Archive | Security RSS feed for this section

End-To-End Web Crypto: A Broken Security Model

End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks.  While still potentially useful, such systems should not be used by high-risk populations such as journalists and human rights workers. (more…)

Continue Reading →

DNSChain Considered Harmful

DNSChain is a DNS server that uses Namecoin as a backend, but compromises Namecoin’s security without any improvements to usability or legacy interoperability.  However, DNSChain’s faulty and grandiose claims have led to a frightening degree of interest and adoption.  The Namecoin blog is not the place to engage misguided projects but, as an official Namecoin developer, I feel compelled to speak out. (more…)

Continue Reading →
Aside

Warrant Canary #1

Running infrastructure and doing security research makes you paranoid: when you know something that could cause millions or billions of dollars in damages, it’s inevitable that you go a little nuts with the tin-foil.  However, I’ve been toying with some ideas and I think it’s time for me to suit up with some aluminum foil plating and start post warrant canaries. (more…)