June 16, 2024

How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"

Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually […]

Turktrust Certificate Authority Errors Demonstrate The Risk of "Subordinate" Certificates

Update: More details have continued to come out, and I think that they generally support the less-paranoid version of events. There continues to be discussion on the mozilla.dev.security.policy list, Turktrust has given more details, and Mozilla has just opened up for public viewing their own detailed internal response documentation (including copies of all of the […]

When Technology Sanctions Backfire: The Syria Blackout

American policymakers face an increasingly complex set of choices about whether to permit commerce with “repressive regimes” for core internet technologies. The more straightforward cases involve prohibitions on US import of critical network technology from states that we suspect may include surveillance backdoors. For example, fears of “cyber espionage” have fueled a push for import […]

Congressman Issa's "Internet Law Freeze": Appealing but Impractical

This week, Congressman Darrell Issa released a draft bill that would prevent Congress and administrative agencies from creating any new internet-related laws, rules, or regulations. The Internet American Moratorium Act (IAMA) is a rhetorical stake in the ground for the notion that the government should “keep its hands off the internet.” In the wake of […]

CITP Call for Fellows, Postdocs, and Visiting Professors for Fall 2013

The Center for Information Technology Policy (citp.princeton.edu) is an interdisciplinary research center at Princeton that sits at the crossroads of engineering, the social sciences, law, and policy. CITP seeks Fellowship and Postdoc applicants for the 2012-2013 school year from academia, industry, government, and civil society. These are one year appointments — usually from July 1st […]