Tag: Security
-
Smart electrical meters and their smart peripherals
When I was a college undergraduate, I lived in a 1920’s duplex and I recall my roommate and I trying to figure out where our electrical bill was going. He was standing outside by the electrical meter, I was turning things on and off, and we were yelling back and forth so we could sort…
-
Unpeeling the mystique of tamper-indicating seals
As computer scientists have studied the trustworthiness of different voting technologies over the past decade, we notice that “security seals” are often used by election officials. It’s natural to wonder whether they really provide any real security, or whether they are just for show. When Professor Avi Rubin volunteered as an election judge (Marylandese for…
-
Join CITP in DC this Friday for "Emerging Threats to Online Trust"
Update – you can watch the video here. Please join CITP this Friday from 9AM to 11AM for an event entitled “Emerging Threats to Online Trust: The Role of Public Policy and Browser Certificates.” The event will focus on the trustworthiness of the technical and policy structures that govern certificate-based browser security. It will include…
-
Hacking the D.C. Internet Voting Pilot
The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return absentee ballots over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they've invited the public to evaluate the system's security and usability. This is exactly the…
-
Why did anybody believe Haystack?
Haystack, a hyped technology that claimed to help political dissidents hide their Internet traffic from their governments, has been pulled by its promoters after independent researchers got a chance to study it and found severe problems. This should come as a surprise to nobody. Haystack exhibited the warning signs of security snake oil: the flamboyant,…
-
Electronic Voting Researcher Arrested Over Anonymous Source
Updates:8/28Alex Halderman: Indian E-Voting Researcher Freed After Seven Days in Police Custody 8/26Alex Halderman: Indian E-Voting Researcher Remains in Police Custody 8/24Ed Felten: It’s Time for India to Face its E-Voting Problem 8/22Rop Gonggrijp: Hari is in jail 🙁 About four months ago, Ed Felten blogged about a research paper in which Hari Prasad, Rop…
-
The Future of DRE Voting Machines
Last week at the EVT/WOTE workshop, Ari Feldman and I unveiled a new research project that we feel represents the future of DRE voting machines. DRE (direct-recording electronic) voting machines are ones where voters cast their ballots by pressing buttons or using a touch screen, and the primary record of the votes is stored in…
-
A Major Internet Milestone: DNSSEC and SSL
On July 15th, a small but significant internet event occurred. On that day, years of planning culminated in the deployment of a cryptographic signature on the root DNS zone. To simplify greatly, this means that internet users will soon be able to have a much higher degree of trust in the hierarchical Domain Name System…
-
The Stock-market Flash Crash: Attack, Bug, or Gamesmanship?
Andrew wrote last week about the stock market’s May 6 “flash crash”, and whether it might have been caused by a denial-of-service attack. He points to a detailed analysis by nanex.com that unpacks what happened and postulates a DoS attack as a likely cause. The nanex analysis is interesting and suggestive, but I see the…
-
School's Laptop Spying Software Exploitable from Anywhere
This post is by Jay Novak, Jon Stribley, and J. Alex Halderman. Absolute Manage is a remote administration program that allows sysadmins to supervise and maintain client computers over the Internet. It has been in the news since early February, when Lower Merion School District in Pennsylvania was alleged to be using it to spy…