I saw an HBO special called 'Hacking Democracy' the other day, and it talked about this lady who was able to get a hold of Diebold's source code for the software that runs its voting machines. Actually, this is a move that may land Diebold at the top of the IT Darwin Awards list because they had it out on an open FTP site for anyone to grab. Then when she just happened upon it, they started screaming that she st I saw an HBO special called ‘Hacking Democracy’ the other day, and it talked about this lady who was able to get a hold of Diebold’s source code for the software that runs its voting machines. Actually, this is a move that may land Diebold at the top of the IT Darwin Awards list because they had it out on an open FTP site for anyone to grab. Then when she just happened upon it, they started screaming that she stole it from them. Hey, it was just up there for anyone to take. Now, why would this highly-classified software source code be up on the open internet? That’s a good question isn’t it? Because this software is so secret, nobody but nobody outside the company is allowed to see it. It’s their bread and butter and keeping it a secret is a very big deal. So we’ll consider that one of the stupidest moves in IT in many years… no wait… this one is…What this lady found when she got into the code was that it was very easy to break into. They did tests on the voting machines and had computer guys try to break into the Diebold software, and it took them less than 10secs. I’ll say that again because it’s significant. It took less than 10 seconds for this top-secret software, which is supposedly extremely secure, to be broken into. Of course, the next question is, what did these guys do in that 10secs that was so worthwhile? Well, as it turns out they merely opened up the Access database that the program installed locally, and they changed the poll numbers manually in the very simple table that was there. See, this is yet another reason I don’t like Access. It encourages people to be idiots. Anyone using Access clearly isn’t security focused, and this is a prime example. Why would such a sensitive project be built around such weak security? It’s pathetic and grossly incompetent. To design a system where someone can just go onto the main voting tabulator and just open up the file and access the raw data and change it at will is just ludicrous. OK, it’s not exactly Microsoft’s fault that Access was used with such cunning stupidity. And it’s not Access’s fault either. But you have to admit, that Access encourages this sort of thing, doesn’t it? Programmers get used to using a simple Access DB for things, and it’s the only thing that crosses their mind when a real project comes their way. I can’t think of another single other DB that would have left itself as wide open as this one was. And there are even free solutions that would have been more secure. But it’s like gun control, rigth? Guns don’t kill people, people kill people. So why is everyone trying to get rid of the guns then? Because they’re a tool that people use to kill people. So Access isn’t stupid, people are stupid. Access is just the tool people use to be as stupid as they want. The real question is: Did they put the code up on FTP because they were using Access, or did they use Access because they had already put the code up on FTP? Watch my free SQL Server Tutorials at: https://MidnightDBA.ITBookworm.com Read my book reviews at: www.ITBookworm.com Blog Author of: DBA Rant – https://dbarant.blogspot.com Databases