Secure Coding mailing list archives
darkreading: voting machines
From: gem at cigital.com (Gary McGraw)
Date: Mon, 9 Oct 2006 12:19:13 -0400
Hi all, I'm sure that many of you saw the "Ed Felten and friends break Diebold machines" story a couple of weeks ago...maybe in DDJ or on /.. I wrote a piece about the crack for darkreading, which you can find here: http://www.darkreading.com/document.asp?doc_id=105188&WT.svl=column1_1 The most interesting thing from an sc-l perspective about this column is that it emphasizes a client need we're often forced to address---the need for a demo exploit. Sometimes those on the receiving end of a software security vulnerability don't believe that findings are real. An often-repeated excuse for doing nothing is "well, that's just a theoretical attack and it's too academic to matter." I can't tell you how many times I've heard that refrain. When that happens, building an exploit is often the only clear next step. And yet we all know how expensive and hard exploit development is. In this case, Diebold consistently downplay'ed Avi Rubin's results as "academic" or "theoretical." Ed upped the ante. Think it'll work?? gem company www.cigital.com podcast www.cigital.com/silverbullet book www.swsec.com ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ----------------------------------------------------------------------------
Current thread:
- darkreading: voting machines Gary McGraw (Oct 09)
- darkreading: voting machines Chris Wysopal (Oct 12)
- <Possible follow-ups>
- darkreading: voting machines Jeremy Epstein (Oct 10)
- darkreading: voting machines Chris Wysopal (Oct 12)
- darkreading: voting machines David A. Wheeler (Oct 11)