| |
| Current Topic: Computer Security |
|
|
|---|
| Topic: Computer Security |
2:05 am EST, Jan 23, 2004 |
This report is a review and critique of computer and communication security issues in the SERVE voting system (Secure Electronic Registration and Voting Experiment), an Internet-based voting system being built for the US Department of Defense's FVAP (Federal Voting Assistance Program). Here is the report by Avi Rubin, Barara Simons, David Wagner, and David Jefferson. SERVE Analysis |
|
The Perils of Online Voting |
|
|
|---|
| Topic: Computer Security |
2:02 am EST, Jan 23, 2004 |
The advantages of the Pentagon's Internet voting system would be far outweighed by the dangers it would pose. There is every reason to believe that if federal elections can be tampered with, they will be. Until the vulnerabilities they identified are eliminated, the risks are too great. "Just Say No to SERVE," says the New York Times. The Perils of Online Voting |
|
Security and Privacy in Ubiquitous Computing |
|
|
|---|
| Topic: Computer Security |
11:39 am EST, Jan 3, 2004 |
Like most information technologies, Mobile and Ubiquitous Computing carries a number of security and privacy implications. We feel that care should be taken to consider these issues when designing Ubicomp systems. In this report we will enumerate a number of the privacy concerns in Ubicomp and provide a philisophical discussion of the importance of addressing these problems. In considering these problems we have found that a number of Ubicomp techniques are in fact well suited to solving security and privacy problems that arise in Ubicomp. We will discuss some of these techniques in the hope of inspiring further consideration. Systems described include a secure RF-ID system, an architecture for setting privacy levels based on context, and a wearable cryptographic authenticator. This is an old paper, but Georgia Tech has removed it from the Google index. It can be found in the Wayback machine index, but not displayed from the archive because of the robots.txt exclusion. Security and Privacy in Ubiquitous Computing |
|
Finding and Fixing Vulnerabilities in Information Systems |
|
|
|---|
| Topic: Computer Security |
11:13 pm EST, Dec 10, 2003 |
The Vulnerability Assessment and Mitigation (VAM) methodology helps to think beyond known vulnerabilities and head off surprise attacks. Finding and Fixing Vulnerabilities in Information Systems |
|
|
|---|
| Topic: Computer Security |
9:33 am EST, Nov 13, 2003 |
The Global Council of CSOs is a think tank comprised of a group of influential corporate, government and academic security experts dedicated to raising the awareness of online security issues. The Council encourages dialogue and action to meet the new challenges of online security. The Council focuses on defining the role CSOs should take in corporate, national security, and future technology development. The Global CSO Council |
|
Tech Security Chiefs Form Alliance |
|
|
|---|
| Topic: Computer Security |
9:32 am EST, Nov 13, 2003 |
Nearly a dozen top technology luminaries are lending their star power to a new think-tank that will look for ways to elevate the status of chief security officers in the private sector, a move that they say will go a long way toward improving Internet security. The Global Council of Chief Security Officers was formed by former White House cybersecurity adviser Howard Schmidt, who said it helps fulfill a promise he made after leaving the Bush administration earlier this year to make Internet security a top issue in the business community. Schmidt assembled a group with an array of impressive credentials ... including Whitfield Diffie and Vint Cerf. Tech Security Chiefs Form Alliance |
|
Talking with: Security Expert Mich Kabay |
|
|
|---|
| Topic: Computer Security |
12:15 am EDT, Oct 22, 2003 |
Adaptive attackers, novice computer users, indifferent management ... it's no wonder our defensive mechanisms need continuous refinement. Norwich University ... has an information warfare laboratory where students do lab work on defensive countermeasures. ... Users don't take security seriously. Management does not take security seriously. ... We give people dangerous, unprotected tools and expect novices to install and configure them. ... electronic voting ... not hopeless, but it is very difficult. ... some of the COTS software being sold should be qualified as beta versions ... fundamental designs are flawed. Talking with: Security Expert Mich Kabay |
|
British man cleared of hacking US port computer |
|
|
|---|
| Topic: Computer Security |
11:41 pm EDT, Oct 20, 2003 |
A British court cleared a teenager today of hacking into the computer of the port of Houston, Texas, after the youth testified that his computer had been taken over by someone else to mount the attack. Caffrey had insisted that, although the infiltration was triggered from his computer, he was not behind it. He testified as an expert in his own defense, arguing that a hacker could have taken over his machine to mount the attack. Outside the courtroom, the lanky teenager told TV reporters that he now hopes to get a job as a computer security consultant or programmer. Just the world needs -- another inept computer security professional! British man cleared of hacking US port computer |
|
ISS Takes Wraps Off New Security Appliance |
|
|
|---|
| Topic: Computer Security |
3:30 pm EDT, Oct 18, 2003 |
Internet Security Systems pulled out all of the stops Tuesday as it introduced the first in a new line of security appliances that simultaneously blocks viruses, malicious intrusions, worms and other threats to the well-being of a company's IT infrastructure. At the launch event, ... George Gilder described the need for a unified approach to security, rather than an amalgam of stand-alone products. Gilder: "When industry gives customers everything they could possibly need, then modularity is desirable. But when customers' needs are a long way from being met, then modularity is a problem." Amid flashing lights, Klaxon horns, and front-loaders dumping firewalls into trash bins, a stage full of technology and business dignitaries [including Steve Forbes] talked about the need for a simple way to fight today's security indignities. Huh? What did Gilder say? This seems like a scare tactic to convince customers they have to buy everything from one vendor. Attacking the very concept of modularity is a rather risky strategy. ISS Takes Wraps Off New Security Appliance |
|
CNN.com - Microsoft plans Windows overhaul to fight hackers - Oct. 16, 2003 |
|
|
|---|
| Topic: Computer Security |
4:49 pm EDT, Oct 16, 2003 |
] Microsoft promised to improve the way in which Windows
] manages computer memory to protect users against commonly
] exploited software flaws known as buffer overruns, which
] can trick Windows into accepting dangerous commands. Some
] of the most damaging attacks in recent months fall under
] this category. MS deploys non-executable stack patch. (What year is it?) CNN.com - Microsoft plans Windows overhaul to fight hackers - Oct. 16, 2003 |
|
