Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Andrew Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system. Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters’ computers are hacked by malware, the malware can change votes as they are transmitted. Switzerland “solves” the problem of malicious insiders in their printing office by officially declaring that they won’t consider that threat model in their cybersecurity assessment...
...moreSummary
Total Articles Found: 8
Top sources:
Top Keywords:
- cybersecurity: 8
- Uncategorized: 5
- national security policy: 2
- vulnerabilities: 2
- blockchain: 1
Top Authors
Top Articles:
- OpenSSH now supports FIDO U2F security keys for 2-factor authentication
- Download: The 2020 Cybersecurity Salary Survey Results
- Fooling Automated Surveillance Cameras with Patchwork Color Printout
- Security Vulnerability of Switzerland’s E-Voting System
- US Space Cybersecurity Directive
- Security Risks of New .zip and .mov Domains
- China Taking Control of Zero-Day Exploits
- EPA Won’t Force Water Utilities to Audit Their Cybersecurity
Security Vulnerability of Switzerland’s E-Voting System
Published: 2023-10-17 11:11:43
Popularity: 46
Author: Bruce Schneier
Keywords:
EPA Won’t Force Water Utilities to Audit Their Cybersecurity
Published: 2023-10-24 11:02:03
Popularity: 1
Author: Bruce Schneier
Keywords:
The industry pushed back: Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could overwhelm state regulators. The attorney generals of Arkansas, Iowa and Missouri all sued the EPA—claiming the agency had no authority to set these requirements. This led to the EPA’s proposal being ...
...moreSecurity Risks of New .zip and .mov Domains
Published: 2023-05-19 11:11:52
Popularity: 24
Author: Bruce Schneier
Keywords:
Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability.
...moreChina Taking Control of Zero-Day Exploits
Published: 2021-07-14 11:04:46
Popularity: 5
Author: Bruce Schneier
Keywords:
LLM Says: "Red flag waving"
China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer. No one may “collect, sell or publish information on network product security vulnerabilities,” say the rules issued by the Cyberspace Administration of China and the police and industry ministries. This just blocks the cyber-arms trade. It doesn’t prevent researchers from telling the products’ companies, even if they are outside of China...
...moreUS Space Cybersecurity Directive
Published: 2020-09-09 11:37:47
Popularity: 40
Author: Bruce Schneier
Keywords:
LLM Says: "Space Alert"
The Trump Administration just published “Space Policy Directive – 5“: “Cybersecurity Principles for Space Systems.” It’s pretty general: Principles. (a) Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering. Space systems should be developed to continuously monitor, anticipate,and adapt to mitigate evolving malicious cyber activities that could manipulate, deny, degrade, disrupt,destroy, surveil, or eavesdrop on space system operations....
...moreOpenSSH now supports FIDO U2F security keys for 2-factor authentication
Published: 2020-02-17 17:18:09
Popularity: 3094
Author: noreply@blogger.com (Swati Khandelwal)
Keywords:
Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol. OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements.
...moreDownload: The 2020 Cybersecurity Salary Survey Results
Published: 2019-12-10 16:22:30
Popularity: 442
Author: noreply@blogger.com (The Hacker News)
Keywords:
The 2020 Cybersecurity Salary Survey was an online survey published in The Hacker News and created to provide insight into the details related to cybersecurity compensation. There were over 1,500 security professionals who completed the survey. Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight to the main ranges and factors of current
...moreFooling Automated Surveillance Cameras with Patchwork Color Printout
Published: 2019-04-25 11:31:22
Popularity: 137
Author: Bruce Schneier
Keywords:
LLM Says: "Sneaky printout"
Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper....
...more