Tuesday, October 31, 2006

Alleged Venezuelan ties to voting machine manufacturer

There has been quite the brouhaha about allegeded connections between the government of Venezuela and ownership of Sequoia Systems. The San Francisco Chronicle reports: Voting machine CEO denies allegations.

" Dutch government scraps plans to use voting computers in 35 cities including Amsterdam"

AP is reporting "Dutch government scraps plans to use voting computers in 35 cities including Amsterdam". Apparently, the group We Don't Trust Voting Computers discovered a flaw in machines made by Sdu where it was possible to monitor radio signals and detect the votes made by the voter.

Monday, October 30, 2006

SERENITY: System Engineering for Security and Dependability website

The SERENITY Project:

"Launched in January 2006, SERENITY (System Engineering for Security and Dependability) is a R&D project funded by the European Union.
SERENITY aims at providing security and dependability in Ambient Intelligence systems (AmI)."

Tip o' the hat to Ruzena

Saturday, October 28, 2006

"Security and Identity Theft Risks in the DoD's Interim Voting Assistance System"

Vote Trust USA has an article, "Security and Identity Theft Risks of the DoD’s Interim Voting Assistance System" by
David Jefferson, Avi Rubin, Barbara Simons, and David Wagner that discusses shortcomings in the DOD Interim Voting Assistance System (IVAS).

"New Software Method for Producing Medical Guidelines"

IST Results says "New Software Method for Producing Medical Guidelines". ProtocureII is a software engineering project that helps create software from medical guidelines and protocols.

"New Voting Systems, Rules May Spell Trouble"

This LA Times article, "New Voting Systems, Rules May Spell Trouble" mentions that 10 experts wrote to Congress asking for quality control standards for electronic voting. It is unclear who these experts are, but I believe they are associated with the Election Reform Information Project.

"How to steal an election by hacking the vote"

Ars Technica has an article "How to steal an election by hacking the vote" which details ways that electronic voting is problematic.
Tip o' the hat to Simon

Friday, October 20, 2006

Targeted Trojan attacks on the rise

Security Focus's article "Targeted Trojan attacks on the rise" discusses email attacks to individuals that are specifically tailored to that individual.
Tip o the hat to Shankar for the pointer

Ten security trends worth watching

Computerworld's article "Ten security trends worth watching" covers Bruce Schneier's top ten list.
Tip o the hat to Shankar for the pointer.

Zombies try to blend in with the crowd

"Zombies try to blend in with the crowd" sounds like an early Halloween story, but instead discusses how computers that have been hijacked are now using protocols other than IRC to communicate with their masters.
Tip-o the hat to Shankar for pointing us to this article.

Thursday, October 19, 2006

2007 Collegiate Voting Systems Competition

The Risks Digest mentions the 2007 Collegiate Voting Systems Competition, which is at http://vocomp.org/.

Monday, October 16, 2006

"Is the Botnet Battle Already Lost?"

"Is the Botnet Battle Already Lost?"

Safe Internet requires total network security

An article in Wisconsin Technology Network says"Safe Internet requires total network security".

Geek Speak Bridles Information Security

Rodney Gedda'a article "Geek speak bridles information security" says "Usability of security software is partly to blame for low protection levels in many computers, according to international security experts."

"Sending Secret Messages Over Public Internet Lines Can Take Place With New Technique"

This article "A method for secure communications over a public fiber-optical network" from the Optical Society of America looks interesting:

We develop a spread-spectrum based approach to secure communications over existing fiber-optical networks. Secure transmission for a dedicated user is achieved by overlaying a covert channel onto a host channel in the existing active fiber link. The covert channel is optically encoded and temporally spread, and has average power below the noise floor in the fiber, making it hidden for a direct detection thus allowing for cryptographic and steganographic security capabilities. The presence for the host channel in the network provides an ad hoc security expansion and increases the difficulty for an eavesdropper to intercept and decode the secure signal.

See also Yubanet.

Sunday, October 08, 2006

Hackers Find Use for Google Code Search

Network World reports: "Hackers Find Use for Google Code Search". The idea is that Google Code Search makes it easier to find security holes in code. It has always been possible to search for code security problems using Google, but Google Code Search lowers the bar. See also the Slashdot discussion.

Thursday, October 05, 2006

"Service Taps Community to ID Mail Scams"

AP is reporting "Service Taps Community to ID Mail Scams"

Problems with Dutch Voting Machines

Slashdot and an Silicon Republic are reporting problem with Dutch voting machines that are to be used next month.

Monday, October 02, 2006

E-Voting Raises New Questions in Brazil

An Associated Press article by Stan Lehman, "E-Voting Raises New Questions in Brazil" raises some interesting issues. In Brazil, Diebold rejected voter-verifiable paper records:

"Paper receipts that appeared behind glass _ so voters could confirm their choices but not walk off with the evidence _ were tried on 23,300 machines in 2002, with plans to install them nationwide two years later. But the machines' maker was resolutely opposed to this system, and the tribunal decided to rely instead on "ballot box bulletins." "



Diebold Procomp, the Brazilian subsidiary of Diebold Inc., makes these machines.

Also, some people are calling for a move away from Windows CE to Linux. For more discussion, see the Slashdot article.