Warning: base64_decode() expects parameter 1 to be string, array given in /home/eheupel/eclecticechoes.com/wp-content/plugins/askapache-google-404/askapache-google-404.php on line 156
Privacy and Security » Eclectic Echoes
Skip to content

Category Archives: Privacy and Security

E-voting Done Right

Monday, November 3, 2003

Australia figured out how to implement E-Voting. They are using the same solution many critics of the Diebold and similar systems have been proposing:

  • open source core
  • public code review for both security and functionality
  • independent industry verification

The developers really get it too, they realize that they are working on something vitally important– “Any transparency you can add to that process is going to enhance the democracy and, conversely, any information you remove from that process is going to undermine your democracy” –Matt Quinn lead engineer for developer Software Improvements.

Quinn commented on the importance of voting systems and allegations that Diebold disabled some security systems in their black box voting system:

“The only possible motive I can see for disabling some of the security mechanisms and features in their system is to be able to rig elections,” Quinn said. “It is, at best, bad programming; at worst, the system has been designed to rig an election.”

“I can’t imagine what it must be like to be an American in the midst of this and watching what’s going on,” Quinn added. “Democracy is for the voters, not for the companies making the machines…. I would really like to think that when it finally seeps in to the collective American psyche that their sacred Democracy has been so blatantly abused, they will get mad.”

Don’t worry Quinn, there are many of us that are mad, plenty mad..

He is also concerned that we get it right:

“After all, we’ve all got a stake in who’s in the White House these days. I’m actually prone to think that the rest of the world should get a vote in your elections since, quite frankly, the U.S. policy affects the rest of the world so heavily.”

In related news Diebold is under lawsuit for its cease and desist orders and abusive copyright claims. The EFF(Electronic Frontier Foundation) and Stanford Law Clinic will represent a non-profit ISP(Internet Service Provider) and two students of Swarthmore College who participated, and continue to particpate, in the electronic civil disobedience fight against “black box” (closed non-reviewable systems as opposed to white-box or open systems) voting. Diebold has been trying to shut down sites which have furthered the spread of the highly incriminating emails leaked out of the company. Of course the zipped version of all those emails is running through cycberspace–email, websites, and P2P sharing.

Also filed in | | Comments Off

SCUBA Vet Profiling

Saturday, October 25, 2003

A good writeup about why TIA(Total Information Awareness) –and the other Orwellian profiling schemes that have been suggested–are a bad security trade off by Bruce Schneier, author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World

“I have an idea. Timothy McVeigh and John Allen Muhammad – one of the accused D.C. snipers – both served in the military. I think we need to put all U.S. ex-servicemen on a special watch list, because they obviously could be terrorists. I think we should flag them for “special screening” when they fly and think twice before allowing them to take scuba-diving lessons.

“What do you think of my idea? I hope you’re appalled, incensed and angry that I question the honesty and integrity of our military personnel…”

If his sarcastic example was used I’d be on the “watch list” for “extra” attention and screening–ex-military and rescue-scuba-diver certified–scary!

Update: 10/26

I was reminded via email that I also frequent the local library-I read, therefore I’m dangerous?

Also filed in | | Comments Off

CERT Advisory CA-2003-27

Thursday, October 16, 2003

Multiple Vulnerabilities in Microsoft Windows and Exchange

It looks like there are multiple vulnerabilities in Microsoft Windows and Exchange Server that need some attention, the affected systems include Windows ME, NT4, 2000, XP, and Sever 2003 along with Exchange Server 5.5 and 2000. A whole range of vulnerabilities so if you run one of those operating systems / server applications first go read the advisory – then go get the updates from MS.

Also filed in | | Comments (0)

Where are we headed

Wednesday, October 15, 2003

Another political–of sorts–entry, please forgive me, but I feel I must say something.

I am growing more and more troubled by events here at home, events and policies of the government and various parties.

I have a big problem with voices of dissent being hushed with choruses of “unpatriotic” or “traitor”, especially when many of those raising the chorus are our leaders who, one would hope, have studied the political history of this nation to see that dissent and debate are key elements of it’s success as a democratic republic. Democracy is a difficult proposition at best. The needs of so many, often disparate, groups of people need to be meshed into one, hopefully universally just, system of laws and policies. Add to the internal issues the policies that should be adopted externally to both protect our own citizens, aid our allies, and put forward a good example of modern democracy and it is a tribute to any modern democracy that anything gets accomplished.

Discussion and debate are necessary for this to happen, those in power must realize and accept that not everyone will agree with their policy, even if the majority have agreed that it is the best course. Those who do not agree, have every right to peacefully voice their opinion. In fact it could even be said that their speaking their opinion is a duty to ensuring a lasting democracy. It is vital that those who actively voice their dissent from the national policy must do so with responsibility–they must rest their arguments on facts and opinions based on fact rather than cite wild allegations. They should criticize laws and policies, not those charged with carrying out the laws and policies of the state as part (or all) of their job. On both sides of this issue there has been growing abuse. Too many, or at least the most vocal and reported, demonstrations have been attacking not only policy but those charged with carrying out the policy of the US abroad. Simultaneously however there has been a seeming shift in the attitude of high level administration officials that makes them accuse any who disagree publicly with policy as ?unpatriotic.?

