matt blaze Profile picture
Sep 27, 2020 4 tweets 1 min read Read on X
For the record, I led the team that discovered and published the first trove of exploitable vulnerabilities in an ES&S voting system, and am well aware of their danger. Many of them haven't been fixed, and that's horrifying. But there's been scant evidence of their exploitation.
It would be both personally satisfying and career enhancing to learn that these vulnerabilities were being exploited to rig elections. But the evidence of this just isn't there. And fortunately, election security is improving, albeit more slowly than it needs to.
For the record, here's a summary of what we found, 13 years ago. usenix.org/legacy/event/e…

Yes, these are serious problems. And it's maddening that many haven't been fixed. But the existence of a vulnerability does not mean that it has been exploited. Don't spread exaggerated BS.
Seriously, if your Thought Leader told to come after me for being soft on election security, they're not even trying. They're probably playing some kind of practical joke on you, like being sent out to fetch a left-handed screwdriver.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with matt blaze

matt blaze Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mattblaze

Nov 14, 2022
Radio nerditry: Yes, I've heard that KrakenRF pulled their passive radar code, and no, I'm not looking forward to revisiting ITAR after all these years.
There isn't, as far as I can tell, enough publicly-known information about the facts here to even speculate about whether this is an easily-resolved misunderstanding, over-caution, or a serious concern. I can imagine ways it could be any of the three. Hopefully not the latter.
Cryptography in the US, even open source software, used to be (and to a limited extent, still is) regulated under ITAR. It was a big attenuator on open research. But because different countries interpreted ITAR for cryptography differently, it wasn't as bad as it could be here.
Read 5 tweets
Nov 13, 2022
Unpopular and uncomfortable election integrity reality: While BS about "hacked elections" has been most loudly amplified by the Right in the US, they have no monopoly on it. This nonsense was mostly started by (and continues to be spread by) marginal activists on the Left.
Two difficult-to-reconcile truths about US election integrity. Any serious discussion of the subject must acknowledge both of them:

- There genuinely are some real vulnerabilities in some of our election infrastructure

- There's no evidence an election outcome has been hacked.
Whatever your political preferences, asserting than an election as been hacked is an EXTRAORDINARY claim, requiring compelling evidence. If someone makes such a claim, demand evidence.

The remedy for BS is truth, not equal-and-opposite BS.
Read 7 tweets
Nov 12, 2022
Even if it taxes your patience, being careful and following procedures in tallying votes is not evidence of fraud. In fact, it's the opposite of that.
"Isn't it suspicious that it's only tight races that are undecided?"

No. That's exactly what we'd expect.

Any "winners" reported so far are media projections from partial tallies released so far. The closer the race, the higher the % of votes cast they need to project a winner.
Very few jurisdictions across the US have reported 100% tallies in any races yet, and even those are still unofficial, uncertified results. State laws can delay full results until well after election day; in some, mail-in votes can't start to be processed until after polls close.
Read 4 tweets
Nov 10, 2022
Remember that Twitter's main asset is us users and our data, and the three people responsible for protecting it all quit simultaneously this morning.

Twitter may not even be around long enough to buy us all a year of free credit monitoring at this rate.
Any Twitter engineer being asked to certify compliance to a regulatory agency (such as the FTC) should seek independent (their own) legal advice before signing anything or making any statement to regulators.

This is a bus you do NOT want to be thrown under.
I can't emphasize how perilous this can be. "Self-certification of compliance" with an FTC consent decree might be presented as merely routine paperwork, no big deal.

No. It's a big deal, and if you're even thinking about agreeing to this, you need competent legal advice first.
Read 4 tweets
Nov 8, 2022
As election results start to come in this week, some losing candidates and supporters may claim that their election was "rigged" or "hacked". To sort fact from fiction, you have to understand how elections actually work. Here's a great reference: nap.nationalacademies.org/catalog/25120/…
A large fraction of “stop the steal” mis- and disinformation was OBVIOUS BS to those who understood the basics of election logistics, and tech. But it could sound convincing to the uninitiated. Learn how your local elections work, especially how ballots are handled and counted.
And many aspects of elections vary across states and counties. For example, in some places, for procedural and technical reasons, mail-in ballots aren’t processed until AFTER the polls close. If the number of those ballots is large, it can take a while before results are known.
Read 4 tweets
Nov 7, 2022
I've been using Mastodon for a couple days now. A couple (nonexpert) observations

The system as a whole functions. The major servers (that you're likely to sign up for) federate with each other, which means you can, in principle, follow and be followed just about anywhere. 1/
However, the system is clearly (and unsurprisingly) also straining under the newfound load right.

Many servers are closed to new signups, so you have to look for one that will take you, which may not be where most of your friends are. That's OK (see above), except that... 2/
... likely because of the load, timelines across different server instances are often a bit of a mess - out of order, slow to update, duplicate posts, etc. So it doesn't always feel like Twitter. Sometimes more like Twitter if the tweets were delivered by actual carrier pigeons.
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(