US voting hardware maker's shock discovery: Security improves when you actually work with the community:
Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program.
Election Systems and Software (ES&S), whose products include electronic ballot boxes and voter registration software, said it is working with infosec outfits and bug-finders to improve the security of its products.
Speaking at this year's online Black Hat USA conference, CISO Chris Wlaschin outlined a number of steps his biz has already or will soon take to overhaul its relationship with bug-bounty hunters.
In addition to its ongoing vulnerabilities rewards program, ES&S said it will employ the services of security house Synack to bridge the gap with bounty hunters, and make its products better able to withstand attacks from the likes of state-sponsored groups.
Most notably, ES&S will beef up said rewards program. With the help of ethical hackers at Synack, testers will be able to hammer on devices like the ES&S ExpressPoll without fear of legal reprisal.
[...] One of the bounty hunters who has worked with ES&S, industry veteran Jack Cable, issued his seal of approval to the expanded program.
Today, the nation's largest voting vendor released a vulnerability disclosure policy giving hackers authorization to test their systems. This is a great step towards transparency for election security. I hope that other vendors follow suit and welcome hackers with open arms. 🧵
(Score: 2, Insightful) by fustakrakich on Sunday August 09, @10:02PM (20 children)
Print paper ballots!
(Score: 2) by Runaway1956 on Sunday August 09, @10:09PM (17 children)
Too easy. Too simple. Too trackable.
(Score: 3, Touché) by looorg on Sunday August 09, @10:13PM (7 children)
Somehow it seems to work fine in what I suspect is most of the world. Which countries are there that only use electronic voting machines these days?
(Score: 0) by Anonymous Coward on Sunday August 09, @10:38PM (4 children)
I'm quite surprised Trump hasn't yet been sued by the postal union. When you accuse mail-in voting of being subject to fraud, you're basically accusing the postal service of being undermined by its employees.
Or perhaps the police union should sue him. If it's not the postal workers, he's basically accusing the police of turning a blind eye to large scale theft out of mailboxes.
Or perhaps neither actually happens and he's just paranoid. If you can't trust the integrity of your country's mail service, how is America great again?
(Score: 2) by Runaway1956 on Sunday August 09, @10:42PM (3 children)
Maybe you're unaware that Porch Piracy has become a thing.
https://www.youtube.com/watch?v=6f8iQJQLbhw [youtube.com]
(Score: 0) by Anonymous Coward on Sunday August 09, @10:52PM (1 child)
Sure but you're talking Portland, in a lawless Democrat state that would never vote for Trump anyway. :)
If package theft is rampant in that state then surely Amazon should be sending in its own paramilitaries* to ensure the integrity of its end-to-end deliveries!
* that's why y'all have guns, no?
(Score: 0) by Anonymous Coward on Sunday August 09, @10:59PM
Amazon has Parmalat?
(Score: 2) by MostCynical on Sunday August 09, @11:27PM
do people leave their ballots on their porch for collection?
do people leave their ballots on their porch for collection?
(Score: 2) by Runaway1956 on Sunday August 09, @10:39PM
Dyslexic States of Murica?
(Score: 4, Funny) by driverless on Monday August 10, @04:05AM
Should we be concerned that their bug bounties were posted in Russian and Chinese, payment in BTC, WMZ and RMB?
(Score: 0) by Anonymous Coward on Sunday August 09, @11:38PM
Uhuh. Well the hardware voting machines are also, Too Easy, Too Simple, and Too Hackable.
(Score: 3, Informative) by MostCynical on Sunday August 09, @11:42PM (7 children)
trackable?
In Australia, you line up, have your name marked off a roll, and get handed your paper ballot sheet/s.. which you put in a box, when you are finished marking off your preferences.. or not.
No one checks you ballot, and there is nothing to tie your ballot to you.. all that is recorded is that you turned up and had your name crossed off.
https://www.nytimes.com/2018/10/22/world/australia/compulsory-voting.html [nytimes.com]
Sometimes the number of candidates means it gets silly [independentaustralia.net], but it works.
Australian votes also all have the same value [wikipedia.org]
(Score: 1, Interesting) by Anonymous Coward on Monday August 10, @12:19AM
American exceptionalism includes a libertarian freedom not to be fined for not participating in democracy.
Just don't complain when an overweight geriatric B-grade actor from a B-grade 'reality' TV show with a fake tan and bad combover becomes emperor-demigod because you couldn't be bothered voting.
(Score: 0, Flamebait) by Anonymous Coward on Monday August 10, @12:43AM (5 children)
That's all well and good but the downside is that you live in Australia!
The UK has the same system. Meanwhile in the US, the Democrats are pushing mail in ballots [nbcnews.com] and want to remove signature verification. [reviewjournal.com] I expect my grandfather, a life-long Republican will be voting Democrat for the first time this November and he's been dead 20 years.
(Score: 1, Funny) by Anonymous Coward on Monday August 10, @12:59AM (3 children)
We will all vote Democrat, one day . . .
(Score: 0) by Anonymous Coward on Monday August 10, @01:36AM (2 children)
I never understood your party names.
Only Republicans believe in a republic, only Democrats believe in democracy?
(Score: 0) by Anonymous Coward on Monday August 10, @03:48AM
It makes perfect sense when you realize all of modern American politics can be summed up with "All marketing, All the time."
(Score: 0) by Anonymous Coward on Monday August 10, @04:39AM
Republicans are from the North
Democrats are from the South
Then, in 1968, somebody stirred the pot and mixed them all together into this blue/gray swirly mix, the republicans went loony toons, and the democrats all turned dyke
(Score: 2) by kazzie on Monday August 10, @06:34AM
In the words of Arnold J. Rimmer: "Death isn't the handicap it used to be" .
(Score: 0) by Anonymous Coward on Monday August 10, @12:59AM (1 child)
Nope. Print paper money...oh..wait a minute...
(Score: 1) by fustakrakich on Monday August 10, @01:40AM
The guys on those ballots aren't eligible anymore. But you know what? The Constitution doesn't say anything about that!
(Score: 4, Insightful) by shortscreen on Monday August 10, @12:32AM
There isn't a whole lot of time left to find the bugs, produce the fixes, update everything, and retest. Maybe they should have done this a year (or ten) ago?
(Score: 0) by Anonymous Coward on Monday August 10, @12:53AM
Pulse Secure VPN enterprise servers.
(Score: 5, Insightful) by Freeman on Monday August 10, @03:31AM
When you hear the phrase "electronic ballot boxes and voter registration software", you know they they're already doing it wrong.
The problem isn't that, you're not using best practices with regards to bug bounties, etc. It's the fact that you're using an electronic voting system to begin with. I trust random citizens to be less wrong and much harder to take over, than a set of machines.
"I said in my haste, All men are liars." Psalm 116:11