"Software like pcAnywhere is used by system administrators to access and control systems from a remote location to conduct maintenance or upgrade or alter software. But election-management systems and voting machines are supposed to be air-gapped for security reasons - that is, disconnected from the internet and from any other systems that are connected to the internet." #privacy #security
Conversation
Notices
-
Yale Privacy Lab (privacylab)'s status on Thursday, 19-Jul-2018 17:50:51 UTC 
Yale Privacy Lab
- Mike Gerwitz likes this.
-
Mike Gerwitz (mikegerwitz)'s status on Friday, 20-Jul-2018 02:03:51 UTC 
Mike Gerwitz
@privacylab The article also mentions:
> In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, [attackers] stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier. Source code is invaluable to [attackers] because it allows them to examine the code to find security flaws they can exploit.
It's worth noting that access to the source code of the software should have no impact on the security of that software---"security through obscurity", as it is called, is not security. Users should expect that the source code for all software they use has been made publicly available (and is free/libre software) as a precondition for any claims of "security" so that anyone and everyone can audit it, track changes, and improve upon it. -
Yale Privacy Lab (privacylab)'s status on Friday, 20-Jul-2018 15:42:45 UTC
Yale Privacy Lab
@mikegerwitz as we say in teaching materials... Access to source is a prerequisite for - not a guarantee of - software security.
Mike Gerwitz likes this.Mike Gerwitz repeated this.
All Mike Gerwitz's GNU Social Instance content and data are available under the