The story here is not that Virginia de-certified and removed these electronic voting machines.The story is how did they get into use and circulation in the first place?It is blatantly obvious that there was utterly no security review done on these devices before they were purchased and approved. Zip, zero, nada. Not only were they configured to have wireless access enabled, not only was that wireless access configured with WEP for “security” (which is known weak) but in addition the password was trivially discoverable.But it only begins there; in addition the password on the administrator account was set to the default (“admin”) and what’s worse is that the filesystem shares were left exported over Windows Networking, which means that anyone who could break into the insecure WiFi connection could also trivially mount and then modify the filesystem on them!Is there any way to know whether this actually happened during an election? No, because with administrative access you can also erase any audit trail of the event itself. We therefore have no way to know whether they were compromised in actual use.But — what we do know is that they could be, and from a reasonable distance too; physical tampering is not required (although the audit showed that’s possible as well!) due to the wireless connection availability.Again, the story here is not that this was found at this late date. No, the story is how these devices got purchased in the first place and who within the State Elections process approved them without any sort of real security audit.