Your computer ships with a collection of trusted cryptographic certificates, called its "root of trust," which are consulted to verify things like SSL connections and software updates.

Joi Ito has published the "1.0" version of his October essay, Resisting Reduction, which makes major advances on the earlier draft. He's soliciting revisions and comments here. Here's what I wrote about it then:

Joi Ito's Resisting Reduction manifesto rejects the idea of reducing the world to a series of computable relationships that will eventually be overtaken by our ability to manipulate them with computers ("the Singularity") and instead to view the world as full of irreducible complexities and "to design systems that participate as responsible, aware and robust elements of even more complex systems."

Nadia Eghbal's Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure is a long, detailed report on the structural impediments to maintaining key pieces of free/open software that underpin the internet — it reveals the startling fragility of tools that protect the integrity, safety, privacy and finances of billions of people, which are often maintained by tiny numbers of people (sometimes just one person).

Infosec consultant Nik Cubrilovic summarizes the evidence for and against Australian entrepreneur Craig Wright's claim to be Satoshi Nakamoto, the legendary creator of Bitcoin. Cubrilovic comes down hard on Wright.

Wright has a history of fabricating evidence in support of his claim that he is Satoshi Nakamoto.

In 2014, Poul-Henning Kamp, a prolific and respected contributor to many core free/open projects gave the closing keynote at the Free and Open Source Developers' European Meeting (FOSDEM) in Belgium, and he did something incredibly clever: he presented a status report on a fictional NSA project (ORCHESTRA) whose mission was to make it cheaper to spy on the Internet without breaking any laws or getting any warrants.

Sean Gallagher's long, comprehensive article on the state of automotive infosec is a must-read for people struggling to make sense of the summer's season of showstopper exploits for car automation, culminating in a share-price-shredding 1.4M unit recall from Chrysler, whose cars could be steered and braked by attackers over the Internet.

Oracle Chief Security Officer Mary Ann Davidson's deleted post on the company blog was called "No, You Really Can't," and it demanded that Oracle's customers respect the company's outlandish license-agreement terms, and stop checking to see whether the products Oracle sold them were defective.

In my latest Guardian column, I talk about the real danger from the UK Tories' plan to ban effective cryptography: not the initial mandate forcing companies to help spy on their users, but all the things we'll have to do when that doesn't work.

The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. — Read the rest

OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. — Read the rest

The TOR team have discovered a fake certificate in the wild. The certificate, issued by a US company called Cyberoam, was used in an attempt to trick a user in Jordan into believing that her/his connection to the TOR website, was private and secure, though in fact it was being spied upon by a Cyberoam device. — Read the rest

The foundation of Web security rests on the notion that two very large prime numbers, numbers divisible only by themselves and 1, once multiplied together are irreducibly difficult to tease back apart. Researchers have discovered, in some cases, that a lack of entropy—a lack of disorder in the selection of prime numbers—means by analogy that most buildings on the Web would stand in spite of gale winds and magnitude 10 earthquakes, while others can be pushed over with a finger or a breath. — Read the rest

Google has changed its procedures to enable "forward secrecy" by default on all its search-traffic. This means that part of the key needed to decrypt the traffic is never stored, so that in the event that there is a security breach at Google, older, intercepted traffic can't be descrambled. — Read the rest

Ben Laurie is a respected cryptographer (he maintains OpenSSL and is in charge of security research for Google) and he's skeptical of BitCoin, a virtual, cryptography-based currency that has attracted a lot of attention. Ben has written three posts describing his objection to "proof-of-work" as a basis for a virtual currency, and they're great reading, as are the followups from his readers. — Read the rest

Wired.com's Kevin Poulsen and Evan Hansen have confirmed key details concerning unpublished chat logs between whistleblower Bradley Manning and informant Adrian Lamo. Responding to questions on Twitter, Poulsen wrote that the unpublished portion of the chats contain no further reference to 'private' upload servers for Manning, while Hansen indicated that they contain no further reference to the relationship between Manning and Wikileaks chief Julian Assange. — Read the rest

The next court hearing for Julian Assange in London is scheduled to begin around 930am ET on Thursday. Assange is currently being held in London's Wandsworth prison (that's him in the van, above); Sweden wants him extradited over alleged sex crimes. — Read the rest

Security expert Ben "OpenSSL" Laurie went into a Barclay's bank to transfer a large sum of money ("enough money to fund a small country") and discovered an incredibly lax, brittle security system that focused on meeting compliance requirements instead of keeping deposits safe. — Read the rest

Ben "OpenSSL" Laurie sez, "Wonder if Codecon might be of interest to your readers – always a fun conference, the basis has always been 'bring working code', though not necessarily open source. This year adds a new twist with 'or bring working biohacks' which I think is going to be fascinating – if only I didn't have to be somewhere else! — Read the rest

One of the most exciting things about Skype is its encryption — when you use AIM or other IM and VoIP applications, chances are that your communications are in the clear and therefore easily eavesdropped-upon (especially on public WiFi networks).

Skype offers encryption by default, but the scrambling system has been a secret until now. — Read the rest