The compelled certificate creation attack

My friend Jeff has alerted me to a large hole in the SSL encryption problem: that of the compelled certificate creation attack.

Here’s how it works: your web browser comes pre-programmed to trust a number of certificate authorities. A certificate authority is an organization which vouches for an SSL-certificate being presented by a website. An SSL-certificate is designed to positively identify that a website you’re connecting to is who it says it is.

A national government intent on spying could compel one of these certificate authorities (call it ABC Certificates) to create an imposter SSL certificate (for, say, bankofamerica.com) and bless it with ABC Certificates’s stamp of approval. Because your browser trusts ABC Certificates, it will happily trust this fake certificate from bankofamerica.com. The evil national government could then surreptitiously intercept all traffic bound for the real bankofamerica.com and point it to its fake website so as to collect information. Or, it could surreptitiously insert a proxy into the SSL data stream and capture packets, with you or your browser being none the wiser.

You can read the findings of the two Indiana University researchers, Christopher Soghoian and Sid Stamm, here [PDF] on Cryptome.Org. You can also read the discussion of the vulnerability here (scroll to lower 2/3rds of the transcript).

Farmville maker raking in the cash

We were in Borders today chatting with one of the staffers. Somehow the conversation veered to Facebook, when mentioned an amazing statistic about the service. He told us the company that makes the (addicting or annoying, depending on your point of view) games Farmville and Mafia Wars on Facebook is on track to make $450 million this year, selling non-existent livestock and guns.

Sure enough, Business Week has the scoop on this three-year-old company named Zynga. Now where can I find a book on the Facebook API?

John Denver: still big in China

I was listening to the Beastie Boys’ Ill Communication as I was mowing the grass today. The B-Boys are Buddhists and their songs often have lyrics about Tibet. They’d never be welcomed with open arms in China, I thought.

Then I remembered someone who was welcomed with open arms in China: John Denver. Denver toured China in October 1992, playing multiple cities, apparently the first Western artist to tour there. I remembered someone telling me during my visit to China that his song Take Me Home, Country Roads was one of the most popular Western songs in China.
Continue reading →

Tough Saturday

Today began with enough promise: a happy family, brilliant blue skies, and some time to enjoy being ourselves. We puttered a bit for breakfast before getting on to our tasks for the day. Kelly began to get the house clean for our dinner guests and I began work on getting the yard whipped into shape. Kelly left Travis with me while she and Hallie visited her friend for a chat. While I mowed the lawn Travis spent time inside watching TV.
Continue reading →

An expert’s take on the Deepwater Horizon?

Deepwater Horizon burns

My dad sent me a PDF written by an apparent expert on oil drilling who discusses the Deepwater Horizon disaster. I found a webpage of the document here.

Army spy plane tracked Times Square bomber?

Wired is speculating that a secret Army spy plane tracked alleged Times Square bomber Faisal Shahzad. According to the story, Shahzad called and reserved his plane ticket on his way to the airport.

What I don’t understand is why a plane was needed to track him. His cellphone was being tracked by the cellphone company, potentially within 50 feet of his location. Why put a plane up to suck down all electronic signals if you can already pinpoint his location easily?

And I was wondering how Shahzad got on a plane with the No Fly List supposedly protecting us from harm. Fortunately, CNN covered this part – saying that the list doesn’t get updated in real time but every 24 hours. Airlines are now being urged to refresh their databases within 2 hours.

Another scam call, this time from 920-215-8899

I got another scam call today, this time from number 920-215-8899. It said “attention” in Spanish, after which I hung up.

I’m getting tired of dealing with these.

Tracking our Sunday sail

I found a great site called GPS Visualizer which will take your GPS tracking information and turn it into a Google Map. Shown here is our track from our Sunday sail of Lake Gaston. Winds were out of the south-southwest if I recall, and were fairly strong.

You can see our outbound trip in blue and our return trip in purple. As you can see, we had to make a few tacks as we were sailing close-hauled due to the wind. The southernmost point on the purple line is where we almost got dumped by a rogue gust (one of the dangers of sailing close-hauled). At that point, I yanked the sails down and we motored back to the dock!

There was also an incident where a pontoon boat, apparently piloted by a blind woman, crossed dangerously close in front of us, missing us by mere yards. Apparently she was unfamiliar with the rules of the road and couldn’t see the 25-foot sail in front of her.

Day at the lake

We had a bunch of stuff to do this weekend, as evidenced in my last post. Today was no less busy.

After Hallie’s soccer game yesterday we went directly to the Naylors’ house on Lake Gaston, arriving in time for dinner. We had time to unpack and visit a bit before turning in (though I had time to send some pictures to Facebook).

This morning we ate a breakfast of bagels before I began to rig our sailboat for a sail around the lake. We shoved off a little after 11 AM and enjoyed strong winds as we sailed up to the Eaton’s Ferry end of the lake. The wind direction on our return leg wasn’t as favorable and we found ourselves tacking one too many times, which delayed us for lunch. I finally pulled down the sails when we almost got pushed over by a freak gust of wind on our last leg back. We motored the rest of the way in, in spite of the brisk winds.

After lunch, I spent the next two hours unrigging the boat and pulling it out of the water. It had been a long time since the boat had been out of the water and it showed in the hull’s appearance and my mistakes in loading it on the trailer.

We almost lost the boat this afternoon, too! Ralph and his neighbor Ken helped me tow it back to the tiedown pad where we keep it. As Ken and Ralph unhooked it from Ken’s hitch, the front of the trailer rocketed skyward, tipping the boat backwards and almost dumping it over the hill! Fortunately, Ralph and Ken held on to the trailer long enough for us to get it under control. It turns out that we hadn’t lifted the boat far enough forward on its trailer and thus it was back-heavy. Fortunately, a quick tow back to the ramp successfully winched the boat into its proper position.

Now it’s late. I’ve done far more lifting this weekend than I should have, I’m partly sunburned, dehydrated, and I’ve got work tomorrow morning. This weekend was a lot of work but a lot of fun, too.

Lions Park playground build

Yesterday the whole family participated in a community build of the new Lions Park playground. Initially, Kelly and I were going to switch off so that we could keep the kids occupied and also have time to get ready for the lakehouse. Instead, the kids got to pitch in – meaning we all got a chance to help.

We all had a great time and helped put in a wonderful new addition to our neighborhood park.

S	M	T	W	T	F	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31