InfoSec Philippines

Information Security, Technology News and Opinions

Opinion: On Tolentino’s CONfidence

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 22, 2009

I was chatting with an IT Security expert (who wishes to remain anonymous) the other day regarding Comelec’s Executive Director Jose Tolentino’s views about the coming implementation of PCOS machines as being un-hackable… yes, Tolentino’s views come even BEFORE its implemented. The reason why I’m posting it here is because I agree with the IT Security expert’s views.

Excerpts from the chat:

IT Sec Expert: such a display of confidence seems to be borderline misinformation
Me: true, i wonder what machine they used and if its possible to play around with it
IT Sec Expert: wel, they should worry more about organized crime, not hackers
Me: organized crime with hackers
IT Sec Expert: would the people handling such a new technology, na foreign made pa, be competent enough?
IT Sec Expert: that system would be closed circuit
Me: wires can easily be tapped, i wonder what encryption they’ll be using
IT Sec Expert: they’ll probably have dialup
Me: inside job na lang
IT Sec Expert: it would have been better had they had it publicly assessed and offer a bounty for the successful hacker
Me: why don’t you put your comments?
IT Sec Expert: you know how people are in the philippines, they always take things personally

I personally think that it’s great that the Comelec is trying something new regarding minimizing election fraud. However, time and again, its been shown that computers can be hacked, and challenging hackers is typically the first sign that a system will be hacked. Tolentino’s statements make me feel all so warm and fuzzy that the Comelec’s system is probably more secure than NASA, the US Pentagon, Royal Dutch Shell and hundreds of supposedly secure systems that have all been hacked. Maybe the Comelec’s people can consult for the Pentagon and teach them how to secure a system. No, really… seriously….

Our country’s history has shown that our own people are easier to hack (Social Engineering), which begs the question regarding not just the competency of the operators, but their integrity… will the Comelec be conducting background checks? I now wonder if the Comelec has had their system assessed, and if so by who and how was it assessed? I also hope that there will be transparency in the assessment.

Bernie Lopez wrote an insightful article which came out in PDI today entitled, “Computers can be hacked.” No, duh. Unfortunately Director Tolentino, one of the main people in the Philippines entrusted with keeping the sanctity of the ballot, thinks otherwise.


Social Networking
I was planning on writing about Facebook privacy, however PDI’s Bianca Consunji wrote a good article on it in “Knowing about privacy on Facebook.”


Botnets
BBC’s Click programme for Mar 13 was about botnets. They acquired control of over 20,000 infected computers all over the world (yes, you can now buy time on other people’s computers without their knowing it). Top botnets have more than a few hundred thousand computers under their control – up to an estimated million. They also talk about how to protect your computer here (warning tiny video, slightly muffled sound… they should’ve just used You Tube). They actually got in hot water because of this.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: