Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Did the State of Maryland know about Hursti's latest in 2004?

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Topic Forums » Election Reform Donate to DU
 
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Sun May-14-06 11:59 PM
Original message
Did the State of Maryland know about Hursti's latest in 2004?
There has been a lot of talk about recycling lately, and it's not all coming from the Greens (bless their hearts)! :thumbsup:

I said we should judge Hursti's work on its own merits, so here's an excerpt from the RABA Technologies report on the Diebold crap prepared for the state of MD in Jan 2004.

From Page 19 of the Jan 20, 2004 report:

3. Load a PCMCIA card with an update file. The PCMCIA card can be used to update
the software on the AccuVote-TS terminal. This can be done by placing a PCMCIA
card with an update file into the terminal and rebooting the terminal. The update file
allows an attacker to overwrite any file on the system. Furthermore, by using this
technique an attacker can install his own version of the ballot station software giving
him the ability to completely invalidate all the results on that terminal. If he
compromises the AccuVote-TS terminal used as the accumulator, he can
compromise the entire precinct results.


And here's the linky-poo:
http://www.raba.com/press/TA_Report_AccuVote.pdf

Now, honestly, doesn't this sound remarkably like at least some of the findings in the latest Hursti report -- like maybe the most important one -- that you can reboot a Diebold DRE and load malicious software?

OK, good.

Now, if Hursti has discovered some new vulnerabilities, that's fine and I applaud him for it. But before we mortgage the house and send the kids' college fund and the 401K off to BBV.org, we need to know how new they really are, right? Hursti should have at least cited RABA's work, don't you think?

Now, what the hell is going on in PA?
Printer Friendly | Permalink |  | Top
kster Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 12:33 AM
Response to Original message
1. Its got to be different
Edited on Mon May-15-06 12:44 AM by kster
"Aviel Rubin, a professor of computer science at Johns Hopkins University, did the first in-depth analysis of the security flaws in the source code for Diebold touch-screen machines in 2003.


After studying the (((LATEST))) problem, he said: "I almost had a heart attack. The implications of this are pretty astounding".


LINK: LAST PARAGRAPH http://www.democraticunderground.com/discuss/duboard.ph...
Printer Friendly | Permalink |  | Top
 
Kelvin Mace Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:14 AM
Response to Reply #1
7. Perhaps he didn't see the RABA report.
and thus thinks this is the case.
Printer Friendly | Permalink |  | Top
 
Steve A Play Donating Member (638 posts) Send PM | Profile | Ignore Mon May-15-06 02:03 AM
Response to Original message
2. Let's see what Hursti says
http://www.bbvforums.org/forums/messages/1954/27675.htm...

Posted on Thursday, May 11, 2006 - 12:34 pm:

Due to the nature of this report it is distributed in two different versions. Details of the attack are only in the restricted distribution version considered to be confidential. Fewer than 50 words have been redacted in the version below.

Overview

Note: Please refrain from speculation or public discussion of inappropriate technical details.


This document describes several security issues with the Diebold electronic voting terminals TSx and TS6. These touch-pad terminals are widely used in US and Canadian elections and are among the most widely used touch pad voting systems in North America. Several vulnerabilities are described in this report.

One of them, however, seems to enable a malicious person to compromise the equipment even years before actually using the exploit, possibly leaving the voting terminal incurably compromised.

These architectural defects are not in the election-processing system itself. However, they compromise the underlying platform and therefore cast a serious question over the integrity of the vote. These exploits can be used to affect the trustworthiness of the system or to selectively disenfranchise groups of voters through denial of service.

http://www.blackboxvoting.org/BBVtsxstudy.pdf (327 KB)

Critical Security Alert: Diebold TSx and TS6 voting systems
by Harri Hursti, for Black Box Voting, Inc.



Three-layer architecture, 3 security problems

Each can stand alone or combine for 3-layer offense in depth

As an oversimplification, the systems in question have three major software layers: boot loader, operating system and application program. As appropriate for current designs, the first two layers should contain all hardware specific implementations and modifications, while the application layer should access the hardware the touch pad, memory card, the network etc. only via services and functions provided by the operating system and therefore be independent of the hardware design. Whether the architecture in question follows these basic guidelines is unknown.

Based on publicly available documentation, source code excerpts and testing performed with the system, there seem to be several backdoors to the system which are unacceptable from a security point of view. These backdoors exist in each of these three layers and they allow the system to be modified in extremely flexible ways without even basic levels of security involved.

In the worst case scenario, the architectural weaknesses incorporated in these voting terminals allow a sophisticated attacker to develop an "offense in depth" approach in which each compromised layer will also become the guardian against clean-up efforts in the other layers. This kind of deep attack is extremely persistent and it is noteworthy that the layers can conceal the contamination very effectively should the attacker wish that. A quite natural strategy in these types of situations is to penetrate, modify and make everything look normal.

Well documented viral attacks exist in similar systems deploying interception and falsification of hash-code calculations used to verify integrity in the higher application levels to avoid detection. The three-level attack is the worst possible attack. However, each layer can also be used to deploy a stand-alone attack. The TSx systems examined appear to offer opportunities for the three-level attack as well as the stand-alone attacks.

It is important to understand that these attacks are permanent in nature, surviving through the election cycles. Therefore, the contamination can happen at any point of the device's life cycle and remain active and undetected from the point of contamination on through multiple election cycles and even software upgrade cycles.

Here is a rough analogy:

- The application can be imagined as written instructions on a paper. If it is possible to replace these instructions, as it indeed seems, then the attacker can do whatever he wishes as long as the instructions are used.

- The operating system is the man reading the instructions. If he can be brainwashed according to the wishes of the attacker, then even correct instructions on the paper solve nothing. The man can decide to selectively do something different than the instructions. New paper instructions come and go, and the attacker can decide which instructions to follow because the operating system itself is under his control.

- The boot loader is the supreme entity that creates the man, the world and everything in it. In addition to creating, the boot loader also defines what is allowed in the world and delegates part of that responsibility to the operating system. If the attacker can replace the boot loader, trying to change the paper instructions or the man reading them does not work. The supreme entity will always have the power to replace the man with his own favorite, or perhaps he just modifies the mans eyes and ears: Every time the man sees yellow, the supreme being makes him think he is seeing brown. The supreme entity can give the man two heads and a secret magic word to trigger switching the heads.

In the world of the Diebold touch-screen voting terminals, all of these attacks look possible.

The instructions (applications and files) can be changed. The man reading the files (Windows CE Operating System and the libraries) can be changed. Or the supreme entity (boot loader) can be changed, giving total control over the operating system and the files even if they are "clean software."

Specific conceptual information is contained in the report, with details and filenames in the high-security version which is being delivered under cryptographic and/or personal signature controls to the EAC, Diebold CEO Tom Swidarski and CERT.

1) Boot loader reflashing
2) Operating system reflashing
3) Selective file replacement


In addition, the casing of the TSx machines lack basic seals and security, and within the casing additional exploitations are found.

Conclusions and Recommendations

Because there is no way of having chain of custody or audit trail for machines, the machines need to be reflashed with a known good version (assessing the risks potentially inherited). Ideally this should be done by the proper governmental authorities rather than being outsourced.

After that, extensive chain of custody management has to be established to make sure that machines do not potentially get recontaminated. Less than five minutes is required for contamination.

The bootloader needs to be re-engineered.

The cases need to be properly and permanently sealed.

Further study is warranted around these issues and others in the May 15, 2006 Supplemental Report for the Emery County TSx study.

While these flaws in design are not in the vote-processing system itself, they potentially seriously compromise election security. It would be helpful to learn how existing oversight processes have failed to identify this threat.

A secondary report will be released on May 15, 2006. This report contains approximately 12 other areas of secondary concern to the problems described in this initial report.

PERMISSION TO REPRINT GRANTED, WITH LINK TO http://www.blackboxvoting.org


Just off hand, why would Harri cite RABA's work when it had nothing to do with his independent investigation of the machines in Utah? :shrug:

You're not actually trying to alledge that the world respected computer security expert Harri Hursti had to steal the findings in the RABA report to find what he did? :rofl:

Do you think Rubin, Shamos, and Jones were in on some kind of coverup with RABA and now they've turned because Harri busted them? I'm sure they all read the RABA report and they all swear this is new. :tinfoilhat:
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 02:09 AM
Response to Original message
3. Watergate is the model. Who knew what and when
Edited on Mon May-15-06 02:23 AM by patriothackd
It seems the witchhunt has begun. Everything will boil down to who knew what and when. If the redacted portions of the SAIC Report contains information on the three-level built ins, congressional investigations will need to follow to determine why hundred of millions in taxpayer funds were invested in a system which contains "the nuclear bomb" of voting machine security problems.

Differences between what Bill Bored mentions and Hursti II

Discussion has been going on among election reform leaders about how to communicate the information in Hursti Report II so that the general public can understand its significance, and I have been somewhat close to the pulse on this but this is third hand, so please view it in that context. From what I understand, the activist who identified the most appropriate analogy is Susan Pynchon of Volusia County, who founded the Florida Fair Elections Coalition. I think I am correct on this, therefore I tip my hat to Susan Pynchon for this explanation:

As Black Box Voting writes, the problems found by Hursti are on three levels. Susan Pynchon's analogy, somewhat expanded, helps us all conceptualize the three level problem. As the Hursti II report points out, there are separate security problems in each of the three levels.

The deepest level can be conceptualized as the foundation of a house.
The next level up can be conceptualized as the house itself.
The level above that can be conceptualized as the furnishings in the house.

The foundation of the house = the bootloader
The house itself = the Windows CE operating system
The furnishings of the house = the application, in this case called Ballot Station

Add one more conceptualization to this. A hose runs into the land itself, and has the ability to pump either toxic waste or cleanup chemicals into the soil on which the foundation rests.

The hose = a specific hardware port which is redacted in the Hursti II report.

Now to apply the analogy

1. Suppose you want to buy a house with all its furnishings. When you inspect the house you notice that the furnishings (the application, the Ballot Station program) have structural flaws. Knowing you can't trust that bed not to collapse and knowing that the dishwasher leaks, you decide you'd better replace ALL the furnishings.

Hursti learned that the furnishings, the Ballot Station application, were not secure. The state of Pennsylvania says it is going to replace all the furnishings with furnishings that are new and authentic and checked out.

2. Now you get an inspection done on the house itself. You learn that it has a roof that leaks, a supporting wall eaten away by termites such that it cannot support the weight it is supposed to hold, and various other severe structural defects (mostly caused by an owner who decided to modify and customize the house). The house is the Windows CE operating system.

Hursti learned that the house had been modified and customized so that it had leaks and couldn't support the weight placed on it. The state of Pennsylvania says it is going to replace the Windows operating system software. This is the equivalent of renovating the house.

So now, we have an agreement to replace all the furnishings and renovate the house, supposedly.

The SAIC report, if it speaks to replacing software with a PCMCIA card, is speaking to the furnishings and the house, but not to the foundation.

3. Next we come to inspect the foundation (the bootloader). Suppose we find the foundation of the house to be filled with radioactive waste. Even if you replace all the furnishings (Ballot Station application) and renovate the house itself (Windows Operating System), would you buy this house if you knew the foundation was contaminated with radioactive waste?

The SAIC report (at least, the unredacted portion) does not speak to the issue of radioactive waste in the foundation. It deals only with the software (the house, Windows operating system, and the furnishings, the Ballot Station software).

Contamination of the foundation below the house and furnishings is very serious. How does one clean such contamination if it is found? Well, it turns out there is a hose leading into the land itself in which the foundation sits. (Hose = hardware connector). It turns out that you can decontaminate the foundation by pumping in a special environmental cleanup concoction through this hose (a specific connector on the motherboard). But this leads us to the fourth problem.

4. The hose (motherboard control connector). It turns out that this hose can easily pump in radioactive waste, or it can pump in environmental cleanup solutions. (It can be used to contaminate the bootloader or it can be used to clean up the bootloader, depending on who is using it).

Now, to make this analogy more accurate to the touchscreen situation, no one really knows whether the foundation contains radioactive waste or not. They only know it is hooked up to a couple of different hoses that can in turn be hooked up to the radioactive waste dumping site. They know that the hose is BUILT IN. They know that another delivery mechanism is also BUILT IN. And they know that the house has leaks and the furnishings have structural defects, but whether water is pouring in through the leaks at the moment, or the furnishings have collapsed on anyone yet is not known.

Besides the leaky house (operating system) and the structurally defective furnishings (Ballot Station application), at any time in the entire life cycle of the house, someone might have dumped some radioactive waste into the foundation (bootloader) using one or more of the hoses (PCMCIA card or special motherboard connector).

One can test for the structural problems with the furnishings (Ballot Station application). One can test for leaks and so forth in the house (Windows CE operating system). But no forensic testing method exists to test for whether the foundation (bootloader) has been contaminated with radioactive waste.

