Classical Buddhism (Teachings of the Awakened One with Awareness) belong to the world, and everyone have exclusive rights:JC
Kushinara Nibbana Bhumi Pagoda
944926443
White Home
An 18ft Dia Mindful Meditation
Lab
668, 5A Main Road, 8th Cross, HAL III Stage,
Punya Bhumi Bengaluru
Magadhi Karnataka
Happy Awakened Youniversity
wishes to be your working partner
Also for Free Online JC PURE INSPIRATION to Attain NIBBĀNA the Eternal Bliss and
for free birds to grow fruits
vegetables
http://www.popsci.com/gadgets/
What do you need to rig an election? A basic knowledge of
electronics and $30 worth of RadioShack gear, professional hacker Roger
Johnston reveals. The good news: we can stop it.
Vulnerability Assessment Team at Argonne National Lab
A simple non-cyber attack on an electronic voting machine
Roger Johnston is the head of the Vulnerability Assessment Team
at Argonne National Laboratory. Not long ago, he and his colleagues
launched security attacks on electronic voting machines to demonstrate
the startling ease with which one can steal votes. Even more startling:
Versions of those machines will appear in polling places all over
America on Tuesday. The touchscreen Diebold Accuvote-TSX will be used by
more than 26 million voters in 20 states; the push-button Sequoia AVC
Voting Machine will be used by almost 9 million voters in four states, Harper’s magazine reported recently
(subscription required). Here, Johnston reveals how he hacked the
machines–and why anyone, from a high-school kid to an 80-year-old
grandmother, could do the same.–Ed
The Vulnerability Assessment Team at Argonne
National Laboratory looks at a wide variety of security devices– locks,
seals, tags, access control, biometrics, cargo security, nuclear
safeguards–to try to find vulnerabilities and locate potential fixes.
Unfortunately, there’s not much funding available in this country to
study election security. So we did this as a Saturday afternoon type of
project.
It’s called a man-in-the-middle attack. It’s a classic attack on
security devices. You implant a microprocessor or some other electronic
device into the voting machine, and that lets you control the voting and
turn cheating on and off. We’re basically interfering with transmitting
the voter’s intent.
We used a logic analyzer. Digital communication is a series of zeros
and ones. The voltage goes higher, the voltage goes lower. A logic
analyzer collects the oscillating voltages between high and low and then
will display for you the digital data in a variety of formats. But
there all kinds of way to do it. You can use a logic analyzer, you can
use a microprocessor, you can use a computer–basically, anything that
lets you see the information that’s being exchanged and then lets you
know what to do to mimic the information.
I’ve been to high school science fairs where the kids had more
sophisticated microprocessor projects.So we listened to the
communications going on between the voter, who in the case of one
machine is pushing buttons (it’s a push-button voting machine) and in
the other is touching things on a touchscreen. Then we listened to the
communication going on between the smarts of the machine and the voter.
Let’s say I’m trying to make Jones win the election, and you might vote
for Smith. Then my microprocessor is going to tell the smarts of the
machine to vote for Jones if you try to vote for Smith. But if you’re
voting for Jones anyway, I’m not going to tamper with the
communications. Sometimes you block communications, sometimes you tamper
with information, sometimes you just look at it and let it pass on
through. That’s essentially the idea. Figure out the communications
going on, then tamper as needed, including with the information being
sent back to the voter.
We can do this because most voting machines, as far as I can tell,
are not encrypted. It’s just open standard format communication. So it’s
pretty easy to figure out information being exchanged. Anyone who does
digital electronics–a hobbyist or an electronics fan–could figure this
out.
The device we implanted in the touchscreen machine was essentially
$10 retail. If you wanted a deluxe version where you can control it
remotely from a half a mile away, it’d cost $26 retail. It’s not big
bucks. RadioShack would have this stuff. I’ve been to high school
science fairs where the kids had more sophisticated microprocessor
projects than the ones needed to rig these machines.
Because there’s no funding for this type of security-testing, we
relied on people who buy used machines on eBay [in this case the
touchscreen Diebold Accuvote TS Electronic Voting Machine and the
push-button Sequoia AVC Advantage Voting Machine]. Both of the machines
were a little out-of-date, and we didn’t have user manuals and circuit
diagrams. But we figured things out, in the case of the push-button
machine, in under two hours. Within 2 hours we had a viable attack. The
other machine took a little longer because we didn’t fully understand
how touchscreen displays worked. So we had learning time there. But that
was just a couple days. It’s like a magic trick. You’ve got to practice
a lot. If we practiced a lot, or even better, if we got someone really
good with his hands who practiced a lot for two weeks, we’re looking at
15 seconds to 60 seconds go execute these attacks.
