

I agree that a unique key for each machine would be a logistic nightmare, but a single key that can open every machine used in the US? That's a disaster waiting to happen. A reasonable solution would be a single key for every 10-20k units, or perhaps even more.

Re:This is a security company? (4, Funny)

SatanicPuppy (611928) | more than 7 years ago | (#17758892)

When you've only got seconds to doctor the votes, you can't be fumbling around with a big keychain.

Jeez. I'd have thought that was obvious... ;)

Re:This is a security company? (1)

MichaelSmith (789609) | more than 7 years ago | (#17759040)

why does the same key open every single voting machine?

I am pretty sure that the same flat head screwdriver would open each of those locks as well.

Re:This is a security company? (1)

PitaBred (632671) | more than 7 years ago | (#17759224)

But the key will open it without anyone knowing that it was done, which is the whole trick to rigging something. You don't want anyone to know it's been tampered with.

Re:This is a security company? (1)

drinkypoo (153816) | more than 7 years ago | (#17759054)

A better question would be why are they using a key? We all know that a simple key lock is not suitable security. You can defeat locks through bumping or picking. Or if you can get multiple people onto the same voting machine in sequence, one can spray into the lock, another can insert a blank and wiggle it, the key can then be cut out from the marks, and then the key can be brought back in and used. A key is simply not any kind of security whatsoever. It would make more sense just to put time locks on them. Or to use a digital security system using a smart card... Like the picture they replaced the keys with :D

It's a pin-based lock? (5, Informative)

RyanFenton (230700) | more than 7 years ago | (#17758516)

As long as it's a normal lock, like 90+% of the locks out there (likely including your own front door), then Lock bumping [wikipedia.org] is going to allow just about any person, regardless of skill, to defeat the lock using extremely simple tools, in a matter of seconds, likely with no signs of intrusion at all.

Ryan Fenton

Re:It's a pin-based lock? (2, Informative)

morgan_greywolf (835522) | more than 7 years ago | (#17758936)

And if it's not an it uses a registered or otherwise restricted key blank, like, say, a mailbox or P.O. Box key, then bumping is next to impossible because you simply can't get a blank without permission.

Re:It's a pin-based lock? (1)

drinkypoo (153816) | more than 7 years ago | (#17759004)

And if it's not an it uses a registered or otherwise restricted key blank, like, say, a mailbox or P.O. Box key, then bumping is next to impossible because you simply can't get a blank without permission.

All I need is one cut key and an upright mill and I can make as many blanks as you want. How many do you need? You can score a nice BIG bridgeport upright mill on ebay, typically with some tooling, for around $1500 plus an obscene charge for shipping something that heavy. And you'll need three phase power or a converter to hook it up... so you're looking at under $3000 for a piece of equipment that will let you make any kind of key blanks you want provided you have even a cut key to measure from.

Re:It's a pin-based lock? (1)

morgan_greywolf (835522) | more than 7 years ago | (#17759042)

You, uh, also have to know how to operate a bridgeport upright mill.

Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

Re:It's a pin-based lock? (2, Insightful)

bhsx (458600) | more than 7 years ago | (#17759182)

Yeah, I guess if you were really serious about trying to rig an election it'd be hard to find someone with those skills... Oh wait...

Re:It's a pin-based lock? (2, Interesting)

drinkypoo (153816) | more than 7 years ago | (#17759192)

Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

Last I checked, it was called "milling", not "bridgeport operating". And you can go to a community college and gather the requisite skills in a three unit, one-semester class. Frankly milling is not very hard, it's not even slightly hard. The hardest part is remembering which way the table will move when you turn the crank.

In fact it's probably harder to get accurate measurements with which to make your own key than it is to actually make the key.

Frankly you don't even need to take a class. Everything you need to know is in the Machinery's Handbook [amazon.com] , which is why it has over 2600 pages. All you need to know about appropriate cutting tools for different materials, feeds and speeds, it's all in there. It gives you the formulas AND the numbers to plug into them. But if you take that route, you will spend more time noodling around and fucking up than if you just take a class. Regardless, I received very little instruction on the vertical mill and was able to turn out some cute little parts that had no particular utility but were within half-a-thousandth tolerances. (We had learned the basics on the lathe. Most of the concepts are the same.)

Find a tool and die maker (1)

vinn01 (178295) | more than 7 years ago | (#17759292)

There are plenty of tool and die makers around. I could order a few blanks ^W, - I mean custom metal parts, for a hell of a lot less than $3,000.

