Secure Coding mailing list archives
embedded systems security analysis
From: goertzel_karen at bah.com (Goertzel, Karen [USA])
Date: Fri, 21 Aug 2009 09:48:47 -0400
We looked at the problem of voting system security specifically in the context of insider threat for last year's IATAC State of the Art Report on the Insider Threat to Information Systems - some of which involved "rogue" developers engineering backdoors into such systems. Unfortunately the document is limited distribution and FOUO, so I can't excerpt here. But if you're interested and a government employee or contractor, let me know and I'll get you instructions on how to register with DTIC to obtain a copy. Karen Mercedes Goertzel, CISSP Associate 703.698.7454 goertzel_karen at bah.com ________________________________________ From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Jeremy Epstein [jeremy.j.epstein at gmail.com] Sent: Thursday, August 20, 2009 5:39 PM To: Arian J. Evans Cc: Secure Coding List Subject: Re: [SC-L] embedded systems security analysis I spent a fair bit of time doing stuff relating to voting systems, which all have embedded systems. (I am not one of the experts who pulls them apart, lest anyone think I'm claiming credit for them.) They are supposedly closed systems, but every time someone competent has tried to attack them, they've been successful - even if there are no published APIs or documents, all of them have attack surfaces. It...
Current thread:
- embedded systems security analysis Arian J. Evans (Aug 20)
- embedded systems security analysis Goertzel, Karen [USA] (Aug 20)
- embedded systems security analysis Jeremy Epstein (Aug 20)
- embedded systems security analysis Rafael Ruiz (Aug 20)
- embedded systems security analysis Goertzel, Karen [USA] (Aug 21)