November 27, 2024

Grieving Aaron Swartz

Aaron took his life yesterday. The world has lost a good soul. Aaron was brilliant, inventive, generous, and passionate. The intense pressure on Aaron was unfair, and it was a direct result of his well-intentioned fight to make the world a better place. I feel sad, angry, and even guilty. Experts will tell you that […]

How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"

Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually […]

Predictions for 2013

After a year’s hiatus, our annual predictions post is back! As usual, these predictions reflect the results of brainstorming among many affiliates and friends of the blog, so you should not attribute any prediction to any individual (including me–I’m just the scribe). Without further ado, the tech policy predictions for 2013:

Turktrust Certificate Authority Errors Demonstrate The Risk of "Subordinate" Certificates

Update: More details have continued to come out, and I think that they generally support the less-paranoid version of events. There continues to be discussion on the mozilla.dev.security.policy list, Turktrust has given more details, and Mozilla has just opened up for public viewing their own detailed internal response documentation (including copies of all of the […]

Report on the NSF "Secure and Trustworthy Cyberspace" PI meeting

The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) Principal Investigator Meeting (whew!) took place Nov. 27-29, 2012, at the Gaylord Hotel just outside Washington, DC.  The SaTC program is NSF’s flagship for cybersecurity research, although it certainly isn’t the only NSF funding in this area.  The purpose of this blog posting is to […]