OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
Greenpeace has handed newspapers 240 pages of current negotiating documents from the Transatlantic Trade and Investment Partnership (TTIP), a secretly conducted trade deal between the USA and the EU, which has run in parallel with the notorious Trans Pacific Partnership (TPP).
The first McDonald’s in Quetta, Pakistan has opened in Millennium Mall, in the militarized Police Lines neighborhood, prompting an official position from the Taliban.
When Norway — historically one of the poorest countries in Europe — struck oil in the North Sea, the country put the proceeds into a “sovereign wealth” fund that invested it in other industries and used the returns to pay for an extensive welfare state that has given Norwegians one of the highest standards of […]
You may not love Microsoft Word, but you’ve definitely used it. Other than being one of the most ubiquitous programs on the planet, it’s been the go-to word processing system for more than a quarter-century because it’s as basic as it gets. But occasionally, you’ve got assignments that beg for a lot more options than simple […]
Almost everyone has their smartphone in a case of one kind or another. Beyond simple protection, finding a case that can charge your phone on its own, but doesn’t feel like it’s also adding a couple pounds to the phone’s weight is the tricky part. Billed as the world’s thinnest battery case, the ThinCharge iPhone […]
You never know when new projects, ideas or opportunities can drop into your lap at a moment’s notice. That may require you to learn a new programming language like Python. Or maybe you need a primer on 3D game development. Or you might realize you could use a serious brush-up on iOS mobile creation.Point is, […]