It’s been a while in the works but I’ve finally changed some things around here. First of all, this blog has been moved to entirely new site. It is no longer in a co-location hosting centre but instead now lives on its own small server in my home. I’ve added an SSL certificate for encryption and added security.
To celebrate, the blog has also had a make-over with a fresh theme (which isn’t completely finished yet). I’ll be making further tweaks and customizations over the next few weeks but for now, I’m pretty happy with the move.
In the aftermath of the Diginotar hack, I wrote an article that mentioned we needed a silver bullet to solve the problems with the current state of SSL and certificate authorities. Of course the Internet wouldn’t be the Internet if such a silver bullet didn’t emerge sooner or later. Famous hacker Moxie Marlinspike has announced Convergence, a tool to verify the identity of websites without the need for a Certificate Authority. Continue reading “Convergence, an alternative to Certificate Authorities”
In June 2011 Diginotar, a Dutch provider of SSL certificates, was hacked. The hack was probably carried out by hackers working for the government of the sovereign nation of Iran for the purpose of obtaining forged SSL certificates for a number of high level domains, such as Google and Yahoo, among others. With the help of those forged certificates, it was possible to snoop on encrypted communication of Iranian citizens by using them in a classic “man in the middle” attack. While the successful hack is significant in and of itself, it has far-reaching implications for the entire world. Continue reading “Impact of the Diginotar hack”