All you know is there are people who want to dump the toxic waste in there, and there are hoses those people can use to dump it, and if the toxic waste is in the foundation, the house should be deemed uninhabitable.

Remedies

So, to be on the safe side, you should decontaminate the foundation by using the hose to pump in a special environmental cleanup solution. (Open the case, use the special motherboard connector to gain control of the motherboard, overwrite the bootloader, Windows CE and Ballot Station application). No one is even discussing this cleanup operation at this time.

Here's the problem: After you decontaminate the foundation, anyone who gets control of the hose can recontaminate it without your knowing about it.

This is an elaborate analogy, but a fairly accurate one.

The furnishings (software) can be ruined through the PCMCIA card. They can be replaced, though.
The house (operating system) can be ruined through clumsy renovations that cause leaks and damage to the security of the structure. This Windows CE operating system can also ruined through the PCMCIA card, but it can also be replaced.
The foundation can contain radioactive waste, contaminating the whole structure, and there may be no outward sign of it. (Bootloader contamination). There are no forensics that will tell you whether it's contaminated or not. You cannot decontaminate the foundation by replacing it, because if it was contaminated it will just seep back in again. So you have to use a special hose.
The hose can decontaminate the foundation (ie. a special connector can take over the motherboard and get a clean bootloader into the system).

However, the hose can just as easily be attached to the toxic waste site and pump radioactive waste right back in, contaminating the whole thing again. (You can use the special hardware connector to recontaminate the boot loader.)

It is possible that the SAIC report contained this information. It is impossible to imagine why hundreds of millions in taxpayer funds were spent on these systems if this was known back in 2003.

////////////////////////////////////////////////////////////////

Does Hursti Report II contain new information? Certainly it contains new PUBLIC information, as the SAIC report says nothing about bootloader contamination. If citizens knew of this three years ago but chose to say nothing, they will certainly be questioned as to what they knew, when they knew it, and who they told. If governmental agencies knew about this three years ago, it needs to be determined who knew what and when.

The republic is at stake, so it is difficult to imagine any acceptable reason why any citizen or any government agency would permit elections to take place on machines with these vulnerabilities without going public with such devastating information.

If citizens have indeed known about the possibility of bootloader contamination since 2003, why didn't they say anything? If the SAIC report writes of this but redacts it, why did the state buy the voting machines anyway?

Who knew what and when. Get a good seat.

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 08:24 AM
Response to Reply #3
6. RABA, not SAIC n/t
.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 07:46 AM
Response to Original message
4. And there you have it........
You see, the Hursti report has to be a deep dark secret, because..........

It's just a re-run of the findings well known since 2003.

And, now, Bill Bored, you are on the Bev Harris enemy list for pointing it out.

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:38 AM
Response to Reply #4
10. Correction: There is a difference between
loading software which properly authenticates itself via memory card and loading software which searches only for a file name as a means of authentication.

The RABA report identifies the ability to reload software by memory card, but does it also say that the only file authentication performed by the touchscreen is to ask whether the file has the right name?

Put Tolstoy's "War and Peace" on a memory card and change the file name to a specific one, and Diebold's touchscreens will hurry off to replace the windows operating system with "War and Peace."

I may have missed reading about that in the RABA report, perhaps you can find that passage in RABA.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:40 AM
Response to Reply #10
11. Perhaps you can learn the subject
You'd think after all these years Bev Harris might have learned something about the terminology.

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:43 AM
Response to Reply #11
15. No information at all provided in the argumentation
None of the points were addressed. If I question a witness as follows, "Did you state in your report that the retina had been detached?" and the witness responds "Perhaps you can learn the subject, you'd think after all these years your doctor would have learned something about the terminology" that would be deemed nonresponsive to the question.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:46 AM
Response to Reply #15
16. Been spending a lot of time in the courtroom, I see?
Hmmmm, pretty funny shit.

Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:07 AM
Response to Reply #11
28. She'd have to actually CARE about the subject first.
Edited on Mon May-15-06 10:08 AM by benburch
She likely doesn't.

She appears to be in this for self-aggrandizment and self-enrichment.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:18 AM
Response to Reply #28
31. Too true
This whole exercize is nothing but a fundraiser for Bev Harris. Just an example of one of her press releases designed to raise funds.

