Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

What are the ripple effects of the Husti Hack?

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Topic Forums » Election Reform Donate to DU
 
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Mar-04-06 10:30 PM
Original message
What are the ripple effects of the Husti Hack?
Doing some research here... help me out if ya can. just trying to get a list of actions that have taken place at least indirectly as a result of the Hursti Hack. I would like to organize it by state, so please put the name of the state in the subject if you reply.

It doesn't matter how big or small the action is. For example, in Vermont I was able to get a cover story article printed in the Burlington newspaper, and I really think the Hack gave my argument enough credibility that they were willing to cover the story.

On the other end of the spectrum... there are big actions like what happened in California...

I don't need a lot of details, just the general idea... (although people are welcome to discuss it more here if they want to).

thanks

Printer Friendly | Permalink |  | Top
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Mar-04-06 10:31 PM
Response to Original message
1. California - Diebold temporarily de-certified
Edited on Sat Mar-04-06 10:40 PM by garybeck
Secretary of State McPherson temporarily decertifies Diebold. Orders inependent review of the software code, which confirms the vulnerability and declares the machines are not compliant with 2002 Standards.
Printer Friendly | Permalink |  | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 03:57 AM
Response to Reply #1
7. CA: I'm still not clear on this.
Edited on Sun Mar-05-06 04:02 AM by Wilms
Both the Berkeley and Ciber reports confirm the vulnerability.

But neither declares the machines are not compliant with 2002 Standards. In fact, they're not mentioned at all.

There are letters between the SoS and Diebold, that do not mention it.

The reports themselves state the objective of the reviews, and neither claims that it is to determine if the system meets the 2002 VVSG.

They all skirted the issue....

Until McPherson mentioned it in his temp/cond cert., and skirted it some more.

It says that the machines have to meet the standard, and that HAVA compliance ($) could be at issue.

But who will go after counties that purchase equipment that don't meet the standard, but have been certified?

So far, I'm aware of a few CA counties that say they'll use the stuff. And I posted an article of a county that was looking for an alternative so as not to get caught holding the bag.

Printer Friendly | Permalink |  | Top
 
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 10:42 AM
Response to Reply #7
12. it says right in the Berkeley report
"Interpreted code is contrary to standards: Interpreted code in general is prohibited by the
2002 FEC Voluntary Voting System Standards, and also by the successor standard, the EAC's
Voluntary Voting System Guidelines due to take e ect in two years. In order for the Diebold
software architecture to be in compliance, it would appear that either the AccuBasic language
and interpreter have to be removed, or the standard will have to be changed."

I think that's pretty clear?


One thing that I think is confusing about the report is that it says it would only take a "few hours" to fix the problems. However, I think they are specifically referring to the *bugs* they found, which are a separate issue than the interpreted code. That's my take.

You question is good though- supposedly McPherson said that one of the conditions of the certification is that they have to be compliant with the 2002 standards. If that's the case, the would have to remove the interpreted code completely, not just fix the bugs.
Printer Friendly | Permalink |  | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 01:05 PM
Response to Reply #12
14. Ouch. In what section did you find the referrence to the VVSG?
Of course I can't find the downloaded pdf AND the CA SoS site is down right now.

Printer Friendly | Permalink |  | Top
 
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 09:32 PM
Response to Reply #14
16. the PDF is right at the TOP of my website my friend
Printer Friendly | Permalink |  | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 03:02 PM
Response to Reply #12
15. The VSTAAB snip you offered is on pg 3 of that report. There was another.
Page 35

There are also good arguments for eliminating AccuBasic interpreted code entirely from voting system software. The FEC 2002 Voluntary Voting System Standards expressly forbid interpreted code in section 4.2.2. Perhaps the standard writers had in mind forbidding only powerful, interpreted programming languages, such as Visual Basic, and not relatively benign and limited rendering languages such as HTML. AccuBasic falls somewhere in the middle on the more benign side (assuming the interpreter bugs are xed). But the text of the standard is pretty clear, and the same language from the 2002 standards has been preserved in the EAC's new successor standard, the Voluntary Voting Systems Guidelines, as section 5.2.2. To be in compliance it would seem that AccuBasic would have to be eliminated, or the standard would have to be changed.

Thanks, Gary.

It seems the VSTAAB didn't completely ignore it.


But I want to point out this out from the opening summary:

The questions we addressed are these:

 What kinds of damage can a malicious person do to undermine an election if he can arbitrarily modify the contents of a memory card?

 How can the possibility of such attacks be neutralized or ameliorated?

The scope of our investigation was basically limited to the above questions. We did not do a comprehensive code review of the whole codebase, nor look at a very broad range of potential security issues. Instead, we concentrated attention to the AccuBasic scripting language, its compiler, its interpreter, and other code related to potential security vulnerabilities associated with the memory cards.


Similarly, the CIBER report says this on page 4:

OVERVIEW AND APPROACH

The CIBER Huntsville and CIBER Global Security teams were tasked with performing a combination of testing and analysis of the Diebold Election Systems Source Code to identify security and functionality vulnerabilities. The testing was structured to identify and evaluate as much potential vulnerability as possible within a reasonable/controlled level of effort.


Printer Friendly | Permalink |  | Top
 
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Mar-04-06 10:32 PM
Response to Original message
2. Vermont
voting rights activist convinces Burlington newspaper "Seven Days" to write a cover story on electronic election fraud
Printer Friendly | Permalink |  | Top
 
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Mar-04-06 10:33 PM
Response to Original message
3. Florida - two counties ban Diebold
Edited on Sat Mar-04-06 10:41 PM by garybeck
Leon County Director of Elections Ion Sancho bans Diebold.

question - I believe another county also?
Printer Friendly | Permalink |  | Top
 
PVK Donating Member (390 posts) Send PM | Profile | Ignore Sat Mar-04-06 11:49 PM
Response to Reply #3
6. Looks like Jeb is trying to sack Ion Sancho now!
Edited on Sat Mar-04-06 11:54 PM by PVK
Printer Friendly | Permalink |  | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 04:02 AM
Response to Reply #3
8. FL: Issues security directives cover ALL voting machines.
Printer Friendly | Permalink |  | Top
 
eomer Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 08:11 AM
Response to Reply #3
11. Hey Gary, I think the other Florida county is Volusia.
Printer Friendly | Permalink |  | Top
 
garybeck Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Mar-04-06 10:39 PM
Response to Original message
4. Pennsylvania - Diebold OpScans are decertified
Edited on Sat Mar-04-06 10:41 PM by garybeck
Diebold OpScans are banned (de-certified)

hursti hack is specifically mentioned in the decertification report
Printer Friendly | Permalink |  | Top
 
Amaryllis Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Mar-04-06 10:41 PM
Response to Original message
5. Maryland...did the gov's letter have anything to do with the H.H.?
Printer Friendly | Permalink |  | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 04:03 AM
Response to Reply #5
9. As Cheney would say, "Big Time". n/t
Printer Friendly | Permalink |  | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 04:09 AM
Response to Original message
10. CO: Voting system raises concerns
Printer Friendly | Permalink |  | Top
 
Amaryllis Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Mar-05-06 11:04 AM
Response to Original message
13. NM ? Is voter action using it in their work there?
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Oct 02nd 2014, 12:13 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC