Year: 2010
-
Hacking the D.C. Internet Voting Pilot
The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they've invited the public to evaluate the system's security and usability. This is exactly the…
-
General Counsel's Role in Shoring Up Authentication Practices Used in Secure Communications
Business conducted over the Internet has benefited hugely from web-based encryption. Retail sales, banking transactions, and secure enterprise applications have all flourished because of the end-to-end protection offered by encrypted Internet communications. An encrypted communication, however, is only as secure as the process used to authenticate the parties doing the communicating. The major Internet browsers…
-
Did a denial-of-service attack cause the flash crash? Probably not.
Last June I wrote about an analysis from Nanex.com claiming that a kind of spam called “quote stuffing” on the NYSE network may have caused the “flash crash” of shares on the New York Stock Exchange, May 6, 2010. I wrote that this claim was “interesting if true, and interesting anyway”. It turns out that…
-
Advice for New Graduate Students
[Ed Felten says: This is the time of year when professors offer advice to new students. My colleague Prof. Jennifer Rexford gave a great talk to a group of our incoming engineering Ph.D. students, about how to make the most of graduate school. Here’s what she said: ] Those of you who know me, know…
-
Copyright, Censorship, and Domain Name Blacklists at Home in the U.S.
Last week, The New York Times reported that Russian police were using copyright allegations to raid political dissidents, confiscating the computers of advocacy groups and opposition newspapers “under the pretext of searching for pirated Microsoft software.” Admirably, Microsoft responded the next day with a declaration of license amnesty to all NGOs: To prevent non-government organizations…
-
Understanding the HDCP Master Key Leak
On Monday, somebody posted online an array of numbers which purports to be the secret master key used by HDCP, a video encryption standard used in consumer electronics devices such as DVD players and TVs. I don’t know if the key is genuine, but let’s assume for the sake of discussion that it is. What…
-
Why did anybody believe Haystack?
Haystack, a hyped technology that claimed to help political dissidents hide their Internet traffic from their governments, has been pulled by its promoters after independent researchers got a chance to study it and found severe problems. This should come as a surprise to nobody. Haystack exhibited the warning signs of security snake oil: the flamboyant,…
-
A Software License Agreement Takes it On the Chin
[Update: This post was featured on Slashdot.] [Update: There are two discrete ways of asking whether a court decision is “correct.” The first is to ask: is the law being applied the same way here as it has been applied in other cases? We can call this first question the “legal question.” The second is…
-
Indian E-Voting Researcher Freed After Seven Days in Police Custody
FLASH: 4:47 a.m. EDT August 28 — Indian e-voting researcher Hari Prasad was released on bail an hour ago, after seven days in police custody. Magistrate D. H. Sharma reportedly praised Hari and made strong comments against the police, saying Hari has done service to his country. Full post later today.