Author: J. Alex Halderman
-
Security Analysis of the Dominion ImageCast X
Today, the Federal District Court for the Northern District of Georgia permitted the public release of Security Analysis of Georgia’s ImageCast X Ballot Marking Devices, a 96-page report that describes numerous security problems affecting Dominion voting equipment used in Georgia and other states.
-
Security flaw in New South Wales puts thousands of online votes at risk
Update April 26: The technical paper is now available Update Mar. 23 1:30 PM AEDT: Our response to the NSWEC’s response New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators…
-
Let’s Encrypt: Bringing HTTPS to Every Web Site
HTTPS, the cryptographic protocol used to secure web traffic as it travels across the Internet, has been in the news a lot recently. We’ve heard about security problems like Goto Fail, Heartbleed, and POODLE — vulnerabilities in the protocol itself or in specific implementations — that resulted in major security headaches. Yet the single biggest…
-
Anticensorship in the Internet's Infrastructure
I’m pleased to announce a research result that Eric Wustrow, Scott Wolchok, Ian Goldberg, and I have been working on for the past 18 months: Telex, a new approach to circumventing state-level Internet censorship. Telex is markedly different from past anticensorship efforts, and we believe it has the potential to shift the balance of power…
-
Hacking the D.C. Internet Voting Pilot
The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they've invited the public to evaluate the system's security and usability. This is exactly the…
-
Indian E-Voting Researcher Freed After Seven Days in Police Custody
FLASH: 4:47 a.m. EDT August 28 — Indian e-voting researcher Hari Prasad was released on bail an hour ago, after seven days in police custody. Magistrate D. H. Sharma reportedly praised Hari and made strong comments against the police, saying Hari has done service to his country. Full post later today.
-
Update: Indian E-Voting Researcher Remains in Police Custody
Update: 8/28 Indian E-Voting Researcher Freed After Seven Days in Police Custody In case you’re just tuning in, e-voting researcher Hari Prasad, with whom I coauthored a paper exposing serious flaws in India’s electronic voting machines (EVMs), was arrested Saturday morning at his home in Hyderabad. The arresting officers told him they were acting under “pressure…
-
Electronic Voting Researcher Arrested Over Anonymous Source
Updates:8/28Alex Halderman: Indian E-Voting Researcher Freed After Seven Days in Police Custody 8/26Alex Halderman: Indian E-Voting Researcher Remains in Police Custody 8/24Ed Felten: It’s Time for India to Face its E-Voting Problem 8/22Rop Gonggrijp: Hari is in jail 🙁 About four months ago, Ed Felten blogged about a research paper in which Hari Prasad, Rop…
-
The Future of DRE Voting Machines
Last week at the EVT/WOTE workshop, Ari Feldman and I unveiled a new research project that we feel represents the future of DRE voting machines. DRE (direct-recording electronic) voting machines are ones where voters cast their ballots by pressing buttons or using a touch screen, and the primary record of the votes is stored in…
-
School's Laptop Spying Software Exploitable from Anywhere
This post is by Jay Novak, Jon Stribley, and J. Alex Halderman. Absolute Manage is a remote administration program that allows sysadmins to supervise and maintain client computers over the Internet. It has been in the news since early February, when Lower Merion School District in Pennsylvania was alleged to be using it to spy…
-
Amazon’s MP3 Store Wisely Forgoes Watermarks
Last week Amazon.com launched a DRM-free music store. It sells tracks from two major labels and many independents in the unprotected MP3 file format. In addition to being DRM-free, Amazon’s songs are not individually watermarked. This is an important step forward for the music industry. Some content companies see individualized watermarks as a consumer-friendly alternative…
-
AACS Updated, Broken Again
[Other posts in this series] We predicted in past posts that AACS, the encryption system intended to protect HD-DVD and Blu-ray movies, would suffer a gradual meltdown from its inability to respond quickly enough to attacks. Like most DRM, AACS depends on the secrecy of encryption keys built into hardware and software players. An attacker…