TRUST Security and Privacy Blog
Security and Privacy news items
Thursday, November 30, 2006
"Cracking the BlackBerry with a $100 Key"
EWeek's article, "Cracking the BlackBerry with a $100 Key," describes how anyone could pay $100 and get a code signing key for the Blackberry that would allow them to create malware. The code signing key may be purchased with a prepaid credit card, which would break the train of trust. The article discusses several other attacks and potential problems.
NIST Recommends Paper Trail for E-Voting
The Washington Post's article, "Security Of Electronic Voting Is Condemned," discusses the NIST's advice to the U.S. Election Assistance Commission.
"DOD Report to Detail Dangers of Foreign Software"
Computerworld's article, "DOD Report to Detail Dangers of Foreign Software," discusses the report by a DOD Defense Science board that points out the potential for malware to be introduced into military software.
"Vote Disparity Still a Mystery in Fla. Election for Congress"
The Washington Post's article, "Vote Disparity Still a Mystery in Fla. Election for Congress," discusses the missing 18,000 votes in Florida.
"Feinstein to lead e-voting scrutiny"
The San Jose Mercury News has an article, "Feinstein to lead e-voting scrutiny," that discusses Senator Diane Feinstein's plans to lead hearings on election reform. The article says:
"The committee may also look at other issues. Republicans want measures to ensure voter ID and prevent fraud, and Feinstein would like to bar a state's top election official from participating in a campaign committee for a federal candidate. Secretaries of state in Florida in 2000 (Katherine Harris) and in Ohio in 2004 (Ken Blackwell) headed Bush-Cheney committees while making decisions on a wide range of election procedures."
Charges dropped against student who printed boarding passes
It looks like charges have been dropped against the student who created website that printed Northwest Airlines boarding passes.
Saturday, November 25, 2006
"Experts Concerned as Ballot Problems Persist"
"Phishing Toolbars: All as Hopeless as One Another"
Techworld's article, "Phishing Toolbars: All as Hopeless as One Another, " covers the paper "Finding Phish: An Evaluation of Anti-Phishing Toolbars," by researchers at CMU's CyLab. The study found the best anti-phishing toolbars found only 85% of the fraudulent websites.
Wednesday, November 22, 2006
"A Conversation With Douglas W. Jones and Peter G. Neumann"
ACM Queue's article "A Conversation With Douglas W. Jones and Peter G. Neumann covers an interview concerning electronic voting. Peter G. Neumann is the moderator of the Risks Digest.
"Malware goes Mobile"
Scientific American's article, "Malware goes Mobile" covers worms, spy ware and Trojan horses on smart phones.
"Did Florida Foul Another Ballot?"
Wired News has an article, "Did Florida Foul Another Ballot?," that discusses the missing 18,000 votes in Florida.
"CRA Calls for Advice on the GENI Science Council"
ACM TechNews says:
The National Science Foundation has invited the Computing Research Association (CRA) to establish a Computing Community Consortium (CCC) to help the computing research community build compelling long-term research visions and the mechanisms to realize them. One of the first responsibilities of the CCC is to create a council to help guide the design of the science plan for the Global Environment for Networking Innovations (GENI) initiative. The purpose of GENI is to enable the research community to invent and demonstrate a global communications network and related services that will be qualitatively better than today's Internet. The GENI Science Council (GSC) will provide broad research community involvement for
GENI, and the CRA is now calling on the community to help set the GSC agenda. They are seeking input on such matters as the research areas the GSC should address; overall characteristics the GSC should possess; and recommendations of specific individuals deemed strong contributors to the GSC. Responses should be submitted to CRA Executive Director Andy Bernat
Click Here to View Full Article
Monday, November 20, 2006
"A New Vulnerability In RSA Cryptography"
Friday, November 17, 2006
"Attack of the bots"
Wired's article, "Attack of the bots" describes how botnets work and provides details on the successful attack on the BlueSecurity anti-spam company.
