Blackhacker

RSA Security - Press Release - RSA Alert: New Universal Man-in-the-Middle Phishing Kit Discovered
BEDFORD, Mass, Wednesday, January 10, 2007 — RSA, The Security Division of EMC, (NYSE: EMC) announced today that its 24×7 Anti-Fraud Command Center (AFCC) has uncovered a new phishing kit being sold and used online by fraudsters.

This new kit, a Universal Man-in-the-Middle Phishing Kit, is designed to facilitate new and sophisticated attacks against global organizations in which the victims communicate with a legitimate web site via a fraudulent URL set by the fraudster. This allows the fraudster to capture victims’ personal information in real-time.

Who ! This hacker is impressed. Even though phishers are becoming more sophisticated, You should remember that in order for a phisher to get you must access HIS fraudulent site. As a long as you don’t do that he can’t get you. A while back I posted some tips to keep you safe from phishers. They still work.

This doesn’t make sense to me. The United States of America is the universally accepted model for modern democracy. We Where the first modern Nation to allow it citizens to CHOOSE its leaders, instead of that mantle being inherited, or won in a bloody war of succession. We have sent monitors, to watch and safe guard the elections of fledging democracies, yet in Wired I read a story about Congressman Vern Buchanan (R) from Florida. He is being sued because of the software running the electronic voting machines.

Wired News: House Seat Hangs by a Byte
As the 110th Congress settles into the Capitol building this month, one congressman won’t be able to get too comfortable in his chair, with a controversy over the electronic voting machines that put him in office boiling down to a battle over the source code.

Republican Vern Buchanan claimed Florida’s 13th Congressional District seat last November by fewer than 400 votes, while some 18,000 ballots cast in Sarasota County mysteriously contained no vote either for Buchanan or his Democratic opponent Christine Jennings — an anomaly that prompted Jennings to challenge the election results in a lawsuit against state election officials, Buchanan and the company that makes the machines.

Three things :

1. If the software used had been open source there would be no need for a law suit. The approved version could simply be compiled, and the binaries could be signed with a private key held by the Lt. Governor, or who ever is responsible for running the Election.
2. Its not the source code that need to be examined, it the VOTES. It is for this EXACT reason that some many people ALL OVER THE COUNTRY have been calling for a paper trail for evoting. What is looking at the source code gonna do? If I was gonna rig an election I wouldn’t do it by injecting something in the source code. Assuming that I was able to slip malicious code by any type of code review that any responsible software company would have for an application this sensitive and important, it is still a bad idea because I would get caught. You see the new code is evidence and in a situation like this one, eventually malware would be discovered, and if they have ANY type of decent source control, the identity of tho one who added the code would be revealed.

   Boys and Girls, The way to rig an election is to intercept the data, (i.e. the votes) before they get counted and and added to the official totals. Assuming this can be done, simply blanking the votes, that come from a district that poles heavily for your opponent, would have the desired effect.

3. I hope that this Congress will institute universal standards for Federal Elections so we don’t have a hodge pogde of Elections where some work and other don’t. I wonder… if such legislation where introduced, anybody have any guesses as to how Mr. Buchanan would vote?