Sequoia/Diebold Vulnerability Comparison Tables
The following 2 tables were taken from page ii of the October 4, 2006 report :
"Sequoia Voting Systems Vulnerability Assessment and Practical Countermeasure Development for Alameda County"
(download PDF, 1.5 MB, 31 pgs).
Vulnerability Comparison for Precinct-Located Electronic Voting Systems
Vulnerability/Attack | Sequoia | Diebold |
|---|
Boot Loader Attack | No | Yes |
Paper Trail Attack | No | Yes |
Microsoft Windows Attacks (various) | No | Yes |
Malicious Code Insertion (trojan/virus) | No | Yes |
Memory Card Tampering | No | Yes |
Known Software Bugs (latest info) | No | Yes |
VVPAT or Printout Attacks | No | Yes |
Cryptographic Key Attacks (keys public) | Yes | Yes |
Window Manager Attacks | No | Yes |
Miscalibration Attacks | No | No |
I/0 Port Attacks | No | No |
Network Communication Attacks | No | Yes |
Vulnerability Comparison for Centrally-Located Electronic Voting Systems
Vulnerability/Attack | Sequoia | Diebold |
|---|
Network Communication Attacks | No* | Yes |
Microsoft Windows Attacks (various) | Yes | Yes |
Malicious Code Insertion (trojanlvirus) | No* | Yes |
Election Software Tampering | No* | Yes |
Cryptographic Key Attacks | No | No |
* = Requires IPSEC communication & election software
polynomial checksum validation |
The tables above clearly demonstrate that the report is a whitewash :
The Supervisors did not ask for a comparison of Sequoia systems with Diebold systems. They asked for independent security testing of the Sequoia system, the whole system. Sequoia's marketing department writes comparisons with the Diebold, not independent testers.
The comparison itself is biased. It ignores many of Sequoia's vulnerabilities (re: Compuware report), while listing those known about Diebold, including those discovered by testing.
The tables claim that Sequoia is not vulnerable to many of these types of attacks, yet we have no idea if that's true without extensive security testing. The testing required by the supervisors has not taken place.
It is deliberately misleading to claim that Sequoia has no known software bugs. That suggests that they have no bugs, when all complex software has bugs.
It is outright false to claim that the precinct and central voting systems are not subject to "Malicious Code Insertion". All software is subject to this type of attack, especially if it runs on Windows, which Sequoia's central systems do.
We do not know if Sequoia system are vulnerable to "Memory Card Tampering", "Miscalibration Attacks", or "Election Software Tampering". They probably are. This is what we need to check. That's why the Supervisors voted for indepentent testing of the whole system.
This marketing comparisons made on page ii and v are clear evidence that the entire assessment was biased in favor of a whitewash of Sequoia's own security vulnerabilities.
Nobody, and no machine, should be counting
American votes in secret.
For further information, email Jim Soper at :
Jim.Soper@GMail.com
CountedAsCast.com/alameda/vulnerabilitytables.php
(October 7, 08)
|
