Is this reported problem different from the one reported in 2004 by RABA Technologies?

http://www.raba.com/press/TA_Report_AccuVote.pdf (page 19)

"3. Load a PCMCIA card with an update file. The PCMCIA card can be used to update
the software on the AccuVote-TS terminal. This can be done by placing a PCMCIA
card with an update file into the terminal and rebooting the terminal. The update file
allows an attacker to overwrite any file on the system. Furthermore, by using this
technique an attacker can install his own version of the ballot station software giving
him the ability to completely invalidate all the results on that terminal. If he
compromises the AccuVote-TS terminal used as the accumulator, he can
compromise the entire precinct results."

David Allen
www.blackboxvoting.com

Reply from Doug Jones:



There you have it folks, Bev Harris recycling something known about for three years.

For proving Bev Harris is lying once again.

BBV must not be able to meet her payroll.

thought progression.........Doug Jones says one thing......Then Doug Jones gets a phone call from Kelvin and then he says the opposite thing...........And then you conclude that Bev Harris is lying?

:rofl: :rofl: :rofl: :rofl: :rofl:

I independently put the same question to Doug Jones this morning and got essentially the same answer.

Now, as to whether Bev is lying about something, I would actually have to read her, and I am not going there. But as to whether Kelvin is exercising mind control over Doug Jones, or whatever you are suggesting here, I am reasonably confident.

I am worried now - what if he is sending thought waves to me
over the internet?

and you'll be safe.

Independent verification and all that.........

This mind control device I found on the 'Net REALLY works.

David Allen
www.blackboxvoting.com

that I never said or thought---



You invent something that I never said. I drew attention to a sequence of events as reported by Kelvin and you twist that into ideas about mind control? And another of your tag-team repeats this made-up idea further on......Repeat something and maybe someone will believe I ever it?

This is like SO what you did and still do in relation to Bev.....Twist someone's words into something they never said, then repeat it over and over and over till it takes on a life of its own. When you can't discredit Bev you try it out on someone else.

Thanks for makin' this disinformation strategy so doggone clear for everyone here.

sauce for the gander.

but its probably not worth thinking about either.

Do you really not understand the progression in the OP? I find that hard to believe.

If you have something useful to say, by all means. Don't waste your time shooting the messenger.

(If you look around, you will find that I am actually not part of an anti-Bev tag team. Strangely, however, you are the second Bev Crusader to make that mistake. You folks need to get out more, or something. If you treat everyone as an enemy, then everyone is your enemy. Bad plan.)

1) Doug Jones is asked to comment on latest report from Bev Central, which he does.

2) David Allen contacts him and points to the RABA report from Jan 2005, and asks if the RABA report covered the issue first.

3) Jones reads the RABA report and concludes that it does and so states.

4) David posts this proof to DU, to satisfy BevBots who have said accusations that this is old news is a lie.

5) BevBots appear, disregard evidence, makes ass of selves.

6) David later contacts Avi Rubin with the same question. Replay 3-5.

YOU left out some steps!

:rofl:

Better luck next time.

And you still don't know how to document something properly. Notice how vague you are--'points to' and 'the issue'.

YOUR WORDS--'the issue'.

Its not ONE ISSUE that's mentioned in Hursti II in case you didn't notice....It's SEVERAL issues and no, RABA did not identify them all.

Sure Doug Jones could have confirmed that a particular issue was referred to in RABA, seein as how thats how you put it to him.

"Uh uh"
"Did not"

I see.

So, you are now admitting you were wrong when you claimed that the issue had not been addressed before? You now are admitting that Bev has recycled old news and failed to credit RABA Technologies in her copyright paper?

or understand what I wrote. Part of an issue? Your the one trying to say Hursti II is not new and that its all known before. You seem to be backpedalling mighty fast all of a sudden.

And it sounds like you are insinuating (to use your latest new word) that Bev or Harri Hursti copied from RABA????? Is that what you are saying??? Really????

Harri Hursti was hired to do an independent investigation. Sounds like he did. I don't know if RABA were looking at the exact same equipment Hursti saw, but let's assume they were.......Wouldn't it be a little unusual if they didn't come up with _any_ of the same problems?

You and your buddies were implyin no one should pay attention to Hursti II because it was all known before, nothing new. But that isn't true, is it?

I am flat out stating that Bev Dudley (aka Harris), knew that the issues in question had already been documented. Yet she allowed another person to write a report, to which she affixed her copyright, and failed to attribute the prior work. She then pretended the issue was a "new" discovery and went galloping to teh media.

She then has people like you come over and claim that we are lying when we state that the news is old.

David Allen
www.blackboxvoting.com

Hursti II is filled with new things that RABA never said anything about!!!

If you have any interest in facts you can see some of the differences spelt out by Jim March on BradBlog here.



He tells more ways you are misrepresenting Hursti II for example some of the hardware vulnerabilities that surprize surprize are also never mentioned in RABA.........And YOU keep posting saying there is nothing new in Hursti II???

You just might want to check out the rest of that post in full because it shows just what you and your DU pals are doing and calls it for what it is.............

Get your facts straight buddy.

that we are referring to RABA *AND* Rob Behler's interview with Bev in 2/03,

We saw Jim March's nonsense in Brad. Same BS as posted here.

to all the vulnerabilities mentioned in the Hursti II report.......go ahead and try, look for those references, they are not there.

Find it yourself. It has been posted multiple times on several threads in this forums, threads you have been gracing with your Bev talking points. You are not interested in the truth.

or something??? you think that your saying so makes it so............well your wrong buddy boy.

how shall I ever deal with this blistering repartee?

But really, does it matter if it is repeated, if the message has never been HEARD? What is more important:

That the American people finally get the message that our elections are NOT SAFE, or

That whatever American people do become aware of the danger in which our entire democracy is now sitting become PERFECTLY CLEAR about what Bev Harris knew and when she knew it versus what any and everybody else knew and WHEN THEY KNEW IT?

Personally, I do not give a rat's ass what, when, who. I give a great big rat's ass that most Americans get the message, the sooner the better. I think, hmm, let me see, when I was a kid we used to buy donuts at Thornton's in Memphis, on the way home from Sunday Mass, and they would be hot out of the oven, really deliciously fresh and squishy. On the side of the box, in red ink, was this little -- ditty? I'm not sure what to call it:


"As you go through life, Brother,
let this watchword be your goal (that would be safe elections),
keep your eye upon the donut,
and not upon the hole (that would be, who is right)."

Just my humble unfunny opinion.

I think that's what it said. That's at least close. It was a very long time ago.

Anyone who may be unfamiliar with the whole Bev Harris thing can educate him/herself if he/she wants, but who can require it? What a waste of breath, effort, and spirit! Get on with it! Leave it alone! Concentrate on what is important! When it really matters what Bev did or didn't do, THAT is the time to clear it up. Not now. Now it doesn't matter. What matters now is that most Americans do not realize what is going on, and we are going to lose the next elections no matter HOW MANY Americans detest the current situation and those in office.

Sorry, please excuse my vehemence.

etm

every five minutes instead of attending to her fans on her own site?

So pathetic.

Quite frankly, she's far too busy with Harri Hursti right now. They're putting the finishing touches on the full 26 page report on the TSx / TS6 machines. We had hoped to have it out today, but Harri had some personal business crop up that he had to attend to. Also, the response to his report from the scientific community has been overwhelming! There are a lot of panicked "experts" running around out there right now with egg on their faces.

A lot of people have a lot of explaining to do right now! :rofl:

I only stop in here to see what others who are active in the movement are up to, and to post facts that might help them in their efforts. I must admit to taking some 'guilty pleasure' in watching the 'Kelvinights' continually destroy their credibility by calling out and baiting people who don't buy their line of reasoning, and just assuming that everyone who doesn't see things their way is either Bev, or were sent here by her. It's kind of sad watching DU's credibility suffer along with their own, but the Admins allow them to continue, so who am I to question their judgment. :shrug:

You're doing a heck of a job there guys, keep up the good work! :) :thumbsup:

Message removed by moderator. Click here to review the message board rules.

Message removed by moderator. Click here to review the message board rules.

Please.

and can't STAND the idea they had the gall to ban her. It sticks in her craw, which is why she posts here, by proxy. Folks like you come over here to spread her latest talking point and spin the reality when she gets caught in yet another lie.

"Kelvinights". Wow! Bev is *so* clever.



Indeed you are wise to not question the judgment of the Admins, my young Padawan.

