With all the problems and flaws in electronic voting machines being
exposed over the past couple months, I'd like to know why there hasn't
been any effort in designing a new voting system from scratch. What does
an electronic voting machine need to be secure and reliable? The effort
almost seems to simple:
- A paper trail with no edit-ability. Perhaps design a system that will
punch, cut and read a ticket that the voter can then instantly verify
before it is dropped into a locked ballot box
- Eliminate removable memory cards.. How can we reprogram the machine
after the election for the next one? There still needs to be
something removable and some tamper-evident stickers and alarms in
place.
- The more simple the code is, the less bugs and security flaws it will
contain
- Have software check itself using checksums, and perhaps implement
microchips to take on the task as well.
- Provide source code to the public. This would give the entire nation
a chance to review the code, and/or audit running code whenever they
feel is necessary
- Random audits and machine checks before the booths open
- Hand count paper ballots and compare with electronic tallies
Then arises the issue of how can a voter know for sure their vote was
counted correctly? I'm still pondering the idea as well... and it seems
there might not be a simple solution. Anyone have any ideas?
Posted by Marcin on Monday, October 30, 2006 in
Links,
Security and
Tech.
Remember the college student who had a website that allowed you to
create fake boarding passes to get past TSA security checkpoints at the
airport? Well, according to his
blog, the FBI raided his home
and left a warrant and a list of items for seizure (anything that could
have been used in making his website, buying airline tickets, and any
other documents regarding airport security).
That was quick... it's unfortunate nobody sees the weaknesses in airport
security, and how it's all just a show (aka "security theater") until
events like these take place. Here is an excellent
post on
Slashdot regarding knowing what the bad guys know.
Posted by Marcin on Sunday, October 29, 2006 in
News.
By now most of you have heard about how easy it is to hack a Diebold
machine, and the blatent security flaws, such as not utilizing
encryption or password protection. Well, HBO will be airing "Hacking
Democracy" a documentary that exposes the vulnerability of computers
used in approximately 80% of our nation's elections. It premieres on
Thursday, November 2 at 9pm. Click
here
for more [HBO: Hacking Democracy]
Posted by Marcin on Monday, October 16, 2006 in
Security.
The Shmoo Group is soliciting papers and presentations for the third
annual ShmooCon.
ShmooCon 2007 has 4 options for speaker submission.:
- One Track Mind - Technical Tales in Twenty Minutes or Less
- Break It! - Technology Exploitation
- Build It! - Inventive Software & Hardware Solutions
- Bring It On! - Open Discussion of Technology & Security Topics
For more, check it
http://www.shmoocon.org/cfp.html
So, interest check... who's going??
Posted by Marcin on Friday, October 13, 2006 in
Links and
Security.
I've been getting some requests for what to look for when doing the
on-site portion of an INFOSEC assessment, and put together a checklist
derived from the 18 baseline classes and categories the NSA has
specified. You can add/remove to this list as you like, it's by no means
"the" checklist as you'll find out in your own environment.
You can download a PDF
here.
Posted by Marcin on Thursday, October 12, 2006 in
Security.
