Washburn's World

My take on the world. My wife often refers to this as the WWW (Weird World of Washburn)

My Photo
Name:
Location: Germantown, Wisconsin, United States

I am a simple country boy transplanted from the Piehl Township in northern Wisconsin to the Milwaukee metropolitan area who came down "sout" in 1980 for college and have stayed in the area since.
If this blog is something you wish to support, consider a donation.

Monday, April 09, 2007

A New Game: Guess the Password(s)

Here is a new game that I call guess the password. Specifically guess the hard code password in an ES&S iVortonics touch screen.

Here are my guesses:
Version 8.x.x.x passwords as found in Florida
    Service password = SVC
    Test password = TST
    Clear password = CLR
    EAC password = EAC
    Upload firmware password = FWR

Version 9.x.x.x passwords as found in Wisconsin
    Service password = SVCSVC
    Test password = TSTTST
    Clear password = CLRCLR
    EAC password = EACEAC
    Upload firmware password = FWRFWR

Here is the background:

From page 67 of the SAIT report by Florida State University is the following discussion on iVotronic passwords.

The Service Menu password, Clear and Test password, ECA password, and Upload Firmware password are three-letter case-insensitive passwords. Each one is chosen to be mnemonic and easy to remember. The problem is they are also likely to be fairly easy to guess. They follow a memorable pattern. Someone who knows one of these passwords can probably guess what the other ones are without too much difficulty. These passwords provide very little security.


I speculate that with the new version of the iVotronics (from version 8.x.x to version 9.x.x) ES&S made good on a promise to improve the security of the iVotronic passwords.

The rules of this game are simple:
1)Submit a guess for each of the 4 passwords as a comment to this blog entry
2) The 8.x.x passwords should be 3 characters and 9.x.x characters should be 6 characters.
3) All passwords should be mneumonic so the password is easy to remember.

Wednesday, April 04, 2007

In Defense of VTI

There is something fishy about the NASED ITA qualification process.

Last Friday, March 29, 2007, I had the opportunity to speak to Mr. Anthony Boldin, the CEO and president of Voting Technologies International.  We discussed the certification status of VTI equipment in the State of Wisconsin.  During this conversation Mr. Bolding briefly touched on his travails with the NASED ITA qualification process for voting systems.

Since July 2006 the VTI system has been examined by the Wyle/Ciber team.  A report was generated and sent to theNASED Voting Systems Board Technical subcommittee. Questions were raised by the technical sub-committee.  The VTI system was returned for re-examination by the Wyle/Ciber team. A second report was generated and sent to the NASED Voting Systems Board Technical sub-committee. Questions were raised by the technical sub-committee.  The VTI system was returned for re-examination by the Wyle/Ciber team. A third report was generated and sent to the NASED Voting Systems Board Technical sub-committee. Questions were raised by the technical sub-committee. The VTI system was returned for re-examination by the Wyle/Ciber team. A fourth report was generated and sent to the NASED Voting Systems Board Technical sub-committee. Questions were raised by the technical sub-committee. The VTI system was returned for re-examination by the Wyle/Ciber team. A fifth report was generated and sent to the NASED Voting Systems Board Technical sub-committee.  As of a couple of weeks ago the status of the VTI system is pending before the NASED Voting Systems Board Technical sub-committee.

I believe I have this count correct.  Mr. Boldin was speaking quickly, but even if I am off by one this is incredible. 

While I am no fan of the extraordinarily weak 2002 Voting System Standards (VSS), I do expect the standards to be applied to all voting systems evenly.  I cannot see how this is the case with the VTI system.

The NASED ITA process qualified the Sequoia WinEDS system which is routinely installed with source code and the compiler for that source code.  This is a violation of paragraph 6.4.1.e of the 2002 VSS.  The NASED ITA process qualified the ES&S optical scanner firmware which is not stable.  Such stability is required to produce the physical configuration audit required by paragraph 8.7.1 of the 2002 VSS.  The NASED ITA process qualified the Diebold systems which use interpreted code.  The use of interpreted code is prohibited by 4.2.2 of the 2002 VSS.

Only four possibilities present themselves to me.  If there are others, please let me know.
1)  The VTI system has non-conformances more significant than the non-conformances found in other systems which have been qualified by the NASED ITA process.
2)  Every tittle and jot of the standards is applied to some systems, but not to other systems.
3)  VTI has not applied for a waiver to conform to sections 2002 Voting System Standards as provided by Appendix B.5 of the 2002 Voting System Standards.
4)  VTI has applied for such a waiver from conforming to the 2002 Voting System Standards but has not been granted such a waiver

It is time to know which of these of these possibilities are the case for VTI.  How is it non-conforming systems have been qualified by the NASED ITA process while other systems seem to languish in certification purgatory? It is time to start asking specific, pointed questions of those who created and administered this system from 1998 to the present.  Those adminstrators are R. Doug Lewis, Tom Wilkey, Paul Craft, Steven V. Freeman, and Britt Williams.  How is it over the course of four years EVERY time someone not paid by the vendors examines a voting system (RABA, SAIC, Compuware, John Hopkins, Harri Hursti, Harri Hursti again, California VSTAAB, FSU, University of Connecticut, Princeton, etc.) some new and significant failure is discovered?  How can NASED qualified systems have such deep, pervasive, and persistant flaws yet other systems stall out in the NASED qualification process?

The NASED ITA process is private and protected by trade secrets and non disclosure agreements.  It is time to issue subpoenas to these five people.

It is time for answers and it is time to get those answers under oath.

Monday, April 02, 2007

A Public Apology

Last week I sent an email to the county clerk of Pierce County, Wisconsin and several of the municipal clerks within the county. In the letter I falsely stated that Voting Technologies International (VTI) was bankrupt.

This statement was incorrect.

VTI is still very much in business and I visited the office at 757 North Broadway last Friday, March 29, 2007. I spoke briefly with Mr. Anthony Boldin, CEO of VTI, and was able to apologize in person for my incorrect assertion that VTI was bankrupt. I also sent an apology email to the clerks of Pierce County, Wisconsin.

This blog entry is to further publicize my retraction of this statement regarding VTI.

I sincerely apologize to Mr. Anthony Boldin, to the clerk of Pierce County, Mr. Jamie Feuerhelm, and to the municipal clerks whom I woried unecessarily last week.