Re:Find a tool and die maker (1)

drinkypoo (153816) | more than 7 years ago | (#17759356)

I'm just pointing out that the technology is neither expensive nor hard to acquire. I'm aware that there are already people out there who have the technology. If you make the blanks yourself, though, you eliminate other people from the mix. You keep a secret by not telling anyone and there's a zillion legitimate business uses for a milling machine.

Re:It's a pin-based lock? (0)

Anonymous Coward | more than 7 years ago | (#17759144)

Pshah. They should do like I did and just install a keyless deadbolt.

What's that, you say? Speak up. I can't hear you. Something about you can't put a keyless deadbolt on the inside of a voting machine?

'Tis a mere formality. You're just not using small enough technicians.

Re:It's a pin-based lock? (1)

pigwiggle (882643) | more than 7 years ago | (#17759390)

Doubt it's a pin based lock. It's a cam lock, which is most likely a wafer based lock. However, wafer locks are real easy to pick, so ...

Undaunted (4, Funny)

imaginaryelf (862886) | more than 7 years ago | (#17758526)

Our hero copied the smartcard from their photo on the website and keyed in the password 12345, the master password that unlocks all diebold machines.

Re:Undaunted (2, Funny)

ptbarnett (159784) | more than 7 years ago | (#17758600)

Our hero copied the smartcard from their photo on the website and keyed in the password 12345, the master password that unlocks all diebold machines.

1 2 3 4 5? That's amazing! I've got the same combination on my luggage!

Re:Undaunted (1)

The MAZZTer (911996) | more than 7 years ago | (#17759150)

I used to on mine as well, but I foiled any potential hackers by changing it to 5 4 3 2 1! HA!

Re:Undaunted (1)

Goaway (82658) | more than 7 years ago | (#17758978)

You know, if you look at the photo of that key, it sure looks a lot like it encodes a value very similar to "12345".

What concerns me even more (4, Informative)

Iphtashu Fitz (263795) | more than 7 years ago | (#17758528)

... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...

Re:What concerns me even more (2, Funny)

Stripe7 (571267) | more than 7 years ago | (#17758686)

Maybe that is how they stay in business. :D

Re:What concerns me even more (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17758752)

What, are you serious? You think they'd ever put out a system that would lose them money? Sure, every once in a while you hear about an ATM that had the factory default password still in place or took some common key but those are usually the fault of lazy/incompetent banks. Well, maybe not with the key.

But think about it, how often is it that anything errs in your favor? Bank magically gives you an extra $20? Phone company charges you at half rate?

Remember that story about the ATM that was pumping out $20s in place of some other bill? Free money right? Except they had records of every transaction.

If you want to worry about your bank account, place your worries on those holding your money.

Re:What concerns me even more (2, Insightful)

wpegden (931091) | more than 7 years ago | (#17758898)

No, fear not. Like you, the people up top are much more concerned about correctly counting pennies than votes. Rest assured, your bank account is much more secure than any of your "freedoms" or "rights".

Re:What concerns me even more (1)

zakezuke (229119) | more than 7 years ago | (#17759000)

... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...

I would *think* if someone managed to open an ATM, I think the money would be the first thing to grab. I don't know how much cash your average cash machine holds but
http://www6.diebold.com/gssssps/pdfs/DBD_ATM_Cash_ Mgt_PC.pdf [diebold.com]
Diebold machines do employ cash maangement, making sure to keep track of how much is needed.

Besides, and pointed out in other slashdot articals, phishing schemes seem to be most effective.

Re:What concerns me even more (0)

Anonymous Coward | more than 7 years ago | (#17759682)

... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...
Not that this is any excuse for Diebold as a whole, but the entire e-voting company was formally known as Global Elections Systems before Diebold purchased them in 2002.

Diebold made ATM systems long before that and they remain among the safest publicly accessible machines around. Especially when you consider they're full of money.

The decision to purchase GES was a pure money play by Diebold.

According to those in the industry, GES was pretty shady/sloppy/arrogant before. Diebold was only interested in getting the huge government contracts mandated by the HAVA (Help America Vote Act) after the...ahem...interesting presidential election in 2000. They allowed GES to run as they have before as their own entity.

It's no surprise the problems continued.

Isn't this... (1)

SnarfQuest (469614) | more than 7 years ago | (#17758552)

Isn't this the same key that will open mini-bars?

I think the hotel owners should be able to sue over this release.

Re:Isn't this... (3, Interesting)

Physics Dude (549061) | more than 7 years ago | (#17758956)

Isn't this the same key that will open mini-bars?



Yes. From the article:

" ... and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes."


