- Joined
- Jun 14, 2009
- Messages
- 28,908
- Reaction score
- 15,212
https://motherboard.vice.com/en_us/...ote-access-software-on-systems-sold-to-states
Thought this was worth a thread separate from everything else.
Note that these are not voting machines, this is the actual management system.
To put this in perspective, imagine you have a critical banking system with transactional information for the past year...and you tape the password to the monitor. That's how idiotic this is.
But let's compound this.
https://gcn.com/articles/2012/01/26/ecg-disabling-remote-pc-software.aspx?m=1
From 2000-2006, this vendor was installing remote access software on these systems, and in 2006 the source code of the software was compromised (at which point these systems would be considered compromised if the software were on the system). Due to the secretive nature of these installs, how many of those do you think were updated to address the source disclosure? Moreover, why did they lie about it?
Conspiracy theorists, smoke em if you got em.
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'
The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.
In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.
The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.
ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.
Thought this was worth a thread separate from everything else.
Note that these are not voting machines, this is the actual management system.
Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines.
To put this in perspective, imagine you have a critical banking system with transactional information for the past year...and you tape the password to the monitor. That's how idiotic this is.
But let's compound this.
https://gcn.com/articles/2012/01/26/ecg-disabling-remote-pc-software.aspx?m=1
Symantec warns pcAnywhere users of remote software code hack
Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.
- By 1105 Media Staff
- Jan 27, 2012
While the actual theft took place in 2006, Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code Jan. 13.
From 2000-2006, this vendor was installing remote access software on these systems, and in 2006 the source code of the software was compromised (at which point these systems would be considered compromised if the software were on the system). Due to the secretive nature of these installs, how many of those do you think were updated to address the source disclosure? Moreover, why did they lie about it?
Conspiracy theorists, smoke em if you got em.