So you can literally code in a backdoor but as long as it fits a style guide and has exception handling it'll pass certification.
-
-
But this is what really worries me. Adequate source control practices make it harder for a rogue employee to sneak in backdoor code.
-
And these failures are not the kinds of failures you'd get with adequate code control in place.
-
Look at this. Are you kidding me? 1st year front end devs easily navigate tools to prevent these issues.pic.twitter.com/JUjgK6apuW
-
Hay frends, wanna run COBOL, VB, C, C++, SQL, and Java in the same environment? Democracy depends on it.pic.twitter.com/tqMNDtFHaR
-
This... this doesn't give me comfort.pic.twitter.com/n3eSIIUyvL
-
My eyes are starting to go blurry from reading too many technical reports... soup time.pic.twitter.com/Z6HNFUUKXh
-
"Emily, how did you spend your bank holiday?" "Reading test reports and mourning the death of democracy."
-
I'm 21 reports in and I found so far ONE test report that validated the vote-handling logic... by a test lab no longer accredited.
-
Arbitrary file length guidelines, hoorah.pic.twitter.com/dfBKQDeFL0
-
I hope y'all are liking learning how the sausage gets made. This discovery process is validating so many feels right now.
-
Some of these source files are hashed with MD5.pic.twitter.com/TR3lPp6ZUI
-
Why would you hash the source files individually then compile everything and deploy what does that even solve.
-
I've got 5 more reports to process. Meatball cat is helping me power through.pic.twitter.com/UQPLnsmEYh
-
If you code in a backdoor, and then put /* THIS IS A BACKDOOR */ good news you have a 90% chance of succeedingpic.twitter.com/GBQgpM9PT4
-
-
I'm taking photos of my screen with my phone because it's 1000x faster than dealing with screenshots. Sorry.
-
As a reminder in this thread, these standards are *voluntarily* adhered to and compliance is only required in a handful of states.
-
I'm wrapping this thread up. I've put my summary on Github:https://github.com/Gorcenski/voting-machines …
-
My summaries are very brief, but for simplicity I also copied the public records into the repo. Or download them at http://eac.gov
-
I also added a non-technical summary as to why this is concerning.
-
This thread, btw, thanks to
@Slestac who pointed me to the data source.
-
Waking this one up briefly to add this screenshot from a Glassdoor review of ES&Spic.twitter.com/DuCGEfA17Y
-
And a review froma Lead Software Engineer for the company that did the majority of the cert tests.pic.twitter.com/GTjQQEqNle
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.