There's been a lot of talk about some portion of the RSA keys on the Internet being insecure, with "2 out of every 1000 keys being bad". This is incorrect, as the problem is not equally likely to exist in every class of key on the Internet. In fact, the problem seems to only show up on keys that were already insecure to begin with -- those that pop errors in browsers for either being unsigned or expired. Such keys are simply not found on any production website on the web, but they are found in high numbers in devices such as firewalls, network gateways, and voice over IP phones.
It's tempting to discount the research entirely. That would be a mistake. Certainly, what we generally refer to as "the web" is unambiguously safe, and no, there's nothing particularly special about RSA that makes it uniquely vulnerable to a faulty random number generator. But it is extraordinarily clear now that a massive number of devices, even those purportedly deployed to make our networks safer, are operating completely without key management. It doesn't matter how good your key is if nobody can recognize it as yours. DNSSEC will do a lot to fix that. It is also clear that random number generation on devices is extremely suspect, and that this generic attack that works across all devices is likely to be followed up by fairly devastating attacks against individual makes and models. This is good and important research, and it should compel us to push for new and interesting mechanisms for better randomness. Hardware random number generators are the gold standard, but perhaps we can exploit the very small differences between clocks in devices and PCs to approximate what they offer.
Warren Ellis ruminates on the the way that the old idea that the Internet was birthing an “attention economy” has been transformed by Facebook, which has literally monetized attention, charging you money to reach the people who’ve asked to hear from you.
Adzerk, who serves ads for Bittorrent, Stackexchange, Reddit and other high-profile sites, will honor Do-Not-Track messages from readers’ browsers, and its ads will not be blocked by the major ad-blocking software.
James writes, “A blend of fact and fiction, players take on the role of an NSA agent tracking down the source of the leaks. They’ll discover the journalists involved, and the real messages sent by Snowden to them at the time.”
It’s time for a power upgrade — throw out that tired-out power strip and swap in this family-size USB charger, packed with 6 high-speed ports. With a built-in control chip, Kinkoo optimizes each port to ensure the fastest charging possible for all your devices. The Kinkoo is made from high-grade and durable materials so you […]
Watching Netflix, Hulu or other streaming services can unfortunately be difficult while traveling outside the US. Rather than bypass these restrictions with the help of a complex and slow VPN, choose a faster and simpler solution with Getflix. Instead of rerouting all your Internet traffic through a different server, this handy service only routes the […]
Shake, stir, and muddle your way to delicious homemade cocktails with this must-have bar set. Expect only the finest quality tools from MakersKit — enabling you to unleash your inner mixologist.Top 12 Favorite Things of 2014, Sunset MagazineQuart-size vintage-style Mason jar shakerRetro double jigger for accurate measurementsStrainer & spouts for a mixologist-style smooth pourHardwood muddler […]