[supercat]

The Princeton researchers lied. Look at their video, read their written report. They outright lied with intent to deceive.

How were they deceptive? I'll admit that at the time the report was written, they may have underplayed the fact that attacking the machine requires physically opening it. Given, however, that the machine can be opened with a mini-bar key, that doesn't seem like much of an omission by the researchers.

Certainly Diebold claims that the security holes are fixed, but from what I can tell they are not fixed in any way that would prevent someone with inside knowledge from hacking the machines in such a way as to fake vote totals and then remove all trace of the hack.

There are some simple principles that can and should be applied that would make an attack very difficult even by someone with full inside knowledge. So far as I can tell, Diebold has made no effort to make their machines secure against insider attacks. Why?

[DBrow]

For one thing, the video is obviously cut-and-pasted. There is nothing in the visuals that unambiguously verifies what the voiceover is saying. You see multiple cuts of button pushing (without seeing the card being used btw), then more cuts, then ta-dah! A tape with printing on it, which the voice tells us is the result of their Magic Software.

This software is absolutely amazing- it has a long list of functions, all undetectable, it can delete itself without a trace (truly magical- ask a geek if Windows CE allows files to autonomously delete themselves without a trace). The malware can propagate over a network (before deciding to delete itself) and take over the operating systems of other machines without a reboot or detection.

Installing the malware via memory card requires leaving the infected card in the slot after breaking the seal, otherwise a reboot would load the correct software. "Merely" replacing the eeprom requires considerable access, and I doubt that the motherboard can reprogram its own eeprom, so tampering would be evident.

They did not demonstrate that their malware works or even exists- they just made assertions backed up with a video James Randi would throw out in a picosecond. Their written report is filled with caveats like "it could be done", "it is possible that", "it may be.." and so forth.

They even claim that getting access to the eeprom boot chip is undetectable!

In reality, the poll worker would notice that the machine was turned on, and that the security seals were breached (and if the poll worker is in on it you are hosed even with paper ballots). In any case, checking the security seal will reveal tampering. Checking the contents of the memory card will show tampering with that, unless the malware can detect being transported to a forensic computer lab and then erases itself.

The Princeton research should be looked at in the same light as that other example of scholarly research, the proven fact that the WTC collapsed because some team of people pre-planted demo charges, then faked plane crashes. In that case, you have a scholarly written report by real college professors and a pasted-together video on YouTube.

The "fact" that a mini-bar key can open a voting machine remains to be proven. I have seen lots of mini-bars, and most open with the electronic card room key. In Albuquerque, there was a key, and it was not stamped Diebold. The mini-bar key is a made up story- he pulls a Diebold key out of his pocket, says it's a hotel mini-bar key, and the reporter goes, Gosh! with no more follow up than Barbara Walters interviewing Hillary Clinton.

That would only work in the few states where the requirement is that all of the voting machines be keyed the same- not the case everywhere.

What the Princeton prof has done is create a fantasy that allows one to take an election that did not turn out correctly and throw it to the courts, since if there is no sign of tampering, then the entire system must have been tampered with because there is no evidence at all of tampering- just what that Princeton guy says.

Remember the college prof who stated that the Pyramids in Egypt were built by flying black people with wings, but the white people destroyed all the evidence? Maybe you'd find it interesting, if all it takes is a prof with a story.