Tag: Security
-
Burn Notice, season 4, and the abuse of the MacGuffin
One of my favorite TV shows is Burn Notice. It’s something of a spy show, with a certain amount of gadgets but generally no James Bond-esque Q to supply equipment that’s certainly beyond the reach of real-world spycraft. Burn Notice instead focuses on the value of teamwork, advance planning, and clever subterfuge to pull off…
-
Smart electrical meters and their smart peripherals
When I was a college undergraduate, I lived in a 1920’s duplex and I recall my roommate and I trying to figure out where our electrical bill was going. He was standing outside by the electrical meter, I was turning things on and off, and we were yelling back and forth so we could sort…
-
Unpeeling the mystique of tamper-indicating seals
As computer scientists have studied the trustworthiness of different voting technologies over the past decade, we notice that “security seals” are often used by election officials. It’s natural to wonder whether they really provide any real security, or whether they are just for show. When Professor Avi Rubin volunteered as an election judge (Marylandese for…
-
Join CITP in DC this Friday for "Emerging Threats to Online Trust"
Update – you can watch the video here. Please join CITP this Friday from 9AM to 11AM for an event entitled “Emerging Threats to Online Trust: The Role of Public Policy and Browser Certificates.” The event will focus on the trustworthiness of the technical and policy structures that govern certificate-based browser security. It will include…
-
Hacking the D.C. Internet Voting Pilot
The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they've invited the public to evaluate the system's security and usability. This is exactly the…
-
Why did anybody believe Haystack?
Haystack, a hyped technology that claimed to help political dissidents hide their Internet traffic from their governments, has been pulled by its promoters after independent researchers got a chance to study it and found severe problems. This should come as a surprise to nobody. Haystack exhibited the warning signs of security snake oil: the flamboyant,…
-
Electronic Voting Researcher Arrested Over Anonymous Source
Updates:8/28Alex Halderman: Indian E-Voting Researcher Freed After Seven Days in Police Custody 8/26Alex Halderman: Indian E-Voting Researcher Remains in Police Custody 8/24Ed Felten: It’s Time for India to Face its E-Voting Problem 8/22Rop Gonggrijp: Hari is in jail 🙁 About four months ago, Ed Felten blogged about a research paper in which Hari Prasad, Rop…
-
The Future of DRE Voting Machines
Last week at the EVT/WOTE workshop, Ari Feldman and I unveiled a new research project that we feel represents the future of DRE voting machines. DRE (direct-recording electronic) voting machines are ones where voters cast their ballots by pressing buttons or using a touch screen, and the primary record of the votes is stored in…
-
A Major Internet Milestone: DNSSEC and SSL
On July 15th, a small but significant internet event occurred. On that day, years of planning culminated in the deployment of a cryptographic signature on the root DNS zone. To simplify greatly, this means that internet users will soon be able to have a much higher degree of trust in the hierarchical Domain Name System…
-
The Stock-market Flash Crash: Attack, Bug, or Gamesmanship?
Andrew wrote last week about the stock market’s May 6 “flash crash”, and whether it might have been caused by a denial-of-service attack. He points to a detailed analysis by nanex.com that unpacks what happened and postulates a DoS attack as a likely cause. The nanex analysis is interesting and suggestive, but I see the…