The Virginia election commission, which is responsible for certifying whether machines are fit to be used in elections, has decertified the Advanced Voting Solutions WINVote and for many very good reasons. Amongst the many security flaws in this product are:
Worse still, this machine has been used in actual elections and its lack of any logging or record-keeping means that we'll never know if its weaknesses were used to manipulate the outcome of an election. As a proof of concept, security researchers successfully demonstrated accessing the machine and manipulating the recorded vote counts.
(Score: 5, Interesting) by Mr Big in the Pants on Thursday April 16 2015, @07:41PM
To quite frank it would appear that this machine was willfully insecure.
I mean it has so many easily available back doors it is like....ok not going to go there.
I mean does anyone actually believe that such a machine was created that way by accident?
No logs or records!? WinXP!?
Seriously?
So in other words, not shocking at all since it was made at the behest of obviously corrupt officials.
(Score: 3, Interesting) by Hairyfeet on Thursday April 16 2015, @10:41PM
I believe the saying is "Never ascribe to malice that which is adequately explained by incompetence." Patches cost money, updating your embedded OS costs money, and as long as you can get away with doing neither you increase your profits. Hell we have seen the same thing in pretty much every use of an embedded OS, how many times have we seen big name routers get pwned because they were using some ancient Linux kernel or Busybox tools that had been exploited years ago?
The moral of the story is if a company can get away with doing as little as possible? They will as it increases profits.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by Mr Big in the Pants on Thursday April 16 2015, @11:17PM
That is a rule of thumb not a fundamental law of the universe...
(Score: 3, Funny) by stormwyrm on Friday April 17 2015, @04:37AM
No the saying that is most apropos to this situation is: "Any sufficiently advanced incompetence is indistinguishable from malice."
Numquam ponenda est pluralitas sine necessitate.