Media Coverage (reverse chronological order):

• ATM machines were infected by a computer virus (posted 12/11/2003, thanks to Sergey Koren)
• A recent article argues that desktop machines are inherently insecure (posted 12/11/2003, thanks to Sergey Koren)
• For more information about buffer overflows, read "Smashing the Stack for Fun and Profit". For some possible defenses, read this paper
• Yahoo tries to combat spam using public-key technology (posted 12/8/2003, thanks to Josh Lurz and David Um)
• An article about ATM fraud (posted 12/8/2003, thanks to Joe Schweitzer)
• An interesting discussion on biometrics (posted 12/8/2003, thanks to Joe Schweitzer)
• Factorization of a 576-bit RSA modulus (posted 12/8/2003, thanks to Joe Schweitzer)
• Think your erased data is really unrecoverable? Think again... (posted 12/4/2003, thanks to David Um)
• Fooling a fingerprint scanner using "gummy fingers" (as mentioned in class; posted 12/2/2003)
• An intersting article about how malicious worms are written for profit (posted 12/2/2003, thanks to Shawn Dhawan)
• A potentially serious security flaw with Internet Explorer (posted 12/2/2003, thanks to Shawn Dhawan)
• An electronic voting system records an erroneous number of votes. Should we be surprised?
• Ever wonder how Maryland driver's license numbers are calculated? (I'm not sure what this has to do with security, but I thought it was neat.)
• More on insecure voting schemes (posted 11/16/03, thanks to Joe Schweitzer)
• Wireless hacking... (posted 11/16/03)
• Banking scams similar to those discussed in class... (posted 11/16/03, thanks to Pooya Woodcock)
• N-Gage hacked? (posted 11/16/03, thanks to David Um)
• An attempt to place a Trojan horse into the Linux kernel (posted 11/9/03, thanks to Kirill Lokshin)
• The Diamondback reports how easy it is to snoop on the campus network (hopefully this was not done by any students taking this class!) (posted 11/9/03, thanks to Peshala Wimalasena)
• MagiQ begins commercial shipments of systems for quantum cryptography (posted 11/7/03, thanks to Joseph Bolly). More information on MagiQ is here
• Diebold installed uncertified software on voting machines (posted 11/7/03, thanks to Amir Khella)
• Electronic voting in Australia. Note: Sounds like a good research project would be to see whether there are any flaws in that voting system... (posted 11/4/03, thanks to Josh Lurz and Joe Schweitzer)
• Microsoft unveils a new threat-modeling tool (posted 11/3/03, thanks to Narayanan Chettiar)
• Another email virus (posted 11/3/03, thanks to Colin Stevenson)
• Some news reports about anonymous remailers (posted 10/31/03, thanks to Joe Testa and David Bettis):
  • The Java Anonymous Proxy was "backdoored" and "un-backdoored"
  • The story of how anon.penet.fi was shut down
• The NSA purchases a license on elliptic curve cryptography from Certicom (posted 10/28, thanks to David Bettis)
• An interesting article on "honeypot traps" (posted 10/28, thanks to Matt Sliverman)
• The article by Saltzer and Schroeder (discussed in lecture 14) is available on line
• Public relations campaign for flawed voting systems (posted 10/21, thanks to Chris Miles)
• An interview with Bruce Scneier (posted 10/21, thanks to Josh Lurz)
• A case involving "crypto export laws" is settled (posted 10/20, thanks to Danny Pan)
• The State of Maryland is going to use Diebold voting machines even though they remain potentially insecure (see below). Here's their explanation.
• I mentioned in class the possibility of eavesdropping by recording electro-magnetic radiation emanating from a computer and/or monitor. See here for more information (I do not vouch for the authenticity of this site, however).
• Trivial circumvention of a copy protection system (posted 10/8/2003, thanks to David Um)
• More about the Diebold flaw in their voting equipment --- some counties are using this insecure product! (posted 10/7/03, thanks to Pooya Woodcock)
• A hacker steals a large part of the source code for a yet-to-be-released computer game (posted 10/7/03, thanks to Jason Wrang)
• Lawsuits against Microsoft for selling software with security flaws (posted 10/6/03, thanks to David Bettis)
• Security flaws in OpenSSL (posted 10/2/03, thanks to Jason Wrang).
• A civil liberties group criticizes "trusted computing". See also the related article on slashdot (posted 10/2/03, thanks to Jason Wrang and Joseph Bolly).
• Microsoft unveils a new security effort to address the fact that security patches are not applied quickly (posted 10/2/03, thanks to Jason Wrang).
• Security problems in the TCP/IP Protocol Suite, by Bellovin (posted 9/25/03).
• Why cryptography is harder than it looks, by Schneier (posted 9/25/03)
• A year-old (but still relevant and interesting) note about the security (or insecurity?) of 1024-bit RSA moduli (posted 9/25/03, thanks to Joe Testa).
• The State Department was hit by a virus (9/25/03).
• A new security report puts the blame on Microsoft's dominance of the market for PC software (9/24/03).
• A report from 1994 describing the design rationale for DES (posted 9/25/03, thanks to Joe Testa).
• A brief analysis of the insecurity of some open-source VPN products (9/23/02, thanks to Josh Lurz).
• A survey of LaGrande, Intel's "safe computing initiative" (9/19/03, thanks to Chris Miles). See also information about Microsoft's "secure computing base". A more unbiased view is also available (note that Palladium was Microsoft's old name for its secure computing base).
• GSM, the encryption scheme most widely used on cellular phones, was recently broken by a ciphertext-only attack (9/3/03, thanks to Joseph Bolly)
• Here are some interesting reports on the insecurity of Diebold's electronic voting system:
  • A technical report demonstrating that Diebold's system is insecure (I will probably make this required reading at some point).
  • Diebold's response to this report was pretty weak, as shown here.
  • Could Diebold manipulate an election?
  • Compromise of Diebold's FTP site.
  • More discussion about the Diebold security flaws (posted 9/25/03, thanks to Dave Bettis).
• Microsoft releases an updated patch of a serious security flaw just a few weeks after releasing the previous one (9/10/2003, thanks to James Gimourginas).
• Article about the arrest of a hacker who compromised a New York Times database (9/10/2003, thanks to James Gimourginas).
• Interview with Bruce Schneier about "bad security tradeoffs" (9/2003, thanks to Chris Miles).
• An article highlighting the importance of physical security (9/4/03, thanks to Navid Golpayegani).
• Article about email viruses and worms (9/4/03).