OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
A combination of hubris (failing to heed the stern warnings that bidders should only participate if they know what they're doing), cryptic annotations and confusing illustrations resulted in a bidder buying a 12" wide, 100' long strip between two properties in Broward County, Florida -- an odd parcel that had been formerly owned by the […]
Internet Archive founder Brewster Kahle (who also founded the company Alexa, now an Amazon division) ordered a pack of Sharpies from Amazon using the Internet Archive's business account, then, minutes later, ordered another pack using his personal account, both to be delivered to the Internet Archive: the order for the Internet Archive was priced at […]
Karl Schroeder (previously) is literally the most visionary person I know (and I've known him since 1986!): he was the first person to every mention "fractals" to me, then "the internet" and then "the web" -- there is no one, no one in my circle more ahead of more curves, and it shows in his […]
Even if you feel like AirPods are worth the price tag, you’ve got to admit there’s a certain anxiety that comes with using them. What if I lose them? What if they get wet in the rain? Or drenched in sweat? Or fall into the drink you dropped them into? Shiny tech is great, but […]
With the quick-fix appeal of video games and their own cell phones, it can be tough to keep kids focused on supposedly “educational” toys. And while it may seem counter-intuitive to fight tech with more tech, we’re all in when it comes to the Toybox 3D Printer. We’re not sure if anyone had envisioned a […]
Whether you’re an artist, designer or just organizing a photo album, photo editing software is a must. And software designers know it: Platforms like Photoshop and Lightroom have a ton of helpful features, but you’ll pay for them in spades. Luckily, there’s some competition in the photo editing arena. Right now, Skylum’s Luminar software is […]