Subscribe: Schneier on Security
http://www.schneier.com/blog/index.xml
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
censorship  communications  election  excellent essay  hacked  machine  machines  news  paper ballots  paper  political  security  squid  voting 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Schneier on Security

Schneier on Security



A blog covering security and security technology.



Updated: 2016-12-03T00:18:03Z

 



A 50-Foot Squid Has Not been Found in New Zealand

2016-12-03T00:18:03Z

A 50-foot squid has not been found in New Zealand. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

A 50-foot squid has not been found in New Zealand.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.




Auditing Elections for Signs of Hacking

2016-12-02T12:39:17Z

Excellent essay pointing out that election security is a national security issue, and that we need to perform random ballot audits on every future election: The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results to machine results. Audits require a voter-verified...

Excellent essay pointing out that election security is a national security issue, and that we need to perform random ballot audits on every future election:

The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results to machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003, an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures. This campaign has had significant, but slow, success. As of now, about three quarters of U.S. voters vote on paper ballots. Twenty-six states do some type of manual audit, but none of their procedures are adequate. Auditing methods have recently been devised that are much more efficient than those used in any state. It is important that audits be performed on every contest in every election, so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected whether perpetrated by another country or a political party.

Another essay along similar lines.

Related: there is some information about Russian political hacking this election cycle that is classified. My guess is that it has nothing to do with hacking the voting machines -- the NSA was on high alert for anything, and I have it on good authority that they found nothing -- but something related to either the political-organization hacking, the propaganda machines, or something else before Election Day.




Analyzing WeChat

2016-12-01T16:17:44Z

Citizen Lab has analyzed how censorship works in the Chinese chat app WeChat: Key Findings: Keyword filtering on WeChat is only enabled for users with accounts registered to mainland China phone numbers, and persists even if these users later link the account to an International number. Keyword censorship is no longer transparent. In the past, users received notification when their...

Citizen Lab has analyzed how censorship works in the Chinese chat app WeChat:

Key Findings:

  • Keyword filtering on WeChat is only enabled for users with accounts registered to mainland China phone numbers, and persists even if these users later link the account to an International number.

  • Keyword censorship is no longer transparent. In the past, users received notification when their message was blocked; now censorship of chat messages happens without any user notice.

  • More keywords are blocked on group chat, where messages can reach a larger audience, than one-to-one chat.

  • Keyword censorship is dynamic. Some keywords that triggered censorship in our original tests were later found to be permissible in later tests. Some newfound censored keywords appear to have been added in response to current news events.

  • WeChat's internal browser blocks China-based accounts from accessing a range of websites including gambling, Falun Gong, and media that report critically on China. Websites that are blocked for China accounts were fully accessible for International accounts, but there is intermittent blocking of gambling and pornography websites on International accounts.

Lots more details in the paper.




DigiTally

2016-11-30T15:33:18Z

Ross Anderson describes DigiTally, a secure payments system for use in areas where there is little or no network connectivity....

Ross Anderson describes DigiTally, a secure payments system for use in areas where there is little or no network connectivity.




You, Too, Can Rent the Murai Botnet

2016-11-29T12:01:13Z

You can rent a 400,000-computer Murai botnet and DDoS anyone you like. BoingBoing post. Slashdot thread....

You can rent a 400,000-computer Murai botnet and DDoS anyone you like.

BoingBoing post. Slashdot thread.




San Francisco Transit System Target of Ransomware

2016-11-28T23:36:34Z

It's really bad. The ticket machines were hacked. Over the next couple of years, I believe we are going to see the downside of our headlong rush to put everything on the Internet. Slashdot thread....

It's really bad. The ticket machines were hacked.

Over the next couple of years, I believe we are going to see the downside of our headlong rush to put everything on the Internet.

Slashdot thread.




Friday Squid Blogging: Striped Pyjama Squid

2016-11-25T22:30:21Z

Here's a nice picture of one of the few known poisonous squids. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Here's a nice picture of one of the few known poisonous squids.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.




