Year: 2011
-
Things overheard on the WiFi from my Android smartphone
Today in my undergraduate security class, we set up a sniffer so we could run Wireshark and Mallory to listen in on my Android smartphone. This blog piece summarizes what we found. Google properly encrypts traffic to Gmail and Google Voice, but they don’t encrypt traffic to Google Calendar. An eavesdropper can definitely see your…
-
What an expert on seals has to say
During the New Jersey voting machines lawsuit, the State defendants tried first one set of security seals and then another in their vain attempts to show that the ROM chips containing vote-counting software could be protected against fraudulent replacement. After one or two rounds of this, Plaintiffs engaged Dr. Roger Johnston, an expert on physical…
-
The trick to defeating tamper-indicating seals
In this post I’ll tell you the trick to defeating physical tamper-evident seals. When I signed on as an expert witness in the New Jersey voting-machines lawsuit, voting machines in New Jersey used hardly any security seals. The primary issues were in my main areas of expertise: computer science and computer security. Even so, when…
-
Seals on NJ voting machines, October-December 2008
In my examination of New Jersey’s voting machines, I found that there were no tamper-indicating seals that prevented fiddling with the vote-counting software—just a plastic strap seal on the vote cartridge. And I was rather skeptical whether slapping seals on the machine would really secure the ROMs containing the software. I remembered Avi Rubin’s observations…
-
Super Bust: Due Process and Domain Name Seizure
With the same made-for PR timing that prompted a previous seizure of domain names just before shopping’s “Cyber Monday,” Immigration and Customs Enforcement struck again, this time days before the Super Bowl, against “10 websites that illegally streamed live sporting telecasts and pay-per-view events over the Internet.” ICE executed seizure warrants against the 10, ATDHE.NET,…
-
Brazilian Communications Agency Moves Towards Surveillance Superpowers
January is the month when the Brazilian version of the popular TV show Big Brother returns to the air. For three months, a bunch of people are locked inside a house and their lives are broadcast 24/7. A TV show premised on nonstop surveillance might sound like fun to some people, but it is disturbing…
-
Predictions for 2011
As promised, the official Freedom to Tinker predictions for 2011. These predictions are the result of discussions that included myself, Joe Hall, Steve Schultze, Wendy Seltzer, Dan Wallach, and Harlan Yu, but note that we don’t individually agree with every prediction. DRM technology will still fail to prevent widespread infringement. In a related development, pigs…
-
2010 Predictions Scorecard
We’re running a little behind this year, but as we do every year, we’ll review the predictions we made for 2010. Below you’ll find our predictions from 2010 in italics, and the results in ordinary type. Please notify us in the comments if we missed anything. (1) DRM technology will still fail to prevent widespread…
-
Seals on NJ voting machines, 2004-2008
I have just released a new paper entitled “Security seals on voting machines: a case study” and here I’ll explain how I came to write it. Like many computer scientists, I became interested in the technology of vote-counting after the technological failure of hanging chads and butterfly ballots in 2000. In 2004 I visited my…
-
If Wikileaks Scraped P2P Networks for "Leaks," Did it Break Federal Criminal Law?
On Bloomberg.com today, Michael Riley reports that some of the documents hosted at Wikileaks may not be “leaks” at all, at least not in the traditional sense of the word. Instead, according to a computer security firm called Tiversa, “computers in Sweden” have been searching the files shared on p2p networks like Limewire for sensitive…