Tag: Security
-
Counterfeits, Trojan Horses, and shady distributors
Last Friday, the New York Times published an article about counterfeit Cisco products that have been sold as if they were genuine and are widely used throughout the U.S. government. The article also raised the concern that these counterfeits could well be engineered with malicious intent, but that this appears not to have been the…
-
NJ Voting Machine Tape Shows Phantom Obama Vote
I’ve written before (1, 2, 3) about discrepancies in the election results from New Jersey’s February 5 presidential primary. Yesterday we received yet another set of voting machine result tapes. They show a new kind of discrepancy which we haven’t seen before – and which contradicts the story told by Sequoia (the vendor) and the…
-
The Security Mindset and "Harmless Failures"
Bruce Schneier has an interesting new essay about how security people see the world. Here’s a sample: Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that…
-
Sequoia's Explanation, and Why It's Not the Whole Story
I wrote yesterday about discrepancies in the results reported by Sequoia AVC Advantage voting machines in New Jersey. Sequoia issued a memo giving their explanation for what might have happened. Here’s the relevant part: During a primary election, the “option switches” on the operator panel must be used to activate the voting machine. The operator…
-
Evidence of New Jersey Election Discrepancies
Press reports on the recent New Jersey voting discrepancies have been a bit vague about the exact nature of the evidence that showed up on election day. What has the county clerks, and many citizens, so concerned? Today I want to show you some of the evidence. The evidence is a “summary tape” printed by…
-
Interesting Email from Sequoia
A copy of an email I received has been passed around on various mailing lists. Several people, including reporters, have asked me to confirm its authenticity. Since everyone seems to have read it already, I might as well publish it here. Yes, it is genuine. ==== Sender: Smith, Ed [address redacted]@sequoiavote.com To: felten@cs.princeton.edu, appel@princeton.edu Subject:…
-
Privacy: Beating the Commitment Problem
I wrote yesterday about a market failure relating to privacy, in which a startup company can’t convincingly commit to honoring its customers’ privacy later, after the company is successful. If companies can’t commit to honoring privacy, then customers won’t be willing to pay for privacy promises – and the market will undersupply privacy. Today I…
-
Cold Boot Attacks: Vulnerable While Sleeping
Our research on cold boot attacks on disk encryption has generated lots of interesting discussion. A few misconceptions seem to be floating around, though. I want to address one of them today. As we explain in our paper, laptops are vulnerable when they are “sleeping” or (usually) “hibernating”. Frequently used laptops are almost always in…
-
New Research Result: Cold Boot Attacks on Disk Encryption
Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which…
-
Unattended Voting Machines, As Usual
It’s election day, so tradition dictates that I publish some photos of myself with unattended voting machines. To recap: It’s well known that paperless electronic voting machines are vulnerable to tampering, if an attacker can get physical access to a machine before the election. Most of the vendors, and a few election officials, claim that…