Sad, really.
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 10:31 AM
Response to Reply #31
38. How could that be?
I see no requests for funding in Hursti Report II. I saw no requests for funding in the New York Times. Had there been requests for funding, I have no problem with it, since it takes funding to do these studies.

But let's say this actually was a fund raising effort, rather than its mirror image (an example of how funds are spent to further election reform). The fund raising would go to Black Box Voting, Inc., a 501c(3) nonprofit organization. Since Harris is on a fixed $60,000 per year salary that does not change, how would fundraising go to Bev Harris?

Perhaps you meant to say "fund raising for Black Box Voting, the independent elections watchdog group that produced the study."

Or perhaps you are using another propaganda technique by converting an organization's name to a person's name. Fund raising for the nonprofit entity "Black Box Voting, Inc." becomes fund raising for "Bev Harris" personally.

Is it your intent to shut down Black Box Voting, Inc.? Is that what this is about?

One really must wonder how eliminating the work of Black Box Voting, Inc. would benefit election reform. Perhaps it benefits a different agenda.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:36 AM
Response to Reply #38
41. Typical Bev Harris BS
trying to hide behind an organization..........

As for my agenda, it's simple. TRUTH. That's my agenda.

And an agenda of TRUTH only hurts Bev Harris.

One only needs to search the July 2003 archives of DU to find Bev Harris talking about the bootloader.

There's TRUTH for you.
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 10:24 AM
Response to Reply #28
35. Statements not supported by the evidence
The names "Harri Hursti" and "A Black Box Voting project" are on the report, but I don't see the name "Bev Harris" on it, negating your claim to self aggrandizement through this report.

Your allegations of self-enrichment are not supported by the firm's 990, which lists her salary at $60,000. Since she donated the book proceeds and donated the Qui Tam monies, the record supports generosity and commitment to the cause. If you have evidence that she has been paid anything other than the $60,000 listed on the 990, please provide it.

At least you used the words "appears." It "appears" this way because of a smear campaign which made unsubstantiated allegations that Harris in some way benefited financially. These untruths were repeated approximately one thousand times over the course of 18 months. Repeat a lie often enough and people will believe it.
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:31 AM
Response to Reply #35
37. Where is that 990?
Would you care to post it here?
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 10:32 AM
Response to Reply #37
39. You can look for it on Guidestar.
The 990 hit the U.S. Post Office today.
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:35 AM
Response to Reply #39
40. Oh, so you only just filed it today, Bev?
How many months late is that?

And your argument amounts to "The Check Is In The Mail" as Guidestar will not have something you just ran down to the letter box with.

No, my dear, scan the motherfucker and post it here if you want ANY of us to believe that you finally got around to filing it.

And there are several people who have made formal requests for copies of it and you have never sent them as required by law.

Consider this a formal request.

Post the scans here NOW.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:38 AM
Response to Reply #40
42. How would anyone but Bev know when she mailed the 990?
Seriously.

Does Bev report her every activity (including a walk to the mailbox) to her Bots?

Printer Friendly | Permalink |  | Top
 
Name removed Donating Member (0 posts) Send PM | Profile | Ignore Mon May-15-06 10:40 AM
Response to Reply #42
43. Deleted sub-thread
Sub-thread removed by moderator. Click here to review the message board rules.
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 08:23 AM
Response to Original message
5. Rob Behler TOLD us all in March 2003
So the way we did that in the warehouse was, they would post whatever the update was on the FTP site. James would go get the file and put it on the cards. Because you load everything through the PCMCIA cards. You boot it up using the card and it loads the new software. "This was done in the warehouses -- once the machines were sent out to the county, these updates were done just to make sure the machines were running correctly. I went over to Dekalb . We updated 1800 machines in basically a day and a half. I still remember ol' Rusty, down at the warehouse, we ended up touching every single machine off the pallet, booting 'em up, update it, we had a couple hundred machines done when in comes a new update over the phone.

http://www.countthevote.org/behler_interview.htm
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:31 AM
Response to Reply #5
8. To correct the record, Rob Behler told Bev Harris
What you have there is a reprint of the interview Bev Harris conducted with Rob Behler. Certainly, people should read that interview which is covered in more depth here: http://www.blackboxvoting.org/bbv_chapter-11.pdf

The Rob Behler interview was first published by Harris on July 9, 2003. The information about reloading software with a memory card was first published by Harris in early Feb. 2003. That information was contained in interviews with Michael Barnes and Brit Williams. The interviews with Williams and Barnes can be found here: http://www.blackboxvoting.org/bbv_chapter-9.pdf

You are right that the issue of loading program code with a PCMCIA card has been known for some time. It was originally exposed by Bev Harris in Feb. 2003.

