Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attack on CS research by Chronicle for Higher Edu cation

From: David Farber <dave () farber net>
Date: Tue, 23 Jan 2007 09:29:47 -0500


Begin forwarded message:

From: Jeremy Epstein <jepstein () webmethods com>
Date: January 23, 2007 8:38:46 AM EST
To: dave () farber net, ip () v2 listbox com
Cc: "Rebecca Mercuri (mercuri () acm org)" <mercuri () acm org>, "Peter G. Neumann (neumann () csl sri com)" <neumann () csl sri com>, "Edward W. Felten" <felten () CS Princeton EDU>, "Gene Spafford (spaf () cerias purdue edu)" <spaf () cerias purdue edu> Subject: RE: [IP] Re: Attack on CS research by Chronicle for Higher Edu cation 

I'm certainly in agreement with Dr. Mercuri et al that this is a lousy
story.  But what bothers me more as a security professional isn't an
undergraduate student calling Dr. Felten names, or Dr. Wilson's concern
about the "weird arrangement" between Kennesaw State and the State of
Georgia, but rather the modest level of skill exhibited by the team at
Kennesaw State. As a member of a Virginia legislative commission, I had the 
opportunity to question Dr. Brit Williams (the founder of the group at
Kennesaw) about his group's processes in approving voting machines.  Not
only do they make no effort at penetration testing, but according to Dr.
Williams' testimony, they have no idea how to do such a test!  In other
words, they had no ability to even look for the sort of attack that Dr.
Felten's team so beautifully demonstrated.  For an organization that
purports to do approvals of software-based voting machines, the lack of this 
skill is pretty appalling.

Also not noted in the article, but critically important is that the Dr.
Williams (and, I presume the Kennesaw State team) are responsible not only for reviewing voting machines for Georgia, but also Maryland and Virginia, 
and perhaps other states that I don't know about.

If there's going to be such a concentration of influence in equipment
approval, one would hope for a higher degree of competence and
professionalism than is displayed in the article. And if the Chronicle is going to publish such an article, I'd think they'd make an effort to truly 
"see both sides".

--Jeremy


-------------------------------------------
-----------------------------------------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: Archives: http://archives.listbox.com/247/ 
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1788750&user_secret=f2ab41d2
Unsubscribe: http://v2.listbox.com/unsubscribe/?id=1788750-f2ab41d2-w6ms6a0g
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: