Category: Privacy & Security
-
How Yahoo could have protected Palin's email
Last week I criticized Yahoo for their insecure password recovery mechanism that allowed an intruder to take control of Sarah Palin’s email account. Several readers asked me the obvious follow-up question: What should Yahoo have done instead? Before we discuss alternatives, let’s take a minute to appreciate the delicate balance involved in designing a password…
-
Palin's email breached through weak Yahoo password recovery mechanism
This week’s breach of Sarah Palin’s Yahoo Mail account has been much discussed. One aspect that has gotten less attention is how the breach occurred, and what it tells us about security and online behavior. (My understanding of the facts is based on press stories, and on reading a forum post written by somebody claiming…
-
It can be rational to sell your private information cheaply, even if you value privacy
One of the standard claims about privacy is that people say they value their privacy but behave as if they don’t value it. The standard example involves people trading away private information for something of relatively little value. This argument is often put forth to rebut the notion that privacy is an important policy value.…
-
Transit Card Maker Sues Dutch University to Block Paper
NXP, which makes the Mifare transit cards used in several countries, has sued Radboud University Nijmegen (in the Netherlands), to block publication of a research paper, “A Practical Attack on the MIFARE Classic,” that is scheduled for publication at the ESORICS security conference in October. The new paper reportedly shows fatal security flaws in NXP’s…
-
NJ Voting Machine Tape Shows Phantom Obama Vote
I’ve written before (1, 2, 3) about discrepancies in the election results from New Jersey’s February 5 presidential primary. Yesterday we received yet another set of voting machine result tapes. They show a new kind of discrepancy which we haven’t seen before – and which contradicts the story told by Sequoia (the vendor) and the…
-
The Security Mindset and "Harmless Failures"
Bruce Schneier has an interesting new essay about how security people see the world. Here’s a sample: Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that…
-
Interesting Email from Sequoia
A copy of an email I received has been passed around on various mailing lists. Several people, including reporters, have asked me to confirm its authenticity. Since everyone seems to have read it already, I might as well publish it here. Yes, it is genuine. ==== Sender: Smith, Ed [address redacted]@sequoiavote.com To: felten@cs.princeton.edu, appel@princeton.edu Subject:…
-
Unattended Voting Machines, As Usual
It’s election day, so tradition dictates that I publish some photos of myself with unattended voting machines. To recap: It’s well known that paperless electronic voting machines are vulnerable to tampering, if an attacker can get physical access to a machine before the election. Most of the vendors, and a few election officials, claim that…
-
Internet Voting
(or, how I learned to stop worrying and love having the whole world know exactly how I voted) Tomorrow is “Super Tuesday” in the United States. Roughly half of the delegates to the Democratic and Republican conventions will be decided tomorrow, and the votes will be cast either in a polling place or through the…
-
Could Use-Based Broadband Pricing Help the Net Neutrality Debate?
Yesterday, thanks to a leaked memo, it came to light that Time Warner Cable intends to try out use-based broadband pricing on a few of its customers. It looks like the plan is for several tiers of use, with the heaviest users possibly paying overage charges on a per-byte basis. In confirming its plans to…