The RABA report, published in 2004, refers to loading code for the Ballot Station, the "furnishings" of the house. corroborating what Harris reported in 2003. I erred above in suggesting that RABA also discussed the house itself (the Windows operating system). Apparently RABA only examined the Ballot Station program.

It is your understanding, then, that the significance of the Hursti Report is that you can reload software with a memory card?

That's the most important thing you saw in the report? Now might be a good time to examine the photographs of the motherboard contained in the report. Perhaps you can point me to links from 2003 or 2004 containing photographs of the touchscreen motherboards along with links that describe the significance of what is on the motherboard in relation to bootloader contamination through various delivery mechanisms.

I'm confused, because it sounds like you believe the ability to upload software through a memory card (the furnishings and the house, in the analogy above) is the same thing as forensically undetectable radioactive waste in the foundation. Perhaps I didn't see that you'd gotten the significance of the report because you haven't yet provided us with the promised Democratic Underground archives containing discussions about the implications of bootloader contamination.

Or is it that you think Hursti Report II is just about reloading Ballot Station with a PCMCIA card?



Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:36 AM
Response to Reply #8
9. Shows your lack of computer knowledge
You can't update software without a bootloader in this situation.

D'oh!

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:40 AM
Response to Reply #9
12. Objection, nonresponsive.
Contamination of the bootloader itself is the fundamental issue, not reloading of software.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:41 AM
Response to Reply #12
13. ROFL, when did we move to a courtroom?
You only need a BOOTLOADER to reload the software.

D'oh, again!

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 10:03 AM
Response to Reply #13
23. Perhaps you can elaborate.
Contamination of the bootloader itself is the fundamental issue, not reloading of software.

Setting aside for the moment the issue of reloading the software, what are the implications to the software of a contaminated bootloader?
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:04 AM
Response to Reply #23
24. No elaboration necessary
It's a simple fact - you cannot update software without a bootloader on these machines.

It's really not complicated. Perhaps you can wrap your "non-technical" mind around that idea.

Printer Friendly | Permalink |  | Top
 
Name removed Donating Member (0 posts) Send PM | Profile | Ignore Mon May-15-06 10:07 AM
Response to Reply #24
27. Deleted message
Message removed by moderator. Click here to review the message board rules.
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:17 AM
Response to Reply #27
29. Wrong......it's the simple facts that elude this poster
Quite frankly, they couldn't even load the software to begin with without a bootloader.

Bev Harris has long known that the bootloader was a serious problem.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:42 AM
Response to Reply #8
14. And THANKS for confirming this isn't NEWS to Bev Harris
ROFLMAO!

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:49 AM
Original message
Assumes facts not in evidence
We will go back to the four-part analogy:

1. The furnishings
2. The Windows CE operating system
3. The foundation
4. Various hoses leading into the soil where the foundation is

That #1 and #2 can be replaced with a PCMCIA card was originally reported by Bev Harris. The failure to authenticate the files on the PCMCIA card was not reported by either Harris or RABA. Failure to authenticate is the new information in the Hursti Report II, which describes exactly how authentication (such as it is) is performed.

The implications of #3, radioactive waste in the foundation -- a contaminated bootloader -- were not reported by Harris, RABA or anyone else. That is the "nuclear bomb" referred to by Avi Rubin and the other scientists.

The existence of #4, the delivery mechanisms for contamination, was reported only insofar as the PCMCIA card can be used to contaminate. The difficulty of cleanup (PCMCIA card cannot be used to clean up the contamination) and the ability to recontaminate using multiple, specific, built-in delivery mechanisms has never been reported by Harris, RABA, or anyone else.

Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:50 AM
Response to Original message
18. Complete and utter bullshit
Known all along since 2003.
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:56 AM
Response to Reply #18
20. Link? Quote? n/t
Your sayso is petulant, but not evidenciary.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:00 AM
Response to Reply #20
21. Been there, done that
see post #5

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 10:17 AM
Response to Reply #21
30. Your link is to an interview, not to source code
A plagiarized interview at that. Do you have permission to reprint Harris's work?

It does not discuss the delivery mechanisms built into the motherboard nor the other items I mentioned above. Is your purpose simply to write simple-minded sound bytes hoping readers will develop doubt?

