Embed Size (px)
DESCRIPTION
Videos, interviews, and news stories about the Vulnerability Assessment Team (VAT) at Argonne National Laboratory. The VAT discovers and demonstrates easy-to-exploit vulnerabilities in a wide range of physical security devices and systems including locks, tamper-indicating seals, tags, access control systems, biometrics, GPS, nuclear safeguards, and electronic voting machines. The VAT then proposes practical countermeasures.
Citation preview
The Argonne Vulnerability Assessment Team (http://www.ne.anl.gov/capabilities/vat) in the News
GPS Spoofing Tara McKelvey, “Aerial Drones May Be Vulnerable to Sabotage Because of GPS”, http://www.thedailybeast.com/articles/2011/12/17/aerial-‐drones-‐may-‐be-‐vulnerable-‐to-‐sabotage-‐because-‐of-‐gps.html John Brandon, “Six Rising Threats from CyberCriminals”, http://www.computerworld.com/s/article/9216603/Six_rising_threats_from_cybercriminals Election Security Victoria Collier, “How to Rig an Election”, Harper’s Magazine 325, 33-‐41 (November 2012), http://harpers.org/print/?pid=225772 “How Your Vote Can Be Hacked”, http://money.cnn.com/video/technology/2012/10/31/ts-‐voting-‐machine-‐hack.cnnmoney/index.html?iid=HP_River Laura Spadanuta, “Machine Politics”, Security Management 56(10) 50-‐57 (September 2012), http://securitymanagement.com/article/machine-‐politics-‐0010437?page=0%2C0 "How I Hacked an Electronic Voting Machine", http://www.popsci.com/category/tags/roger-‐johnston RT News live interview, http://www.youtube.com/watch?v=Ksvd7FJtNuU&list=UUczrL-‐2b-‐gYK3l4yDld4XlQ&index=5&feature=plcp Bill Mego, Naperville Sun Times, October 2, 2012, http://napervillesun.suntimes.com/news/15493042-‐418/counting-‐votes-‐should-‐be-‐a-‐transparent-‐process.html Etan Trex and Matt Soniak, “How Secure are Electronic Voting Machines?”, Mental Floss 11 (1), January/February 2012, pg 50. Kane Farabaugh, “U.S. Lab Says Electronic Voting Machines Easy to Hack”, http://www.voanews.com/english/news/usa/US-‐Lab-‐Says-‐Electronic-‐Voting-‐Machines-‐Easy-‐to-‐Hack-‐132016698.html David Gewirtz, “The Scary Truth About Voting Machine Hacking Risk”, http://www.zdnet.com/blog/government/the-‐scary-‐truth-‐about-‐voting-‐machine-‐hacking-‐risk-‐exclusive-‐video/10945
Salon.com, “Diebold voting machines can be hacked by remote control”,
http://www.salon.com/news/politics/elections/2011/09/27/votinghack Brad Friedman, http://www.bradblog.com/?p=8785 and http://www.bradblog.com/?p=8790 and http://www.bradblog.com/?p=8818 Jaikumar Vijayan, “Argonne researchers 'hack' Diebold e-‐voting system”, http://www.computerworld.com/s/article/9220356/Argonne_researchers_hack_Diebold_e_vo ting_system_?taxonomyId=85 Matt Liebowitz, “It only takes $26 to hack a voting machine”, http://www.msnbc.msn.com/id/44706301/ns/technology_and_science-‐security/t/it-‐only-‐takes-‐hack-‐voting-‐machine/#.ToRzrk-‐Hqrc
Dan Godin, “Diebold e-‐voting hack allows remote tampering $11 microprocessor-‐in-‐middle attack is 'significant'”, http://www.theregister.co.uk/2011/09/28/diebold_electronic_vote_tampering/ Joan Brunwasser, “Roger Johnston on Election Security”, http://www.opednews.com/articles/Argonne-‐Lab-‐s-‐Head-‐of-‐Vuln-‐by-‐Joan-‐Brunwasser-‐110329-‐968.html Verified Voting, “Roger Johnston on Security Vulnerabilities of Electronic Voting (Video)”, October 15, 2010, http://blog.verifiedvoting.org/2010/10/15/1131 Roger Johnston interviewed live on WTTW Public Television’s “Chicago Tonight” program about electronic voting machine security, October 11, 2010, (Video), http://www.wttw.com/main.taf?p=42,8,80&pid=BMeOsuVOgSUbQammoGQxMlIX00avS55H
Physical Security Vulnerabilities & Vulnerability Assessments Phil Rogers, “Most Security Measures Easy to Breach”, (Video), http://www.youtube.com/watch?v=frBBGJqkz9E Michael Kassner, “Getting Paid to Break Into Things: How Vulnerability Assessors Work at Argonne National Lab”, http://www.techrepublic.com/blog/security/getting-‐paid-‐to-‐break-‐into-‐things-‐how-‐vulnerability-‐assessors-‐work-‐at-‐argonne-‐national-‐lab/5072?tag=mantle_skin;content Boonsri Dickinson, “At Argonne National Lab, Closing the Curtains on ‘Security Theater’”, November 9, 2010, http://www.smartplanet.com/technology/blog/science-‐scope/at-‐argonne-‐national-‐lab-‐closing-‐the-‐curtains-‐on-‐security-‐theater/5167/
Louise Lerner, “The Security Fallacy: Seven Myths About Physical Security”, October 26, 2010, http://www.anl.gov/Media_Center/News/2010/news101026.html RG Johnston, “Proving Voltaire Right: Security Blunders Dumber Than Dog Snot”, 19th USENIX Security Conference Keynote Address, Washington, D.C., August 11-‐13, 2010, http://www.youtube.com/watch?v=51MxGK2q7Wo or http://www.usenix.org/media/events/sec10/tech/videos/johnston.mp4 Bill Brenner, “Security blunders 'dumber than dog snot'”, CSO Data Protection, August 11, 2010, http://www.csoonline.com/article/603043/security-‐blunders-‐dumber-‐than-‐dog-‐snot-‐ Review of the VAT’s presentation at ShmooCon 2010 in Washington DC, February 5-‐7, 2010: http://www.shmoocon.org/presentations-‐all.html#tamper Video of the presentation: http://www.shmoocon.org/presentations-‐all.html#tamper Sarah D. Scalet, “Vulnerability Assessment’s Big Picture”, CSO Magazine, June 2007, pp. 32-‐36, http://www.csoonline.com/read/060107/fea_qa.html “How Flawed is Your Security Program?”, informal self assessment tool, CSO Online, http://www2.csoonline.com/quizzes/security_assessment/index.php
RFIDs Ashley Cullins and Brian Warmoth, “Digital Privacy: Are You Ever Alone?”, http://news.medill.northwestern.edu/chicago/news.aspx?id=187163 Sarah D. Scalet, “The 5 Myths of RFID”, CSO Online, May 2007, http://www.csoonline.com/read/050107/fea_rfid.html Other Security Issues Eric Parizo, “Researcher Details Findings on Spoofing GPS, Malicious Insiders”, September 14, 2012, http://searchsecurity.techtarget.com/video/Researcher-‐details-‐findings-‐on-‐spoofing-‐GPS-‐malicious-‐insiders Eric Parizo, “Vulnerability Researcher on Layered Security Plan Mistakes”, September 14, 2012, http://searchsecurity.techtarget.com/video/Vulnerability-‐researcher-‐on-‐layered-‐security-‐plan-‐mistakes Kori Chambers, “Hackers Using TRENDnet Webcams to Spy on People”, February 10, 2012, http://www.myfoxchicago.com/dpp/news/special_report/webcam-‐trendnet-‐camera-‐hackers-‐
privacy-‐watching-‐people-‐undressing-‐bedrooms-‐security-‐breech-‐20120209 “Detecting Sticky Bombs”, Homeland Security Newswire, July 30, 2010, http://homelandsecuritynewswire.com/detecting-‐sticky-‐bombs Michael Kassner, “Phishing Attacks: Training Tips To Keep Your Users Vigilant”, http://www.techrepublic.com/blog/security/phishing-‐attacks-‐training-‐tips-‐to-‐keep-‐your-‐users-‐vigilant/5402 Roger Johnston was part of a live panel discussion on the program “Chicago Tonight” on WTTW Public Television on May 5, 2010. The topic was security camera efficacy. http://www.wttw.com/main.taf?p=42,8,80&player=Chicago-‐Tonight&pid=uhibkZxM40xVVFBFKo7i0MirNsWJEGXI Laura Spadanuta, “Lessons for Layering”, Security Management Podcast, January, 2010, http://www.securitymanagement.com/audio Bill Zalud, “Fighting Monsters Can Be Monstrous”, Security, November, 2009, pg. 114. Michael Kassner, “IT Security: Maxims for the Ages”, September 28, 2009, http://blogs.techrepublic.com.com/security/?p=2435 Steve Gibson, “Security Maxims”, Security Now! Podcast #215, September 24, 2009, iTunes.com or http://www.grc.com/sn/sn-‐215.htm “New Bottle Cap Thwarts Wine Counterfeiters”, August 4, 2008, http://www.physorg.com/news137081078.html or http://www.webwire.com/ViewPressRel.asp?aId=71479 “Argonne Bolsters Efforts in Security Research”, Eurekalert.org, November 28, 2007, http://www.eurekalert.org/pub_releases/2007-‐11/dnl-‐abe112707.php
