X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_HELO_PASS autolearn=ham version=3.2.0-r431796 Sender: -2.6 (spamval) -- NONE Return-Path: Received: from newman.eecs.umich.edu (newman.eecs.umich.edu [141.213.4.11]) by boston.eecs.umich.edu (8.12.10/8.13.0) with ESMTP id k8DF5Cnw025517 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Wed, 13 Sep 2006 11:05:12 -0400 Received: from ghostbusters.mr.itd.umich.edu (ghostbusters.mr.itd.umich.edu [141.211.93.144]) by newman.eecs.umich.edu (8.13.8/8.13.6) with ESMTP id k8DF5AqB019829; Wed, 13 Sep 2006 11:05:10 -0400 Received: FROM newman.eecs.umich.edu (newman.eecs.umich.edu [141.213.4.11]) BY ghostbusters.mr.itd.umich.edu ID 45081E23.1582A.24393 ; 13 Sep 2006 11:05:07 -0400 Received: from boston.eecs.umich.edu (boston.eecs.umich.edu [141.213.4.61]) by newman.eecs.umich.edu (8.13.8/8.13.6) with ESMTP id k8DF54Pv019813 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Wed, 13 Sep 2006 11:05:04 -0400 Received: from boston.eecs.umich.edu (localhost.eecs.umich.edu [127.0.0.1]) by boston.eecs.umich.edu (8.12.10/8.13.0) with ESMTP id k8DF54nw025514 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 13 Sep 2006 11:05:04 -0400 Received: from localhost (dreeves Æ localhost) by boston.eecs.umich.edu (8.12.10/8.12.9/Submit) with ESMTP id k8DF54Cm025511 for ; Wed, 13 Sep 2006 11:05:04 -0400 X-Authentication-Warning: boston.eecs.umich.edu: dreeves owned process doing -bs X-X-Sender: dreeves Æ boston.eecs.umich.edu Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="-712164092-356956684-1158159904=:23183" X-Spam-Checker-Version: SpamAssassin 3.2.0-r431796 (2006-08-16) on newman.eecs.umich.edu X-Virus-Scan: : UVSCAN at UoM/EECS X-Virus-Scan: : UVSCAN at UoM/EECS Date: Wed, 13 Sep 2006 11:05:04 -0400 (EDT) To: improvetheworld Æ umich.edu From: Daniel Reeves Subject: Security Analysis of the Diebold AccuVote-TS Voting Machine (fwd) Status: O X-Status: X-Keywords: X-UID: 732 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---712164092-356956684-1158159904=:23183 Content-Type: TEXT/PLAIN; charset=WINDOWS-1252; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE ---------- Forwarded message ---------- Date: Wed, 13 Sep 2006 10:59:16 -0400 From: peter honeyman Subject: Security Analysis of the Diebold AccuVote-TS Voting Machine this report was released minutes ago by ed felten's group at princeton: Security Analysis of the Diebold AccuVote-TS Voting Machine This paper presents a fully independent security study of a Diebold AccuVot= e-TS=20 voting machine, including its hardware and software. We obtained the machin= e=20 from a private party. Analysis of the machine, in light of real election=20 procedures, shows that it is vulnerable to extremely serious attacks. For= =20 example, an attacker who gets physical access to a machine or its removable= =20 memory card for as little as one minute could install malicious code; malic= ious=20 code on a machine could steal votes undetectably, modifying all records, lo= gs,=20 and counters to be consistent with the fraudulent vote count it creates. An= =20 attacker could also create malicious code that spreads automatically and=20 silently from machine to machine during normal election activities=97a=20 voting-machine virus. We have constructed working demonstrations of these= =20 attacks in our lab. Mitigating these threats will require changes to the vo= ting=20 machine=92s hardware and software and the adoption of more rigorous electio= n=20 procedures. the report is available at http://itpolicy.princeton.edu/voting =09peter ---712164092-356956684-1158159904=:23183--