Bait and switch? (1, Informative)

Anonymous Coward | more than 7 years ago | (#17758564)

Did anyone else notice that the key used to open the machine in the video is significantly different than the keys in the photo?

Winner (5, Funny)

liak12345 (967676) | more than 7 years ago | (#17758650)

This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.
Diebold just won the golden "Are You Fucking Kidding Me?" Award of 2007.

Re:Winner (4, Funny)

imsabbel (611519) | more than 7 years ago | (#17759262)

Dont they every year?

Diebold's slogan is "We Won't Rest" (1)

8127972 (73495) | more than 7 years ago | (#17758662)

..... So will they not rest until our security is completely compromised?

Fear not, indeed (4, Funny)

ReverendLoki (663861) | more than 7 years ago | (#17758672)

But fear not, Diebold has removed the offending picture [CC], replacing it with a picture of their digital card key.

Using this picture as a base, I have crafted three digital card keys...

Anyone (1)

Dude163299 (906461) | more than 7 years ago | (#17758684)

Anyone else in the Slashdot community up to making a real voting machine, an ATM machine if we get bored. I'm pretty sure we won't make that many slip ups. After all they set the bar low for us.

Hmm I wonder if this be modded Troll, or Insightful, or mabey have replies "Sad, but true".

diebold: dumber than you can measure (1)

swschrad (312009) | more than 7 years ago | (#17758734)

these guys cannot accidentally conjure up this many screwups in a row. it has to be by design. the interesting question is, what are they pulling while we're laughing ourselves onto the floor over this butch?

hillary vs cheney, perhaps, in 2008?

Summary title fix: (0)

rts008 (812749) | more than 7 years ago | (#17758784)

Must be a typo- here's the fix:

"Diebold foils security again"

There, that's more accurate.

Your welcome!

Re:Summary title fix: (0)

Anonymous Coward | more than 7 years ago | (#17759394)

You're welcome.

Its Amazing (0, Troll)

JustNiz (692889) | more than 7 years ago | (#17758794)

How many total F-ups this company can make, how many times their claim they fix their security and it's proven still broken, or worse, how strangely it seems that all the states using Diebold machines have developed a strange skew towards a high Republican vote count, ...and still the government will use their equipment.

Re:Its Amazing (1)

Runefox (905204) | more than 7 years ago | (#17759264)

And the current government is...?

Could be worse (1)

Jon Luckey (7563) | more than 7 years ago | (#17759070)

It could have been this Diebold key that provided access

http://images.google.com/images?svnum=10&hl=en&lr= &q=GS-567331-1000_d.jpg&btnG=Search [google.com]

At least with the key under discussion, one had to do some metal work to duplicate it from a photo.

For the key in that image, I suspect that the same trick using a bic pen [wired.com] to open that kind of lock would work.

Hmm.... I wonder what that GS-567331 was supposed to open..... The page isn't working right now :)

Florida House 13 (5, Interesting)

bloodstar (866306) | more than 7 years ago | (#17759136)

Why are people ignoring what is going on in Florida House District 13?

The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).

There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.

Links Below:
http://www.heraldtribune.com/apps/pbcs.dll/section ?CATEGORY=NEWS0521&template=ovr2 [heraldtribune.com]
http://en.wikipedia.org/wiki/Florida's_13th_congre ssional_district [wikipedia.org]
http://www.verifiedvotingfoundation.org/article.ph p?id=6423 [verifiedvo...dation.org]
http://www.cqpolitics.com/2006/12/the_cqpolitics_i nterview_chris_1.html [cqpolitics.com]

its rather upsetting... (1)

Grinin (1050028) | more than 7 years ago | (#17759364)

Having read enough about black box to know that it would extremely simple to rig any election in any district at any given time is just so frustrating. It completely nullifies our "democratic" system if anyone can tamper with these machines, and worse, rig an election whether local or presidential. Honestly, is there anything we can do?

The government regulates which companies get to "approve" the legitimacy or the votes themselves as well as the security of these machines, and recently banned a research company from giving their approval on the machines at all.

What kind of methods could we put in order to ensure that our government functions less corrupt. I mean, having these machines with such vulnerabilities and flaws in a political environment is like asking your child not to eat their Halloween candy, no?

Living up to the name (2, Funny)

Anon-Admin (443764) | more than 7 years ago | (#17759402)

Determining
  Inaugural
  election
  Ballot
  Outcome (on)
  Lousy
  Data

DIEBOLD :)

You're barking up the wrong tree (3, Interesting)

inviolet (797804) | more than 7 years ago | (#17759620)

This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.

Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.

So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?