"Exterminating the nuisance of spam"
CNet's article, "Exterminating the nuisance of spam is an interview with Suresh Ramasubramanian, head of Outblaze. Outblaze handles spam for Mail.com and Register.com. The article states:
What's the single most important thing that can be done to stem the flow of spam?
Ramasubramanian: If I can get even one fraction of a percentage of e-mail users to stop clicking on attachments . . .
"Democrats may give voting machines more scrutiny"
The National Journal's article, "Democrats may give voting machines more scrutiny describes possible efforts by the Democrats to address some of the shortfalls in electronic voting.
More than 200 House lawmakers have co-sponsored a bill by Rush Holt, D-N.J, that would require voting machines to produce paper trails. . .
Sen. Dianne Feinstein, D-Calif., is likely to take the leadership post on the Rules Committee. Feinstein this fall pledged to introduce a bill similar to Holt's, H.R. 550.
British Electronic Passports Cracked
The Guardian's article "Cracked it! details how Britian's RFID passports can be attacked and personal information obtained.
"'Pump-and-Dump' Spam Surge Linked to Russian Bot Herders"
Eweek's article, "'Pump-and-Dump' Spam Surge Linked to Russian Bot Herders analyzes the implementation of the current rash of penny stock related spam.
Thursday, November 16, 2006
NY Times Editorial: "Counting the Vote, Badly"
A NY Times Editorial, "Counting the Vote, Badly" calls for Congress to fix nation's electronic voting system by requiring a voter-verfied paper record to help ensure that the vote is correctly recorded.
"Researcher Finds 'Trusted Computing' Chip in Apple Models"
Eweek's article, "Researcher Finds 'Trusted Computing' Chip in Apple Models" states that Intel based Apple Macintosh computers include a Trusted Computing chip on the Motherboard. Interestingly, MacOS does not currently include drivers for the chip, but it could be used by later releases of the OS.
Tuesday, November 14, 2006
Science News Online has an article, "Ballot Roulette," that discusses research in ways to make voting better. UC Berkeley Professor David A. Wagner is quoted as saying, "Five to 10 years ago, computer scientists weren't paying attention" to voting technology.
"ACM Group Honors Computer Security Experts"
ACM's Special Interest Group on Security, Audit, and Control (SIGSAC) has honored Purdue Professor Eugene Spafford and Michael Schroeder of Microsoft Research, for details see: ACM Group Honors Computer Security Experts
"‘Vote Flipping’ Is Real, but Its Cause Is the Subject of Debate"
Computerworld has an article, "'Vote Flipping" Is Real, but Its Cause Is the Subject of Debate" that says that the problem might be user error where voters are "accidentally touching a screen and erroneously making a selection". David Dill rules out conspiracy because the votes are being shown to the voter, if there was a conspiracy to change votes then the vote selection would be incorrectly shown to the voter. The article also states that researchers have found that voters incorrectly mark their ballots one in 30 times, even under laboratory conditions. Another possible problem is machine calibration, where the machines are sensitive to voter height, angle of touch and other factors.
Monday, November 13, 2006
Book: "Web Campaigning"
The book, "Web Campaigning" by Kirsten Foot and Steven M. Schneider follows the evolution of the use of the web by political campaigns. Politicians like to keep tight control of PR material, but this is difficult with websites and archive crawlers like http://www.archive.org. The website that accompanies the book includes uses Tiddlywiki to present screenshots of the websites underdiscussion. The Wayfinder tool may be used as a "personalizable entry" into the website. The Wayfinder website says:
Wayfinder is a developing resource for students and researchers to use in browsing digital archives. The project's goal is to make the process of accessing archived materials more efficient and enjoyable through the use of tag-based taxonomies and user networking.
Tip o' the hat to Ruzena
Sunday, November 12, 2006
NY Times article about ChoicePoint concerning privacy
The NY Times has a long article in the business section about ChoicePoint: "Keeping Your Enemies Close". The article discusses the $10 million FTC fine against ChoicePoint and other privacy issues.
Electronic voting fails to count man who votes for self
AP is reporting "Arkansas mayoral candidate disputes tally of zero votes, says he voted for himself". Apparently the results for a mayoral candidate was reported as zero even though the candidate voted for himself.
Update: The Morning News, a paper in Northwest Arkansas reports, "Election Results Continue To Puzzle". The article mentions towns where the number of votes exceeded the number of residents (that's residents, not voters).
Friday, November 10, 2006
"Watchdog groups report e-voting problems"
An InfoWorld article, "Watchdog groups report e-voting problems," discusses reports of problems with electronic voting including vote flipping. In addition, "Florida e-voting: 18,000 'missing' votes in close race" reports problems in Florida's 13th district where voters voted on other issues but failed to vote in the very close House of Representatives race.
"What's with all this spam?"
Network world has an article, "What's with all this spam," that discusses the increase in spam, especially stock pump and dump spam using images.
"Cybercrime - An Epidemic"
Tuesday, November 07, 2006
IBM enters the Video Surveillance Market
Monday, November 06, 2006
ANSI - Better Business Bureau Meeting on Identify Theft: November 16-17
ANSI and the Better Business Bureau are having a "Identity Theft Prevention and Identity Management Standards Panel First Plenary Meeting" on November 16 and 17 in Arlington, VA
"HBO's Hacking Democracy Available Online"
Sunday, November 05, 2006
"Electronic voting blamed for Quebec municipal election 'disaster'"
Risks Digest mentioned this CBC article "Electronic voting blamed for Quebec municipal election 'disaster'". At what point is it decided that the best thing is to do the election over?
"Verifiable Elections Via Cryptography"
"Privacy under attack, but does anybody care?"
MSNBC's article, "Privacy under attack, but does anybody care?," discusses the erosion of privacy.
Tip o' the hat to Ken
Saturday, November 04, 2006
"Tech's Threat to National Security"
The Business Week article, "Tech's Threat to National Security" discusses the effects of globalization of software development on national security.
Tip o' the hat to Ruzena
"GAO: Better coordination of cybersecurity R&D needed"
GCN reports, "GAO: Better coordination of cybersecurity R&D needed." The article discusses the the Government Accountability Office (GAO) report released on Thursday.
Voting Machine Problems in Florida and Texas
Computerworld has an article, "Voters in Fla., Texas complain of e-voting glitches," where some voters claim that there votes were flipped, meaning that the candidate the machine registered is not the candidate they voted for.
Friday, November 03, 2006
"Security threat changing, says Symantec CEO"
IDG News service writes: "Security threat changing, says Symantec CEO". John Thompson, CEO and Chairman of Symantec, says that more and more security threats are based on fraudulant transactions .
Open Source Regional Health Information Organizations (RHIO) Forums
An now, for something other than e-voting:
Events in Washington, D.C. and San Francisco
The California HealthCare Foundation will host forums in Washington, D.C. (November 10) and San Francisco (November 15) to explore opportunities for an open source health information exchange initiative.
The events will bring together developers and users of open source solutions, commercial software developers and system integrators, regional health information organizations (RHIOs), foundations, and leading health information technology experts.
The project is underwritten by the California HealthCare Foundation, with support from OPEN-HII, CalRHIO, and Manatt Health Solutions.
To register, or for more information:
Tip 'o the hat to Maryanne
"Diebold demands that HBO cancel documentary"
Thursday, November 02, 2006
GAO Reports about Information Management
"The Government Accountability Office (GAO) today released the following reports, testimony, and correspondence:"
Information Security: Coordination of Federal Cyber Security
Research and Development. GAO-06-811, September 29
Highlights - http://www.gao.gov/highlights/d06811high.pdf
Tip o' the hat to Ruzena
Wednesday, November 01, 2006
"Bot nets likely behind jump in spam"
Security Focus reports that "Bot nets likely behind jump in spam". The article states that Symantec "has found that average spam volume has increased almost 30 percent for its 35,000 clients in the last two months." David Hart of TQMCubed says, "We should be teaching people not to do business with criminals and to stop giving credit cards to criminals," ... "If you don't like spam, then don't do business with spammers."