Category: Uncategorized
-
New Research Result: Cold Boot Attacks on Disk Encryption
Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which…
-
Comcast's Disappointing Defense
Last week, Comcast offered a defense in the FCC proceeding challenging the technical limitations it had placed on BitTorrent traffic in its network. (Back in October, I wrote twice about Comcast’s actions.) The key battle line is whether Comcast is just managing its network reasonably in the face of routine network congestion, as it claims,…
-
The continuing saga of Sarasota's lost votes
At a hearing today before a subcommittee of Congress’s Committee on House Administration, the U.S. Government Accountability Office (GAO) reported on the results of their technical investigation into the exceptional undervote rate in the November 2006 election for Florida’s 13th Congressional District. David Dill and I wrote a long paper about shortcomings in previous investigations,…
-
Google Objects to Microhoo: Pot Calling Kettle Black?
Last week Microsoft offered to buy Yahoo at a big premium over Yahoo’s current stock price; and Google complained vehemently that Microsoft’s purchase of Yahoo would reduce competition. There’s been tons of commentary about this. Here’s mine. The first question to ask is why Microsoft made such a high offer for Yahoo. One possibility is…
-
MySpace Photos Leaked; Payback for Not Fixing Flaw?
Last week an anonymous person published a file containing half a million images, many of which had been gathered from private profiles on MySpace. This may be the most serious privacy breach yet at MySpace. Kevin Poulsen’s story at Wired News implies that the leak may have been deliberate payback for MySpace failing to fix…
-
New $2B Dutch Transport Card is Insecure
The new Dutch transit card system, on which $2 billion has been spent, was recently shown by researchers to be insecure. Three attacks have been announced by separate research groups. Let’s look at what went wrong and why. The system, known as OV-chipkaart, uses contactless smart cards, a technology that allows small digital cards to…
-
Clinton's Digital Policy
This is the second in our promised series summing up where the 2008 presidential candidates stand on digital technology issues. (See our first post, about Obama). This time,we’ll take a look at Hillary Clinton Hillary has a platform plank on innovation. Much of it will be welcome news to the research community: She wants to…
-
Second Life Welcomes Bank Regulators
Linden Lab, the company that runs the popular virtual world Second Life, announced Tuesday that all in-world “banks” must now be registered with real-world banking regulators: As of January 22, 2008, it will be prohibited to offer interest or any direct return on an investment (whether in L$ or other currency) from any object, such…
-
Scoble/Facebook Incident: It's Not About Data Ownership
Last week Facebook canceled, and then reinstated, Robert Scoble’s account because he was using an automated script to export information about his Facebook friends to another service. The incident triggered a vigorous debate about who was in the right. Should Scoble be allowed to export this data from Facebook in the way he did? Should…
-
2008 Predictions
Here are the official Freedom to Tinker predictions for 2008, based on input by Alex Halderman, David Robinson, Dan Wallach, and me. (1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly. (2) Copyright issues will still be gridlocked in Congress. (3) No patent reform…