Tag: Security
-
"Hotel Minibar" Keys Open Diebold Voting Machines
Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered…
-
Security Analysis of the Diebold AccuVote-TS Voting Machine
Today, Ari Feldman, Alex Halderman, and I released a paper on the security of e-voting technology. The paper is accompanied by a ten-minute video that demonstrates some of the vulnerabilities and attacks we discuss. Here is the paper’s abstract: Security Analysis of the Diebold AccuVote-TS Voting Machine Ariel J. Feldman, J. Alex Halderman, and Edward…
-
Silver Bullet Podcast
Today we’re getting hep with the youngsters, and offering a podcast in place of the regular blog entry. Technically speaking, it’s somebody else’s podcast – Gary McGraw’s Silver Bullet – but it is a twenty-minute interview with me, much of it discussing blog-related issues. Excerpts will appear in an upcoming issue of IEEE Security &…
-
Attacks on a Plane
Last week’s arrest of a gang of would-be airplane bombers unleashed a torrent of commentary, including much of the I told you so variety. One question that I haven’t heard discussed is why the group wanted to attack planes. The standard security narrative has attackers striking a system’s weak points, and defenders trying to identify…
-
Banner Ads Launch Security Attacks
An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows … So says Brian Krebs at the Washington Post’s Security Fix blog. The ads, he…
-
Does the Great Firewall Violate U.S. Law?
Clayton, Murdoch, and Watson have an interesting new paper describing technical mechanisms that the Great Firewall of China uses to block online access to content the Chinese government doesn’t like. The Great Firewall works in two parts. One part inspects data packets that cross the border between China and the rest of the world, looking…
-
Art of Science, and Princeton Privacy Panel
Today I want to recommend two great things happening at Princeton, one of which is also on the Net. Princeton’s second annual Art of Science exhibit was unveiled recently, and it’s terrific, just like last year. Here’s some background, from the online exhibit: In the spring of 2006 we again asked the Princeton University community…
-
Zfone Encrypts VoIP Calls
Phil Zimmerman, who created the PGP encryption software, and faced a government investigation as a result, now offers a new program, Zfone, that provides end-to-end encryption of computer-to-computer (VoIP) phone calls, according to a story in yesterday’s New York Times. One of the tricky technical problems in encrypting communications is key exchange: how to get…
-
NYU/Princeton Spyware Workshop Liveblog
Today I’m at the NYU/Princeton spyware workshop. I’ll be liveblogging the workshop here. I won’t give you copious notes on what each speaker says, just a list of things that strike me as interesting. Videos of the presentations will be available on the net eventually. I gave a basic tutorial on spyware last night, to…
-
RFID Virus Predicted
Melanie Rieback, Bruno Crispo, and Andy Tanenbaum have a new paper describing how RFID tags might be used to propagate computer viruses. This has garnered press coverage, including a John Markoff story in today’s New York Times. The underlying technical argument is pretty simple. An RFID tag is a tiny device, often affixed to a…