TRUST Security and Privacy Blog
Security and Privacy news items
Tuesday, October 31, 2006
" Dutch government scraps plans to use voting computers in 35 cities including Amsterdam"
AP is reporting "Dutch government scraps plans to use voting computers in 35 cities including Amsterdam". Apparently, the group We Don't Trust Voting Computers discovered a flaw in machines made by Sdu where it was possible to monitor radio signals and detect the votes made by the voter.
Monday, October 30, 2006
SERENITY: System Engineering for Security and Dependability website
The SERENITY Project:
"Launched in January 2006, SERENITY (System Engineering for Security and Dependability) is a R&D project funded by the European Union.
SERENITY aims at providing security and dependability in Ambient Intelligence systems (AmI)."
Tip o' the hat to Ruzena
Saturday, October 28, 2006
"Security and Identity Theft Risks in the DoD's Interim Voting Assistance System"
Vote Trust USA has an article, "Security and Identity Theft Risks of the DoD’s Interim Voting Assistance System" by
David Jefferson, Avi Rubin, Barbara Simons, and David Wagner that discusses shortcomings in the DOD Interim Voting Assistance System (IVAS).
"New Software Method for Producing Medical Guidelines"
IST Results says "New Software Method for Producing Medical Guidelines". ProtocureII is a software engineering project that helps create software from medical guidelines and protocols.
"New Voting Systems, Rules May Spell Trouble"
"How to steal an election by hacking the vote"
Ars Technica has an article "How to steal an election by hacking the vote" which details ways that electronic voting is problematic.
Tip o' the hat to Simon
Friday, October 20, 2006
Targeted Trojan attacks on the rise
Security Focus's article "Targeted Trojan attacks on the rise" discusses email attacks to individuals that are specifically tailored to that individual.
Tip o the hat to Shankar for the pointer
Ten security trends worth watching
Computerworld's article "Ten security trends worth watching" covers Bruce Schneier's top ten list.
Tip o the hat to Shankar for the pointer.
Zombies try to blend in with the crowd
"Zombies try to blend in with the crowd" sounds like an early Halloween story, but instead discusses how computers that have been hijacked are now using protocols other than IRC to communicate with their masters.
Tip-o the hat to Shankar for pointing us to this article.
Thursday, October 19, 2006
2007 Collegiate Voting Systems Competition
Monday, October 16, 2006
"Is the Botnet Battle Already Lost?"
Safe Internet requires total network security
Geek Speak Bridles Information Security
"Sending Secret Messages Over Public Internet Lines Can Take Place With New Technique"
This article "A method for secure communications over a public fiber-optical network" from the Optical Society of America looks interesting:
We develop a spread-spectrum based approach to secure communications over existing fiber-optical networks. Secure transmission for a dedicated user is achieved by overlaying a covert channel onto a host channel in the existing active fiber link. The covert channel is optically encoded and temporally spread, and has average power below the noise floor in the fiber, making it hidden for a direct detection thus allowing for cryptographic and steganographic security capabilities. The presence for the host channel in the network provides an ad hoc security expansion and increases the difficulty for an eavesdropper to intercept and decode the secure signal.
See also Yubanet.
Sunday, October 08, 2006
Hackers Find Use for Google Code Search
Network World reports: "Hackers Find Use for Google Code Search". The idea is that Google Code Search makes it easier to find security holes in code. It has always been possible to search for code security problems using Google, but Google Code Search lowers the bar. See also the Slashdot discussion.
Thursday, October 05, 2006
"Service Taps Community to ID Mail Scams"
AP is reporting "Service Taps Community to ID Mail Scams"
Problems with Dutch Voting Machines
Monday, October 02, 2006
E-Voting Raises New Questions in Brazil
An Associated Press article by Stan Lehman, "E-Voting Raises New Questions in Brazil" raises some interesting issues. In Brazil, Diebold rejected voter-verifiable paper records:
"Paper receipts that appeared behind glass _ so voters could confirm their choices but not walk off with the evidence _ were tried on 23,300 machines in 2002, with plans to install them nationwide two years later. But the machines' maker was resolutely opposed to this system, and the tribunal decided to rely instead on "ballot box bulletins." "
Diebold Procomp, the Brazilian subsidiary of Diebold Inc., makes these machines.
Also, some people are calling for a move away from Windows CE to Linux. For more discussion, see the Slashdot article.