Clearing up the Genesis of the Diebold memos

Thu Nov 13 2003 00:00:00 GMT+0000 (Coordinated Universal Time)

There seems to be a common mis-perception that the Diebold memos were originally obtained by Bev Harris from a publicly-available web site.

Ms. Harris did, in fact, come across a good chunk of information on a publicly-available ftp site (which provided the basis for Avi Rubin's team's analysis) but the memos, a bug database and even more code was obtained from a hacker who broke into Diebold's computer network in March 2003 (see this Scoop.nz bulletin and this Wired article). These are two separate instances of Diebold security being compromised... once by lax protocol and another by a pretty ridiculous network architecture (especially considering the lengths they go to in order to protect the source code... escrow, etc.).

You're free to argue that this hacker could have had help on the inside... in which case it wouldn't technically be stealing... but don't smush the facts together into falsity.

Posted by joebeone at Noviembre 13, 2003 11:56 PM