Archive for September, 2006

13th Sep 2006

Security analysis of voting machines

Ed Felten at Freedom to Tinker announces a recent study of Diebold Accuvote-TS machines.

They show that anyone who gets alone with the machine for even a minute (including voters, if they have enough privacy) can install sophisticated vote-rigging software. The malicious software is missed by all diagnostic checks, and deletes evidence of its presence after the election.

Part of the problem is that the machine is not physically secure. The design makes it relatively easy to access the memory card slot, reboot the machine, and install new software. Another major problem is that the system is designed to accept new software and firmware updates through the same memory card interface used for vote collection—with no authentication or code-signing.

One flaw that got my attention: on bootup, the machine emits a sound that might give you away, but this can be squelched in the obvious way, by plugging in a headphone jack.

Posted in Crypto and policy | Comments Off

13th Sep 2006

The Underhanded C contest results

We just put up a page of results for the Underhanded C Contest. We list the winner and the semifinalists, with code snippets.

Posted in Crypto and policy, Science | Comments Off

01st Sep 2006

Probability Puzzler

I came up with this surprising result thinking up probability examples for my class. It would be far too cruel to use in class, so I present it to you, dear reader.

Suppose we play a game called “I give you money.” you repeatedly flip a fair coin until the first time it comes up tails. For every time you flipped heads, you win 25 cents.

Question 1: if Alice plays this game, what are her expected (average) winnings?

Answer: 25 cents.

Question 2: if Alice played this game and the tax-man took a fourth of her winnings, what’s her expected net profit?

Answer: 80 cents.

So if we know the tax-man took some of her money, we expect she ends up with more. Why?

Believe it or not, the principle behind this question is actually useful in my line of work, which is reverse-engineering secret algorithms. Answer after the flip….
(more…)

Posted in Crypto and policy, Science | Comments Off