David Allen
www.blackboxvoting.com

She posts dozens of lies about DU and rants about how dishonest they are here all over the internet all day every day. Hell, every other post on BBV.org is Bev and her bots bashing DU. She spends every waking hour glued to her computer screen lurking here, plotting her revenge for being banned. :eyes:

"Bev Bots" Wow! David ur *so* clever. :rofl:

Seriously, we just released a report that is getting main stream media attention across the country and around the world. Besides finishing up the full 26 page report with Harri this morning, Bev had four radio interviews today. hundreds of millions of people around the world have been exposed to this story. The response we've received has been overwhelming and time consuming just keeping up with it.

Do you really think what you say about BBV.org here on DU makes any real difference out in the real world? Do you really think Bev cares about what you say or think? As far as she's concerned you're just a disgruntled former publisher. There are too many real activists and local organizations working with us at this point to have time to worry about what you're doing or saying.

It really doesn't matter in the real world that you claim that "no one in the movement will have anything to do with Bev Harris". In the real world there are thousands of people that deal with Bev Harris and BBV.org on a regular basis. Nothing you believe or say changes that. You may claim that she alienates the press, but that doesn't change the number of news stories she generates or interviews she does on the issue. Type "Black Box Voting" into a Google News search. You can deny it or ignore it, but you can't change it. You can claim that no one listens to Bev Harris but that doesn't stop anyone from listening.

Face it, you're antics here are just background noise among numerous streams of information that BBV.org works with every day. You're not even a minor distraction. More like entertainment for when I get bored. I love a good train wreck. :)

I can hardly wait to see who you accuse of being Bev next! :popcorn:

posting lies about me on her site, and lies about other DUers.

When I had posted the following on DU, you ran to her and she immediately posted my personal private information (name and address) on the internet, because I had the gall to ask:



YOU, 'Steve A Play' ("Pat Vesely-BBV Activist", per BBV.org) griped about having to bother to take time that Easter holiday to post in response to me after posting the link to my personal private information.

Yes, she is obsessed with DUers. She was pissed that I had the unmitigated gall to ask about the FOIA results that she had promised (a year and a half ago) to post. She was pissed that a couple of weeks ago, I had sent a polite private email requesting a copy of form 990, as required by law.

She lied on her site, claiming that I had been requesting the 990 for a year, whereas, I made one single request, a few weeks ago. Yes, I HAVE asked about FOIA results... twice, early in 2005.

Thus far, it appears that FOIA results of exactly four Florida counties are posted on BBV.org, out of 3,000 FOIAs. When Bev solicited funds for the FOIAs, she stated that the results would be posted on BBV.org site. THEY HAVE NOT BEEN (well, she claims there was one more, but it got "lost" and will be posted ... sometime), but for the 4/3000.

Further, there is no accounting of how many FOIAs were complied with, and how many were not. When I asked that simple question (over & over & over), I NEVER was able to obtain an answer, but Bev said to me, "Melinda, you have made speculations and allegations at other Web sites about Black Box Voting, using fake names." WTF??!!! I anxiously await the list of various websites and names she refers to.

I have found it impossible to get a straight answer to straight questions. I get a run-around, and then, finally, "tell us why you need to know."

Two easy questions:

-Bev, you stated you would post BBV.org Form 990. Where is it?

-Where is an accounting of the 2004 FOIAs that 'were/were not/partly' complied with?

File it with someone who gives a damn. I could care less! :)

Why, heck no, Pat! Who on earth would complain about having their personal information posted on the internet, purely for having the audacity to question The Divine Bev?!

Just thought it might be interesting to some to know a few of her tactics. But, hey, I aint complaining that she lied about me and others. Why would I complain? Doesn't matter one little bit that she smeared legitimate election activists.


You don't "give a damn" who is smeared, harmed, lied about. You "could care less" about the issue or the people working on it, as long as it's all about


Be sure to let me know when the FOIA results are posted. Oh, and the 990.

Message removed by moderator. Click here to review the message board rules.

your want www.freerepublic.com

Though I am curious as to what was said here,
my comment was meant for the thread as a whole (down below).

Is that that DRE loving computer expert -Shamos- has lowered the boom on his precious machines.
===================

Why is it that yall are still carrying Bev around? Don't yall have better things to do? It really is getting quite sickening watching your poisonous words scroll across my screen. Go do something constructive, please.

You don't have to see our words, ever. Just don't click the link.

I'm really sorry you have to see that Bev Harris is conning everyone again. But, please, don't expose your eyes to such things as the truth.

And have refrained from responding to the crap. But that time is over.

Bev has never conned me. I saw it coming. If some were so stupid to not see it coming, then maybe they are the one's who are at fault?

perfectly safe, do you appreciate it when someone points out the cobra nest you are about to step on?

Because if they have been talking shit the whole time I will disregard them.

Who have yet to know the truth about Bev Harris.

If we don't inform them, who will? You think Ms. Harris is going to say "before you donate, let me tell you the truth about me" one day?

Don't use that to explain away the poison, please. You are not the annointed one who is the know it all. I have faith that newbies will discern the proper way for them to proceed. Witness the recent newbie statements to that effect?

It is better to sit idly by?

And even worse we are to blame the victim for trusting?

....two opposing camps on the matter. A matter which tends to divide rather than unite.

Frankly, the victims are those who have their votes not counted correctly, and the poisonous division will not correct that situation.

correct the situation.

than that other camp that says -

"buyer beware".

To blame the victims who get sucked in is like
saying - those voters are to blame, they got suckered in.


So we shouldn't warn voters about the voting machines based on this theory.

The voters are just dumb victims.

.... stick to fighting the real enemy.

Actually, I really feel bad for those who blindly allowed such a situation to overtake them and demand so much of their attention to such a trivial matter.

Mainly because it has diverted us from the goal, and effected my sense of human sympathy.

Blaming the victim - something necessary to rationalize wrong doing.


"6. I read your words
And have refrained from responding to the crap. But that time is over.

Bev has never conned me. I saw it coming. If some were so stupid to not see it coming, then maybe they are the one's who are at fault?"

Blaming the victim - something necessary to rationalize wrong doing.


"6. I read your words
And have refrained from responding to the crap. But that time is over.

Bev has never conned me. I saw it coming. If some were so stupid to not see it coming, then maybe they are the one's who are at fault?"

... but I like it: Personal Responsibility.

Besides, I don't feel that Bev is the fulcrum upon which this issue teeters.

It does seem as if some here have her placed on a pedestal from which they now wish to topple. If there be a real crime here, it is that.

So forget her. There are bigger fish to fry.

"turning" on DREs for a while now.

http://blackboxvoting.com/s9/index.php?/archives/108-Sequoia-melts-down-in-Pennsylvania.html

So, Bev creates a whole sensation based on a "new discovery" which is actually over two years old, and we are supposed to let it ride so she can scam more people for cash?

And applaud your efforts in that regard.

Too bad there is not more of that and less of the crap.

if I didn't have to deal with Bev little minions going around spreading lies about myself. I have had Bev call up reporters in my own home town and tell them what a horrible person I was after a story was published that mentioned us in the same article (nothing remotely critical of her).

In recent posts I find she now has them digging into my personal affairs and trying to undermine my business, and insinuating that I work for Diebold.

What would you have me do? Sit back and let her write the record?

It is one thing to see a post from a long time DUer who still defends Bev's work. I can live with a difference of opinion. But when I see newly minted DUers singing her praises and attacking her critics, I draw the line. These people are most likely here as Bev's proxies. Since she was banned from DU, why should we give free reign to these folks?

your shootin yourself in both feet all the time......You say things about BBV and Bev Harris that aren't true and then you try to make yourself out to be a victim. Classic disinformation tactic.......Classic.

Message removed by moderator. Click here to review the message board rules.

Message removed by moderator. Click here to review the message board rules.

Sat May-13-06 10:02 PM
Response to Reply #80
103. Hello! I e-mailed Bev to ask her when you got the source code

But before I publish her response (or not, don't know the rules here that pertain to that) -- please, would you like to state for the record when you got the source code?

You say that Bev called you and said "what am I looking at" (which you insist was not just a more ladylike way of saying "holy fucking shit do you believe what I just found????"). Like the young man in My Cousin Vinny who said "I shot the clerk? I shot the clerk?" and they tried to use it in court as a confession and got ridiculed out of the courtroom for it. But, let's take you at face value, let's suppose that there is only ONE interpretation for "what am I looking at" and that is the interpretation that she is so clueless she needs you to explain it...

So you say the statement "incredible stupidity" (and later claim you really said "the keys to the candy store" because apparently you realize now that the statement "incredible stupidity" is itself less than breathtaking in its insightfulness).

But here's my question:

Did you download the 40,000 files yourself?
When? The day you found them or later?
It would seem to be very important if you have a separately downloaded set of files.

Now, I am given to understand that the source code is in a "tarball." What that means is that you can't just read it off of a file on an FTP site, you'd have to download it and extract the files.

Thus my question, did you download the source code?

Because if you did not, apparently you received the source code on a disk in the mail, sent by Bev Harris, as everyone else did except for Dan Spillane, who lives in Seattle, and who, as I understand it, was given the files personally. It appears that Dan Spillane got the files before you did, was able to open them before you received them in the mail, was experienced with touchscreen technology because he worked for a voting machine company.

If Bev Harris says it was Dan Spillane who identified the source code for her, among all those other 40,000 files filling a stack of CDs, well that sounds logical to me.

Did you tell the reporter for The Nation magazine that it was you who identified the source code files? Wasn't it Dan Spillane?

Because apparently the record shows that he got the disks before you and he is the one that found the source code, but he was a protected source, so you took credit for his work.

It's very simple -- and of historic importance.
Did you download the 40,000 files?
When?
Do you have one set of files or two?
When was it that you found the source code among all those files...the first day? Right away or did you have to click through several directories on the FTP site, which would (of course) take time.
Did you tell the reporter from the Nation that it was you that found the source code?
Why?

patriothackd (130 posts)
Sat May-13-06 10:20 PM
Response to Reply #103

105. My post was deleted below, I'm not sure why, but I will add

I have known Bev Harris for more than 30 years. I live in Arizona. I was a practicing attorney for some years, have retired from that profession, and have enjoyed a more fulfilling career since, albeit a career that is not as steady as practicing law.

Bev sought advice from me on her book contract with Kelvin, and I told her that I do not practice law any more but in my opinion as a citizen, the contract is confusing and poorly drawn up contract that was unclear in several sections.

Bev also sought my advice when she found the Diebold files. Yes, Kelvin, I knew about them even before you did. I believe I was the first person she called. And Kelvin, I am one of the small group of people she sent the CDs to, so I have a pristine copy time and date-stamped as to download time.

I could not advise her on the FTP problem, but I did give her my non-legal opinion. In my opinion she handled this incredibly tricky situation with intelligence, responsibility and cleverness.

Bev also sought my advice when the book situation was falling apart on her. In that area I was able to be more helpful. I connected her to experts (she also had access to her own through her own circle).

So you see, for some reason in the 30+ years I have known Bev Harris, she neither burned me nor gave me any reason to believe a thing you say.

I thought it wise at this juncture to give you a little more information on myself. I eagerly await your explanation of why you took credit for Dan Spillane's work in The Nation magazine.

statements and trolling.

If he was a lawyer, he was an awfully stupid one.

As to who found the original Diebold code and when, it is documented by Bev and by a respectable magazine, The Nation. Bev can be forgiven for not knowing she wasn't the first to find it, but she can't be for claiming I didn't know what the code was.

I swear this is like Bush claiming he didn't break the law.

http://journals.democraticunderground.com/Kelvin%20Mace/10
http://journals.democraticunderground.com/Kelvin%20Mace/11

So, when are you going to reveal your real name? Or are you going to continue your cowardly attacks behind a fake name? Amazing how "ethical" you are. You accuse me of lying, yet I sign my name repeatedly to my statements and am prepared to defend them in court.

You make all sorts of accusations, yet don't sign your name or provide any real evidence outside of "Bev says".

You and Bev are cut from the same cloth.

David Allen
www.blackboxvoting.com

Prof. Doug Jones r/e the "new" security hole:

This is exactly the same problem! Thanks! I've been wondering whether this vulnerability was hiding in one of those old security evaluations. Now we can say, rather firmly, that Diebold knew about this problem for almost 2 years and did nothing about it.

He elucidates further in a post to a discussion list:

I think it's pretty clear that RABA found the same design flaw that Hursti found in Utah. Therefore, Diebold has been aware that it is a flaw for at least 2 years. The RABA report recommends tamper-evident sealing and prominent posting of legal penalties for tampering with machines, but their final remediation recommendation ends on a strong note:

We see no short term fix for these attacks aside from the clear posting of rules that indicate consequences of such actions.

http://blackboxvoting.com/s9/index.php?/archives/121-Diebold-security-hole-old-news.html

First let me preface the question with some known, reported, FACTS.

1) Bruce Funk commissioned a security analysis of his voting system from Black Box Voting.org.

2) BBV.org in turn hired Harri Hursti to do an independent investigation of the Diebold TSx/TS6 touch screen machines.

3) Harri Hursti then examined and tested Funk's machines, and wrote a report about what he found in his examination.

4) Dr. Herbert Thompson and his company, Security Innovation, were in turn hired to do the 'peer review' of Harri's report and they confirmed Harri's findings.

5) BBV.org quietly released Hursti's report to the appropriate authorities, and gave them a short amount of time for them to formulate plans to prevent creating chaos at the polls during the primary elections.

6) Sufficient notice given, BBV.org then made the report PUBLIC, redacting only the most crucial file details explaining how to actually exploit the problem.

That established, here's my simple question, a yes or no answer will suffice.

Are you publicly accusing Harri Hursti of fraud by alleging that he used other peoples work in his examination of the machines, or in the preparation of his report? :shrug:

I eagerly await your response! :)

as a matter of fact I specifically said he may not have known about the RABA report. But Bev certainly did. She read it and we discussed it back in January of 2004.

You folks have come here and accused us of lying that the report did not concern a new hack, but one already well documented. We then provided proof, and now you move the goal posts and claim I accused Hursti of misconduct, when in fact I have ALWAYS pointed the finger at Bev. Bev knew about the RABA report and apparently said nothing, allowing the report to be handed to the press as a "new discovery".

One of your posters is claiming I have exerted some sort of mind control over Rubin and Jones.

This is simply retarded.

I spoke with a policy advisor for the Maryland Governor.
She is just catching up with all of the emails and newsletters after being
out a week. She was still reading how this was a new security flaw
and did not know that this is a known existing flaw.

That can make a big difference to a state who is being told
over and over that these paperless Diebold machines are safe,
safer than optical scan machines.

Hopefully she will examine the full SAIC report and other records and
see if Diebold promised to correct this problem years ago, and hasn't done
so.

More reason for paper.

I gavce them some suggestions on what documents to try and get from the BoE about their dealings with Diebold, warranties and representation. Also, what lurks in the SAIC report hidden from the public.

:)

I hope they are able to coordinate between the activists and the governor's office. The onlt way to fight the issue is to start digging into the documentation between Diebold and Linda Lamone.

She leads someone down a garden path and then has them put THEIR name on her dirty work.

Ask the folks who posted the Diebold memos at her direction.

Nothing more productive than getting rid of someone spreading lies.

The problem is that there is no one who is capable of speaking the complete truth on this matter. Whilst the truth about what e-voting is doing to our democracy ends up wallowing in the mud spread around here.

so that's why you are on THIS thread which is TRUTH.

Somehow your sermon makes little sense.

... I don't see a lot of truth. I see poison.

If you find that poisonous, you should speak with Bev Harris about it. Because it's she who is spreading poison.

Message removed by moderator. Click here to review the message board rules.

to the top

It's just amazing how some people can twist and twist the truth, isn't it?

But it's pretty funny watching the panic.

and makin sure people seeing it for what it is......what's wrong with bumping this right up to the top, with the truth and not your sad fiction?

as keyboard macros?

.

Not that I think Bev Harris deserves a flood of contributions as a result of this, but for most purposes I think it is more important to understand that Diebold touchscreens have fatal security flaws than to sort out who really uncovered what, when.

I really do understand why you think it is important to knock down Bev at every turn. And I really do understand why BeFree thinks it is important to knock me down at every turn. I was pretty ironic when I arrived at DU; now, going on one year later, I am almost over-the-top ironic.

Except that people have died for the right to vote, so I'm not ironic about that.

And, had you been out there fighting this fight as long as we have, you might be sick and tired of being called "nutcases, just like Bev Harris" by our local election officials.

Everytime she prints another lie, we get knocked in the head in this battle.

If I try to elaborate, it will seem like I am just beating on third parties or changing the subject. But really, I think I have a pretty good idea how you feel (and what you think).

It is very hard to know the best way of dealing with crazy people. People tend to equivocate or to disagree about what to do, and that becomes just another way that the crazy people do harm. I personally have to opt out of the anti-Bev/anti-anti-Bev wrangle, but I respect people on both sides, and that is one way that I try to resist the harm. This is not to insinuate that you should make the same choice; that is precisely not my point. We all muddle through the best we can.

Message removed by moderator. Click here to review the message board rules.

hundreds of time on this site.

Then someone like you, spouting Bev talkings points with such accuracy that it is almost like she's dictating them, comes along saying "what lies?".

lies repeated over and over and people pretending this was 'documentation'

Seems like you don't want to repeat them now that you know they've been disproven and patriothack'd spelled out the legal position of people who use the internet to spread lies........

And again, say what you will about my accusation, but I post them publicly and take repsonsibility for them. I don't hide behind a fake name as a tool for Bev Dudley's (aka Harris) lies.

David Allen
www.blackboxvoting.com

Message removed by moderator. Click here to review the message board rules.

Her lies and antics make just another hurdle for us to try to climb over, in order to gain credibility with those elections officers that we need to work with. She sets us backwards by miles in our efforts. Many officials turn away from working with us, because HER crazed reputation precedes us, and we have to undo it in order to build credibility.

No one can tell the whole truth and nothing but....

All I've seen here is one side and that one side has poison flowing from it's wounds. I feel for those so wounded, but won't join in, nor can any longer tolerate the one-sided spewing. 'Twould be more tolerable were all the facts on both sides presented, eh?

Sub-thread removed by moderator. Click here to review the message board rules.

who accused myself and others of plagiarism, lying, and working for Diebold has been removed from DU.

Bev made herself a public figure. As such she is subject to the same kind of criticism as that afforded George Bush.

I, and every other posters on this board who use our real names are NOT public figures. You don't get to make libelous about us statements with impunity.

Bev has her own board. People are welcome to go there if they wish to worship at her altar.

A Bev-critic wouldn't last two minutes on her board.

"A Bev-critic wouldn't last two minutes on her board."

I lasted exactly twelve hours after joining when Bev outted my personal, private information (name & address, later scrubbed somewhat)on the internet. But she did manage to lie and smear me and other DUers and activists during that time. Oh, and she banned me so she was able to have the last word and smear.

Interestingly, a comment on Bev's 'outing' of personal information post was:



Why this person is still on DU, and posting on this thread, I don't know.

Posting another's personal information is not permitted on DU, but if a BBV.org activist member (per BBV.org site) facilitates outting a DUer's info on Bev's site and posts the direct link here to the outting of a DUer, the Bev proxy is permitted to continue to maraud here.

What the distinction is between a facilitator for Bev's outting of a DUer's personal info and having Bev herself here is, I do not know.

DU rules have to be obeyed. EVEN by Bev Harris.

:)

.

:thumbsup:

going..............going............

Nothing new after all.

Why did we think this was a new security hole?

Here is an article from over 2 years ago that discusses the RABA report.

The Potential for Voting Machine Fraud
Charles R. Smith for NewsMax.com

...Yet three separate reports issued by computer security experts have determined that electronic voting is a risky business. In fact, the most recent report issued in Maryland showed that the leading touch screen voting system offered by Ohio-based Diebold Corp. was vulnerable to tampering.

"We were genuinely surprised at the basic level of the exploits that allowed tampering," said Dr. Wertheimer, a former employee for the National Security Agency now working as a director at Raba Technologies LLC, a Maryland-based security consulting firm.

Raba teams apparently found it easy to hack into the Maryland Touch Screen voting system built by Diebold. Raba's report on hacking the Diebold voting machines noted that the system was insecure and required some basic changes before it could be reliable enough for a general election.

http://www.votersunite.org/article.asp?id=1146

.

It is the same hole, but with more details.

Bev a proven liar by the 2nd reliable source.

........You talk to Doug Jones, suddenly he does a 180 degree about face and so does Avi Rubin.....

Now what's that about? Anybody have a vested interest here or something? You and your tag team have an uncanny and peculiar interest in tryin to:

-----make it seem like the Hursti Report II isn't presenting new ideas, when it obviously is, and
-----tryin to hurt the credibility of Bev Harris and BBV every time a new report comes out.....

Hey why are you so afraid every time new reports come out from BBV? what's the story here? You should be celebrating and you're trying to discredit someone who's delivering the goods on Diebold???

Why are you tryin so darned hard to make it seem like the Hursti II Report is not new????? It's perfectly obvious the weaknesses are not the same as RABI. RABI was a great milestone but let's face it, it didn't deal with the unfixable problems that Hursti II does.

It'll be illuminating to see how Harri Hursti weighs in on this.........

Yep, I am holding his poodle hostage. Or was it the mind control implant? I forget which.

So, you now are accusing Rubin and Jones of lying? That would be professional misconduct, and a very serious charge for a person who refuses to sign their real name to the charge to make.



Because it isn't. It is a rehash of older work done by folks who are not getting proper credit in Ms. Dudley's (aka Harris) "copyright" report.

David Allen
www.blackboxvoting.com

Warren County, Ohio -- 2004 Presidential election?

I was in touch with Doug Jones by email in Nov/Dec 2004 about Ohio. Doug thought that a highly likely form of fraud would be shifting punchcard ballots between precincts such that ballots in one precinct marked for Kerry would be counted as a vote for Bush in a different precinct (because the order of the candidates changes from precinct to precinct). There is now some evidence that this did happen.

Richard Hayes Phillips has now gotten photographs of the ballots in at least 4 precincts in Warren County and was able to "hand count" the ballot photos -- he got the same totals as the official counts, but also evidence that ballots were shifted between precincts. An examination of ballots revealed that Bush got the votes of 87.2% of voters for Thomas Moyer (R) for Ohio Supreme Court. Problem: Bush also got the votes of 52.7% of the Ellen Connally Voters (D) for Ohio Supreme Court. Bush got 91.1% of the votes of people who also voted to ban gay marriage. Problem: Bush also got 51.6% of the votes of people who voted against banning gay marriage.

Additionally - Hayes Phillips notes that Warren County did not have 'precinct' codes on their ballots. The precinct codes are on the ballots so that the ballots for different precincts will be read differently (correctly). In other Ohio counties that Hayes Phillips examined in which the precinct codes were on the ballots - the counts were accurate and there was no evidence of ballot shifting (no evidence that Bush appears to have gotten a tremendous number of votes from people who voted for Connally or against banning gay marraige.

If you haven't seen it yet - I think it is good work:
<http://www.freepress.org/columns/display/3/2006/1355>

Thanks for bringing it to my attention. I will read the piece and see if we can look into it further.

David Allen
www.blackboxvoting.com

Blackwell said in 2004 that it was Ohio 'policy' to suppress counting of all other races during the recount of the Presidential election -- so, only the Presidential race tallies would appear, but not the races down ticket. This was one 'explanation' given as to why the Triad technicians had to go to each county and 'reset'/'update software'. I thought at the time that this was bizarre and probably indicated fraud - and I think Hayes Phillips results help me make sense of why Blackwell did this.

Take care! IndyOp

I don't find the Connally stuff impressive at all -- as has been pointed out many times, the judicial races are non-partisan on the ballot, so there is a lot of crossover.

I've posted scatterplots (Kerry % versus both Connally and Issue 1) on my web page http://inside.bard.edu/~lindeman ; it certainly seems possible that there was some vote-shaving favoring Bush in Warren County, but there are counties that are farther from trend in the other direction.

On Issue 1, both percentages are somewhat startling -- for Bush to get over 90% of the yes-on-1 voters or over 50% of the no-on-1 voters. However, in the unweighted exit poll data, in precinct #54 (which happens to be somewhere in southwest Ohio), 8 of 18 no voters and 30 of 33 yes voters said they voted for Bush. Part of the story here seems to be that that precinct had the highest reported education levels in the exit poll sample, and educated voters were substantially less likely to vote for Issue 1.

(EDIT: forgot that a direct link to the JPG would imbed it, which was not so pretty.)

:)

And SteveAPlay and Jim Dandy..........

My oh my.......get a few words of truth out there and they disappear like a puff of smoke!

And all those nasty accusations they tossed around the last few days!

We get accused of plagiarism, for quoting Bev's own words.

Bev and her gang have ONCE AGAIN taken other people's work and signed their name to it. No credit, no attribution.

What they "found" is significant, but they miss the significance completely, it becomes lost in the hype of the fake story.

Hype: Diebold has a hole in its software.

Well, duh! And? That story ranks right up there with "water is wet".

That is not legally actionable.

What IS actionable and not being reported is that a security hole Diebold was told about, that was never fixed, despite Diebold saying it was fixing security holes. Also, the machines with this great big gaping hole were CERTIFIED by the ITAs, demonstrating once and for all that the certification process is a sham.

Diebold made representations that it was addressing these security holes. It didn't. If I were the states, I would be suing Diebold.

Posted here for those who DO care:

http://blackboxvoting.com/s9/index.php?/archives/121-Diebold-security-hole-old-news.html

What about the certifiers who certified it in several iterations?

What about the states who have certifiers who MISSED IT? Like Georgia?

What about the EAC which is charged with enforcing HAVA?

What about the election officials all over the US who continue to use these machines?

It boils down to one thing - collusion. Without it none of these machines would be used.

I let other folks draw their own conclusions.

how much all those "eyes wide shut" cost the vendors, don't you?

because of the repercussions of this report having been released. Kind of too busy moving the ball forward to hang here wasting my time with you.

I'll stop back later to play. :)

One day that behavior will bite you in the ass.

You shure sound informed about it!

Now the question becomes who actually knew about it and when did they know it?

They sure did a good job of keeping it a secret from the machine examiners like Doug Jones, Michael Shamos, and Avi Rubin! Lets take a look at what the "experts" are saying.

Lets start with Doug Jones and get his take on Harri's report.



Well it looks like Doug is certainly distancing himself from any prior knowledge of this. If he's ever been in a position to examine these machines, then it calls into question the thoroughness of his investigation technique. It would be interesting to know if he's ever been asked to examine the Diebold TSx or TS6 machines officially.

Lets see what Michael Shamos has to say.



Well in that article he acknowledges how bad the problem is, but he neither confirms nor denies "prior knowledge" of it. Lets see what he told the New York Times.



Again here he admits to the severity of the problems made public by Harri Hursti and BBV.org, but he neither admits nor denies any "prior knowledge" of it. Interesting.

Lets see what Avi Rubin has to say. From the same New York Times piece above we find this.



From the Security Focus piece cited above he is also quoted as saying,



Well that's pretty unambiguous, looks like a clear denial of "prior knowledge" of the problem to me. YMMV :)

So now it begs the questions, "Who did know about this?", "When did they know it?", and "Why did they keep it a secret from the machine examiners?" It's time to make the unredacted SAIC and RABA reports public. Can you spell I N V E S T I G A T I O N ? :)

I think the country owes a debt of gratitude to Harri Hursti for doing such a thorough examination and exposing this to the examiners and computer scientists, and to Bruce Funk and Black Box Voting.org for making it happen and getting the word about it out to the public. :toast:

It's odd that I've seen no comment from Brit Williams (GA MD VA), Steve Freeman (CA), or Paul Craft (FL). Must be those pesky NDA's that they signed with the vendors. I guess the lesson in all of this is that we have to end that practice once and for all.

The PUBLIC now has proof of how bad the machines are and the voting machine examiners are backing that proof up!

Let the lawsuits begin! :bounce:

Evidently, Jones and Rubin have changed their minds.

Sad what a little bullshit from Bev Harris and her contingent can do to otherwise intelligent folks.

The only one who owes Harri Hursti anything is Bev Harris - for lying to him. For leading him to what she already knew to be a problem

RABA Technologies report, they have said that it is the same problem and that RABA discovered it first.

Doug Jones said:



Avi Rubin said:



Now the question is, will the report be changed to deal with that reality. I think not.

Hursti may be unaware of the prior paper, Bev certainly was not.

the tip off was when it was said that this "new" security
hole existed on every model of Diebold Touchscreens.

If follows that this isn't new, and the many Diebold technicians
most certainly know how to use it.

It was used in Georgia to put all of those "patches" on it.

Maybe our boy Keith Long helped, although I don't see his name often in
the memos.
http://blackboxvoting.com/s9/docs/long_cv.htm

Excerpt from Keith Long's resume....

"Diebold Election Systems, Inc. McKinney, TX
Senior Project Manager 2002 to 2005
Directed a 60 million dollar project to successfully install 22,000 electronic voting machines in the State of Georgia on time and under budget.
Project lead to install 5,000 electronic voting machines in the State of Maryland.
Supervised the installation of a new Voter Registration System in Cuyahoga County (Cleveland), Ohio.
Planned and directed the statewide election results upload to the Georgia Secretary of State website.
Managed the design and testing of new optical scan voting system."

The facts are in her damned book.

Perhaps you missed the March 2003 Rob Behler interview.

:)

Not really something I can use locally, but I agree we should take a look at the cover up on another level.

Message removed by moderator. Click here to review the message board rules.

I'm sure you mean the clapping in unison that goes on at Bev's board.

You know, the folks who cheer her burning sources and activists. Let's see how much they whine when they come up against a criminal cyberstalking case.

for us.

the way she screwed Andy out of his insurance to Mike Moore's film crew.

:hi:

anticipation!

or do you think they might have checked all of the FACTS first? :)

just as Rubin and Jones did.

Raba tries to get the word out three years ago about these vote stealing machines, and for whatever reason wasn't able to achieve that goal. Then, (if most of the people in this thread are right), Bev steals and reintroduces Raba's story. If the outcome of her action saves Democracy for Us and our KIDS, Does it really matter how the story of the VOTE STEALING MACHINES got out to the public?

Because MOST election officials will never believe anything which comes from BlackBoxVoting or Bev Harris. She has no credibility.

Really. We are trying to get where we're going and all this arguing distracts.

we go through to justify plagiarism, lying and smearing other folks.

As long as you believe it solves the problem, it's fine with you.

since we know that the Diebold security flaw was already documented
years ago, Diebold has some explaining to do to folks
in Maryland.

Did Diebold promise Maryland or anyone that they would
get rid of this problem?

The Maryland Senate blocked the passage of the VVPB bill that passed
unanimously in the House. They used a report by Glenn Newkirk
to say that the paperless Diebold machines were safer than
ES&S optical scanners.

This is more evidence that shows that Diebold machines are known to be
unsafe at any speed.

No matter what machine - you have no options if there is no paper.

Diebold persisted in keeping this back door in the system even when
it was documented as a serious flaw years ago.

Not citing the fact that this is nothing new is counterproductive.

We need to be able to show patterns of negligence on the part of the vendors and we can't do that by ignoring any previous work that has uncovered the same basic flaws.

The crime laid dormant till last Friday, if its new or old doesn't matter

Maybe Raba gave it to bev, maybe your crew is right and she stole it (thats between Bev and Raba), what does matter is that this particular crime of the election theft machines is out there, for all to see.

There has never in my lifetime been such a thing as a popular movement which does not attract ego-trippers, scammers, agents and a whole bunch of people who mean well but aren't very productive. We need the organizational structures which will keep us moving forward despite any and all of that.

The major issue I have right now is that Bev is using her juice to kill HR-550. This once again proves her loyalty.

We must pass 550. Once that is done, it is up to groups in individual states to make sure it is implemented properly. HR-550 is not perfect, but it is the best we can do realistically.

A law requiring 100% hand-counted paper ballots is just not going to happen.

There are other groups besides BBV.org.

Like this in Georgia:

http://www.cathydiebold.com

and, no, I had nothing to do with setting up the site. I wish I knew who did, cause he/she is a genius!

it gets and the people in Georgia need to wake up. The fact the she is a Democrat makes it even worse, IMO.

What I love is that these folks actually ENDORSE Diebold in its sales literature.

http://blackboxvoting.com/s9/index.php?/archives/31-Dueling-quotes.html

hasn't Linda Lamone appeared on any of the sales flyers?

By the way, the Diebold salesmen were handing out flyers with
these election officials on them.

This is real.

Back in early December during the demos -
a county commissioner told me she saw these on the tables.

But I think she has a testimonial on their site.

Cathy Cox not only provided a testimonial, she did it under the seal of the State of Georgia (illegally).

couple of months.

who bought and implemented the machines.

While the Hursti report does have more detail, it is essentially the same problem found, but not formally documented, until January 2004, by RABA Technologies in their report to the Maryland General Assembly.


