No subject

Jeremy Epstein jepstein at
Tue Jan 23 08:38:46 PST 2007

Neumann (neumann at" <neumann at>, "Edward W.
Felten" <felten at CS.Princeton.EDU>, "Gene Spafford
(spaf at" <spaf at>
Subject: RE: [IP] Re: Attack on CS research by Chronicle for Higher
Edu cation

I'm certainly in agreement with Dr. Mercuri et al that this is a lousy
story.  But what bothers me more as a security professional isn't an
undergraduate student calling Dr. Felten names, or Dr. Wilson's concern
about the "weird arrangement" between Kennesaw State and the State of
Georgia, but rather the modest level of skill exhibited by the team at
Kennesaw State.  As a member of a Virginia legislative commission, I
had the
opportunity to question Dr. Brit Williams (the founder of the group at
Kennesaw) about his group's processes in approving voting machines.  Not
only do they make no effort at penetration testing, but according to Dr.
Williams' testimony, they have no idea how to do such a test!  In other
words, they had no ability to even look for the sort of attack that Dr.
Felten's team so beautifully demonstrated.  For an organization that
purports to do approvals of software-based voting machines, the lack
of this
skill is pretty appalling.

Also not noted in the article, but critically important is that the Dr.
Williams (and, I presume the Kennesaw State team) are responsible not
for reviewing voting machines for Georgia, but also Maryland and
and perhaps other states that I don't know about.

If there's going to be such a concentration of influence in equipment
approval, one would hope for a higher degree of competence and
professionalism than is displayed in the article.  And if the
Chronicle is
going to publish such an article, I'd think they'd make an effort to
"see both sides".


You are subscribed as eugen at
To manage your subscription, go to

Archives at:
Modify Your Subscription:
Powered by Listbox:

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820  
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list