One really must ask what your intent is. Are you pleased that the U.S. scientific community, the New York Times, the mainstream media, congressional investigators and state voting system authorities are finally taking this seriously and taking action (albeit inadequate actions which still need to be proven)?

It would seem that each step forward would be welcomed by those interested in election reform. Your belittling of these findings demeans the public education being delivered through mainstream media coverage. I've just been told you are from Georgia, a state blanketed with these machines.

Your belittling of the findings and the new momentum to make changes is mystifying. It reveals a lot about your intent.
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:19 AM
Response to Reply #30
32. Now you complain about permission to reprint YOUR work?
When you take without credit all the time yourself???
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:21 AM
Response to Reply #32
34. Of couse, Ben, that would mean Ms. Harris would have to PROVE
it was her work. I hear otherwise.

Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:30 AM
Response to Reply #34
36. So do I.
And she has SO many other things to prove just now.

Like; Where is the tax paperwork for her 403c? Where are the employee withholding tax payments for 2004? Little matters like that.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:20 AM
Response to Reply #30
33. ahhh, let's see.......
was that an "exclusive" interview? Oh, no, didn't see that.

Secondly, so sue me. Please. I'd love to meet Ms. Harris in a courtroom.

Belittling OLD DATA is nothing more than printing the TRUTH. Something Ms. Harris is apparently incapable of.

Printer Friendly | Permalink |  | Top
 
Kelvin Mace Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:45 AM
Response to Reply #30
44. I gave him permission
Edited on Mon May-15-06 10:49 AM by Kelvin Mace
In fact, so did Bev.

The interview was part of the book. The book was issued with a Creative Commons license, which permits it to be distrubuted. Back before Bev saw this as a money-making enterprise, that's how we did it.

Also the fact that Bill Bored is citing an interview is not plagiarism, which is something even you should understand.

Also, BB is not belittling the findings, he is belittling them being trotted out as new by Bev Harris.

Edit: I meant Bored to Death, not Bill Bored.

Sorry.
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:47 AM
Response to Reply #44
45. More self-aggrandizement on Bev's part.
Claiming ownership of an open source book!
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:48 AM
Response to Reply #44
46. Uhhh, make that Boredtodeath
not BillBored.

Poor Bill, our our names are so close he gets mistaken for me all the time.

Printer Friendly | Permalink |  | Top
 
Kelvin Mace Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:50 AM
Response to Reply #46
47. Eep!
Thanks, corrected.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 09:49 AM
Response to Reply #8
17. Awww, come on, Patriot....step just a little further
into this hole and you can fall into the rabbit hole just like Alice.
Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 09:55 AM
Response to Reply #17
19. Given the excellence of the discourse here
it's hard to tear myself away, but I'm afraid I must.

Q: "Did you report the detached retina, yes or no?"
A: "You don't know anything."
Q: "Here is your report. Can you show me where you reported that the retina was detached and where you reported that there was swelling on the brain?"
A: "That just shows you don't know as much as me."

All nonresponsive. This kind of answer tells the jury (and the readership here) all they need to know about the credibility of the witness, in this case, boredtodeath.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:01 AM
Response to Reply #19
22. LOL, panic mode
Attach the messenger when you can't attack the message.

Good luck with that.

Printer Friendly | Permalink |  | Top
 
patriothackd Donating Member (152 posts) Send PM | Profile | Ignore Mon May-15-06 10:05 AM
Response to Reply #22
25. LOL, mirror image here.
Attack the messenger when you can't answer the questions. Then say the messenger is attacking you personally when he asks you questions.

Mirror image - Propaganda 101.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:05 AM
Response to Reply #25
26. LOL, too funny
do you consider facts to be an attack?

Pretty pathetic.

Printer Friendly | Permalink |  | Top
 
Kelvin Mace Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:52 AM
Response to Reply #19
48. It was quite responsive
A link was provided that showed the problem was known about three years ago. As usual, the link is to Bev's own mouth (so to speak).

The rebuttal consists of:

Uh-uh!
Did not!
You're a plagiarist.
Printer Friendly | Permalink |  | Top
 
Moderator DU Moderator Donating Member (1000+ posts) Send PM | Profile | Ignore Mon May-15-06 10:53 AM
Response to Original message
49. Locking
Thread has gotten too personal.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Sat Aug 24th 2019, 02:47 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC