OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
James Cawley is a 50 year old Elvis impersonator from Ticonderoga, NY; his friend William Ware Theiss was costume-designer for the original Star Trek series, and left Cawley the blueprints for the original Star Trek Enterprise sets in his will — so Cawley rented out a 13,000 sqft shuttered supermarket and built an exquisite replica […]
For the past week, Naked Capitalism has run a series of articles by transportation industry expert Hubert Horan on the economic shenanigans of Uber, which cooks the numbers it shows investors, drivers and the press to make it seem like something other than a black box that uses arrogance and lawlessness to make a bet […]
If you’re one of the 60% of Pebble employees who didn’t get a job offer from Fitbit, the company’s new owner, you’re probably not having a great Christmas season — but that trepedation is shared by 100% of Pebble customers, who’ve just learned (via the fine print on an update on the Pebble Kickstarter page) […]
The Boing Boing Store’s Gift Guide is full of ideas for pretty much anyone in your life like hipster ice cub trays, Xbox controllers, Halo Boards, and even diamond necklaces. As always, all products in the Boing Boing Store come at great discounts, too. Shop by price bucket starting at under $20. Under $20:Bloxx Jumbo Ice Trays […]
Unlike traditional lighters, the SaberLight features an electronic plasma beam that’s both rechargeable and butane-free. This sleek lighter is even approved by TSA, so you’ll never be stuck buying lighters you’ll just have to throw away partially used. For some people, like me, this is a pretty big game-changer. The SaberLight’s beam is actually both hotter and cleaner […]
Holiday shopping is in full swing, and the Striiv Touch is one of the best gift ideas I’ve landed on. Its simple design works for females and males, and its wide range of features makes it suitable for even the non-fitness enthusiasts in your life.Unlike traditional fitness trackers, the Striiv Touch also acts as a smartwatch. It […]