Diebold Voting Maachine source Code Allowin g Open Access???

Can someone tell me their programming perspective on this article:

Dr. Avi Rubin is currently Professor of Computer Science at John Hopkins University. He "accidently"got his hands on a copy of the Diebold software program--Diebold's source code--which runs their e-voting machines.
  Dr. Rubin's students pored over 48,609 lines of code that make up this software. One line in partictular stood out over all the rest:
                         #defineDESKEY((des_KEY8F2654hd4"

     All commercial programs have provisions to be encrypted so as to protect them from having their contents read or changed by anyone not having the key..The line that staggered the Hopkin's team was that the method used to encrypt the Diebold machines was a method called Digital Encryption Standard (DES), a code that was broken in 1997 and is NO LONGER USED by anyone to secure prograns.F2654hd4 was the key to the encryption. Moreover, because the KEY was IN the source code, all Diebold machines would respond to the same key. Unlock one, you have then ALL unlocked.
Nomad2012Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shahrialCommented:
To make it simple...

Dr Rubin and students found that the encryption algorithm used to secure the source code is no longer secure.
Therefore the piece of software is crackable. And once cracked, all the Diebold machines can be re-programmed and under the control of the cracker/hacker.

In this case, the votes can be manipulated/tampered.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mugman21Commented:
This software is wide open, it does not need to be cracked in order for the vote tallies to be accessed or manipulated. The private key is defined clearly, and anyone with access to the storage device that holds the vote tally could access it, read it, and modify it.

Further more, since DES is used, it shows massive incompetence on the part of the Diebold corperation for two reasons: First, allowing their source code to be leaked to the public,

And second, to use this type of algarithim to encrypt data.

Shahrial is absoultly correct in saying the votes could be manipulated. If you could, please post the link to this article, I would like to read it in full. I'm not too happy right now.......

Mugman
0
chris_calabreseCommented:
The massive incompetence is not in using DES, but in using a fixed key to encrypt all communications rather than using, say, public-key crypto to give each machine its own unique key only known to that machine.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

mugman21Commented:
I can't disagree with that....
0
Nomad2012Author Commented:
I perosnally don't thiunk they made that by accident.
0
ahoffmannCommented:
if not by accident, then 'cause someone decided to do it! which then forces the next question: why?
history still answred that too
LOL
0
mugman21Commented:
I bet halliburton had something to do with this.... I bet dick cheney wrote that code himself....

:-)

Hey, seriously, I'm sure it was a mistake, I saw diebolds' ceo on tv last week and he looked completely incompetent. After seeing that man and from what I've read about these diebold voting machines, I doubt his employees are any brighter...... Hopefully, there will be some sort of paper trail incorperated into these machines. From what you have written, it's apparent that you do not trust these e-voting machines, and I must agree, I don't trust them eighter. I personally like the system we use in my precent, we use paper ballots in conjunction with the 'scan tron' machines (optical paper readers). I figure you probably used scan tron forms in school, as I did. I think this is the best way of voting.... It's easy(just bubble in a circle), no hanging chads, no way of hacking it, and there is a paper trail to allow for recounts......
0
ahoffmannCommented:
how should someone look when delivering such machines with hellbutton, and having its own pockets full with $$$$
sounds like someone did not understand how "demo[nc]racy" works ;-)
SCNR
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.