OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
Wang Jianlin made billions speculating on Chinese real-estate; now that he’s diversified into buying Hollywood movie studios and chains of movie theaters, the richest man in China is prepared to say what many have known: the Chinese property market is a huge, deadly bubble that’s ripe to burst.
Wells Fargo’s Board of Directors have finally exercised their right to claw back part of the hundreds of millions of dollars taken home by two senior executives who were compensated on the basis of the fraudulent earnings the bank took in while opening 2,000,000 secret accounts in their customers’ names, taking money out of those […]
Yesterday, Google announced “Youtube Go,” an “offline first” version of the popular video service designed for the Indian market where internet coverage is intermittent, provided by monopolistic carriers that have a history of network discrimination, and where people have a wide variety of devices, including very low-powered ones.
#1. A-Audio Legacy Noise Cancelling Headphones with 3-Stage Technology The A-Audio Legacy Headphones are the Boing Boing Store’s best seller this month, and it’s easy to see why. With 40mm drivers, powerful circuitry, and memory foam padded circumaural ear cups, these are clearly super high-quality headphones. Plus, the patented 3-Stage Technology lets you toggle between passive […]
Vaping is getting more mainstream by the day, which means there’s been an influx of quality yet affordable vaporizers on the market. We’re particularly excited about the APX Wax Vaporizer Kit, which is an easy-to-use, high-quality vape that works with both dry herbs and waxy concentrates.If you’re a beginner trying to get into vaping, the APX […]
When you’ve had a long day and it’s time to unwind, there’s a lot you can do to relax: drink some tea, take a shower or even read a book. But there’s one thing that’s essential to a comfortable night’s rest—and that’s investing in some really good sheets. Enter Bamboo Bed Sheets. These quality sheets retail for $120, but […]