On Sun, Jul 18, 1999 at 07:16:28PM -0700, Mark C. Langston wrote:
[...]
> >So forget it. The election operator can run any code whatsoever, and
> >you have no way of preventing it unless you watch him all the time,
> >and even there you can't *really* prevent it. Crypto is basically
> >irrelevant to this problem. [Caveat: it would certainly be possible
> >to develop a crypto based voting protocol that required deployment of
> >a key infrastructure and appropriate client utilities. This is,
> >however, is a completely different matter than certifying a program,
> >and has serious implications in terms of practicality and usability.]
>
>
> This is a little far-fetched Kent. First of all, it does NOT happen
> "ALL THE TIME, IN THE REAL WORLD." And if you'd like to debate this
> particular point, feel free. I'll start by referring you to things
> like the USENIX Security Conference proceedings, and work from there.
Let's work from practical experience and practical reality, OK?
Songbird gets from 5-10 clearly security significant probes a week.
By that I mean a full scan of my network to a particular port known
to be associated with a vulnerability, or something of similar
obviousness.
This morning shortly after midnight, for example, I got a scan
directed to the IMAP port, coming from an unregistered IP address,
which, by the traceroute, came from Korea. When time permits, and
when it is practical, I track down the contacts for the source of
such probes, and send them email. I won't do this with the Korean
probe, because, from prior experience, finding a contact in Korea has
not been easy. I have, however, communicated with sys admins all
over the world under similar circumstances.
Around 30-50% of the time I get a reply, thanking me for letting them
know that their system had been hacked. In other words, they DIDN'T
KNOW THEY HAD BEEN COMPROMISED UNTIL SOMEONE ON THE OUTSIDE LET THEM
KNOW.
[Sometimes I find a real hacker, instead of a hapless victim -- for a
couple of interesting days I played tag with a hacker in Germany --
he left his ftp open, and I scarfed up a whole suite of hacker tools
:-), which annoyed him. I got ankle-biting email from random hacked
sources for a few days.]
All this is at Songbird, an absolutely insignificant atoll in the
network sea. My day job exposes me to an entirely different level of
attacks. The detection tools are much more sophisticated, it is
true, but the target is much larger and more interesting.
It would not be too much of an exaggeration to say that we are under
continuous attack, from multiple sources. We don't send friendly
emails to the contacts, though, because there simply isn't time.
> I might not be employed currently in a computer-security capacity, but
> I can assure I know enough to call shenanigans on that particular
> claim.
I'm reassured.
> If you want to push this point further, I can put you in touch
> with, say, folks at NAI, folks working tiger teams on the east coast,
> etc. for real-world data.
I would be interested in any real data you could provide.
> Hell, I could probably dig up some of the
> better-known purveyors of these attacks and get them to give you a
> feel for how often this happens.
I have a pretty good feel for how often this happens, from first hand
direct experience.
> However, unless you want to move
> this conversation over to Bugtraq, I don't recommend you push this
> FUD further.
Marcus Ranum's firewall-wizards list would be a better place.
Doubtless you could comment on the long recent "OK, I've been hacked,
now what?" thread?
> Secondly, most of your scenario above assumes zero trust of the person
> running the elections. I will state right now that, unless there is a
> trusted third-party that can run the elections (If you'll recall, I've
> already asked that this happen, to no avail), SOMEONE is going to come
> up with this argument. It's a straw man. No matter what you do, the
> above will always be a valid argument from someone's point of view,
> because there will always be an "evil sorcerer" sitting behind the
> curtain, pulling the strings, manipulating reality. For further
> reference, see Descartes.
I'd love to -- could you give me a specific reference, please?
> At some point, you must draw the line and
> place some initial faith in the person running the system, and the
> system itself.
As I have pointed out in other email, there are voting systems that do not
require TTPs.
[...]
> Now, if you'd like to debate security matters in a more realistic
> world, I'm more than willing.
I'm sure you are. But I don't want to waste *your* time.
--
Kent Crispin "Do good, and you'll be
[EMAIL PROTECTED] lonesome." -- Mark Twain
