OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
Uganda is so poor that few can afford medical care, giving it one of the lowest life-expectancies on the planet — this toxic combination made the country ripe for infiltration by Tiens, a Chinese Multi-Level-Marketing “nutritional supplements” cult whose members set up fake medical clinics that diagnose fake ailments and proscribe fake medicines, then rope […]
Yahoo’s sale to Verizon means that Yahoo’s sub-companies — Flickr, Tumblr and a host of others — are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public […]
What was last week posed as an indefinite leave of absence is now for good: Travis Kalanick, CEO of scandal-wracked rideshare company Uber, announced that he is leaving the company. “I love Uber more than anything in the world and at this difficult moment in my personal life I have accepted the investors request to […]
Although flagship smartphones are unlikely to adopt heavy-duty outer casing anytime soon, you can always prepare your device for the outdoors with a beefy case and and an external battery like this Nomad Tile Trackable PowerPack, available in the Boing Boing Store for $119.95.The Nomad Tile can fully recharge an iPhone 7 over three times […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]