Gizmodo

If you've bought the Energizer DUO USB battery charger, you might want to uninstall the software immediately. Why? Because it comes pre-loaded with a backdoor that can let someone remotely access your computer.

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

Why does Diebold hate our freedoms so much?

What they failed to mention when initially publishing the article is that hackers were given local access to the machine being hacked. This is a far cry from what most users can expect to deal with and provides a very distorted view of OS X security.

The University of Wisconsin has responded with a more legitimate and realistic security challenge to would-be hackers. You can read about it here. The challenge was launched by UW sysadmin Dave Schroeder in response to the dubious claims of the ZDNet article.

A hacker by the name of 'Gwerdna' claimed to ZDNet Australia that he won the competition, boasting that the operating system was "easy pickings" and that it took him no more than 30 minutes.

The story made the headlines on Monday, but incorrectly presented the penetration as a 'genuine hack' when it should have been described as a 'privilege escalation for a legitimate user'.

A privilege escalation is similar to breaking into a different user account while sitting behind a computer and is considered significantly easier then hacking into a fully protected system over the internet.

The failure to make this difference prompted Schroeder to describe the ZDNet Australia report as "woefully misleading".

"Mac OS X is not invulnerable. Like any other operating system, it has security deficiencies in various aspects of the software," ... "However, the general architecture and design philosophy of Mac OS X, in addition to the use of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system."

John "Cap'n Crunch" Draper, perhaps the most famous old school phone phreaker, has his own video podcast all about keeping it safe in the internet age. Good stuff.