Professor of Security Engineering; Head of @uclisec; Director @OpenRightsGroup. 🐘 https://t.co/fmgm3nArbb ☁https://t.co/vN2iCXx6hA
Mar 22, 2023 • 18 tweets • 6 min read
I did a little digging to see why Windows Snip and Sketch leaves part of the old image in a file when you crop a screenshot, potentially disclosing sensitive information (Acropalypse). It looks like the new Windows Save File API is defective by design. Why do I say this?🧵 1/9
The old Win32 API for saving a file was (roughly) to show a file picker, get the filename the user selected, and then open the file. To open a file, the programmer must specify whether to overwrite the file or not, and example code usually does overwrite the file. 2/9
Oct 20, 2022 • 4 tweets • 3 min read
There is genuine debate among election security experts as to how computers should be involved in elections, but there is almost universal agreement that choosing a head of government through online voting is a terrible idea.
I was an election observer for the 2007 pilot of electronic voting in the UK, coordinated by @jasonkitcat, then at the @OpenRightsGroup. The ordinarily very polite Electoral Commission were uncharacteristically direct in their criticism. electoralcommission.org.uk/sites/default/…
Oct 18, 2022 • 5 tweets • 2 min read
The Horizon Inquiry IT expert report by Charles Cipione mostly talks about IT management rather than IT (which is probably right), but there are some interesting details. One is related to the Horizon “reference data” which we would now call a domain-specific language (DSL) 🧵 1/
Reference Data controlled how Horizon operated but was separate from the Horizon code. The Reference Data was not subject to the same level of change control as the code, so was quicker to update. This makes sense if the DSL is sufficiently constrained as to eliminate errors. 2/