Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Du-Vote: Remote Electronic Voting with Untrusted Computers

Du-Vote: Remote Electronic Voting with Untrusted Computers. Gurchetan S. Grewal, School of Computer Science, University of Birmingham, UK;  Mark D. Ryan, School of Computer Science, University of Birmingham, UK; Liqun Chen, HP Laboratories, Bristol, UK; Michael R. Clarkson, Department of Computer Science, Cornell University, US. [via ReadWrite]
“Abstract —Du-Vote is a new remote electronic voting protocol that eliminates the often-required assumption that voters trust general-purpose computers. Trust is distributed in Du-Vote between a simple hardware token issued to the voter, the voter’s computer, and a server run by election authorities. Verifiability is guaranteed with high probability even if all these machines are controlled by the adversary, and privacy is guaranteed as long as at least either the voter’s computer, or the server and the hardware token, are not controlled by the adversary. The design of the Du-Vote protocol is presented in this paper. A new non-interactive zero-knowledge proof is employed to verify the server’s computations. Du-Vote is a step towards tackling the problem of internet voting on user machines that are likely to have malware. We anticipate that the methods of Du-Vote can be used in other applications to find ways of achieving malware tolerance, that is, ways of securely using platforms that are known or suspected to have malware.”

Tech giants communicate opposition to decrypted data for law enforcement

Washington Post, Ellen Nakashima: “Tech behemoths including Apple and Google and leading cryptologists are urging President Obama to reject any government proposal that alters the security of smartphones and other communications devices so that law enforcement can view decrypted data. In a letter to be sent Tuesday and obtained by The Washington Post, a coalitionContinue Reading

Wham, Bam, Thank You Spam! Don’t Click on the Link!

Harvard Law School Forum on Corporate Governance and Financial Regulation  – Posted by Paul A. Ferrillo, Weil, Gotshal & Manges LLP, May 17, 2015. “It seems that just like in old times (in cyberspace that means last year) the existence of “snake-oil” salesmen on the Internet is getting worse, not better. Rather than selling somethingContinue Reading

Joint Cmte Report on Risks and Vulnerabilities in EU Financial System

European Banking Authority Report issued May 5, 2015 – completed March 2015 – Joint Committee Report on the Risks and Vulnerabilities in the EU Financial System “Since the August 2014 Joint Committee Report on Risk and Vulnerabilities the risks facing the EU financial system did not substantially change in character, but intensified further. The sameContinue Reading

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

Google Research Paper – “Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection , in which users have ads imposed on them inContinue Reading

What Every Librarian Needs to Know About HTTPS

EFF – “Librarians have long understood that to provide access to knowledge it is crucial to protect their patrons’ privacy. Books can provide information that is deeply unpopular. As a result, local communities and governments sometimes try to ban the most objectionable ones. Librarians rightly see it as their duty to preserve access to books,Continue Reading

Attacking the Internet using Broadcast Digital Television

From the Aether to the Ethernet – Attacking the Internet using Broadcast Digital Television. Yossef Oren, Angelos D. Keromytis, Columbia University 19th May 2014. “In the attempt to bring modern broadband Internet fea-tures to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television(HbbTV), which allows broadcast streams toContinue Reading

What Is the Internet of Things?

What Is the Internet of Things?, Mike Loukides and Jon Bruner, O’Reilly Media:  “The Internet of Things (IoT) is a blending of software and hardware, introducing intelligence and connectedness to objects and adding physical endpoints to software. Radical changes in the hardware development process have made the IoT—and its vast possibility—accessible to anyone. This report providesContinue Reading

The Spy in the Sandbox – Practical Cache Attacks in Javascript

The Spy in the Sandbox — Practical Cache Attacks in Javascript. Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis (Submitted on 25 Feb 2015 (v1), last revised 1 Mar 2015 (this version, v2)) “We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in thisContinue Reading

New GAO Reports – Cybersecurity, Management of Excess Uranium, Homeland Security, Indian Affairs

Cybersecurity: Actions Needed to Address Challenges Facing Federal Systems, GAO-15-573T: Published: Apr 22, 2015. Publicly Released: Apr 22, 2015. Department of Energy: Management of Excess Uranium, GAO-15-475T: Published: Apr 22, 2015. Publicly Released: Apr 22, 2015. Homeland Security Acquisitions: Addressing Gaps in Oversight and Information is Key to Improving Program Outcomes, GAO-15-541T: Published: Apr 22,Continue Reading

Cyber In-securIty II Closing the Federal Talent Gap

Partnership for Public Service and Booz Allen Hamilton – Cyber In-securIty II Closing the Federal Talent Gap, April 2015. “Technology has changed our lives. Individuals can email, text and talk to each other, take pictures, get directions, watch television, control their home appliances, read the news, play games and manage their schedules using a device thatContinue Reading

House Reconsiders Data Breach Bill

EPIC – “Members of the Energy and Commerce Committee have convened to rework the Data Security and Breach Notification Act. The Act, introduced by Reps. Blackburn and Welch, would require businesses to notify consumers of a data breach “unless there is no reasonable risk of identity theft or financial harm.” The bill would also preemptContinue Reading