"The PCMCIA card can be used to update the software on the AccuVote-TS terminal. This can be done by placing a PCMCIA card with an update file into the terminal and rebooting the terminal. The update file allows an attacker to overwrite any file on the system. Furthermore, by using this technique an attacker can install his own version of the ballot station software giving him the ability to completely invalidate all the results on that terminal. If he compromises the AccuVote-TS terminal used as the accumulator, he can compromise the entire precinct results."

Trusted Agent Report, Page 19
I sent a note to Prof. Doug Jones to verify this and he replied:

"This is exactly the same problem! Thanks! I've been wondering whether this vulnerability was hiding in one of those old security evaluations. Now we can say, rather firmly, that Diebold knew about this problem for almost 2 years and did nothing about it."

He elucidates further in a post to a discussion list:

"I think it's pretty clear that RABA found the same design flaw that Hursti found in Utah. Therefore, Diebold has been aware that it is a flaw for at least 2 years. The RABA report recommends tamper-evident sealing and prominent posting of legal penalties for tampering with machines, but their final remediation recommendation ends on a strong note:

We see no short term fix for these attacks aside from the clear posting of rules that indicate consequences of such actions.

They ought to have included some kind of authentication and authorization controls in the very first new release of their firmware to go to the ITA's after 2004. Ciber and Wyle completed a cycle of ITA testing on this equipment on May 17, 2005. (AccuVote-TSx firmware v 4.6.2.) I can find no excuse for Diebold not to have reacted to the vulnerabilities pointed out by RABA technologies in all firmware versions after 4.6.2.

It is noteworthy that firmware version 4.6.3 was certified in August 4, 2005, and 4.6.4 also appears to have completed certification in 2005. The frequency of updates makes it clear that Diebold was committing resources to development, and that they had in place a decent fast track through the ITA maze. Therefore, the only explanation I can see for failure to put at least some minimal barriers in place to block unauthorized firmware upgrades must have been a deliberate decision to ignore the findings of the RABA report."

I would actually be willing to bet money that it was documented earlier in the redacted portions of the SAIC report also commissioned by the state of Maryland (who then went ahead and bought the junk anyway). Of 280 pages in the report, only about 40 were consided safe for the unwashed masses to read.

What is important about this issue is that despite "re-certification", the security hole was left in place DELIBERATELY. This not only demonstrates that the "certification" process is a complete sham, it also demonstrates that Diebold continues to lie about fixing security problems.

http://blackboxvoting.com/s9/index.php?/archives/121-Diebold-security-hole-old-news.html

Bev conducts a full frontal assault on Doug Jones and Avi Rubin?

Let's make it a contest - I say within 24 hours..........

She's already attacking them for "forgetting" about RABA.

ROFL, Bev never fails.......

Sorry, won't provide a link to that hell hole.

now I have to get my computer dirty.

Where do I look, in forums?

.

Now, Maryland really needs help, they have done everything they can
to get rid of the Diebold paperless machines, but were thwarted
by the senate.

According to the highly redacted SAIC report, Maryland's Diebold machines should
have another risk assessment done soon.

The Gov clearly wants to resolve this problem.

I don't know if they would allow it, but if they did
let Mr. Hursti examine the machines, it would be really cool.
They need someone to do it.

According to the SAIC report, in it's redacted form, Maryland should be doing another
risk assessment of the Diebold system soon.

1. Review any system modifications through a formal, documented, risk assessment process
to ensure that changes do not negate existing security controls.
Perform a formal risk assessment following any major system modifications,
or at least every three years.

http://www.dbm.maryland.gov/dbm_publishing/public_content/dbm_search/technology/toc_voting_system_report/votingsystemreportfinal.pdf

Movement...

TruthIsAll (1000+ posts) Thu Nov-04-04 11:07 PM
Original message

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=132&topic_id=2628858&mesg_id=2628858

...which is interesting.

>>>None of the previously published studies uncovered this flaw. Did SAIC? It might exist in the unredacted report, but to date, nobody outside of Maryland officials and SAIC has been able to see that report.<<<


http://www.freedom-to-tinker.com/?p=1014

Thursday May 11, 2006 by Ed Felten
< This entry was written by Avi Rubin and Ed Felten. >

A report by Harri Hursti, released today at BlackBoxVoting, describes some very serious security flaws in Diebold voting machines. These are easily the most serious voting machine flaws we have seen to date — so serious that Hursti and BlackBoxVoting decided to redact some of the details in the reports. (We know most or all of the redacted information.) Now that the report has been released, we want to help people understand its implications.

Replicating the report’s findings would require access to a Diebold voting machine, and some time, so we are not in a position to replicate the findings at this time. However, the report is consistent with everything we know about how these voting machines work, and we find it very plausible. Assuming the report is accurate, we want to summarize its lessons for voters and election administrators.

Implications of the Report’s Findings
The attacks described in Hursti’s report would allow anyone who had physical access to a voting machine for a few minutes to install malicious software code on that machine, using simple, widely available tools. The malicious code, once installed, would control all of the functions of the voting machine, including the counting of votes.

Hursti’s findings suggest the possibililty of other attacks, not described in his report, that are even more worrisome.

In addition, compromised machines would be very difficult to detect or to repair. The normal procedure for installing software updates on the machines could not be trusted, because malicious code could cause that procedure to report success, without actually installing any updates. A technician who tried to update the machine’s software would be misled into thinking the update had been installed, when it actually had not.

On election day, malicious software could refuse to function, or it could silently miscount votes.

What can we do now?
Election officials are in a very tough spot with this latest vulnerability. Since exploiting the weakness requires physical access to a machine, physical security is of the utmost importance. All Diebold Accuvote machines should be sequestered and kept under vigilant watch. This measure is not perfect because it is possible that the machines are already compromised, and if it was done by a clever attacker, there may be no way to determine whether or not this is the case. Worse yet, the usual method of patching software problems cannot be trusted in this case.

Where possible, precincts planning on using these machines should consider making paper backup systems available to prepare for the possibility of widespread failures on election day. The nature of this technology is that there is really no remedy from a denial of service attack, except to have a backup system in place. While voter verified paper trails and proper audit can be used to protect against incorrect results from corrupt machines, they cannot prevent an attack that renders the machines non-functional on election day.

Using general purpose computers as voting machines has long been criticized by computer scientists. This latest vulnerability highlights the reasoning behind this position. This attack is possible due to the very nature of the hardware on which the systems are running. Several high profile studies failed to uncover this. With the current technology, there is no way to account for all the ways that a system might be vulnerable, and the discovery of a problem of this magnitude in the midst of primary season is the kind of scenario we have feared all along.

Timeline and Perspective
This is not the first time Diebold has faced serious security issues — though this problem appears to be the worst of them all. Here is a capsule history of Diebold security studies:

2001: Doug Jones produces a report highlighting design flaws in the machines that became the Diebold touchscreen voting machines.
July 24, 2003: Hopkins/Rice study finds many security flaws in Diebold machines, including ones that were pointed out by Doug Jones.
September 24, 2003: SAIC study finds serious flaws in Diebold voting machines. 2/3 of the report is redacted by the state of Maryland.
November 21, 2003: Ohio’s Compuware and InfoSentry reports find critical flaws in Diebold touchscreen voting machines
January 20, 2004: RABA study finds serious security vulnerabilities in Diebold touchscreen voting machines.
November, 2004: 37 states use Diebold touchscreen voting machines in general election.



March, 2006: Harri Hursti reports the most serious vulnerabilities to date discovered.

None of the previously published studies uncovered this flaw. Did SAIC? It might exist in the unredacted report, but to date, nobody outside of Maryland officials and SAIC has been able to see that report.

We believe that the question of whether DREs based on commodity hardware and operating systems should ever be used in elections needs serious consideration by government and election officials. As computer security experts, we believe that the known dangers and potentially unknown vulnerabilities are too great. We should not put ourselves in a position where, in the middle of primary season, the security of our voting systems comes into credible and legitimate question.

presented. You really need to stay up to date on the quotes, don't you think?

Let's hear it for the self-correcting nature of the blogosphere!:applause:

(It's still a nice summary of the problem though.) :)

...Doug urged me to share his explanation so he can put the record straight...


On May 17, 2006, at 6:52 AM, Russ Michaels wrote:

If you've time could you clarify a point that I'm getting confused about here... Some people have said that the latest serious security flaw Harri has identified is nothing new and yet of course yourself and many of the other experts have commented in national newapapers that this security problem is worse than anything that has been uncovered/documented before... Has anything changed in your understanding of Harri's report since we spoke last week?


PROF. DOUG JONES: Yes and I've been in communication with Hursti about this.

A bit over 2 years ago, RABA Technologies was paid by the state of
Maryland to investigate the security of the Diebold Accuvote TS.
Their report was very negative, and one paragraph clearly documented
the fact that the Diebold Accuvote TS firmware was far to simple to
update, although very little detail was given. Nonetheless, it's
clear that RABA understood at least part of the problem.

In a way, RABA is to Hursti as I am to Avi Rubin. RABA and I both
found major security vulnerabilities in the Diebold system. Rubin
found that I'd only touched the tip of the iceberg, and that Diebold,
despite being told of the flaw, had done nothing in 5 years to fix
it. Hursti found that RABA had only touched the tip of the iceberg,
and again, that Diebold had done nothing in 2 years to fix it.

The Hursti report, without the context provided by the RABA report,
can be taken as strong evidence that Diebold has merely been incompetent.
This is the conclusion you'd draw from Rubin's work if it weren't for
my earlier observations. In the context of the RABA report, the Hursti
report makes it clear that Diebold was not merely incompetent, but
that they've been blatantly negligent. Of course, this negligence
is even worse, because Rubin's work, in the context of my earlier
disclosures, has exactly the same implications.

Hursti and I appear to be in pretty clear agreement about this
interpretation. It appears, however, that there are spin-mongers
(spinsters?) who are out there to put another spin on this. Oh, they
say, Hursti didn't report anything new. This appears to be an effort
to discredit Hursti and those of us who consider his report important.

Also, it's noteworthy that the RABA and Hursti reports raise questions
about Maryland's election administration. Maryland asserted that they
were taking the recommendations of the RABA and SAIC reports to heart.
Now, two years later, we find that Maryland hasn't been very hard nosed
about Diebold's followup on the RABA report. Because of redactions
in the SAIC report, we have no idea whether SAIC also found this flaw,
and we cannot tell if Maryland has been equally sloppy about followup
on the SAIC report.

In sum, now that we've found evidence that the RABA study found at least
one and possibly more of the vulnerabilities Hursti found, the story
is even more damning than it was with just Hursti's work.

Doug Jones

------------------------------------------------------------------------------


On May 17, 2006, at 8:18 PM, Russ Michaels wrote:

If I understand correctly the bootloader (a) and operating system (b) vulnerabilities which Harri has identified do seem to be newly specifically stated problems (unless they are in some redacted unknown parts of SAIC/RABA reports)...


PROF. DOUG JONES: The RABA report is sufficiently vague that it is unclear whether they
caught just one of these or whether their wording is intended to encompass
all of them.


RUSS: RABA doesn't mention a three layer vulnerability.


PROF. DOUG JONES: RABA says nothing about the details, just that new software can
be put on the PCMCIA card and injected into the system. An attempt to
read detail into their description makes it sound like Hursti's third
layer, but I'm not sure that reading such detail in is correct.


RUSS: So am I right in thinking that what Harri describes in his report as .. "Three-layer architecture - three security problems. Each can stand alone or combine for three-layer offense in depth" .. is a highly dangerous attack combination which no one else has identified and set out.


PROF. DOUG JONES: Certainly RABA did not identify this in any detail. I agree that
Hursti, at the bare minimum, gets credit for exposing the fact that
Diebold made not one vulnerability of this type, but three separate
ones, each of which, in isolation, is sufficiently bad to allow an
outsider to take over the system, and which can, indeed, be combined.


RUSS: The "offense in depth" attack Harri identifies which could be used to conceal the contamination by an attacker and which could 're-infect the system also seems an important new discovery. Is there any evidence that this deep penetration attack has been properly documented before by anyone?


PROF. DOUG JONES: No, Hursti gets credit here, and he gets credit for
observing that a virus is possible, transmitted from machine to machine
through contaminated PCMCIA cards.

But, we don't know what was redacted in the SAIC report. I want to know,
but I have no leverage with anyone on this. I know that the people at
NIST have tried and failed to get a copy of the non-redacted version.
They say that Linda Lamone wanted to give them a copy, but that she
was blocked by higherups, probably at the state attorney general level
or the lieutenant governor level.

Doug Jones

Say it ain't so....
:sarcasm:

Thanks Votergater, for clearing that up. So all the screaming about how Hursti's report was old was nothing but spin? Gawd, the credibility that has been wasted here the last few days is just that: Wasted.

Damn sad, that.

If there's credibility in question it's Bev Harris' and her Bots.

see above

Published on the CounttheVote.org website in 2004 in response to Brit Williams:

Williams: Voters need to know that even if the election official is sloppy about some procedures, that it is still improbable (vs. impossible) a "rogue vendor" could act alone to change election results (to use an allegation that has been made).

CTV Response: We allow technicans full access to the machines, the data and the votes yet deny the voters any access. We allow technicans to override policies and procedures, yet we would prosecute an elections official for overriding those same policies and procedures. We have granted the "rogue vendor" access while denying the voters and officials the same access. The terms of this contract appear to break the law in Georgia.

Let's use an all too probable example: It is election day, voters have been casting votes on a machine for 2 hours. Suddenly, the machine appears to fail. A technician is called in and alleges that the PCMCIA card (the ballot box) has malfunctioned. The technician replaces the card with one he/she decrees is functioning correctly. No elections official has inspected this card, no official has any idea what this card contains. It is possible that the card is loaded with fraudulent votes. It is possible that the card is not functioning while appearing to do so. It is possible that the ballot box simply isn't receiving every 3rd vote. It is possible the PCMCIA card contains a program to alter the contents of ALL PCMCIA cards during the accumulation process. It is possible that any number of things on that card are altering the election results. It is possible that an unsworn technician has introduced a "rogue" ballot box. And yet, no one has violated the policies and procedures in place. But those policies and procedures have failed to protect the sanctity of the vote.

In fact, this situation DID occur in March, 2004 in Walker County, Georgia:

Problems became apparent with Walker’s first returns about 9 p.m. when neighboring counties were wrapping up their tallies. A Diebold computer technician began providing incorrect numbers to news organizations. The botched returns were fed to the media for more than two hours after the polls closed before the problem was corrected.

“Their technicians were not loading something right,” Walker County Board of Elections and Registration Chief Clerk Barbara Berry said Wednesday. “That’s the reason we can’t even use the modems to get our results in. We have tried and tried to get our results in by modem, and something is wrong somewhere.”

As reported in the Walker County Messenger

Williams: Here are the steps that a person would have to go through to be able to change the outcome of an election.

snip.....

Williams: H) If the software is programmed onto a ROM (Read Only Memory) chip then you have to have physical access to the units.

CTV Response: Not true. One only needs to write a small utility which is a part of the GEMS system, because every time the machines are initiated (turned off and on) the ROM is re-programmed.

Williams: I) With access to the units, you must be able to remove enough of the ROMs in the units to reprogram them. This entails having enough time to either erase the ROMs installed in the units or having enough supplies of identical ROMs that you can have them preprogrammed and inserted into the units... all undetected.

CTV Response: Not true. One only needs to write a small utility which is a part of the GEMS system, because every time the machines are initiated (turned off and on) the ROM is re-programmed.

Williams: J) You then have to have access a second time to remove the "malignant" ROMs after the election and replace them with the real ones you removed (so that you can get away with the election fraud undetected).

CTV Response: Not true. One only needs to write a small utility which is a part of the GEMS system, because every time the machines are initiated (turned off and on) the ROM is re-programmed.

Williams: K) You have to do this not only on enough machines in one jurisdiction (unless your intent is to manipulate a local election - and why would anyone take these kinds of risks for a County Commissioner’s race, or Sheriff’s race or Mayor’s race?), but in many jurisdictions in order to steal a Congressional race or state race? And for the presidency, this would involve thousands and thousands of people.. .unless of course we go to one system nationally (or Internet voting).

CTV Response: Not true. One only needs to write a small utility which is a part of the GEMS system, because every time the machines are initiated (turned off and on) the ROM is re-programmed.

read the rest at:
http://www.countthevote.org/elec_center_0403.htm

Paging Votergate..........

Paging BeFree..........

Paging the rest of the BevBots.........

SteveAPlay? Jim Dandy?

Clicking on the link you provide to the CTV website from your post, we see the same thing that you posted.

http://www.countthevote.org/elec_center_0403.htm

However, if you right-click on the page, and select PAGE INFO, you can quickly see that this page was modified the day you posted this.

Modified: Friday, May 19, 2006 5:07:51 AM

On top of that, the front page does not contain a link to this page.

If we look further, had this really been posted in 2004 (The link shows a date of 0403 - either "March 2004," or April 3rd, 2004), there should be evidence somewhere...

But the Internet Archive capture of the CTV front page on April 5th 2004 clearly shows there is no mention of this supposed "evidence":

http://web.archive.org/web/20040405130011/http://countthevote.org/

And the Internet Archive capture of the CTV front page on May 20th 2004 shows no mention of this supposed "evidence":

http://web.archive.org/web/20040520014620/http://www.countthevote.org/

Why, even the first Internet Archive capture for 2005 clearly shows there was never any mention or link to this supposed "evidence":

http://web.archive.org/web/20050202082412/http://countthevote.org/

And finally, a definitive example of the Internet Archive's ability to help researchers separate the real BBV activists from the fake ones:

http://web.archive.org/web/*/http://www.countthevote.org/elec_center_0403.htm


Funny how you went from saying that Doug Jones backed your version of events re: RABA, until Doug himself said you were 'spinning' what he said, now it's "Evidently, Professor Jones needs ALL the evidence"! What part of 'he busted you for misrepresenting what he said', don't you understand?

He knows what he said and he knows what he meant by it. He came here to DU and he read how his words had been misrepresented, and he graciously offered a clarification of his position. Now you're attacking him for not getting it. :crazy:

You do realize that you're giving DU a bad name among these people, don't you? :shrug:

Cause we have proof the document was created on April 4, 2004.

So, have at it.

Oh yeah, not to mention all the witnesses who saw it. You know, like the Georgia legislators who we handed it out to.

You know, when we were fighting to pass voter verified paper ballots in Georgia and were being hit over the head with Brit Williams' document. We responded and passed it out.

Ooops, screwed again, Bev.

VVPB Hearing Rescheduled to Thursday, April 1, 10:00 AM EST
The hearing on SB-500 has been postponed until tommorow. Our bill has apparently been assigned to the Elections sub-committee, as we anticipated it would be. There is a sub-committee meeting scheduled for Thursday, April 1st, at 10:00 am, in Capitol Room 216. Their agenda includes holding a hearing on both SB-500 and SB-153 (related to qualifying fees for local office).

At 11:30 am, the House Committee on Governmental Affairs is scheduled to meet in the same room and to consider whatever bills may be recommended to it for action by the DeLoach sub-committee.

Keep doing everything you have been doing, particularly as it relates to constituent contact with Representatives Buddy DeLoach, Alan Powell, Calvin Smyre and Terry Coleman. We can still pass SB-500 in THIS session of the Assembly.
Posted at 10: 7:46 AM EDT by RoxanneJ
http://web.archive.org/web/20040405130011/http://countthevote.org/

Oh yeah, BTW, we have several activists discussing this document with legislators on FILM, too.

....I asked the moderators to kill this whole thread. This thread is giving Mr. Jones a bad name.

It isn't fair to drag him through our mud.

And you want the discussion closed.

BTW, tell Bev to check with her good buddy Russell........

:rofl:

OK, you say you have "proof" that you've known everything about how flawed this system is for YEARS now and yet you were totally ineffective in getting anyone to listen to you. Have I got that right so far?

How exactly were you trying to get this story out to the public?

Why did you let these machines get used in the 2004, 2005, and spring primary 2006 elections if you knew about this?

Did you work up an exploit and demonstrate it for the press or officials or anyone for that matter?

Why am I to believe that you knew about this when you've obviously done nothing about it all this time and even experts like Doug Jones and Avi Rubin say they were blindsided by what Harri showed them.

So tell us, who else knew about this and said or did nothing? :shrug:

If nothing else, Harri Hursti and BBV.org have put it out there in a very public way that nobody is denying any more, not even Diebold. That's a good thing! :)

Now we need to find out who knew what, when, and determine why they allowed this to happen.

As Harri put it, "The witch hunt has begun!"

"These are not the bots you are looking for, move along, move along." Nothing to see here folks! Please pay no attention to this report, it's just a rehash of old stuff and means nothing. Yeah right! Good luck with that. :evilgrin:

Did you miss the part about telling LEGISLATORS?

Perhaps the FACT that people like Rubin and Jones 'get it' NOW, has escaped your grasp? :shrug:

I see action happening now that wasn't happening prior to this report. It's clear that some people had to know about this and chose to keep it secret. Now the questions are who knew, when did they know it, and why didn't they act on it?

We now have proof that the ITA certification program is a sham, and no idea what else may be wrong with the other systems that they've certified. 'We, the people' deserve answers to those questions. Wouldn't you agree? :)

you really spin like a top...

now it's ok that this was old news because you think bbv is more effective than the people who talked about it first?

It is mind boggling.

Also, I searched all over BBV and couldn't find a poster named Steve or any mention of a Steve involved in the organization.

Do you have permission to be here speaking for BBV like this?

In answer to your question, why yes, yes I do. Thanks for asking! :hi:

No one needs permission to speak the truth! :)

Look just below to the "elec_center_0403.txt" modified on 5/19/06, which gets a 404. What you have shown here is off your computer and not from your website. Show us a capture from your website.

Oh, I saved your screencap.gif

Also, what happened to your elec_center_0403.gif? It also gets a 404. But there it is on your computer.

That's a screencap of a LOCAL hard drive.

Show us your website directory if you want to show us proof. Not some personal filing system.

I checked your web page info as well. Modified on May 19, just as Steve said, same date as your text file with the same name - elec_center_0403.txt found on your local drive screencap.

:)

Where's the discrepancy?

I say...let's make it a cage match, with weapons, like in Thunderdome 8)

Did someone mention a security flaw at some point...I can't remember anymore.

:nuke: ... :hide: ... :nuke:

"According to eye witnesses the accident happened while Mr. American A. Citizen was on his way to deliver an important security briefing to the nation. He was distracted by kids in the back seat who were fighting and didn't see the oncoming Mack truck."

They have gotten a lot of discussion with rehashing the earlier evidence from Rob Behler and RABA.

I'm sorry about all of the static in here. It's getting hard to have simple conversation concerning what to do about this. Whatever we come up with, the TSx and TS6 machines are toast. The damn machines have less security than a TV cable converter box, and they're easier to get into.

It's pretty much a 'worst case scenario' for a voting machine from a security standpoint.

Really??? Didn't you just tell me, "File it with someone who gives a damn. I could care less!"?

I work with real activists who are getting things done. I have no time to waste on snotty people who think they're owed something and demand things for no apparent reason.

I'm not necessarily describing you of course. :)

"people who think they're owed something and demand things for no apparent reason."

Actually, I was asking for LESS than Bev promised people that she would provide, while she was soliciting $$$$$$$$$$$$$$$$$$$$$$$ for the FOIAs to post results on her site.

Clearly, she does not intend to provide the information that people donated money for.

Of course, I have also sent a formal request for a copy of BBV.org's 990 and by law, I needn't provide an "apparent reason". I requested it weeks ago, filing was supposedly made Monday, so I imagine a copy will be in my box by tomorrow, right?

I must admit, I understand the opscan problem better because I'm in an all opscan state. but my understanding is, there are at least as meny opscan voters out there as there are DRE voters, if not more. and because the opscan voting is so centralized, it is more vulnerable. and technically, since the opscan memory cards are sent back to Diebold every election cycle, they have even more of an opportunity to get their hands on the vote counting every time around. combine that with the fact that everyone thinks opscans are safer and it's a recipe for disaster. I don't know which is worse, opscan or DRE, but it's a close call.

are being made and distributed by CROOKS, none of them machines will be safe.

I thank the amazing people who have worked so hard to gather evidence. Now is the time to convert that very technical and painstaking process into simplicity and soundbites and haunting visual images. Characters are nice as well but since they are being assassinated we'll have to work without them to tell the story.

Crooks make compelling characters. Voting machines sold by crooks can never be trusted. That's a simple concept that people can understand. Voting machines sold by liars can never be trusted, that's another one people can understand. Also I don't find that excess politeness captures imaginations.

This has gone on enough.

This forum should be for working together, and not for fighting.

If folks can't work together, go away.

Don't put stuff here that is meant to antagonize.

This is for all parties.

This thread needs to be locked.

It really is just flame bait and injures an innocent party as well. Lock it, please!