Benlog

crypto and public policy

Archive for the 'Security & Crypto' Category

Voting: The Beginning of a Revolution

Posted: Sunday, December 11th, 2005 @ 6:05 pm in Security & Crypto | Comments Off

I spent this past Thursday and Friday meeting with Andy Neff of VoteHere. We discussed the details of his latest ideas for verifiable voting, and he asked me to help him with the write-up and framing of the issues. These will all be published in the near future, just like the rest of Andy’s protocols […]

The Two Laws of DRM

Posted: Friday, November 11th, 2005 @ 9:27 am in Security & Crypto | Comments Off

People are in shock that Sony is effectively installing spyware to help them in their DRM effort. How dare Sony surreptitiously install a program on your computer that effectively overrides the operating system’s default behavior when reading CDs? Haven’t they gone too far? Yes, of course they went too far. But the line was crossed […]

Voting is Hard

Posted: Wednesday, November 9th, 2005 @ 9:31 am in Security & Crypto | Comments Off

Voting is terribly hard to administer. I voted yesterday in Boston. I was handed voting lists by partisans about 50 feet outside the voting location, which is technically illegal. Once I came into the voting location, the overeager voting administrator confiscated my “voting paraphernalia,” even though it’s technically perfectly okay for me to come in […]

A Platform of Trust for Email

Posted: Wednesday, June 29th, 2005 @ 10:03 pm in Security & Crypto | Comments Off

So, it’s time I begin describing the work my research team (Susan Hohenberger, Ronald L. Rivest, and myself) has been doing to fight phishing attacks (and maybe even spam). Over the next few posts, I’ll describe the building blocks, and eventually piece them together into a solution. Feel free to ask questions in comments or […]

MBA hacking continued

Posted: Friday, April 8th, 2005 @ 9:27 pm in Security & Crypto | Comments Off

Four weeks ago, a few fellow crypto people from MIT and I wrote a letter to the Dean of the MIT Sloan School concerning the applicant hacking incident. The Dean answered. So we wrote back. And he wrote back. And the discussion was quite interesting. I fully admit that I was surprised: I didn’t expect […]

Dangerous MBA Hackers

Posted: Tuesday, March 15th, 2005 @ 11:48 am in Security & Crypto | Comments Off

By now you’ve probably heard about Harvard, MIT, and Carnegie Mellon business schools rejecting MBA applicants who “hacked” into the admissions web site to see their acceptance status early. The problem is, what they did amounts to little more than curious exploration, not hacking: they just twiddled a URL on a horribly insecure web site. […]

iPod Shuffle as a Trusted Device?

Posted: Monday, February 28th, 2005 @ 4:49 pm in Security & Crypto | 3 Comments »

My sister just got me an iPod Shuffle for my birthday, which is really nice. I’m surprised by how light and convenient it is. For all of those people who are worried about using an ipod for working out, this is your solution. But it got me thinking. If this iPod does on-the-fly decryption of […]

When DRM Breaks User Expectations

Posted: Thursday, February 17th, 2005 @ 10:50 am in Security & Crypto | Comments Off

So it seems the Napster “music for rent” DRM scheme has been broken. This is not surprising. Apple’s iTunes was broken with PlayFair a few months after launch. In general, DRM is breakable on any hardware that doesn’t have a trusted computing element to it. And that’s a good thing, but it’s not what I […]

Way to Go, Florida Election Officials

Posted: Tuesday, November 2nd, 2004 @ 12:05 am in Security & Crypto | Comments Off

Bloggers – Atrios and Kos – are upset about an optical scan failure in Daytona Beach, Florida. In fact, you have to give credit to the election officials who did exactly the right thing. With tens of thousands of voting machines out there, some are bound to fail. Apparently, as soon as the election officials […]

The Perception Problem: When Experts and Non-Experts Disagree

Posted: Wednesday, August 4th, 2004 @ 1:27 pm in Security & Crypto | 2 Comments »

CNET reports that voters are not worried about voting machines, but experts are. Some people are using this observation as an excuse to dismiss the worries of security experts. To paraphrase Avi Rubin, it makes about as much sense to ask voters what they think of election machine security as it does to ask patients […]