One issue in particular that continues to disturb me, especially with the background I have and that of members of my family, is the relative lack of action on the ?Plame affair.? I do not know the answers or all of the particulars, but it seems indisputable that high level administration officials leaked information that, if true, would be a major violation of law. (I won’t even venture into the realm of possible damage’s to national security and national resources.) Why has nothing happened? Why did it take almost 3 months for the story to break in the general media? What happened to the promise of returning honor to the White House?

Then there are stories of privacy violations and immigration issues, granted they may be isolated in the news, but they appear to be all too real and frequent. If this story is true, it is extremely upsetting.

These are not the actions and policies of the nation whose ideals I could easily defend and serve as a member of the armed forces. I only hope that it can quickly recover, and the best way of ensuring it’s recovery is working within the system—voting, peaceful smart dissension, discussion and debate. I am beginning to believe that no matter my personal political beliefs towards one party or another, it is time to change regimes. Not that the current regime has necessarily done things wrong—that is a different debate—but because the climate against dissent, debate and discussion is very disturbing and in my opinion more of a threat to democracy than anything else currently arrayed against it.

Margaret Chase said it over 50 years ago in her “ Declaration of Conscience” to her colleagues in the Senate:

Those of us who shout the loudest about Americanism in making character assassinations are all to frequently those who, by our own words and acts, ignore some of the basic principles of Americanism –

The right to criticize;

The right to hold unpopular beliefs;

The right to protest;

The right of independent thought.

The exercise of these rights should not cost one single American citizen his reputation or his right to a livelihood nor should he be in danger of losing his reputation or livelihood merely because he happens to know some one who holds unpopular beliefs. Who of us doesn’t? Otherwise none of us could call our souls our own. Otherwise thought control would have set in.

Just as relevant today as it was 50 years ago, perhaps even more so.

Also filed in | Tagged , | Comments Off

Roblimo XP, SCO Delays, Sunncomm

Saturday, October 11, 2003

A few interesting items that are worth reading from the past couple of days:
Robin ‘Roblimo’ Miller tries out Windows XP
Rob is one of the people behind Slashdot.org and has used alternate operating systems (e.g. linux, freeBSD) for the past few years. He recounts his experience in trying a Microsoft operating system for the first time in 5 years here. In it he has some insight for both alternate OS users and Windows users–especially users hesitant to try linux. A good and funny read, written with a bit of a alternate OS slant admittedly.


Redhat and IBM backing SCO into a corner to begin discovery:
Redhat has filed with the courts to force SCO to begin the discover phase of the trial and IBM is turning up the heat in the same area, filing papers with the court to force the discovery forward in their case. Seems SCO doesn’t want to play ball with either party. They have provided IBM with tons of documents but not one iota of information to answer the questions posed to it under the discovery process–instead pointing only at the crates of documents (some 500,000+ pages) saying “it’s all right there.” In the RedHat case SCO is stalling and asking the court to delay discovery citing that they are in current discovery with IBM and entering discovery with RedHat right now would cause undo strain (pressing the 2 copies button on the xerox) on them. More reasonably they argue that they have filed a motion to dismiss tha case and if they win that there would be no point in beginning discovery now. The discovery filing by redHat reads like a geeks dream of this situation—basically every question the community wants answers to is covered by both the requests for documents and the interogatories.

Sunncomm decides not to sue Princeton student over brain-dead security scheme
Congratulations to Sunncomm’s president/CEO for taking the right path, after the day before threatening to level a suit and DMCA violation charges against a researcher at Princeton. Grad student John Halderman exposed Sunncomm’s latest copy prevention scheme as being extremely vulnerable to circumvention, counter to the original claims of Sunncomm and the music industry. SunnComm alleged that Haldermann’s report caused Sunncomm to lose $10 Billion in valuation on the stock market. Maybe it’s because you(Sunncomm) made some rather optimistic and authorative sounding claims of having a secure method of preventing unauthorized copying of music from audio CD’s, and a grad student showed that it only takes one key–the shift key–to undo all that. Lesson: don’t claim to have a silver bullet when you know you don’t. Investors and stock people bought up your stock because you claimed to have the fix, and they saw all the labels would be clamoring to have your tech. When they saw that the claims were, shall we say overoptimistic, they dumped the stock, or at least lightened their exposure, because it is not something that every label will clamor to have–especially when both you and BMG acknowledged they knew of the weaknesses.

Also filed in Computers, IP, Misc | | Comments (0)

Eclectic Echoes is Stephen Fry proof thanks to caching by WP Super Cache