Tag: Security
-
Election Day; More Unguarded Voting Machines
It’s Election Day in New Jersey. As usual, I visited several polling places in Princeton over the last few days, looking for unguarded voting machines. It’s been well demonstrated that a bad actor who can get physical access to a New Jersey voting machine can modify its behavior to steal votes, so an unguarded voting…
-
Sequoia Announces Voting System with Published Code
Sequoia Voting Systems, one of the major e-voting companies, announced Tuesday that it will publish all of the source code for its forthcoming Frontier product. This is great news–an important step toward the kind of transparency that is necessary to make today’s voting systems trustworthy. To be clear, this will not be a fully open…
-
Sidekick Users' Data Lost: Blame the Cloud?
Users of Sidekick mobile phones saw much of their data disappear last week due to engineering problems at a Microsoft data center. Sidekick devices lose the contents of their memory when they don’t have power (e.g. when the battery is being changed), so all data is transmitted to a data center for permanent storage –…
-
Breaking Vanish: A Story of Security Research in Action
Today, seven colleagues and I released a new paper, “Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs”. The paper’s authors are Scott Wolchok (Michigan), Owen Hofmann (Texas), Nadia Heninger (Princeton), me, Alex Halderman (Michigan), Christopher Rossbach (Texas), Brent Waters (Texas), and Emmett Witchel (Texas). Our paper is the next chapter in an interesting story…
-
NY Times Should Report on NY Times Ad Malware
Yesterday morning, while reading the New York Times online, I was confronted with an attempted security attack, apparently delivered through an advertisement. A window popped up, mimicking an antivirus scanner. After “scanning” my computer, it reported finding viruses and invited me to download a free antivirus scanner. The displays implied, without quite saying so, that…
-
Subpoenas and Search Warrants as Security Threats
When I teach computer security, one of the first lessons is on the need to have a clear threat model, that is, a clearly defined statement of which harms you are trying to prevent, and what assumptions you are making about the capabilities and motivation of the adversaries who are trying to cause those harms.…
-
Twittering for the Marines
The Marines recently issued an order banning social network sites (Facebook, MySpace, Twitter, etc.). The Pentagon is reviewing this sort of thing across all services. This follows on the heels of a restrictive NFL policy along the same lines. Slashdot has a nice thread, where among other things, we learn that some military personnel will…
-
Lessons from Amazon's 1984 Moment
Amazon got some well-deserved criticism for yanking copies of Orwell’s 1984 from customers’ Kindles last week. Let me spare you the copycat criticism of Amazon — and the obvious 1984-themed jokes — and jump right to the most interesting question: What does this incident teach us? Human error was clearly part of the problem. Somebody…
-
U.S. Objects to China's Mandatory Green Dam Censorware
Yesterday, the U.S. Commerce Secretary and Trade Representative sent a letter to China’s government, objecting to China’s order, effective July 1, to require that all new PCs sold in China have preinstalled the Green Dam Youth Escort censorware program. Here’s today’s New York Times: Chinese officials have said that the filtering software, known as Green…
-
China's New Mandatory Censorware Creates Big Security Flaws
Today Scott Wolchok, Randy Yao, and Alex Halderman at the University of Michigan released a report analyzing Green Dam, the censorware program that the Chinese government just ordered installed on all new computers in China. The researchers found that Green Dam creates very serious security vulnerabilities on users’ computers. The report starts with a summary…