/ SUBMIT / SEARCH / STORE / MENU
Cory Doctorow / 7:54 am Wed, Jun 19, 2019

KPMG is in the middle of an unbelievably dirty cheating scandal that keeps on getting uglier

KPMG is one of the "Big Four" accounting firms: that means that whenever a plan for a business or a public project has a box that says, "Make sure no one is cheating," it means that you hire KPMG or one of its rivals to come in and check the books and make sure that everything is on the level. If you can't trust the accounting firm, the whole thing falls apart. Read the rest

Cory Doctorow / 5:23 am Sun, Nov 11, 2018

Apple's new bootloader won't let you install GNU/Linux -- Updated

Locking bootloaders with trusted computing is an important step towards protecting users from some of the most devastating malware attacks: by allowing the user to verify their computing environment, trusted computing can prevent compromises to operating systems and other low-level parts of their computer's operating environment. Read the rest

Cory Doctorow / 9:54 am Mon, Jan 29, 2018

What Ken Thompson's seminal (terrifying!) "On Trusting Trust" tells us about the Spectre and Meltdown bugs

When Unix co-inventor Ken Thompson won the Turing Prize for his work, he dropped a bombshell in his acceptance speech: as an exercise, he had buried a back-door so deeply into the Unix infrastructure that no one had ever found it (to his knowledge). Read the rest

Cory Doctorow / 10:03 am Fri, Aug 18, 2017

Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop. Read the rest

Cory Doctorow / 7:28 am Wed, Sep 23, 2015

It's surprisingly easy to set up a convincing, highly regarded fake online business

Kashmir Hill invented a totally imaginary business -- "Freakin’ Awesome Karaoke Express" or FAKE -- and paid people on Fiverr to follow it on Twitter with thousands of fake accounts, and to flood Yelp and Facebook with positive reviews. Before long, people were calling her and asking her to take their money in exchange for a nonexistent karaoke truck. Read the rest

Cory Doctorow / 11:00 am Tue, Jun 10, 2014

How can you trust your browser?

Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser. Read the rest