RT @jhalderm: Update: 20+ leading experts in cybersecurity and elections just wrote to @MITREcorp CEO Jason Providakes urging him to retrac….

@jhalderm 5/5 If written today, we would include references to later-events (Coffee Co GA, Mesa Co CO, others' public discoveries, etc) plus our further-improved understanding of the vulns/weaknesses/etc. @jhalderm and I will be updating and submitting for peer-review later this summer.

@jhalderm 4/5 the report you see is ~2 years old (filed Jul2021) and reflects understanding/knowledge at that time but everything is still valid and correct. We asked the vendor to point-out any technical inaccuracies or misunderstandings over a year and a half ago and have heard nothing.

@jhalderm 3/5 @jhalderm wrote a great blog post summarizing and adding context b/c this has been an on-going project for 2.5+ years (since Sept 2020). It's important to remember that.

@jhalderm 2/5 I *highly* encourage everyone to read and form opinions for themselves so I'll hold the long, technical thread for now (will come later). Even without a technical background, the high-level findings/implications are relatively straight-forward IMO but. .

1/5 The report @jhalderm and I wrote after discovering/PoC-ing the many exploitable vulnerabilities in the Dominion Voting Systems' ImageCast X system is now public.

Great work protecting everyone from "offensive content" there @twitter.

RT @jhalderm: 1/ Colleagues and I have found a serious privacy flaw that affects Dominion ICP and ICE ballot scanners. We've already inform….

4/4 We'd be excited to work with election officials to see whether other systems have similar vulns and how to best defend. Many people have made many claims about election security and the best way to sort true from false is to perform serious technical analysis.

3/ We only tested two software versions of a single EAC-certified system (as part of a pre-2020 lawsuit in GA). The vendor didn't give us or CISA access to test other versions or their claimed fixes. It also hasn't publicly stated what other versions share these vulns (if any).

2/ Just to be clear, our work was *not* about the November 2020 election. We started in Sept 2020 (i.e., well before the election) when we were provided access by a federal court. We studied the security of the device, not the results of any past, current, or future contest.

1/4 @jhalderm and I investigated the security of the Dominion ImageCast X BMD used in Georgia and our findings aren't pretty. @CISAgov just published an advisory about vulnerabilities we found and I hope the full report we sent them will be available soon.

Well that looks. not good. Someone might wanna check on the @hbomax integration testing infrastructure.

RT @jhalderm: Here's my analysis of what happened in Antrim County, Michigan, during the November election:. Full r….

Shamelessly stolen from r/usmc.

Congrats to @umbernhard and the whole team. Paper:

So it appears that for #2 (sharing Zoom windows), it's something that they added in 3.6 and the current linux version is 3.5. You can disable it on the website but it doesn't actually disable it in the app. That's . less than awesome.

Just an FYI to anyone else doing lectures over @zoom_us. The Linux client appears to be extremely buggy:.- Overwrites previous local recordings without informing/confirming.- Shares Zoom chat (w/ private msgs) when sharing Chrome window.- Adds green box when Chrome is fullscreen.

Hey @YouTube, I think you've got a problem with your subscriptions page. Either that or @DudePerfect got to 50M subscribers with zero videos posted.

Hey @Lowes, might wanna check your website.