OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
The Chinese government’s wish-list for AI researchers is pretty ambitious: “Breakthroughs should be made in basic theories of AI, such as big data intelligence, multimedia aware computing, human-machine hybrid intelligence, swarm intelligence and automated decision-making.”
Robbo writes, “A number of so-called scientific journals have accepted a Star Wars-themed spoof paper. The manuscript is an absurd mess of factual errors, plagiarism and movie quotes. We know this because Neuroskeptic wrote it and posted about it on the Discover Magazine site. The paper was about Midi-chlorians and attributed to Dr Lucas McGeorge […]
As I wrote about last month, the hotelier who operates the Toronto property bearing Trump’s name was desperate enough to get shut of it that they had bid millions for the right to change the name of the hotel.
Web content creators who don’t have a solid SEO strategy should take note of Webtexttool. It’s a service that pulls in anonymous data from their entire user base to offer crowdsourced guidance that increases your search page ranks. By analyzing prior user successes, it helps you better gauge how your posts will perform at a […]
Just because English has become the common global tongue doesn’t mean it’s the easiest language to write—even for native speakers. If you’re looking to improve your written communication skills, especially on your smartphone, take a look at Ginger Page.Ginger is a cross-platform app that offers corrections for phrasing as well as grammar. It’s powered by […]
The current web development landscape is rife with buzzwords and technology that gets abandoned almost as soon as it’s made. If you’ve never written a line of code before, it can be hard to figure out what’s coming, what’s here to stay, or how to get ahead.This Beginner Web Development Bundle is a great place […]