Tag: Security
-
How Consensus Drives Bitcoin
Josh Kroll, Ian Davey and I have a new paper on the dynamics of Bitcoin, which we’re going to release in a few days. This post is the first in a series exploring our paper’s analysis of why Bitcoin works and what could derail it. Consensus drives Bitcoin. Like any fiat currency (a currency not…
-
Internet Voting Snafu at USRowing
USRowing, the governing body for the sport of rowing in the U.S., recently announced the discovery of likely fraud in one of its leadership elections. Further investigation into this region’s voting resulted in the determination that fraudulent ballots were cast in the Mid-Atlantic election that directly affected the outcome of the Mid-Atlantic Regional Director of…
-
CALEA II: Risks of wiretap modifications to endpoints
Today I joined a group of twenty computer scientists in issuing a report criticizing an FBI plan to require makers of secure communication tools to redesign their systems to make wiretapping easy. We argue that the plan would endanger the security of U.S. users and the competitiveness of U.S. companies, without making it much harder…
-
Internet Voting Security: Wishful Thinking Doesn’t Make It True
[The following is a post written at my invitation by Professor Duncan Buell from the University of South Carolina. Curiously, the poll Professor Buell mentions below is no longer listed in the list of past & present polls on the Courier-Journal site, but is available if you kept the link.] On Thursday, March 21, in…
-
Security Lessons from the Big DDoS Attacks
Last week saw news of new Distributed Denial of Service (DDoS) attacks. These may be the largest DDoS attacks ever, peaking at about 300 Gbps (that is, 300 billion bits per second) of traffic aimed at the target but, notwithstanding some of the breathless news coverage, these attacks are not vastly larger than anything before.…
-
How the DMCA Chills Research
I have a new piece in Slate, on how the DMCA chills security research. In the piece, I tell three stories of DMCA threats against Alex Halderman and me, and talk about how Congress can fix the problem. “The Chilling Effects of the DMCA: The outdated copyright law doesn’t just hurt consumers—it cripples researchers.” “These…
-
How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"
Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually…
-
Predictions for 2013
After a year’s hiatus, our annual predictions post is back! As usual, these predictions reflect the results of brainstorming among many affiliates and friends of the blog, so you should not attribute any prediction to any individual (including me–I’m just the scribe). Without further ado, the tech policy predictions for 2013:
-
Turktrust Certificate Authority Errors Demonstrate The Risk of "Subordinate" Certificates
Update: More details have continued to come out, and I think that they generally support the less-paranoid version of events. There continues to be discussion on the mozilla.dev.security.policy list, Turktrust has given more details, and Mozilla has just opened up for public viewing their own detailed internal response documentation (including copies of all of the…
-
You found a security hole. Now what?
The recent conviction of Andrew “Weev” Auernheimer for identity theft and conspiracy has renewed interest in the question of what researchers should do when they find security vulnerabilities in popular products. See, for example, Matt Blaze’s op-ed on how the research community views these matters, and Weev’s own response. Weev and associates discovered a flaw…