TIFI

Schneier on the recent release of the California security review of electronic voting machines, and what CA is doing about the across the board failures:

California Secretary of State Debra Bowen has conditionally recertified the machines for use, as long as the makers fix the discovered vulnerabilities and adhere to a lengthy list of security requirements designed to limit future security breaches and failures. [ . . .] While this is a good effort, it has security completely backward. It begins with a presumption of security. [. . .] Insecurity is the norm. If any system — whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. — is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet.

So, what to do? Assurance:

Several years ago, former National Security Agency technical director Brian Snow began talking about the concept of “assurance” in security. Snow, who spent 35 years at the NSA building systems at security levels far higher than anything the commercial world deals with, told audiences that the agency couldn’t use modern commercial systems with their backward security thinking. Assurance was his antidote.

[Dr. Strangelove's] frightening absurdity was established in the very first frame of the main title sequence designed by Pablo Ferro.

Via Jim Coudal.

From Wired News.

Three years ago, Alejandro Gutierrez got a strange and tantalizing message from Hong Kong. Some McKinsey consultants were putting together a business plan for a big client that wanted to build a small city on the outskirts of Shanghai.

Read more at Wired.