- Microsoft got the NSA’s help with Win7 security. Many are concerned with the potential for “backdoors” inserted into the code at the NSA’s insistence. Some believe that Microsoft would never knowingly consent to such violations of user privacy, though that does not address the possibility of the NSA just ensuring it gets to harvest whatever data Microsoft already collects through use of functionality like WGA and Windows Updates, or that of the NSA finding a way to ensure a “backdoor” vulnerability is slipped into the code that Microsoft doesn’t even know is there. Given its closed source development, the pool of people in a position to notice such a hypothetical subtle security flaw would be fairly limited. While many might believe that Microsoft is above such behavior, few would argue that the NSA is as well, given the recent illegal wiretapping scandal.
- The NSA Website was compromised. Yes, these are the same people who helped Microsoft develop stronger security for Windows 7. I, for one, am not encouraged.
- IBM announced a means of using encrypted data without decrypting it. This concept may seem contradictory at first glance, but a new algorithm developed for IBM by researcher Craig Gentry could allow an accountant to prepare tax returns without ever having to see the encrypted data. The concept, called “homomorphic encryption”, is predicated upon the ability to specify particular types of modifications that should be allowable for your encrypted data in a clear manner, so that mathematical transformations can be applied to the encrypted data “blindly”, but still correctly.
- Takoma Park, MD debuted an MIT cryptographic voting system. While everybody else was arguing about whether Diebold was doing electronic voting “correctly”, MIT developed a cryptographic voting system that allows voters to verify that their votes were correctly counted without ever tying the vote to the voter anywhere but in the voter’s own notes and mind. If at least two percent of voters verify their votes, the system — called “Scantegrity II” — makes it almost impossible for vote tampering to go undetected. The use of the system in the Takoma Park election “went very well” according to the city clerk, Jessie Carpenter.
- September saw the debut of the first ever reddit worm. Some bugs in reddit’s implementation of its Markdown formatting language allowed an infectious worm to make its way through the site. It was not capable of infecting visitors’ computers; it only spread itself from one user’s reddit account to another, and caused garbage comments to be posted in reddit discussions under their account names. The reddit team’s response time was admirably quick, but the speed with which the worm spread meant it was still a very big deal for the site.
Five security news items that should get your attention
A mix of good and bad news caught Chad Perrin's eye in the second half of 2009. These are the five that he thinks you shouldn't miss.