Monday, February 27, 2006

Diebold's hard-coded ticket to 1984

Nice to see a heavy hitter blog like Political Animal getting behind the Diebold e-vote scam issue. But really — why isn't this headline news everywhere?

California Approves Diebold E-Voting....:

The bugs pale next to another discovery by the panel. This is the presence of a cryptographic key written into the source code, or basic software, of every Diebold touch-screen machine in the country. The researchers called this blunder tantamount to 'a bank using the same PIN code for every ATM card they issued; if this PIN code ever became known, the exposure could be tremendous.'

Here's the punch line: The Diebold key became known in 2003, when it was published by researchers at Johns Hopkins and Rice universities. It can be found today via a Google search.
Yep. Despite the fact that the panel of experts concluded that Diebold could fix all the bugs in their machines in 'only a few hours,' the problem with the hardcoded key has been known since 1997 and the key itself has been known since 2003 — but Diebold has done nothing about it.

(Are you dying to know how to hack into a Diebold machine? Unless your local registrar has bothered to change it, here's the key: F2654hD4. And the 8-byte password used for Diebold’s voter, administrator, and ender cards is ED 0A ED 0A ED 0A ED 0A. Aren't you glad this stuff is so easily found on the internet?)

There's simply no excuse for tolerating even the perception that the voting process is so easily open to abuse. I'm no conspiracy monger, but the fact that Diebold hasn't corrected these problems despite the fact that they're obvious, widely known, and easy to fix, does nothing except provoke suspicion — well deserved or not — that they're stonewalling deliberately. I mean, why act so damn guilty unless they really are guilty?
Wayne, I'm beginning to see the light!

No comments: