OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
The video conferencing app Zoom has become suddenly ubiquitous over the past few weeks, as the coronavirus shutdown closes schools, businesses, and keeps us all indoors. Shares of Zoom dropped 9% on Monday, adding to their sharp declines in recent days, as security and privacy vulnerabilities are reported. There is also new competition from other […]
Amazon will delay its annual marketing and money-making Prime Day due to the coronavirus pandemic.
Canada’s prime minister Justin Trudeau says the country has signed an agreement with Amazon.com for the distribution of critical emergency medical supplies such as masks, face shields, gowns, ventilators, and test kits in the COVID-19 crisis.
Gather round, young and old — and hear tales of bygone days. Back in olden times, citizens would mass at a house of coffee, wherein skilled java alchemists would concoct special blends and apply artisanal wizardry to make each steaming chalice an appointment for the taste buds. Granted, said wizards, once known as baristas, were […]
The last few weeks have given us all a lot to think about. As we watched stores close, Costco lines snake through parking lots and items like hand sanitizer and toilet paper disappear everywhere like they were Lady Gaga tickets, there’s one significant takeaway it’s safe to say we all can agree on. We should […]
Whether it was Bach or Chopin, Ray Charles or Jerry Lee Lewis, Stevie Wonder, Elton John, Alicia Keys or Norah Jones, there was someone whose mastery on the piano made you think, wow, I wish I knew how to do that. It’s a singular, almost timeless skill — and if you love music, there’s no […]