It turns out that ~20% of the time users spend on traditional 2-factor authentication apps is wasted on dead tokens. I call these tokens “Zombie Tokens” and I have a clever solution for them. (more…)
End-to-end encryption of web services is increasingly popular: Mailvelope aims to bolt a PGP client onto webmail and both Yahoo and Google are working to add support directly. However, the fundamental nature of the web and the limits of human cognition make web-based E2E encryption susceptible to MITM attacks. While still potentially useful, such systems should not […]
okTurtles, DNSChain, and Unblock.us.org form a software stack that is being sold as a panacea to online surveillance and DNS censorship. This hyperbolic marketing is disingenuous if not dangerous. I would like to outline exactly what each piece of software does and how the stack relates to the field as a whole. (more…)
There is no excerpt because this is a protected post.
DNSChain is a DNS server that uses Namecoin as a backend, but compromises Namecoin’s security without any improvements to usability or legacy interoperability. However, DNSChain’s faulty and grandiose claims have led to a frightening degree of interest and adoption. The Namecoin blog is not the place to engage misguided projects but, as an official Namecoin […]
Running infrastructure and doing security research makes you paranoid: when you know something that could cause millions or billions of dollars in damages, it’s inevitable that you go a little nuts with the tin-foil. However, I’ve been toying with some ideas and I think it’s time for me to suit up with some aluminum foil plating and start post […]