I want to move it to the point where grandma can’t hack elections.
We’re really not there.The attacks require physical access. This is easy
for insiders, who program the machines for an election or install them.
And we would argue it’s typically not that hard for outsiders. A lot of
voting machines are sitting around in the church basement, the
elementary school gymnasium or hallway, unattended for a week or two
before the election. Usually they have really cheap cabinet locks anyone
can pick; sometimes they don’t even have locks on them. No one signs
for the machines when they show up. No one’s responsible for watching
them. Seals on them aren’t much different from the anti-tamper packaging
found on food and over-the-counter pharmaceuticals. Think about
tampering with a food or drug product: You think that’s challenging?
It’s really not. And a lot of our election judges are little old ladies
who are retired, and God bless them, they’re what makes the elections
work, but they’re not necessarily a fabulous workforce for detecting
subtle security attacks.
Give people checking the seals a little training as to what to look
for, and now they have a chance to detect a reasonably sophisticated
attack. Do good background checks on insiders, and that insider threat
would be much less of a concern. Overall, there’s a lack of a good
security culture. We can have flawed voting machines, but if we have a
good security culture, we can still have good elections. On the other
hand, we can have fabulous machines, but if the security culture is
inadequate, it doesn’t really matter. We’ve really got to look at a
bigger picture. Our view is: It’s always going to be hard to stop James
Bond. But I want to move it to the point where grandma can’t hack
elections, and we’re really not there.
Watch the Video:
http://www.popsci.com/gadgets/
Proof No 18
by Dan Goodin
- Apr 16, 2015 12:25am IST
Virginia election officials have decertified an electronic voting
system after determining that it was possible for even unskilled people
to surreptitiously hack into it and tamper with vote counts.
The AVS WINVote,
made by Advanced Voting Solutions, passed necessary voting systems
standards and has been used in Virginia and, until recently, in
Pennsylvania and Mississippi. It used the easy-to-crack passwords of
“admin,” “abcde,” and “shoup” to lock down its Windows administrator
account, Wi-Fi network, and voting results database respectively,
according to a scathing security review published Tuesday
by the Virginia Information Technologies Agency. The agency conducted
the audit after one Virginia precinct reported that some of the devices
displayed errors that interfered with vote counting during last
November’s elections.
The weak passwords—which are hard-coded and can’t be changed—were
only one item on a long list of critical defects uncovered by the
review. The Wi-Fi network the machines use is encrypted with wired equivalent privacy,
an algorithm so weak that it takes as little as 10 minutes for
attackers to break a network’s encryption key. The shortcomings of WEP
have been so well-known that it was banished in 2004 by the IEEE,
the world’s largest association of technical professionals. What’s
more, the WINVote runs a version of Windows XP Embedded that hasn’t
received a security patch since 2004, making it vulnerable to scores of
known exploits that completely hijack the underlying machine. Making
matters worse, the machine uses no firewall and exposes several
important Internet ports.
“Because the WINVote devices use insecure security protocols, weak
passwords, and unpatched software, the WINVote devices operate with a
high level of risk,” researchers with the Virginia Information
Technologies Agency wrote in Tuesday’s report. “The security testing by
VITA proved that the vulnerabilities on the WINVote devices can allow a
malicious party to compromise the confidentiality and integrity of
Voting data.”
To prove their claim the machine was vulnerable to real-world hacks,
the auditors were able to use the remote desktop protocol to gain remote
access to the voting machines. They also used readily available hacking
and diagnostic software to map, access, and transfer data from default
shared network locations including C$, D$, ADMIN$, and IPC$. After
downloading the database that stores the results of each vote, the
auditors required just 10 seconds to figure out its password was “shoup”
(named after the company name that preceded Advanced Voting Solutions).
The auditors were then able to copy the database, modify its contents
to tamper with recorded votes, and copy it back to the voting machine.
It’s hard to find plain words that convey just how bad the security
of this machine is. It’s even harder to fathom so many critical defects
resided in a line of machines that has played a crucial role in the US’
democratic system for so many years. Jeremy Epstein, a security expert
specializing in e-voting, summarized the threat brilliantly in a post published Wednesday morning to the Freedom to Tinker blog. He wrote:
As one of my colleagues taught me, BLUF—Bottom Line Up
Front. If an election was held using the AVS WinVote, and it wasn’t
hacked, it was only because no one tried. The vulnerabilities were so
severe, and so trivial to exploit, that anyone with even a modicum of
training could have succeeded. They didn’t need to be in the polling
place—within a few hundred feet (e.g., in the parking lot) is easy, and
within a half mile with a rudimentary antenna built using a Pringles
can. Further, there are no logs or other records that would indicate if
such a thing ever happened, so if an election was hacked any time in the
past, we will never know.
He went on to write:
I’ve been in the security field for 30 years, and it
takes a lot to surprise me. But the VITA report really shocked me—as bad
as I thought the problems were likely to be, VITA’s five-page report
showed that they were far worse. And the WinVote system was so fragile
that it hardly took any effort. While the report does not state how much
effort went into the investigation, my estimation based on the
description is that it was less than a person week.
And finally, he wrote:
So how would someone use these vulnerabilities to change an election?
- Take your laptop to a polling place, and sit outside in the parking lot.
- Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us).
- Connect to the voting machine over WiFi.
- If asked for a password, the administrator password is “admin” (VITA provided that).
- Download the Microsoft Access database using Windows Explorer.
- Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us.
- Use Microsoft Access to add, delete, or change any of the votes in the database.
- Upload the modified copy of the Microsoft Access database back to the voting machine.
- Wait for the election results to be published.
It’s good that Virginia will no longer use this machine. Still, given
how long it took for the vulnerabilities to be identified, the report
raises serious questions about the security of electronic voting and the
certification process election officials use to determine if a given
machine can be trusted.
Story updated to change “national” to “necessary” in the second paragraph.
If it was deliberate then it wouldn’t
have been this easy to discover. The back doors would have been hidden
much better. This only comes from incompetence.
22 posts | registered Dec 9, 2014
Details
This act of CJI and CEC helped the Murderer of
democratic institutions (Modi) remotely controlled by 1% chitpawan
brahmin Rowdy Swayam Sevaks gobble the MASTER KEY which goes against the
interest of 99% Sarvajans including SC/STs/OBCs/Minorities/poor upper castes’
liberty, fraternity and equality as enshrined in our Constitution
fathered by Babasaheb Dr BR Ambedkar.
BSP
is a modernizing force- taking step towards a more equitable society.
BJP on the other hand is a retrograde party. It harps on the glory of a
past, a past full of inequality, unscientific thinking and narrow
sectarianism. All right thinking people should support BSP as against
BJP.
In First Rally, Mayawati Plays Up To SC/STsOBCs/Minorities/Poor UCs of Sarvajan Samay who Say BSP Is Anti–Virus
Mayawati
came on stage at 1 pm at Agra’s rally ground to launch her party’s
campaign for the upcoming UP polls , a crowd of over one million burst
into loud cheers.
Attacking the BJP and the RSS on multiple
counts, Mayawati said, “the central government has failed on all counts.
Amid rising unemployment, RSS chief (Mohan Bhagwat) is saying produce
more children. I want to tell him, yes Hindus will produce more than two
kids, will you get them food?”
“The RSS chief should tell the BJP chief to first arrange for food for extra children,” she said.
Mohan Bhagwat, at a public meeting in Agra yesterday, reportedly asked Hindus to produce more children.
BJP
leader Daya Shankar Singh had accused Mayawati of selling party tickets
and compared her to a sex worker. Today, she used a Hindi metaphor to
reply, and got a thunderous response. “Aasmaan pe thookne se aasmaan
kabhi nahin ganda hota hai , khud pe hi thook girta hai (when you spit
looking towards the sky, it falls back on you),” she said.
Mayawati
also reached out to her core constituency, the 21 per cent SC/ST
population in the state that she hopes will fully back her in the UP
elections. “In BJP ruled states, SC/STs are being persecuted, whether it
is Rohith Vemula or Gujarat (Una incident) or what Daya Shankar Singh
said about me… just like the Congress, if you go around sharing meals
with SC/STs , it doesn’t mean anything,” she said
“I want to
ask our opponents, you say the BSP is a spent force, we are finished
then why would people be so interested in buying our tickets? The truth
is that other parties want to malign us.”
For
the ruling Samajwadi Party, Mayawati devoted about 10 minutes, accusing
Chief Minister Akhilesh Yadav of presiding over a lawless state .
“The Samajwadi Party government is only interested in helping goondas and mafias.”
Outside
the rally ground, 26-year-old Pankaj Kumar, a SC/ST from the Firozabad
district, said, “The BSP is like an anti-virus… it will soon remove
all unwanted elements and politicians from UP.”
Agra is an
interesting choice to flag off her campaign. The western UP district has
a significant population of both SC/STs, her core support group, and
Muslims, a combination she is hoping will lead the BSP back to power in
the 2017 assembly elections.
In the next one month, Mayawati will
address a rally every week. Her next stop is arch rival and Samajwadi
Party chief Mulayam Singh Yadav’s constituency Azamgarh in Eastern Uttar
Pradesh.