Is this reported problem different from the one reported in 2004 by RABA Technologies?
http://www.raba.com/press/TA_Report_AccuVo... (page 19)
"3. Load a PCMCIA card with an update file. The PCMCIA card can be used to update
the software on the AccuVote-TS terminal. This can be done by placing a PCMCIA
card with an update file into the terminal and rebooting the terminal. The update file
allows an attacker to overwrite any file on the system. Furthermore, by using this
technique an attacker can install his own version of the ballot station software giving
him the ability to completely invalidate all the results on that terminal. If he
compromises the AccuVote-TS terminal used as the accumulator, he can
compromise the entire precinct results."
David Allen
www.blackboxvoting.com Reply from Doug Jones:
This is exactly the same problem! Thanks! I've been wondering
whether this vulnerability was hiding in one of those old security
evaluations. Now we can say, rather firmly, that Diebold knew about
this problem for almost 2 years and did nothing about it.
I've suspected that they knew about it and had not elected to patch
the hole, now we know!
Doug Jones
jones@cs.uiowa.edu There you have it folks, Bev Harris recycling something known about for three years.
