OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
In July 2012, professional poker-player Phil Ivey won $4.8M from the baccarat tables at Atlantic City’s Borgata Hotel Casino & Spa in 17 hours; on other occasions, he took a total of $9M out of the Borgata: he did it by asking the house to deal Gemaco Borgata cards, whose backs contained minute asymmetries in […]
The five Volkswagen executives who were criminally charged in the USA for their role in the Dieselgate scandal have been advised not to travel to the USA because they are liable to arrest there: they’ve also been told that leaving Germany is risky because they might be arrested and extradited to the USA.
When you open the box for a Storm Trooper snuggie blanket, you’ll discover a card telling you that by buying the blanket, you’ve waived your right to sue the manufacturer and will subject yourself to binding arbitration if your blanket gives you cancer or burns you to death or any of the other bad things […]
One of the best ways to progress a career in project management is through earning recognized certifications. These certifications carry significant clout and don’t require expensive tuition or student loans. This Ultimate Project Management Certification Bundle is a great example of an affordable way to get ahead. It includes training for 9 certifications including PMP, […]
There’s nothing quite like the rush of playing against a real human opponent. But from a developer standpoint, creating fun multiplayer experiences is incredibly complex. Fortunately, the Unity3D game engine has made all aspects of game creation, including multiplayer functionality, as accessible as ever.This Unity Course Bundle introduces all of the necessary elements of creating […]
The 2016 World Series game 7 will undoubtedly go down in history as one of the greatest baseball games of all time. With endless suspense, a nefariously-timed rain delay, and extra innings, it reminded over 40 million viewers why they love America’s pastime – and why all bets were truly off in 2016. Savor the […]