[Mb-civic] firmware and penetration analysis NOT DONE!!!

Lyle K'ang lyve at netzero.com
Mon Nov 8 22:11:54 PST 2004 

Hello-You Can Kiss Your Ass Goodbye and Wave At The America WE ONCE KNEW or you can get back in the GAME!!! SAVE AMERICA AGAIN!!!

OK-this is geek stuff but here it is:: FRAUD!!!

TWO most important areas called : firmware and penetration analysis were not tested!!!!

Diebold Election Systems
Software Qualification Test Report
GEMS 1-18-15
Original Report Version 1.0 created l/03/03

Prepared For:
The National Association of State Election Directors

Prepared By: CIBER ITA Division
CIBER, Inc.

Independent Test Authority
ciber
CIBER, lnc.
750I South Memolial Parkn'aJ
Suite 107
Huntsville, AL 35802

What this means is that TWO of the most important areas were not tested and were signed off anyway!!!!

1. All software ( including firmware ) for all voting systems shall
incorporate measures to prevent access by unauthorized persons, and
lo prevent unauthodzed operations by any person. Unauthorized
operations include, but are not limited to: modilication ol compiled or
inteDreted code. run-time alteration of ffow control logic or ot data, and abslraction of raw or processed voting data in any form other lhan a
standard outDut reDort bv an authorized operator.
::firmware not reviewed by software lTA::.

2. The vendor shall provide a penelration analysis relevant to the
operating status of the system, and its environment. This analysis shall
cover the individual use of program units, the planned or inadvertent
sharing of program units, and ihe resulting transitivity relationships. lt shall identify all entry points and the methods of attack to which eaci is wlnerable. Such penetration analysis will be subjecto smct
confidenliality and non{isclosure by the test authority For security
reasons, the penetration analysis shall not be routinely distdbuled to
the jurisdictions that program elections. The penetralion analysis,
however. will be part of the escrow deposit.

::penetration Analysis not reviewed by software lTA.::

In spite of this a recomendation follows: 
CIBER recommends to the NASED committee that GEMS Software Version 1-18-15 be certified and assigrred NASED certification number N03060011815.

"See Originals here:: ::in PDF:: http://www.BlackBoxvoting.org

TUESDAY Nov 2 2004: BREAKING NEWS: New information indicates that hackers may have targeted the central computers that are counting our votes. http://www.blackboxvoting.org/#breaking 



Lyle K'ang
Enterprise Insights: 
SiloManagement Is The Death Knell of Business...
http://www.SiloManagement.com

More information about the Mb-civic mailing list