Changer les votes dans les machines a voter US
Princeton researchers hack the vote - printer friendly version - Alpha Blog - alpha.cnet.com
Princeton researchers hack the votehttp://reviews.cnet.com/4531-10921_7-6638094.html?tag=subnav
Posted by: Robert VamosiPost date: 9/14/2006
Researchers at Princeton intentionally injected malicious software into a Diebold Accu-vote-TS voting machine for the purposes of security research. In an online video the researchers, Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, conducted a pretend presidential election in which George Washington receives four votes to Benedict Arnold's one. Yet, when the voting machine is queried at the end of the day, its paper printout states that Arnold received three votes to Washington's two. Even the memory card, designed as a backup, reports the same fraudulent result. There is no way for an observer after the fact to disprove that voters did not give Arnold three votes to Washington's two--except that we saw in the video that the voters did in fact vote differently. The researchers at Princeton exploited well-known software flaws with the Diebold Accu-vote-TS voting to construct their malicious code and cited lax security procedures at the polling sites, such the ability to pick the lock on the memory card, as a means of spreading the malicious code. Full details are available in this PDF report. See also this story on News.com.
http://reviews.cnet.com/4531-10921_7-6638094.html
--------------------
E-voting machines again under fire
By Dawn Kawamotohttp://news.com.com/E-voting+machines+again+under+fire/2100-1028_3-6115873.html
Story last modified Fri Sep 15 06:35:54 PDT 2006
Concerns about electronic voting machines, whose reliability has been heavily criticized in recent years, resurfaced this week in a recently published Princeton University study.
Released on Wednesday, the Princeton research paper, "Security Analysis of the Diebold AccuVote-TS Voting Machine," says that the e-voting machine, produced by Diebold Election Systems, was vulnerable to malicious attacks and potential voter fraud.
The Princeton report (click here for PDF) comes amid renewed debate over e-voting as the November elections near and onging legal action by the Electronic Frontier Foundation (EFF), which advocates stricter supervision of e-voting systems.
The EFF on Wednesday filed a brief with the U.S. Circuit Court of Appeals, asking the court to reject a request to dismiss an EFF lawsuit against the Ohio secretary of state and governor. The suit alleges the defendants abdicated their responsibilities to ensure Ohio residents had a right to vote. Some e-voting machines in Ohio had malfunctioned during the 2004 election, in some cases causing votes cast for one candidate to go to the opposition.
"Ohio's procedures, like many used elsewhere across the country, simply don't do enough to protect voters from the serious vulnerabilities in the current generation of electronic voting equipment," Matt Zimmerman, EFF staff attorney, said in a statement.
Authorities in some states have grown increasingly uncomfortable with e-voting security measures. California, for example, found last year it could not certify Diebold's electronic voting systems results without adding federal review.
Princeton's research found the AccuVote-TS, as well as a newer version of the machine, the TSx, are expected to be used in 357 counties, representing nearly 10 percent of registered voters.
"Analysis of the machine...shows that it is vulnerable to extremely serious attacks," the report states. "An attacker who gets physical access to a machine or its removable memory card for as little as a minute could install malicious code."
From there, the virus could allegedly steal votes without detection and modify all records, logs and counters so the machine's tabulations would be consistent with the bogus votes it creates, according to the report.
The malicious attack could also spread to other e-voting machines, creating a voting machine virus, the report states. It suggested the machine's software and hardware be updated and strict election procedures be implemented.
But a Diebold executive disagreed and said that the e-voting machine used for the research project has security software that is two generations old.
"By any standard--academic or common sense--the study is unrealistic and inaccurate," Dave Byrd, Diebold Election Systems president, said in a statement.
He noted the unit used in the research allegedly did not have normal security procedures followed. The unit's numbered security tape, 18 enclosure screws and number security tags were allegedly destroyed or missing to allow researchers to get inside the machine.
The latest version of the AccuVote TS software includes 128-bit data encryption, digitally signed memory card data, secure socket layer (SSL) data encryption for transmitting results and dynamic passwords.
"Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day," Byrd said.
Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.
Princeton researchers hack the votehttp://reviews.cnet.com/4531-10921_7-6638094.html?tag=subnav
Posted by: Robert VamosiPost date: 9/14/2006
Researchers at Princeton intentionally injected malicious software into a Diebold Accu-vote-TS voting machine for the purposes of security research. In an online video the researchers, Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, conducted a pretend presidential election in which George Washington receives four votes to Benedict Arnold's one. Yet, when the voting machine is queried at the end of the day, its paper printout states that Arnold received three votes to Washington's two. Even the memory card, designed as a backup, reports the same fraudulent result. There is no way for an observer after the fact to disprove that voters did not give Arnold three votes to Washington's two--except that we saw in the video that the voters did in fact vote differently. The researchers at Princeton exploited well-known software flaws with the Diebold Accu-vote-TS voting to construct their malicious code and cited lax security procedures at the polling sites, such the ability to pick the lock on the memory card, as a means of spreading the malicious code. Full details are available in this PDF report. See also this story on News.com.
http://reviews.cnet.com/4531-10921_7-6638094.html
--------------------
E-voting machines again under fire
By Dawn Kawamotohttp://news.com.com/E-voting+machines+again+under+fire/2100-1028_3-6115873.html
Story last modified Fri Sep 15 06:35:54 PDT 2006
Concerns about electronic voting machines, whose reliability has been heavily criticized in recent years, resurfaced this week in a recently published Princeton University study.
Released on Wednesday, the Princeton research paper, "Security Analysis of the Diebold AccuVote-TS Voting Machine," says that the e-voting machine, produced by Diebold Election Systems, was vulnerable to malicious attacks and potential voter fraud.
The Princeton report (click here for PDF) comes amid renewed debate over e-voting as the November elections near and onging legal action by the Electronic Frontier Foundation (EFF), which advocates stricter supervision of e-voting systems.
The EFF on Wednesday filed a brief with the U.S. Circuit Court of Appeals, asking the court to reject a request to dismiss an EFF lawsuit against the Ohio secretary of state and governor. The suit alleges the defendants abdicated their responsibilities to ensure Ohio residents had a right to vote. Some e-voting machines in Ohio had malfunctioned during the 2004 election, in some cases causing votes cast for one candidate to go to the opposition.
"Ohio's procedures, like many used elsewhere across the country, simply don't do enough to protect voters from the serious vulnerabilities in the current generation of electronic voting equipment," Matt Zimmerman, EFF staff attorney, said in a statement.
Authorities in some states have grown increasingly uncomfortable with e-voting security measures. California, for example, found last year it could not certify Diebold's electronic voting systems results without adding federal review.
Princeton's research found the AccuVote-TS, as well as a newer version of the machine, the TSx, are expected to be used in 357 counties, representing nearly 10 percent of registered voters.
"Analysis of the machine...shows that it is vulnerable to extremely serious attacks," the report states. "An attacker who gets physical access to a machine or its removable memory card for as little as a minute could install malicious code."
From there, the virus could allegedly steal votes without detection and modify all records, logs and counters so the machine's tabulations would be consistent with the bogus votes it creates, according to the report.
The malicious attack could also spread to other e-voting machines, creating a voting machine virus, the report states. It suggested the machine's software and hardware be updated and strict election procedures be implemented.
But a Diebold executive disagreed and said that the e-voting machine used for the research project has security software that is two generations old.
"By any standard--academic or common sense--the study is unrealistic and inaccurate," Dave Byrd, Diebold Election Systems president, said in a statement.
He noted the unit used in the research allegedly did not have normal security procedures followed. The unit's numbered security tape, 18 enclosure screws and number security tags were allegedly destroyed or missing to allow researchers to get inside the machine.
The latest version of the AccuVote TS software includes 128-bit data encryption, digitally signed memory card data, secure socket layer (SSL) data encryption for transmitting results and dynamic passwords.
"Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day," Byrd said.
Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.
Libellés : élections américaines, hack, machines voter
Ecrit par Fibo| Permalink|
Pour votre del.icio.us
1 Commentaires:
Les machines à voter US ne résistent pas totalement à la fraude et à la manipulation, sans que celles-ci ne soient visibles ou "traçables" puisque les manoeuvres peuvent se faire sans témoin.
Le vote électronique serait-il davantage fiable en France?
On a vu en tout cas lors des dernières présidentielles que le vote lui-même est plus long...
Un débat qu'il faudra bien se décider à mener!
Enregistrer un commentaire
<< Home