Richard DeMillo

2.5K posts

Richard DeMillo banner
Richard DeMillo

Richard DeMillo

@rad_atl

Professor of Computer Science at Georgia Tech, author, executive, Ducati owner, grandfather. Avoid opinion. Seek critical thought.

Atlanta Katılım Mart 2015
395 Takip Edilen2.3K Takipçiler
Sabitlenmiş Tweet
Richard DeMillo
Richard DeMillo@rad_atl·
Reading recent exchanges with promoters of #BallotMarkingDevices & noticing how effective @Kasparov63 advice is: If the facts are simple just keep repeating them. #HandMarkedPaperBallots are widely available for most voters (via mail). They're Covid safe and not hackable.
Richard DeMillo@rad_atl

@Kasparov63 Like this: Ballot marking devices have an essential security flaw. Like all computers they can be hacked, misprogrammed, misconfigured, misused. Printed ballots from machines can’t be trusted as expressions of voter intent, so no audit or recount can detect cheating.

English
1
36
61
0
Richard DeMillo
Richard DeMillo@rad_atl·
Get the skinny on what's in the unsealed documents in Georgia’s long running lawsuit aimed at throwing out universal use Ballot Marking Devices on @TheBradBlog
Brad Friedman (🟦)@TheBradBlog

Federal Judge Unseals Expert Report on GA Voting System, Revealing Horrific Vulnerabilities: Today's #BradCast Guest: Richard DeMillo (@rad_atl) of Georgia Tech; Also: MI's failed SoS candidate, GOP chair sanctioned for election suit FULL STORY, LISTEN: bradblog.com/?p=14693

English
2
18
20
5.9K
Richard DeMillo
Richard DeMillo@rad_atl·
Georgia Tech’s School of Cybersecurity and Privacy invites applications to access the newly established Election Security Research Facility (ESRF), intended to be the most comprehensive research resource for election technologies and other democracy-affirming institutions.
Richard DeMillo tweet media
English
0
2
10
1.3K
ACSAC
ACSAC@ACSAC_Conf·
The third #ACSAC2022 test of time award goes to Paul Royal et al. For their 2006 paper "PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware". Congratulations! 👏👏👏
ACSAC tweet media
English
1
0
2
0
Richard DeMillo
Richard DeMillo@rad_atl·
Is it time to withdraw from whatever Twitter is becoming? Just today: Trolling, bots, links to media “stories” promising new bombshell reveals about Nancy Pelosi, vaguely worded threats and Musk hasn’t even fully lifted the bans on problem accounts yet. Not a good trajectory.
English
4
0
2
0
Richard DeMillo
Richard DeMillo@rad_atl·
Well. that didn't take long: my family already already targeted not for their tweets or mine but for their fact-based MSM journalism. Even modest guardrails already down | Twitter's Content Moderation Team Reportedly Unable to Work Amid Musk Takeover gizmodo.com/twitter-conten…
English
1
2
4
0
Richard DeMillo
Richard DeMillo@rad_atl·
@heidergarcia Thanks for these points, but they have been extensively argued in a series of technical articles and reports (for a telegraphic summary see freedom-to-tinker.com/2022/07/21/mag…) The bottom line is (1) there will be many unverified ballots cast regardless & (2) there is no known way out.
English
0
0
0
0
Heider Garcia
Heider Garcia@heidergarcia·
I’ll give you my thoughts. Warning, this is going to be a long thread: Voters have the responsibility to make sure the ballot is marked the way they intend to vote, that is true for either style of ballot. But…
English
3
21
54
0
Richard DeMillo retweetledi
Marilyn Marks
Marilyn Marks@MarilynRMarks1·
In the wake of GA's voting system breach, Dr. Andrew Appel's short article about BMDs is worth rereading! It's written for us laymen, to help us understand why BMDs don't produce quality elections. ⬇️ freedom-to-tinker.com/2022/07/21/mag…
Marilyn Marks tweet media
English
1
22
37
0
Richard DeMillo
Richard DeMillo@rad_atl·
@TxSaving @duncanbuell OK, maybe someone else will find this amusing, but it's clearly a waste of time with you. He was an expert designated by a federal court to conduct experiments under strict conditions. The results were sealed for AEO under PO. OK or not OK is not a meaningful question.
English
0
0
0
0
Richard DeMillo
Richard DeMillo@rad_atl·
I dont know why Ben is replying to me but since he did, let me say this is nonsense. It contradicts everything vendors/SOS claimed for 20 years about secret security methods. Oh and it does lower the bar for discovering vulnerabilities. Not fatal but doesnt inspire confidence.
Ben Adida@benadida

@MarilynRMarks1 @rad_atl As I explained in the thread, that aspect matters little. Change credentials, move on. Access to the software, even for months by many people, is not a serious issue.

English
2
0
4
0
Richard DeMillo
Richard DeMillo@rad_atl·
@TxSaving @duncanbuell Ummm....Halderman was appointed by a federal court to analyze the system. The court sealed the code and restricted access under a protective order. Not even the plaintiffs in the lawsuit had access. Other people could have petitioned litigants but apparently didn’t.
English
1
0
0
0
TXSavingTheUSA
TXSavingTheUSA@TxSaving·
@duncanbuell @rad_atl Funny you consider Mr. Lenberg "bad guys" as his references and experience is something you could only hope to be known for. Aparently your implying Alex Halderman is a "good guy" so its ok for him to have access for weeks? Seems biased.
English
1
0
0
0
Richard DeMillo
Richard DeMillo@rad_atl·
@Packy48 No idea. They appeared to be in the dark anout how elections are run.
English
0
0
0
0
Richard DeMillo
Richard DeMillo@rad_atl·
Nothing in what I said should be taken as claim that machines were actually hacked. We have been clear on this point for months.
English
0
0
0
0
Tarrant County Elections
Tarrant County Elections@tarrantelection·
We completed the unscripted test. To those of you that took time to come in and help: THANK YOU!!! The results of the hand-count were a match to the results generated by the voting system, some will say...
GIF
English
5
4
8
0
Richard DeMillo
Richard DeMillo@rad_atl·
@benadida Open source is no silver bullet. Your insistence for example that voter verification occurs at a sufficient rate to mitigate risk of outcome changing has nothing to so with open source. It does make ZT impossible though.
English
1
0
1
0
Ben Adida
Ben Adida@benadida·
@rad_atl Marilyn cc'ed you on the previous message, so Twitter automatically adds you to the list. I've never agreed with vendors' claim of secrecy. All my code is open-source. Did you agree with the vendors' claims? My memory is you didn't. So why are you making a secrecy argument now?
English
2
0
1
0
Richard DeMillo
Richard DeMillo@rad_atl·
@benadida That has nothing to do with it. These breaches demonstrate vulnerabilities that were previously dismissed by SOS. EG demonstrate feasibility of threat models like insider threats and sec ops. The time between breach & recognition of vulnerabilities present new attack surfaces.
English
2
0
1
0
Ben Adida
Ben Adida@benadida·
@rad_atl I tend to agree with you that existing vendors' software should be better designed. Heck I'm spending most of my waking hours on this problem. But you're being naive if you think that software hadn't already leaked long ago.
English
1
1
1
0

Keşfet

@TheBradBlog @HonLarryVaughn @philipbstark @ACSAC_Conf @NYTimes @heidergarcia @TxSaving @duncanbuell