That XKCD on voting machine software is wrong
The latest XKCD comic on voting machine software is wrong, profoundly so. It's the sort of thing that appeals to our prejudices, but mistakes the details.
Accidents vs. attack
The biggest flaw is that the comic confuses accidents vs. intentional attack. Airplanes and elevators are designed to avoid accidental failures. If that's the measure, then voting machine software is fine and perfectly trustworthy. Such machines are no more likely to accidentally record a wrong vote than the paper voting systems they replaced -- indeed less likely. The reason we have electronic voting machines in the first place was due to the "hanging chad" problem in the Bush v. Gore election of the year 2000. After that election, a wave of new, software-based, voting machines replaced the older inaccurate paper machines.
The question is whether software voting machines can be attacked. Well, if that's the measure, then airplanes aren't safe at all. Security against human attack consists of the entire infrastructure outside the plane, such as TSA forcing us to take off our shoes, to trade restrictions to prevent the proliferation of Stinger missiles.
Confusing the two, accidents vs. attack, is used here because it makes the reader feel superior. We Continue reading
Capsule8 Rides 1.0 Platform Launch to $15M Series B Funding
The company's CEO said the firm was not looking just yet at a Series B, but that reception to its platform sped up the process.
Network Collective: Security and Analytics
In this community roundtable, Eyvonne and I talk to Eric Osterweil about the increasing reliance on analytics in the realm of security.
Transforming Security in a Cloud and Mobile World – Security Showcase Session
Over the last several years, VMware has been heavily investing in technology and solutions to transform security. Our goal has been simple; leverage the virtual and mobile infrastructure to build security in – making it intrinsic, simple, aligned to applications and data, and infinitely more effective.
5 years ago, with NSX, we introduced the concept of micro-segmentation, enabling organizations to leverage network virtualization to compartmentalize their critical applications at a network level.
Last VMworld, we introduced VMware AppDefense, to protect the applications running on that virtual infrastructure. This enabled organizations to leverage server virtualization to ensure the only thing running is what the application intended – flipping the security model to “ensuring good” versus “chasing bad”
Meanwhile, our Workspace ONE team has been steadily building out their platform that leverages user infrastructure, to ensure only legitimate users can get access to critical applications from devices we can trust.
The momentum for NSX, AppDefense, and Workspace ONE has been growing exponentially. And our product teams have not been standing still. They’ve been hard at work on some incredible innovations and integrations.
Transforming Security in a Cloud and Mobile World
In my security showcase session, Transforming Security in Continue reading
What the Caesars (@DefCon) WiFi situation looks like
So I took a survey of WiFi at Caesar's Palace and thought I'd write up some results.When we go to DEF CON in Vegas, hundreds of us bring our WiFi tools to look at the world. Actually, no special hardware is necessary, as modern laptops/phones have WiFi built-in, while the operating system (Windows, macOS, Linux) enables “monitor mode”. Software is widely available and free. We still love our specialized WiFi dongles and directional antennas, but they aren’t really needed anymore.
It’s also legal, as long as you are just grabbing header information and broadcasts. Which is about all that’s useful anymore as encryption has become the norm -- we can pretty much only see what we are allowed to see. The days of grabbing somebody’s session-cookie and hijacking their web email are long gone (though the was a fun period). There are still a few targets around if you want to WiFi hack, but most are gone.
So naturally I wanted to do a survey of what Caesar’s Palace has for WiFi during the DEF CON hacker conference located there.
Here is a list of access-points (on channel 1 only) sorted by popularity, the number of stations using Continue reading
Juniper Announces New Acceleration Cards For SRX5000 Security Appliances
Juniper Networks has announced that it will soon begin shipping new SPC3 (Services Process Card) Advanced Security Acceleration cards for its SRX5000 line of security gateways, which includes the 5400, 5600, and 5800 appliances. These security appliances target large enterprises, service providers, and cloud providers. Customers can mix and match security features including firewalling, IPS, […]Iran State-Sponsored Hackers Pose Growing Threat, Accenture Says
"It’s somebody’s day job to make sure they exploit you and remain a presence on your network,” said Josh Ray, global cyber defense lead for Accenture Security.
Cisco Is Ready To Upgrade a Million Routers With SD-WAN Software
The Viptela software can run on all Cisco ISR and ASR routers, as well as ENCS 5000 routers, that are four years old or younger.
Juniper Networks’ Security Acceleration Card Targets 5G Firewall Performance
The new service processing card can provide up to an 11-fold performance boost to Juniper’s SRX5000 line of firewalls compared to the earlier version, the company claims.
Gigamon Acquires SaaS Security Startup For Network Analytics
Gigamon has acquired Icebrg, a security startup that collects and analyzes network metadata to detect attacks and help security teams investigate incidents. Icebrg uses on-premises sensors to collect packet metadata from switches and routers, and then sends that data to its cloud platform. Customers then access the data from a portal for analysis and investigation. […]Evolute Container Migration Platform Slices Enterprise Complexity
The automated migration process carves out only the assets needed to operate the application in a container environment.
Deep Packet Inspection: Enable Advanced SD-WAN Analytics and Security Features
Learn how DPI enables advanced SD-WAN analytics and security features.
Oracle Security Makeover Highlights CASB, Identity Automation
The company calls its new security framework Trust Fabric and says it can help companies predict, prevent, and respond to threats using integrated technologies and automation.
Symantec to Cut Global Workforce Amid Declining Enterprise Security Sales
The layoffs will target about 900 employees and are part of a larger restructuring plan to save about $115 million annually.
Cisco and the Two-Factor Two-Step
In case you missed the news, Cisco announced yesterday that they are buying Duo Security. This is a great move on Cisco’s part. They need to beef up their security portfolio to compete against not only Palo Alto Networks but also against all the up-and-coming startups that are trying to solve problems that are largely being ignored by large enterprise security vendors. But how does an authentication vendor help Cisco?
Who Are You?
The world relies on passwords to run. Banks, email, and even your mobile device has some kind of passcode. We memorize them, write them down, or sometimes just use a password manager (like 1Password) to keep them safe. But passwords can be guessed. Trivial passwords are especially vulnerable. And when you factor in things like rainbow tables, it gets even scarier.
The most secure systems require you to have some additional form of authentication. You may have heard this termed as Two Factor Authentication (2FA). 2FA makes sure that no one is just going to be able to guess your password. The most commonly accepted forms of multi-factor authentication are:
- Something You Know – Password, PIN, etc
- Something You Have – Credit Card, Auth token, Continue reading
Fortinet CEO Cites 7-Figure SD-WAN Win on Q2 2018 Earnings Call
The security company’s impressive growth results boosted its stock and put it on track to beat its previous closing high.
Cisco Buys Duo Security for $2.35 Billion
Acquiring the two-factor authentication startup boosts Cisco’s cloud security portfolio and its intent-based networking strategy.
GSMA Announces Latest Event Updates for 2018 Mobile World Congress Americas, in Partnership with CTIA
The GSMA announced several additions to the Mobile World Congress Americas event line-up, including new speakers in the conference program, additional participating companies and exhibition experiences, and new programs and events.