Category: Privacy & Security
-
Bitcoin grows up, gets its own hardware
The big news in the Bitcoin world is that there are several Bitcoin-mining ASICs (custom chips) already shipping or about to be launched. Avalon in particular has been getting some attention recently. Bitcoin mining moved long ago from CPUs to GPUs, but this takes it one step further. The expectation is that very soon most…
-
Oral arguments in NJ voting-machines lawsuit appeal
The appellate hearing (oral argument) of the New Jersey voting-machines lawsuit (Gusciora v. Christie) has been rescheduled to March 5, 2013 in Trenton, NJ. To learn what this is all about, and why you should attend, click here. To recheck the location, time of day, and date of the hearing before you go down to…
-
Are genomes "anonymous data"?
Recently researchers showed that an unknown person’s genome (i.e., the genetic information stored in their DNA) can often be linked to their identity. The researchers used the genome plus some publicly available information to link this information. Just as interesting as the result itself is the way that people talked about it. As an example,…
-
FCC Open Internet Advisory Committee Progress
Earlier this year, I wrote about the launch of the Open Internet Advisory Committee (OIAC). The committee’s mandate is to, “track and evaluate the effect of the FCC’s Open Internet rules, and to provide any recommendations it deems appropriate to the FCC regarding policies and practices related to preserving the open Internet.” I’m chairing the…
-
How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"
Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually…
-
Predictions for 2013
After a year’s hiatus, our annual predictions post is back! As usual, these predictions reflect the results of brainstorming among many affiliates and friends of the blog, so you should not attribute any prediction to any individual (including me–I’m just the scribe). Without further ado, the tech policy predictions for 2013:
-
Turktrust Certificate Authority Errors Demonstrate The Risk of "Subordinate" Certificates
Update: More details have continued to come out, and I think that they generally support the less-paranoid version of events. There continues to be discussion on the mozilla.dev.security.policy list, Turktrust has given more details, and Mozilla has just opened up for public viewing their own detailed internal response documentation (including copies of all of the…
-
Report on the NSF "Secure and Trustworthy Cyberspace" PI meeting
The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) Principal Investigator Meeting (whew!) took place Nov. 27-29, 2012, at the Gaylord Hotel just outside Washington, DC. The SaTC program is NSF’s flagship for cybersecurity research, although it certainly isn’t the only NSF funding in this area. The purpose of this blog posting is to…
-
End-to-End Encrypted GMail? Not So Easy
Last week Julian Sanchez urged Google to offer end-to-end encryption for GMail, so that your messages would be known to you and your browser (and your email correspondents) but not to Google itself. Julian explained why this would be a positive step for users and, arguably, for Google itself. Let’s talk about what would be…
-
You found a security hole. Now what?
The recent conviction of Andrew “Weev” Auernheimer for identity theft and conspiracy has renewed interest in the question of what researchers should do when they find security vulnerabilities in popular products. See, for example, Matt Blaze’s op-ed on how the research community views these matters, and Weev’s own response. Weev and associates discovered a flaw…