Interesting People mailing list archives
Re: Attack on CS research by Chronicle for Higher Edu cation
From: David Farber <dave () farber net>
Date: Tue, 23 Jan 2007 09:29:47 -0500
Begin forwarded message: From: Jeremy Epstein <jepstein () webmethods com> Date: January 23, 2007 8:38:46 AM EST To: dave () farber net, ip () v2 listbox comCc: "Rebecca Mercuri (mercuri () acm org)" <mercuri () acm org>, "Peter G. Neumann (neumann () csl sri com)" <neumann () csl sri com>, "Edward W. Felten" <felten () CS Princeton EDU>, "Gene Spafford (spaf () cerias purdue edu)" <spaf () cerias purdue edu> Subject: RE: [IP] Re: Attack on CS research by Chronicle for Higher Edu cation
I'm certainly in agreement with Dr. Mercuri et al that this is a lousy story. But what bothers me more as a security professional isn't an undergraduate student calling Dr. Felten names, or Dr. Wilson's concern about the "weird arrangement" between Kennesaw State and the State of Georgia, but rather the modest level of skill exhibited by the team atKennesaw State. As a member of a Virginia legislative commission, I had the
opportunity to question Dr. Brit Williams (the founder of the group at Kennesaw) about his group's processes in approving voting machines. Not only do they make no effort at penetration testing, but according to Dr. Williams' testimony, they have no idea how to do such a test! In other words, they had no ability to even look for the sort of attack that Dr. Felten's team so beautifully demonstrated. For an organization thatpurports to do approvals of software-based voting machines, the lack of this
skill is pretty appalling. Also not noted in the article, but critically important is that the Dr.Williams (and, I presume the Kennesaw State team) are responsible not only for reviewing voting machines for Georgia, but also Maryland and Virginia,
and perhaps other states that I don't know about. If there's going to be such a concentration of influence in equipment approval, one would hope for a higher degree of competence andprofessionalism than is displayed in the article. And if the Chronicle is going to publish such an article, I'd think they'd make an effort to truly
"see both sides". --Jeremy ------------------------------------------- ----------------------------------------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: Archives: http://archives.listbox.com/247/
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1788750&user_secret=f2ab41d2 Unsubscribe: http://v2.listbox.com/unsubscribe/?id=1788750-f2ab41d2-w6ms6a0g Powered by Listbox: http://www.listbox.com
Current thread:
- Re: Attack on CS research by Chronicle for Higher Edu cation David Farber (Jan 23)