| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Threat modeling

This version was saved 15 years, 5 months ago View current version     Page history
Saved by JonPincus
on October 21, 2008 at 5:59:38 pm
 

Please use this page to discuss potential threats to web 2.0 election monitoring in general and the Twitter Vote Report in particular -- as well as potential responses.  For background, please read Tracy Viselli's Political Activism on Twitter: The Story of #dontgo (describing organized interference with a Twitter activism campaign) and Sarah Lai Stirland's Ohio Secretary of State's Office Hacked (illustrating the lengths people are going to disrupt the 2008 election). 

 

Reporting false information

  • with a goal of triggering false alarms about incidents
  • with a goal of invalidating or discrediting overall results
  • with a goal of flooding the channel and overwhelming people with data

 

Comment: we won't be building in any authentication mechanism so we should expect some of this.  What are the processes for verifying alerts before sending them out?  What caveats do we want to give to media who are covering the live feeds?  Can we detect some patterns of abuse (e.g., "rogue SuperTwitterers"?)

 

Denial of service

 

  • on Twitter
    • messages
    • overwhelming search/API functionality
  • on the database server (bandwidth or CPU)
    • input feeds
    • queries/API

 

Comment: the first step is to estimate likely load as part of a capacity plan, and then look at opportunities for automated attacks.  The best approach will be to have alternative mechnisms in place and identify up front what levels of load should trigger moving to backups.

Comments (0)

You don't have permission to comment on this page.