Colorado Agency 'Improperly' Posted Passwords for Its Election System Online (gizmodo.com) 32
For months, the Colorado Department of State inadvertently exposed partial passwords for voting machines in a public spreadsheet. "While the incident is embarrassing and already fueling accusations from the state's Republican party, the department said in a statement that it 'does not pose an immediate security threat to Colorado's elections, nor will it impact how ballots are counted,'" reports Gizmodo. From the report: Colorado NBC affiliate station 9NEWS reported that Hope Scheppelman, vice chair of the state's Republican party, revealed the error in a mass email sent Tuesday morning, which included an affidavit from a person who claimed to have downloaded the spreadsheet and discovered the passwords by clicking a button to reveal hidden tabs.
In its statement, the Department of State said that there are two unique passwords for each of its voting machines, which are stored in separate places. Additionally, the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance.
"The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the [country's] essential security infrastructure," The department said, adding that it is "working to remedy this situation where necessary." Colorado voters use paper ballots, ensuring that a physical paper trail that can be used to verify results tabulated electronically.
In its statement, the Department of State said that there are two unique passwords for each of its voting machines, which are stored in separate places. Additionally, the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance.
"The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the [country's] essential security infrastructure," The department said, adding that it is "working to remedy this situation where necessary." Colorado voters use paper ballots, ensuring that a physical paper trail that can be used to verify results tabulated electronically.
Re:What's going on in Michigan? (Score:5, Informative)
five seconds of search revealed the "expert" "is awaiting trial on felony charges related to allegedly breaching election machines". maybe not the best source of information. i recall pjmedia also posted loads of bogus election denial content in 2020
improperly? (Score:4, Funny)
Is there a proper way to post your passwords list on your website?
Re: (Score:2)
Is there a proper way to post your passwords list on your website?
Voting machines with passwords are scary. Just use public key auth so no passwords need to be transmitted at all and every authorized person or system can easily be tracked when they access the system even if they use a single account.
Re: (Score:2)
Voting machines that are connected directly to the internet are scary...
Re: (Score:2)
Voting machines that are connected directly to the internet are scary...
The summary says
so apparently the machines are not connected to the internet,
Re: (Score:2)
https://www.cnn.com/2024/10/29/us/ballot-box-fires-what-we-know/index.html
Re: (Score:2)
Is there a proper way to post your passwords list on your website?
A properly configured web server should automatically identify and replace passwords with stars/asterisks. Here, I'll try it with some of my server passwords...
admin: *********************
operator: *************
monitor: ***********
Yup, the "preview" indicates it's working properly, so I can safely post this. Go ahead and give it a try!
Re: improperly? (Score:2)
hunter2
Re: improperly? (Score:2)
Doesn't look like stars to me.
Re: (Score:2)
That's because you're viewing your own post - I should have mentioned you have to check with a different browser where you aren't logged in.
Here's what I see when I look at your post:
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Speech to text not your friend?
Re:How quaint (Score:5, Informative)
It was this sort of stuff that Trump was whining about in 2020.
No, he was whining that millions of illegals voted, that Georgia needed to "find" 11,780 votes [cnn.com] after lying about ballots being counted multiple times or how a fake video from Lyin Rudy showed ballot stuffing or lies about ballots being destroyed, how there were tens of thousands of people across the country who voted [cnn.com] while dead [bbc.com], except for all those Republicans [foxnews.com] who cast votes [msnbc.com] for dead people [msnbc.com], and he was whining in general just because he lost. Every single lie he came up with was either shot down or he showed no proof when given the opportunity. In fact, when multiple attorneys were asked during "fraud" trials whether they were saying they had evidence for vote fraud, every single one said no [time.com].
While this incident will certainly bring about more whining from the petulant 4 year old, even if it hadn't happened, he'd still whine when he loses again.
Re: (Score:2)
Re:How quaint (Score:4, Informative)
It was this sort of stuff that Trump was whining about in 2020. And... it was dismissed out of hand in the firm belief that this sort of stuff had. It happened and could not happen. As in, it waits Jen seriously. Audits were token at best.
Remember the Maricopa County Audit in 2020 [wikipedia.org]? The one paid for by Arizona Republicans and One America News and was headed by a GOP-picked Trump-favoring conspiracy theorist? That took six months - and, in the end, it found no proof of any fraud - and even gave Biden 360 more votes!
Trump's whining got "dismissed out of hand" because he and his team couldn't even convince Trump-appointed judges that there was any evidence of fraud. In one of those, when pressed under oath, Giuliani stated "this is not a voting fraud case".
People dismissed all that crap because there was nothing there but bullshit and hot air.
Re: (Score:2)
Every single lawsuit was dismissed, some even by Trump appointed federalist society judges.
Giuliani: Your honor I have a signed affidavit.
Judge: Alright, do you have evidence to corroborate these affidavits?
Giuliani: SIGNED AFFIDAVIT...
Judge: Yes but I need some sort of evidence here.
Giuliani: SIGNED AFFIDAVIT...
Judge: Case dismissed.
And to the surprise of everyone except Giuliani, Trump stiffed him. https://news.bloomberglaw.com/... [bloomberglaw.com]
Why do voting machines need passwords? (Score:2)
b. Do they in fact provide a paper-trail?
Re: (Score:2)
The ballots themselves are paper. Nothing stopping a hand count of them all if necessary.
How very unfortunate (Score:2)
... considering that this election is said to be the most important in recent American history.
Standardize on paper ballots or analogue machines only. None of this electronic bs. It's simply too untrustworthy on several fronts.
Re: (Score:2)
I can't recall an election where this was NOT said. Can you?
Re: (Score:3)
... considering that this election is said to be the most important in recent American history.
Standardize on paper ballots or analogue machines only. None of this electronic bs. It's simply too untrustworthy on several fronts.
We have paper ballots which are scanned and then held in case there are issues. A handcount can be done to verify vote totals. The best of both worlds.
Re: (Score:2)
"analogue machines"
Wow, this brings back memories of those huge 1950s era metal cabinets on rollers stored in my elementary school's gymnasium which was designated a voting site.. And I remember the teacher scaring us by saying that if we did so much as touch those maxhines we would go to jail.
"Partial Passwords" (Score:2)
While it's not a good look no matter what, I'd like to know what a "Partial Password" looks like.
LGhn644$| with unknown length is not actually that concerning.
Re: (Score:2)
"Partial" was a very misleading word choice. These were (I *hope* that's the correct tense) BIOS passwords, meaning another password was required to boot into the normal application. Presumably, the BIOS password would be sufficient to boot from a thumb drive or similar device that has a fake or altered voting machine application.
https://www.wqad.com/article/n... [wqad.com]