Archive | Security

End-To-End Web Crypto: A Broken Security Model

End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks.  While still potentially useful, such systems should not […]

Debunking okTurtles, DNSChain, &

okTurtles, DNSChain, and form a software stack that is being sold as a panacea to online surveillance and DNS censorship.  This hyperbolic marketing is disingenuous if not dangerous.  I would like to outline exactly what each piece of software does and how the stack relates to the field as a whole. (more…)

DNSChain Considered Harmful

DNSChain is a DNS server that uses Namecoin as a backend, but compromises Namecoin’s security without any improvements to usability or legacy interoperability.  However, DNSChain’s faulty and grandiose claims have led to a frightening degree of interest and adoption.  The Namecoin blog is not the place to engage misguided projects but, as an official Namecoin […]

Warrant Canary #1

Warrant Canary #1

Running infrastructure and doing security research makes you paranoid: when you know something that could cause millions or billions of dollars in damages, it’s inevitable that you go a little nuts with the tin-foil.  However, I’ve been toying with some ideas and I think it’s time for me to suit up with some aluminum foil plating and start post […]

Powered by WordPress. Designed by WooThemes