Sunday, August 05, 2007
More information about the voting machine review in CA
My favorite security writer, Bruce Schneier, has a writeup on the California voting machine security review. It's medium long. The highlights:
Some good quotes:
From respected security expert Matt Blaze,
Even with California breathing down their necks the vendors were less than cooperative. From Matt Bishop:
|
- The reviewers didn't have enough time
- The voting machine companies made elementary mistakes that they could have avoided by hiring anyone with a security background
- The Secretary of State, who already has my Medal of Cluefulness, decertified several of the machines and gave others only a conditional certfication
Some good quotes:
From respected security expert Matt Blaze,
We found significant, deeply-rooted security weaknesses in all three vendors' software. ... It should now be clear that the red teams were successful not because they somehow "cheated," but rather because the built-in security mechanisms they were up against simply don't work properly. Reliably protecting these systems under operational conditions will likely be very hard.
Even with California breathing down their necks the vendors were less than cooperative. From Matt Bishop:
The second problem was lack of information. In particular, various documents did not become available until July 13, too late to be of any value to the red teams, and the red teams did not have several security-related documents. Furthr, some software that would have materially helped the study was never made available.
# posted by Frederick @ 10:58 AM Email to a friend:
Haloscan: they provide trackback