Posted by m3t00 on 09-04-16 – 11:13:pm
An email from a car dealership:
SATURDAY, [MONTH] [DAY], 9:00am–3:00pm
Use our lot to Spring Clean your Attic, Garage, Barn or House!
SELLERS
Spaces & Tables available for $10/unit fee with all fees donated to
[CAUSE]
PRE-REGISTER FOR YOUR SPACE & TABLE
Call [DEALERSHIP] at ###-###-#### and ask for [NAME], [NAME] or [NAME].
Setup Starts at 7:30am
THIS TAG SALE WILL BE VERY WELL PROMOTED, PEOPLE WILL BE TALKING!
*NO DEALERS, RETAILERS OR ENGINES REQUIRING FUEL
BUYERS
With over an acre available for selling, we're expecting a HUGE
assortment of tag sale items to browse and purchase.
Click here to contact us for more info.
LOCATION
[PLACE + CONTACT INFO]
In areas where the downturn is decades old, the slow transmogrification of differentiated retailers into used then related then barely differentiated junk shops is a marker of hopelessness.
Posted by m3t00 on 09-04-16 – 12:39:am
So says Schneier. He quotes Matt Blaze:
The indictment describes a conspiracy to exploit this ambiguity in the iVotronic user interface by having pollworkers systematically (and incorrectly) tell voters that pressing the VOTE button is the last step. When a misled voter would leave the machine with the extra “confirm vote” screen still displayed, a pollworker would quietly “correct” the not-yet-finalized ballot before casting it. It’s a pretty elegant attack, exploiting little more than a poorly designed, ambiguous user interface, printed instructions that conflict with actual machine behavior, and public unfamiliarity with equipment that most citizens use at most once or twice each year. And once done, it leaves behind little forensic evidence to expose the deed.
Best of all:
Count 9 of the Kentucky indictment alleges that the Clay County officials first discovered and conspired to exploit the iVotronic “confirm screen” ambiguity around June 2004. But Kentucky didn’t get iVotronics until at the earliest late 2003; according to the state’s 2003 HAVA Compliance Plan [pdf], no Kentucky county used the machines as of mid-2003. That means that the officials involved in the conspiracy managed to discover and work out the operational details of the attack soon after first getting the machines, and were able to use it to alter votes in the next election. Yes, the technique is low-tech, but it’s also very clever, and not at all obvious. The only way for them to have discovered it would have been to think hard and long about how the machines work, how voters would use them, and how they could subvert the process with the access they had. And that’s just what they did. They found the leverage they needed quickly, succeeding at using their discovery to steal real votes, and apparently went for several years without getting caught. It seems reasonable to suspect that if a user interface ambiguity couldn’t have been exploited, they would have looked for—and perhaps found—one of the many other exploitable weaknesses present in the ES&S system.
In 2002, 2004, and 2006.