Security Researcher. (opinions are my own)
Joined January 2015
- Tweets 260
- Following 74
- Followers 378
- Likes 19
79 Photos and videos
16 Jun 2023
RT @jhalderm: Update: 20 leading experts in cybersecurity and elections just wrote to @MITREcorp CEO Jason Providakes urging him to retrac…
195
14 Jun 2023
1/5 The report @jhalderm and I wrote after discovering/PoC-ing the many exploitable vulnerabilities in the Dominion Voting Systems' ImageCast X system is now public.
storage.courtlistener.com/re…
2
11
24
2,197
14 Jun 2023
4/5 the report you see is ~2 years old (filed Jul2021) and reflects understanding/knowledge at that time but everything is still valid and correct. We asked the vendor to point-out any technical inaccuracies or misunderstandings over a year and a half ago and have heard nothing.
1
3
11
937
14 Jun 2023
5/5 If written today, we would include references to later-events (Coffee Co GA, Mesa Co CO, others' public discoveries, etc) plus our further-improved understanding of the vulns/weaknesses/etc. @jhalderm and I will be updating and submitting for peer-review later this summer.
1
1
12
697
Drew Springall retweeted
14 Oct 2022
1/ Colleagues and I have found a serious privacy flaw that affects Dominion ICP and ICE ballot scanners. We've already informed Dominion, CISA, EAC, and state officials, and we've created a site to help officials and the public understand the issue:
DVSorder.org
35
249
371
3 Jun 2022
1/4 @jhalderm and I investigated the security of the Dominion ImageCast X BMD used in Georgia and our findings aren't pretty. @CISAgov just published an advisory about vulnerabilities we found and I hope the full report we sent them will be available soon.
cisa.gov/uscert/ics/advisori…
7
22
36
3 Jun 2022
3/ We only tested two software versions of a single EAC-certified system (as part of a pre-2020 lawsuit in GA). The vendor didn't give us or CISA access to test other versions or their claimed fixes. It also hasn't publicly stated what other versions share these vulns (if any).
1
5
14
3 Jun 2022
4/4 We'd be excited to work with election officials to see whether other systems have similar vulns and how to best defend. Many people have made many claims about election security and the best way to sort true from false is to perform serious technical analysis.
2
5
18
18 Jun 2021
Well that looks...not good. Someone might wanna check on the @hbomax integration testing infrastructure.
1
1
Drew Springall retweeted
31 Mar 2021
Here's my analysis of what happened in Antrim County, Michigan, during the November election:
michigan.gov/sos/0,4670,7-12…
Full report: michigan.gov/documents/sos/A…
14
26
54
19 Mar 2020
Just an FYI to anyone else doing lectures over @zoom_us. The Linux client appears to be extremely buggy:
- Overwrites previous local recordings without informing/confirming
- Shares Zoom chat (w/ private msgs) when sharing Chrome window
- Adds green box when Chrome is fullscreen
1
1
19 Mar 2020
So it appears that for #2 (sharing Zoom windows), it's something that they added in 3.6 and the current linux version is 3.5. You can disable it on the website but it doesn't actually disable it in the app. That's ... less than awesome...
5 Mar 2020
Hey @YouTube, I think you've got a problem with your subscriptions page. Either that or @DudePerfect got to 50M subscribers with zero videos posted...
2