Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Politics

Colorado Agency 'Improperly' Posted Passwords for Its Election System Online (gizmodo.com) 32

For months, the Colorado Department of State inadvertently exposed partial passwords for voting machines in a public spreadsheet. "While the incident is embarrassing and already fueling accusations from the state's Republican party, the department said in a statement that it 'does not pose an immediate security threat to Colorado's elections, nor will it impact how ballots are counted,'" reports Gizmodo. From the report: Colorado NBC affiliate station 9NEWS reported that Hope Scheppelman, vice chair of the state's Republican party, revealed the error in a mass email sent Tuesday morning, which included an affidavit from a person who claimed to have downloaded the spreadsheet and discovered the passwords by clicking a button to reveal hidden tabs.

In its statement, the Department of State said that there are two unique passwords for each of its voting machines, which are stored in separate places. Additionally, the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance.

"The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the [country's] essential security infrastructure," The department said, adding that it is "working to remedy this situation where necessary." Colorado voters use paper ballots, ensuring that a physical paper trail that can be used to verify results tabulated electronically.

Colorado Agency 'Improperly' Posted Passwords for Its Election System Online

Comments Filter:
  • improperly? (Score:4, Funny)

    by Local ID10T ( 790134 ) <ID10T.L.USER@gmail.com> on Wednesday October 30, 2024 @08:13PM (#64907757) Homepage

    Is there a proper way to post your passwords list on your website?

    • by ls671 ( 1122017 )

      Is there a proper way to post your passwords list on your website?

      Voting machines with passwords are scary. Just use public key auth so no passwords need to be transmitted at all and every authorized person or system can easily be tracked when they access the system even if they use a single account.

      • Voting machines that are connected directly to the internet are scary...

        • by XXongo ( 3986865 )

          Voting machines that are connected directly to the internet are scary...

          The summary says

          the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance

          so apparently the machines are not connected to the internet,

        • Putting ballot boxes out on the street is also scary -

          https://www.cnn.com/2024/10/29/us/ballot-box-fires-what-we-know/index.html
    • Is there a proper way to post your passwords list on your website?

      A properly configured web server should automatically identify and replace passwords with stars/asterisks. Here, I'll try it with some of my server passwords...

      admin: *********************
      operator: *************
      monitor: ***********

      Yup, the "preview" indicates it's working properly, so I can safely post this. Go ahead and give it a try!

  • a. Who made these voting machines?

    b. Do they in fact provide a paper-trail?
  • ... considering that this election is said to be the most important in recent American history.

    Standardize on paper ballots or analogue machines only. None of this electronic bs. It's simply too untrustworthy on several fronts.

    • ... considering that this election is said to be the most important in recent American history.

      I can't recall an election where this was NOT said. Can you?
    • ... considering that this election is said to be the most important in recent American history.

      Standardize on paper ballots or analogue machines only. None of this electronic bs. It's simply too untrustworthy on several fronts.

      We have paper ballots which are scanned and then held in case there are issues. A handcount can be done to verify vote totals. The best of both worlds.

    • "analogue machines"

      Wow, this brings back memories of those huge 1950s era metal cabinets on rollers stored in my elementary school's gymnasium which was designated a voting site.. And I remember the teacher scaring us by saying that if we did so much as touch those maxhines we would go to jail.

  • While it's not a good look no matter what, I'd like to know what a "Partial Password" looks like.

    LGhn644$| with unknown length is not actually that concerning.

    • by Entrope ( 68843 )

      "Partial" was a very misleading word choice. These were (I *hope* that's the correct tense) BIOS passwords, meaning another password was required to boot into the normal application. Presumably, the BIOS password would be sufficient to boot from a thumb drive or similar device that has a fake or altered voting machine application.

      https://www.wqad.com/article/n... [wqad.com]

One way to make your old car run better is to look up the price of a new model.

Working...