Security, authentication, authorization

Paper ballots will be used to collect votes in many elections this fall. There will be a drop in the use of electronic ballot equipment because of security problems, and more states are using paper ballots that are optically scanned because they are easy to use, ease to scan, and provide an auditable paper trail. The biggest shortcoming of the electronic equipment is the lack of a paper trail that can be used to verify results. Unfortunately, this shortcoming was widely noted in this column and in many other sources early in the rush to avoid any more hanging chad incidents.

"Whaling" is a new form of phishing attacks. It is called whaling because the spam emails are carefully targeted towards big fish, or whales. Spammers have been sending carefully crafted emails that look like an official U.S. Federal Court sub poena. Clicking on the link embedded in the email secretly installs a keystroke logger on your computer which then sends userids, passwords, and credit card numbers to the spammer.

We actually got one of those sub poenas about two weeks ago, and it certainly looked official. But sub poenas are usually delivered in person, and so after looking closely at the email and some of the links, we quickly determined it was spam.

A study by a watchdog e-voting group in Maryland called SaveOurVotes found that in that state, the switch to electronic voting machines raised the cost of elections by 866%.

But wait, there's more! The counties are still paying off a $67 million dollar loan needed to purchase the machines, even though the machines were found to have serious security flaws and have had to abandoned in favor of the older and more secure optical scanning equipment--which is much less expensive.

The only good thing about this story is that the state did eventually do the right thing and revert to a more secure voting system. But the taxpayers still have to pick up the tab for a lot of bad decisions.

This moderately technical article (PDF file) has an extensive discussion of the vulnerabilities of wireless systems, including WiFi, Bluetooth, and WiMax. Communities interested in investing primarily in wireless broadband should read this article first, as the data presented illustrates why most businesses do not regard wireless as a business class service.

Here is a short summary of the issues from the article:

Wireless networks have three additional aspects that make the security of wireless
networks even more challenging than the security of fixed networks:

• Wireless networks are always open
• Attackers can connect into the network from anywhere and from any distance
• Attackers are always anonymous

Wireless networks are always open – Physical media does not protect them. Any device
that implements the same radio interface can access a wireless network. One common
assumption is that wireless technologies are secure when authentication and encryption
are properly deployed. Looking closely at the operation of related protocols, there are
many message sequences that take place before the authentication. These message
sequences can always be attacked regardless of the deployed security measures.
Attacks are not limited by location or distance.

Attacks are not limited by location or distance. The distance from where the attacker can
reach the wireless network is only limited by the power of the transmitter. For example,
Bluetooth attack tools are known to have several-mile radiuses, although valid usage
scenarios would never attempt such range of coverage for Bluetooth.

Attackers are always anonymous. Although a valid user can be pinpointed with good
accuracy, an attacker can use directed antennas that will only target a selected victim. It is impossible to guarantee detection of malicious users in wireless networks. As stated
above, an attacker can also always attack the message sequences that happen before the
authentication of the device and thus avoid identification.

Those digital photo frames that are becoming popular hold more than pictures. Millions of them apparently come pre-loaded with a potent virus designed to thwart computer anti-virus programs. The virus is spread from the frame to a computer when the frame is plugged into a USB port.

The virus is difficult to remove, and the article recommends plugging a suspect picture frame into a Linux or Macintosh first to see what is stored in the frame memory (and then deleting it).

Following on the heels of Ohio, Colorado has de-certified the voting machines used in some of the most populous parts of the state. Diebold, Sequoia, and ES&S machines were among those found to have problems. The state found that the machines were easy to tamper with, and that the machines lacked any audit trail capabilities, meaning there would be no way to detect tampering if it happened.

New studies of electronic voting machines in Ohio has led a top official there to call for a ban on the machines. The Ohio Secretary of State noted "critical security failures" on the machines that made it easy to tamper with vote counts.

Legislators are finally getting the message about faulty electronic voting machines, and perhaps some of these machines will get auditable paper trails in time for the 2008 election. The House of Representatives is working on a bill that will require better accountability for the electronic ballot systems for all Federal elections, starting with the fall 2008 elections.

The really galling part of this is that all this was completely avoidable. Many of us in the IT business saw this train coming a long way off. Unfortunately, a lot of local governments, who buy most voting equipment, were happy to ignore technical experts without a financial stake in the outcome and instead fell hook, line, and sinker for the promises of vendors, who were giddy over the windfall market that fell into their laps--nearly every voting machine in America was going to be replaced!

The taxpayers get to pay twice for this fiasco, but at least it is going to get fixed.

The state of California has put together an extensive plan to review every voting system in use in the state. The work will use several groups of indepedent scientists with excellent credentials who will review both electronic voting systems and other, older voting systems, including paper-based balloting.

The state is serious about this; the plan includes the use of independent "red teams" that will work independently to try to break into the electronic systems. This is not likely to be very difficult, since you can go right to YouTube and watch a short video on how to break into some systems.

The tragedy here is that this kind of analysis and review should have been done before California spent a half billion tax dollars buying untested voting equipment. State and local officials in California and in every other state ignored the pleas of computer scientists and technology experts across the country and blindly wasted billions buying flawed equipment. Most of it will end up being replaced.

The good news: at least the problem is getting fixed before a massive vote fraud creats a constitutional crisis in a major election. Let's hope every state addresses this issue promptly.

Here is an interesting idea that could put an end to phishing. Everyone has received those emails claiming to be from some well known bank, urging you to log in immediately to update your bank information. The URLs look like legitimate Web sites, but belong to crooks who want to capture your account information so they can empty your bank account.

This new proposal from an Internet security expert is simple and likely to work. It would create a new top level domain, .bank, that would be issued only to legitimate financial institutions and it would cost a lot of money (e.g. $50,000) to register the domain, rather than the trivial $10 that it costs a criminal now to register a phony bank site.

Banks would be likely to move quickly to the new domains, because phishing fraud is a major headache that costs them millions. And it would eliminate some of the spam in our mailboxes. Let's hope this idea gets traction quickly.