Author: Jeremy Epstein
-
Berkeley releases report on barriers to cybersecurity research
I’m pleased to share this report, as I helped organize this event. Researchers associated with the UC Berkeley School of Information and School of Law, the Berkeley Center for Law and Technology, and the International Computer Science Institute (ICSI) released a workshop report detailing legal barriers and other disincentives to cybersecurity research, and recommendations to…
-
VW = Voting Wulnerability
On Friday, the US Environmental Protection Agency (EPA) “accused the German automaker of using software to detect when the car is undergoing its periodic state emissions testing. Only during such tests are the cars’ full emissions control systems turned on. During normal driving situations, the controls are turned off, allowing the cars to spew as…
-
How not to measure security
A recent paper published by Smartmatic, a vendor of voting systems, caught my attention. The first thing is that it’s published by Springer, which typically publishes peer-reviewed articles – which this is not. This is a marketing piece. It’s disturbing that a respected imprint like Springer would get into the business of publishing vendor white…
-
Decertifying the worst voting machine in the US
On Apr 14 2015, the Virginia State Board of Elections immediately decertified use of the AVS WinVote touchscreen Direct Recording Electronic (DRE) voting machine. This seems pretty minor, but it received a tremendous amount of pushback from some local election officials. In this post, I’ll explain how we got to that point, and what the…
-
Heartsick about Heartbleed
Ed Felten provides good advice on this blog about what to do in the wake of Heartbleed, and I’ve read some good technical discussions of the technical problem (see this for a particularly understandable explanation). Update Apr 11: To understand what Heartbleed is all about, see XKCD. Best. Explanation. Ever. In this brief posting, I…
-
Wall Street software failure and a relationship to voting
An article in The Register explains what happened in the Aug 1 2012 Wall Street glitch that cost Knight Capital $440M, resulted in a $12M fine, nearly bankrupted Knight Capital (and forced them to merge with someone else). In short, there were 8 servers that handled trades; 7 of them were correctly upgraded with new…
-
Google Glass vuln in QR codes and ballot marking applications
Reading recently about a vulnerability in Google Glass that can be exploited if a victim takes a picture of a malicious QR code made me think about one of the current trends in absentee balloting. A number of localities in the US are trying out absentee ballot schemes where a voter goes to a website…
-
Internet Voting Security: Wishful Thinking Doesn’t Make It True
[The following is a post written at my invitation by Professor Duncan Buell from the University of South Carolina. Curiously, the poll Professor Buell mentions below is no longer listed in the list of past & present polls on the Courier-Journal site, but is available if you kept the link.] On Thursday, March 21, in…
-
How much does a botnet cost, and the impact on internet voting
A brief article on how much botnets cost to rent (more detail here) shows differing prices depending on whether you want US machines, European machines, etc. Interestingly, the highest prices go to botnets composed of US machines, presumably because the owners of those machines have more purchasing power and hence stealing credentials from those machines…
-
Presidential Commission on Election reform – good news & bad
In his State of the Union address, President Obama stated: “But defending our freedom is not the job of our military alone. We must all do our part to make sure our God-given rights are protected here at home. That includes our most fundamental right as citizens: the right to vote. When any Americans –…
-
Hacking newspapers vs. hacking elections
The past few days have revealed that the New York Times, Wall Street Journal, and Washington Post have all been hacked by Chinese government-affiliated organizations, for the purpose of spying on reporters. The Washington Post says that the attacks were detected over a year ago, and had been going on for at least a year…