Hacking and the 2016 Presidential Election

2016-11-25T16:00:58Z

Was the 2016 presidential election hacked? It's hard to tell. There were no obvious hacks on Election Day, but new reports have raised the question of whether voting machines were tampered with in three states that Donald Trump won this month: Wisconsin, Michigan and Pennsylvania. The researchers behind these reports include voting rights lawyer John Bonifaz and J. Alex Halderman,... Was the 2016 presidential election hacked? It's hard to tell. There were no obvious hacks on Election Day, but new reports have raised the question of whether voting machines were tampered with in three states that Donald Trump won this month: Wisconsin, Michigan and Pennsylvania. The researchers behind these reports include voting rights lawyer John Bonifaz and J. Alex Halderman, the director of the University of Michigan Center for Computer Security and Society, both respected in the community. They have been talking with Hillary Clinton's campaign, but their analysis is not yet public. According to a report in New York magazine, the share of votes received by Clinton was significantly lower in precincts that used a particular type of voting machine: The magazine story suggested that Clinton had received 7 percent fewer votes in Wisconsin counties that used electronic machines, which could be hacked, than in counties that used paper ballots. That is exactly the sort of result we would expect to see if there had been some sort of voting machine hack. There are many different types of voting machines, and attacks against one type would not work against the others. So a voting anomaly correlated to machine type could be a red flag, although Trump did better across the entire Midwest than pre-election polls expected, and there are also some correlations between voting machine type and the demographics of the various precincts. Even Halderman wrote early Wednesday morning that "the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked." What the allegations, and the ripples they're causing on social media, really show is how fundamentally untrustworthy our hodgepodge election system is. Accountability is a major problem for U.S. elections. The candidates are the ones required to petition for recounts, and we throw the matter into the courts when we can't figure it out. This all happens after an election, and because the battle lines have already been drawn, the process is intensely political. Unlike many other countries, we don't have an independent body empowered to investigate these matters. There is no government agency empowered to verify these researchers' claims, even if it would be merely to reassure voters that the election count was accurate. Instead, we have a patchwork of voting systems: different rules, different machines, different standards. I've seen arguments that there is security in this setup ­ an attacker can't broadly attack the entire country ­ but the downsides of this system are much more critical. National standards would significantly improve our voting process. Further investigation of the claims raised by the researchers would help settle this particular question. Unfortunately, time is of the essence ­ underscoring another problem with how we conduct elections. For anything to happen, Clinton has to call for a recount and investigation. She has until Friday to do it in Wisconsin, until Monday in Pennsylvania and until next Wednesday in Michigan. I don't expect the research team to have any better data before then. Without changes to the system, we're telling future hackers that they can be successful as long as they're able to hide their attacks for a few weeks until after the recount deadlines pass. Computer forensics investigations are not easy, and they're not quick. They require access to the machines. They involve analysis of Internet traffic. If we [...]



Securing Communications in a Trump Administration

2016-11-23T20:01:46Z

Susan Landau has an excellent essay on why it's more important than ever to have backdoor-free encryption on our computer and communications systems. Protecting the privacy of speech is crucial for preserving our democracy. We live at a time when tracking an individual -- ­a journalist, a member of the political opposition, a citizen engaged in peaceful protest­ -- or...

Susan Landau has an excellent essay on why it's more important than ever to have backdoor-free encryption on our computer and communications systems.

Protecting the privacy of speech is crucial for preserving our democracy. We live at a time when tracking an individual -- ­a journalist, a member of the political opposition, a citizen engaged in peaceful protest­ -- or listening to their communications is far easier than at any time in human history. Political leaders on both sides now have a responsibility to work for securing communications and devices. This means supporting not only the laws protecting free speech and the accompanying communications, but also the technologies to do so: end-to-end encryption and secured devices; it also means soundly rejecting all proposals for front-door exceptional access. Prior to the election there were strong, sound security arguments for rejecting such proposals. The privacy arguments have now, suddenly, become critically important as well. Threatened authoritarianism means that we need technological protections for our private communications every bit as much as we need the legal ones we presently have.

Unfortunately, the trend is moving in the other direction. The UK just passed the Investigatory Powers Act, giving police and intelligence agencies incredibly broad surveillance powers with very little oversight. And Bits of Freedom just reported that "Croatia, Italy, Latvia, Poland and Hungary all want an EU law to be created to help their law enforcement authorities access encrypted information and share data with investigators in other countries."




Headphones as Microphones

2016-11-23T12:56:58Z

Surprising no one who has been following this sort of thing, headphones can be used as microphones....

Surprising no one who has been following this sort of thing, headphones can be used as microphones.