Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Heh heh; US-CERT Cyber Security on GEMS :)

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
 
The Straight Story Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:07 PM
Original message
Heh heh; US-CERT Cyber Security on GEMS :)
Diebold

GEMS Central Tabulator 1.17.7, 1.18
A vulnerability exists due to an undocumented backdoor account, which could (allow? they missed a word here...) a local or remote authenticated malicious user modify votes.
No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

GEMS Central Tabulator Vote Database Vote Modification Medium BlackBoxVoting.org, August 31, 2004


http://www.uscert.gov/cas/bulletins/SB04-252.html#diebold
Printer Friendly | Permalink |  | Top
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:15 PM
Response to Original message
1. DELETED
Edited on Tue Sep-14-04 09:53 PM by MazeRat7
Details linked in post #6

MZr7
Printer Friendly | Permalink |  | Top
 
Eloriel Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:15 PM
Response to Original message
2. Wow -- question for you
what is this document? How is it used? How did you happen on it? And so forth. IOW: what am I reading? LOL.
Printer Friendly | Permalink |  | Top
 
The Straight Story Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:22 PM
Response to Reply #2
3. How
I do random searches on http://www.google.com/unclesam which can turn up all sorts of interesting things (and try things like keyword filetype:pdf for more fun).

I use these things at work and at home, as the document states: "This bulletin provides a summary of new or updated vulnerabilities, exploits, trends and viruses ".

It is a worthwhile site to bookmark if you are in the computer field.
Printer Friendly | Permalink |  | Top
 
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:23 PM
Response to Reply #2
4. CERT tracks known security vulnerabilities
They are very well known by the players on both sides of the "security" game and are considered the "gold-standard" for tracking such issues.

MZr7
Printer Friendly | Permalink |  | Top
 
The Straight Story Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:26 PM
Response to Reply #2
5. Another interesting item as an example
Did a search on diebold harris and found http://www.ss.ca.gov/elections/vsp_min_071904.pdf
which is a meeting of the secretary of state in CA on July 19th on voting procedures. Lots of interesting things out there to read :)
Printer Friendly | Permalink |  | Top
 
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:35 PM
Response to Reply #5
6. I think this explains it a bit better....
"http://www.ejfi.org/Voting/Voting-27.htm"

MZr7
Printer Friendly | Permalink |  | Top
 
The Straight Story Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:37 PM
Response to Reply #6
8. Indeed
It does explain it better, but I found it interesting that it showed up where it did :)
Printer Friendly | Permalink |  | Top
 
Eloriel Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-15-04 11:37 AM
Response to Reply #8
18. Yes, my interest wasn't an explanation of WHAT was found but
the document in the OP where the fault was listed. Oh well.
Printer Friendly | Permalink |  | Top
 
ParanoidPat Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:36 PM
Response to Original message
7. YEE HAAAAA!
WOW WOW WOW THIS IS BIG!!! :evilgrin:

I wonder if Bev and Andy know yet? :) :toast:
Printer Friendly | Permalink |  | Top
 
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:40 PM
Response to Reply #7
9. If you mean Bev Harris, see link in post #6 (n/t)
Printer Friendly | Permalink |  | Top
 
harmonyguy Donating Member (589 posts) Send PM | Profile | Ignore Tue Sep-14-04 09:56 PM
Response to Reply #9
10. I think that Pat was.....
...referring to Bev or Andy knowing that the item made it to the CERT list. No?

Of course, not presuming to speak for Pat ;-)
Printer Friendly | Permalink |  | Top
 
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 09:59 PM
Response to Reply #10
11. Good point. They may not know it made CERT status.... (n/t)
Printer Friendly | Permalink |  | Top
 
ParanoidPat Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 10:06 PM
Response to Reply #9
12. I know they are aware of the hack.....
......I was at the meeting in Sacramento with them. I have the video tapes to prove that they denied us the right to tape the demo or even take notes. :(

I just wonder if they know that US CERT has issued the advisory. The last line stating that they don't know of any exploits leads me to believe they need to talk to Dr. Hugh Thompson. I bet the threat level gets raised to high if they do. :)
Printer Friendly | Permalink |  | Top
 
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 10:13 PM
Response to Reply #12
14. I would need to know more....
I have only followed this in a "detached" manner from /. and other sources. Based on what I read about in Bev's article (MS access, the dial-up connection, etc) I can't imagine generating an POC exploit would be all that hard. But again, I really don't have enough information to say for sure.

MZr7
Printer Friendly | Permalink |  | Top
 
MazeRat7 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 10:20 PM
Response to Reply #12
15. One other minor point...
When CERT talks about "known" exploits... they generally mean in the "wild" as in loose on the Internet. That is not to say there can't be POC (proof of concept) code that is locked up somewhere that demonstrated the vulnerability.

MZr7
Printer Friendly | Permalink |  | Top
 
ParanoidPat Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 11:08 PM
Response to Reply #15
16. We demonstrated the POC to members of the California VSP.....
.....(Voting Systems Panel) a couple of weeks ago. That demo lead to the Ca. AG joining the lawsuit in Alameda county against Diebold.

Stay tuned, this is going to get good! :evilgrin:
Printer Friendly | Permalink |  | Top
 
ParanoidPat Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 10:07 PM
Response to Reply #9
13. OOPS.....
Edited on Tue Sep-14-04 10:09 PM by ParanoidPat
......Computers! :shrug: :evilgrin:
Printer Friendly | Permalink |  | Top
 
ParanoidPat Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Sep-14-04 11:50 PM
Response to Original message
17. We are 6 VBS lines away from a full blown electoral disaster.......
.....if and when those 6 lines of code are published on the Internet, all of this BS about the Diebold system's security will be blown wide open. The GEMS tabulation system will be useless.

Any bets on where and when it happens? :shrug: :evilgrin:
Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-15-04 11:50 AM
Response to Reply #17
19. Pat don't do it
just say no.

:evilgrin:
Printer Friendly | Permalink |  | Top
 
ParanoidPat Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-15-04 12:08 PM
Response to Reply #19
20. Don't worry Andy......
.....My Moma raised an idiot, but she didn't raise no fool! :)
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Thu Apr 25th 2024, 10:05 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC