| |
Current Topic: Politics and Law |
|
Highly redacted SAIC report on Diebold security |
|
|
Topic: Politics and Law |
9:39 am EDT, Sep 25, 2003 |
well the parts they didnt censor are pretty damn scary...so Im really worried about the parts they removed... why again does this need to be censored, if they're going to spend tax payers money on something that is broken, why are we spending tax payers money to cover it up... --Abaddon Highly redacted SAIC report on Diebold security |
|
DOJ spending your money to take your rights |
|
|
Topic: Politics and Law |
11:06 pm EDT, Sep 23, 2003 |
On the one hand, its good to have access to their views. On the other hand, they are very careful about what they say. Enemy Combatant detention authority may have been sustained, but frankly, the only people who agree that this is a good idea are people who self identify with the government and feel like they should be able to do anything to "bad guys." No reasonable explanations for this power have been made to the public, and by not making one here the DOJ further demonstrates that its not defensible. This is just an example. The ACLU ought to offer a response. DOJ spending your money to take your rights |
|
Topic: Politics and Law |
2:54 pm EDT, Sep 21, 2003 |
I submitted this letter on the EFF's website. If you want to reference my letter in composing your own, please do so, but don't include my words without attribution as it will reduce the impact of my comments. I'm an information systems security professional. I work as a software engineer at a well known internet security software vendor. Prior to that I spent many years designing secure network infrastructure for Internet connected computer systems. I've been an IEEE member for 10 years (member number: XXXXXXXX). I'm writing to express concern with the IEEE electronic voting standards process (SCC38/P1583). Recently there has been a great deal of public discourse about the security of electronic voting technologies. Unfortunately, this has been a very muddied process. We have, on the one hand, technology vendors and elections systems officials who have a vested interest in dodging questions about systems that have already been built and deployed. Furthermore, these vendors and officials are used to hearing uninformed luddite objections whenever new technology has been applied to the voting process. On the other hand, we have activists who don't always understand what they are talking about. However, in all of the noise and drama surrounding this issue there have been a number of serious questions with real technical merit raised by security professionals, and I feel that industry and elections officials have found reasons to dismiss these objections without giving them serious consideration. In listening to elections officials in my home state (Georgia), I found that their primary concern in deploying electronic voting equipment has been to reduce the workload involved with counting votes. These officials do not understand how difficult it is to develop information systems that are secure against manipulation from well funded adversaries, and they do not understand how the way that they use the systems vendors have supplied impacts the security of those systems. Furthermore, they seem uninterested in hearing from professionals outside of one individual professor in the local university system who they have designated as a trusted advisor. In asking the IEEE to help develop standards for electronic voting systems, Congress has entrusted the organization with the role of providing a technical voice of reason in all of these discussions. Unfortunately, the IEEE has an extremely poor track record when it comes to information security standards. The recent 802.11* standards have had very poor security qualities, and these standards processes have moved forward for years without soliciting input from security professionals. (Only in the past few months have I heard, anecdotally, that they have started to reach out to people who have been breaking their security techniques for years.) It is absolutely essential that the standards that this committee produces include very tight security requirements. I haven't read t... [ Read More (0.3k in body) ] |
|
EFF: Make Your Voice Heard on E-Voting Machines |
|
|
Topic: Politics and Law |
11:16 am EDT, Sep 21, 2003 |
] In the aftermath of the Florida election debacle, the IEEE ] took up the question of standards for voting equipment. ] It created a working group, called Project P1583, ] overseen by a Standards Coordinating Committee known as ] SCC 38. After passage by IEEE, this standard will go to ] ANSI for final validation. The substantive work is in ] its final stages, and the draft standard is currently out ] to ballot. The EFF put this alert out about the IEEE Voting Systems Standard group. I asked them for more information. They provided this link to the standards committee, which they say they will put on their site: http://grouper.ieee.org/groups/scc38/index.htm http://grouper.ieee.org/groups/scc38/1583/ While the draft standard is only available if you spend $100 on it, there are parts of the standard on this site if you do some digging. In particular, the security standards are available. I think there are some serious questions that might be raised about these security standards. This is what I told the EFF: "I haven't read this document in extreme detail, but it does appear at first glance to be weak. A glaring example is this text: "Voting systems that use electromagnetic (wireline or wireless) or optical (open air or fibre optic) transmission of data shall ensure the integrity of all transmitted data. This shall include standard transmission error detection and correction methods such as checksums or message digest hashes." Checksums are not a reliable data integrity technique when one is concerned about malicious manipulation of data. This misuse of checksums in electronic voting equipment was discussed in Avi Rubin's paper on the leaked Diebold code. This is just one example. There are all kinds of questions the might be raised about this document. Why allow voting systems to operate in an environment shared by other data processing applications? Are the restrictions on network connections complete enough? Why is there no discussion of programming techniques used to prevent memory management ("buffer overflow") vulnerabilities. Why not have more specific requirements for authentication of voting system administrators? Why is there no discussion of the security of features which maintain the anonymity of voters? In sum, they ought to solicit audits of their security standards from well respected security professionals." EFF: Make Your Voice Heard on E-Voting Machines |
|
BBC NEWS | Technology | The geek who would be governor |
|
|
Topic: Politics and Law |
3:16 pm EDT, Sep 6, 2003 |
] Her hero is the Linux author, Linus Torvalds, and she ] spends a lot of time on the internet. ] ] She gets called a "geek" by lots of people, but she knows ] it is true and is rather proud of it. ] ] Georgy Russell also wants to be the California state ] governor. She's cute. She's a geek. She's political. She could be the next governor of California. I think I'm in love! BBC NEWS | Technology | The geek who would be governor |
|
SecurityFocus HOME News: Hacking-by-subpoena ruled illegal |
|
|
Topic: Politics and Law |
1:51 pm EDT, Sep 3, 2003 |
] Issuing an egregiously overbroad subpoena for stored ] e-mail qualifies as a computer intrusion in violation of ] anti-hacking laws, a federal appeals court ruled ] Thursday, deciding a case in which a litigant in a civil ] matter subpoenaed every single piece of e-mail his ] courtroom adversary sent or received. I share the mixed opinions of the commentators. The problem isn't that there ought to be serious criminal penalties for misuse of subpoena powers. Certainly there ought to be, but this attacks the symptom and not the problem. The problem is the ever widening group of people who can issue subpoenas for private information without any judicial oversight. Violent predators do not care about being in contempt of court. In serious misuse cases by the time you get around to arguing about the reasonablness of the subpoena the damage has already been done. The power of the court should only be used with the explicit approval of the court. SecurityFocus HOME News: Hacking-by-subpoena ruled illegal |
|
Robert Anton Wilson on Terrorism |
|
|
Topic: Politics and Law |
11:36 pm EDT, Aug 29, 2003 |
] More stringent security measures. Universal electronic ] Surveillance. No-Knock Laws. Stop and frisk laws. ] Government inspection of first-class mail. Automatic ] fingerprinting, photographing, blood tests and urinalysis ] of any person arrested before he is charged with a crime. ] A law making it unlawful to resist even unlawful arrest. ] Laws establishing detention camps for potential ] subversives. Gun control laws. Restrictions on travel. In 1975 RAW predicted the last two years. This man must be put in office. Robert Anton Wilson on Terrorism |
|
Robert Anton Wilson For Governor |
|
|
Topic: Politics and Law |
11:26 pm EDT, Aug 29, 2003 |
] Robert Anton Wilson is running for Governor of the ] Republic of California as the unofficial write-in candidate ] for the Guns and Dope Party. OMFG! I shouldn't have changed my residency. I so want to vote in this thing! Robert Anton Wilson For Governor |
|
Repost: Lieberman: Growing the Innovation Economy |
|
|
Topic: Politics and Law |
11:17 am EDT, Aug 28, 2003 |
] America is a nation of innovators and risk-takers. We are ] a people intrigued by new ideas and constantly in search ] of new opportunities, with an unshakeable confidence that ] the future can be better than the past. Fittingly, some ] of the most important scientific and technological ] achievements of the 20th Century were "made in America" ] such as a car affordable to the workers who made it, the ] transistor, and the Internet. Yet impressive as these ] accomplishments are, they will undoubtedly pale in ] comparison to future breakthroughs at the nexus of ] nanotechnology, information technology, and ] biotechnology. Inignoct mentioned a few days ago that he didn't like Lieberman. I'm not really a fan either. However, this went through the site a few months ago, and I think this is the most solid, specific plan for revitalizing the tech industry that I've seen out of any candidate. Its worth looking at. Repost: Lieberman: Growing the Innovation Economy |
|
RE: George Bush News Feeds, Privacy, and Allegory |
|
|
Topic: Politics and Law |
11:03 am EDT, Aug 28, 2003 |
] Its not an RSS feed, its a javascript thing you embed in a ] page. Its Bush after all, so it sucks, and is somehow more ] controlling then necessary. One the one hand, you are right. They want to control the way their message gets presented, and they want to collect statistics. They need to know what geographic areas they are winning and loosing in so they can target their marketing effectively. On the other hand, I'll bet that if enough bloggers contacted them they would agree to release the content in RSS. They would be stupid to turn down an opportunity to get their message out. Furthermore, does Howard Dean have RSS? What I'm most interested in is how this stuff can be used in a non-partisan way. Obviously they are thinking of republicans putting a big ass Bush ticker on the side of their page. Maybe we could build a page with all the major tickers. If it was RSS we could reaggregate election press releases chronologically so you could follow the discourse blow by blow... I guess there ought to be an elections topic on MemeStreams. Having said all that, I reamed Howard Dean two days ago. I ought to ream Bush too. On his web page there is a "quiz question" that asks how many American working families are benefitting from Bush's Jobs and Growth Act. Users are asked to choose one of four options from 12 Million to 34 Million. Seriously, waving around all the good work you've done for the economy is abysmally stupid. You sound like the Iraqi Information Minister. "There is no recession. There are no unemployed people in the city..." Everyone knows someone who is having trouble finding a job. No one is fooled. Saying I already fixed the problem is another way of saying "I don't need to do anything else about it." I'm not voting for that, either. RE: George Bush News Feeds, Privacy, and Allegory |
|