/ SUBMIT / SEARCH / STORE / MENU
Cory Doctorow / 9:54 am Mon, Jan 29, 2018

What Ken Thompson's seminal (terrifying!) "On Trusting Trust" tells us about the Spectre and Meltdown bugs

When Unix co-inventor Ken Thompson won the Turing Prize for his work, he dropped a bombshell in his acceptance speech: as an exercise, he had buried a back-door so deeply into the Unix infrastructure that no one had ever found it (to his knowledge). Read the rest

Cory Doctorow / 10:03 am Fri, Aug 18, 2017

Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest

Cory Doctorow / 7:28 am Wed, Sep 23, 2015

It's surprisingly easy to set up a convincing, highly regarded fake online business

Kashmir Hill invented a totally imaginary business -- "Freakin’ Awesome Karaoke Express" or FAKE -- and paid people on Fiverr to follow it on Twitter with thousands of fake accounts, and to flood Yelp and Facebook with positive reviews. Before long, people were calling her and asking her to take their money in exchange for a nonexistent karaoke truck. Read the rest

Cory Doctorow / 11:00 am Tue, Jun 10, 2014

How can you trust your browser?

Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser. Read the rest