OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
This is sure an interesting Friday, with Reddit and Facebook and now Amazon CEOs and founders speaking about Black Lives Matter and the protests surrounding the police killing of George Floyd.
• Founder to leave Reddit, saying resignation can be ‘act of leadership’ • Reddit promises to update content moderation policies to “explicitly address hate” within weeks Earlier today, we told you that Reddit’s Alexis Ohanian was resigning from the Reddit board, asked the company to fill his seat with a Black candidate, and said he’d […]
“I will use future gains on my Reddit stock to serve the black community, chiefly to curb racial hate”
Game engines aren’t just the lifeblood of the video game industry. They may soon be the lifeblood of Hollywood. Since emerging in the late ’90s, the Unreal game engine has quickly become one of the world’s foremost tools for game creators. Now, Disney’s hit Star Wars spinoff series The Mandalorian is using Unreal as well. […]
Apple AirPods have become the default earbuds beloved by millions. Unfortunately, they also cost $159, so it’s no surprise that since they were first introduced in 2016, companies have battled to produce comparable headphones at a lower price. The UK-designed and engineered Veho STIX true wireless earphones may have cracked that particular problem, striking a […]
Instagram isn’t just for tweens and foodies. In fact, the image-heavy platform not only wants to mint new Instagram influencers — it also wants to make them rich. In the last few weeks, the company announced ad revenue sharing on IGTV videos, special badges you can buy from your favorite accounts through Instagram Live, merchandise […]