OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce "untrusted, provable logs."
In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s cryptographic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.
Secure the Internet (PDF)
Nest is a home automation company that Google bought in 2014, turned into an independent unit of Alphabet, then re-merged with Google again in 2018 (demonstrating that the "whole independent companies under Alphabet" thing was just a flag of convenience for tax purposes); the company has always focused on "ease of use" over security and […]
Do Not Track was a standardized way for browsers to tell services that their owners did not consent to having their activities and usage logged; however, it was subverted by Big Tech and big media companies and turned into a useless tick-box that had virtually no impact on your privacy.
The latest fuck-you from Oath -- the Verizon division created to manage the zombie assets of AOL and Yahoo, bought at a ridiculous premium and then written down by more than 99% -- is the impending drawdown of Yahoo Groups, with mass deletions of all stored "Files, Polls, Links, Photos, Folders, Calendar, Database, Attachments, Conversations, […]
In recent years, natural language processing technology and language translation technology have advanced greatly. The trouble is, language translation software typically comes in the form of apps. And while your mileage may vary on their usefulness, they share one thing in common: a serious drain on the battery for your smartphone, the very thing you’ll […]
Treat yourself, internet: We’ve rounded up some deals from the past week that were too good not to bring back for an encore. Take your pick from home goods, massagers and other tech, all at serious discounts. TREBLAB Z2 Bluetooth 5.0 Noise-Cancelling Headphones Get in the groove and stay that way with these headphones and […]
As cool as your smartphone is, it can’t do everything. When a job requires a little elbow grease, a multitool is a great thing to have around – and might just save your life in the right situation. Here’s a roundup of some of the latest multitool designs, which have come a long way since […]