Friday, September 29, 2006

Identifying users via their "Clickprint"

The Guardian has an article: "Is it possible to be identified by your 'clickprint'?" that discusses "Clickprints on the Web: Are there signatures in Web browsing data?" by Balaji Padmanabhan of
The Wharton School, University of Pennsylvania. The gist of the paper is that it is possible to differentiate between two users by seeing how they navigate around a site over a number of visits.

Thursday, September 28, 2006

SFO deploys RFID Passport readers

Realgeek says "U.S Deploys first e-Passport Readers". Slashdot has some comments.

Tuesday, September 26, 2006

Ron Rivest's Three Ballot Voting System

Ron Rivest discusses his Three Ballot Voting System which addresses security issues in paper ballots.

SCADA Hacks

Risks Digest 24.44 reports on an Inforworld article Paller: Government cybersecurity gets an F, SCADA attacks are latest proof of vulnerable infrastructure. Risks also mentions this GAO Report from 2004.

Monday, September 25, 2006

Identity Theft Task Force Announces Interim Recommendations

President’s Identity Theft Task Force Announces Interim Recommendations. These recommendations include deemphasizing social security numbers.

Wednesday, September 13, 2006

Electronic Voting: first person account and Diebold voting machine analysis

Risks Digest 24.42 has two interesting articles about Electronic Voting. The first is Avi Rubin's blog entry about being an election judge in Maryland. It seems that there were problems with the electronic poll books that are supposed to prevent people from voting twice in two different locations.

The other item from Risks Digest 24.42 is a reference to Security Analysis of the Diebold AccuVote-TS Voting Machine, the abstract of which says, "For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent
with the fraudulent vote count it creates."

Thursday, September 07, 2006

Interesting Places to look for news

Below are some resources that have security related news items:

NSF Solicits Bids to Run Next-Gen Web Project Office

The NSF has announced Global Environment for Networking Innovations (GENI), "explore new networking capabilities that will advance science and stimulate innovation and economic growth." It is interesting that the first bullet on the GENI page is "Build in security and robustness." See also this article in Federal Computer Week.