Follow by Email

Wednesday, November 26, 2014

Great Firewall of China Blocks Edgecast CDN, Thousands of Websites Affected

Starting about a week ago, The Great Firewall of China began blocking the Edgecast CDN. This was spurred by Great Fire's Collateral Freedom project, which used CDNs to get around censorship of individual domains. It left China with either letting go of censorship, or breaking significant chunks of the Internet for their population. China chose to do the latter, and now many websites are no longer functional for Chinese users.  Just helping to diagnose this problem with the company's site, so it's likely many people are still just starting to discover what's happened and the economic impact is yet to be fully realized. Hopefully pressure on China will reverse the decision.

Revealing Gorilla Glass 4, Promises No More Broken IPhones 

Corning introduced next-generation Gorilla Glass, which it said is ten times tougher than any competitive cover glass now in the market. The company says that the Gorilla Glass 4 so launched is to address the No.1 problem among the smartphones users- screen breakage due to everyday drops.

Nuclear Weapons Create Their Own Security Codes With Radiation

Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.

Interesting  Assumptions In Cryptography

Nice article on some of the security assumptions we rely on in cryptographic algorithms.

Yet Another Malware

Regin is another military-grade surveillance malware (tech details from Symantec and Kaspersky). It seems to have been in operation between 2008 and 2011. The Intercept has linked it to NSA/GCHQ operations, although I am still skeptical of the NSA/GCHQ hacking Belgian cryptographer Jean-Jacques Quisquater.

Sunday, November 23, 2014

Whatsapp Is Now End-to-End Encrypted

Whatapp is now offering end-to-end message encryption:
Whatsapp will integrate the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device.
I don't know the details, but the article talks about perfect forward secrecy. Moxie Marlinspike is involved, which gives me some confidence that it's a robust implementation.

Encrypt Your Website For Free

Announcing Let's Encrypt, a new free certificate authority. This is a joint project of EFF, Mozilla, Cisco, Akamai, and the University of Michigan.
This is an absolutely fantastic idea.
The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you're actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It's tricky to install correctly. It's a pain to update.
Let's Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process.
[...]
The key principles behind Let's Encrypt are:
  • Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost.
  • Automatic: The entire enrollment process for certificates occurs painlessly during the server's native installation or configuration process, while renewal occurs automatically in the background.
  • Secure: Let's Encrypt will serve as a platform for implementing modern security techniques and best practices.
  • Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
  • Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
  • Cooperative: Much like the underlying Internet protocols themselves, Let's Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.