It is a sad fact that cheating and rule-breaking in sport gives rise to a lot of bile amongst both competitors and supporters. Think of the furore when a top athlete fails a drugs test, or when the result of a championship final comes down to a judgement call about offside. Multiplayer computer games are … Continue reading Action Replay Justice
Many designs for trustworthy electronic elections use cryptography to assure participants that the result is accurate. However, it is a system’s software engineering that ensures a result is declared at all. Both good software engineering and cryptography are thus necessary, but so far cryptography has drawn more attention. In fact, the software engineering aspects could … Continue reading The role of software engineering in electronic elections
The 23rd Chaos Communication Congress will be held later this month in Berlin, Germany on 27–30 December. I will be attending to give a talk on Hot or Not: Revealing Hidden Services by their Clock Skew. Another contributor to this blog, George Danezis, will be talking on An Introduction to Traffic Analysis. This will be … Continue reading 23rd Chaos Communication Congress
At the rump session of PET 2006 I presented a simple idea on how to defend against a targeted attacks on software distribution. There were some misunderstandings after my 5 minute description, so I thought it would help to put the idea down in writing and I also hope to attract more discussion and a … Continue reading Protecting software distribution with a cryptographic build process
Last week I promised to follow up on a few XSS bugs that I found in WordPress. The vulnerabilities are fixed in WordPress 2.0.3, even though the release notes do not mention their existence. I think there are a number of useful lessons that can be drawn from them, so in this post I will … Continue reading Anatomy of an XSS exploit
Today, Tuesday 6/6/6, Mike Bond and George Danezis published our department’s 666-th technical report titled “A pact with the Devil”. In this devious research paper, they explore the risks of a whole new generation of malware that exploits not only computer users’ inexperience to propagate, but also their greed, malice and short-sightedness.
The Fifth Annual Workshop on the Economics of Information Security (WEIS) is coming to Cambridge on June 26-28. WEIS topics include the interaction of networks with crime and conflict; the economics of bugs; the dependability of open source and free software; liability and insurance; reputation; privacy; risk perception; the economics of DRM and trusted computing; … Continue reading WEIS 2006
There’s been a certain amount of research into the value of security holes in the past few years (for a starter bibliography see the “Economics of vulnerabilities” section on Ross Anderson’s “Economics and Security Resource Page”). Both TippingPoint and iDefense who currently run vulnerability markets for zero day exploits are somewhat coy about saying what … Continue reading Towards a market price for insecurity