1. DARPA Is Building a $10 Million, Open Source, Secure Voting System by Kim Zetter

If there was a big election security story and it wasn’t broken by Kim Zetter, wouldn’t you be surprised? She's been covering election security for more than a decade and has really ramped up her reporting over the last couple of years. That's why this Motherboard piece, which landed Thursday, isn't a huge surprise but it is a pleasant one: DARPA, the Defense Advanced Research Projects Agency, is building its own open source voting system. One of the best parts of this news: The way it’ll be created – thanks to a cryptographic value, printed on a receipt – will have fully verifiable and transparent results, something that should help alleviate the stress around whether or not a machine is giving you the correct results. According to Zetter, the prototypes will be available for existing voting machine vendors to adopt or customize.

Read more

2. Voting machines I recommend by Andrew Appel/Freedom to Tinker

In keeping with the voting security theme, this is a good, quick, insightful read via Andrew Appel, Eugene Higgins Professor of computer science at Princeton University, on what specific machines he recommends. While it may not apply to you - not everyone is an election authority afterall - it doesn't make it any less interesting. Appel has been blogging about election security for more than a decade over at Freedom to Tinker, Princeton’s excellent Center for Information Technology Policy blog. He gets real down in the weeds about machines here, discussing how many voters per minute machines can take, how to make machines more accessible, and his recommendations for in-person voting machines vs. mail-in ballots.

Read more

3. Mozilla releases Firefox Send, a free encrypted file transfer service by Zeljka Zorz

You never can have too many encrypted file sharing sites. Mozilla added another to the pile this week with Firefox Send, a service I didn't realize it's apparently had in the works for awhile now. It turns out a beta version of the service was released back in August 2017. The new iteration, released on Tuesday, lets users send files up to one gigabyte in size or 2.5 if they have a Firefox account. The company claims it can't access the content users upload, nor can it see the name of what users upload as it uses the Web Cryptography JavaScript API with the 128-bit AES-GCM algorithm for encryption and decryption

Read more

4. DOE cyber arm preps risk management tool by Mark Rockwell

We lament here sometimes how infrequent it is to actually see actual good news come out of each week's cybersecurity churn. The relentless drumbeat of data breaches, malware, and ransomware does give way to positivity from time to time, like this news via FCW on how the Department of Energy is prepping a tool that can help commercial electric critical infrastructure quantify cybersecurity risk. The DOE's Office of Cybersecurity, Energy Security, and Emergency Response is apparently working with the DOE's National Labs on a formula for the tool. While it's unclear how far away it is from being a reality but judging from the voices in the piece, when it's ready, it will benefit from ease of use.

Read more

5. When Facebook Goes Down, Don't Blame Hackers by Brian Barrett

It's likely you heard, if you didn't experience it first hand, that Facebook, Instagram, and WhatsApp were all offline this week. For what it's worth Facebook said it was a server configuration change:

Yesterday, as a result of a server configuration change, many people had trouble accessing our apps and services. We've now resolved the issues and our systems are recovering. We’re very sorry for the inconvenience and appreciate everyone’s patience.

— Facebook (@facebook) March 14, 2019

WIRED had a good article on Wednesday however that we may have to bring up again the next time Facebook is offline: Just because the site's down, doesn't automatically mean it was the work of hackers or a sinister DDoS campaign. For one, it's highly unlikely an attacker could want to target a site like Facebook, as connected as it is. Second, speculating like this just spreads misinformation. According to WIRED, thinking hackers have taken down Facebook is akin to a conspiracy theory and “only muddles an already confusing issue. Hackers will continue to target Facebook. DDoS attacks will continue to take down sites. But those two truths are much further from intersecting than the more paranoid corners of the internet would have you believe.”

Read more