Analysis of the Electronic Voting System:
The speaker discussed his and Avi Rubin's experiences auditing the source code of a widely used voting machine.
Among the issues they discovered were that key management is handled by a single #define DES_KEY "XXXX" in the code, where "XXXX" is an ASCII string; this key appears to be the same across all instances of the machine.
Another issue was that the code did not appear to have been audited at all for correctness or security; long stretches of code appear without any comments whatsoever.
Audit features in the code were extremely weak; while changes do appear in an audit log, nothing seems to protect the log itself from being changed.
In response to a write-up on these issues, the company claimed that the "voting system works exactly as designed."
?
One audience member asked if source code was still available. The speaker replied that it was the last time he checked.
http://www.avirubin.com/vote 
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore