Major bugs found in Diebold vote systems

The voting machine controversy likely will linger after a look at the systems source code software from Ohio-based Diebold yielded reports of numerous bugs.

Diebold was one of three companies — including Election Systems & Software and Sequoia — that provided updated technology for the 2004 election.

Computer Science Professor Avi Rubin of John Hopkins University analyzed Diebold’s 47,609 lines of code and found it uses an encryption key that was hacked in 1997 and no longer is used in secure programs.

Rubin said Diebold has said it repaired the security flaws in subsequent programs, but that the company has not produced the code for analysis.

Diebold did return a call for comment.

The Digital Encryption Standard 56-bit encryption key used can be unlocked by a key embedded in all the source code, meaning all Diebold machines would respond to the same key.

Rubin, his graduate students and a colleague from Rice University found other bugs, that the administrator’s PIN code was "1111" and that one programmer had inserted, "This is just a hack for now."

The implication is that by hacking one machine you could have access to all Diebold machines. (UPI)

http://washingtontimes.com/upi-breaking/20041112-112037-7263r.htm