{"id":259,"date":"2015-05-21T20:15:22","date_gmt":"2015-05-21T20:15:22","guid":{"rendered":"https:\/\/melangedmaculateme.wordpress.com\/2015\/05\/21\/todays-terrifying-web-security-vulnerability\/"},"modified":"2023-07-28T16:25:13","modified_gmt":"2023-07-28T20:25:13","slug":"todays-terrifying-web-security-vulnerability","status":"publish","type":"post","link":"https:\/\/melange.dmaculate.me\/home\/2015\/05\/21\/todays-terrifying-web-security-vulnerability\/","title":{"rendered":"Today’s terrifying Web security vulnerability, courtesy of the 1990s crypto wars"},"content":{"rendered":"

mostlysignssomeportents<\/a>:<\/p>\n

\n
<\/figure>\n


<\/b><\/p>\n

\n
\nThe Logjam bug allows attackers to break secure connections by tricking
\nthe browser and server to communicate using weak crypto \u2013 but why do
\nbrowsers and servers support weak crypto in the first place?<\/p>\n

\nThe answer is in the Bill Clinton-era export restrictions on strong
\ncrypto. During the first crypto wars, the Clinton administration forced
\ntech companies to export pre-broken crypto to nations to which the US
\nwas hostile. This created the possibility that Web servers would find
\nthemselves communicating with browsers that only supported weak crypto,
\nand that Web browsers might connect to servers that were incapable of
\nthe normal strong crypto that we rely upon to protect our sensitive
\ninformation from eavesdroppers.\n<\/p>\n

\nAs a result, browsers and servers distributed in the USA and other
\nwestern states have routinely shipped with a mode in which they appear
\nto be communicating securely, but are actually using a weak,
\neasy-to-break cryptographic protocol.\n<\/p>\n

\nIn other words, they have back doors. And attackers have figured out how to waltz through those back doors.\n<\/p>\n

\nThis is especially significant because western governments are demanding
\n a fresh round of back doors in broader classes of devices that are even
\n more tightly connected to our daily lives. UK Prime Minister David
\nCameron made it an election promise<\/a>, and the FBI has demanded that Congress<\/a> give them the power to force tech companies to build in back doors.\n<\/p>\n

\nBut it\u2019s not the 1990s anymore. Crypto doesn\u2019t just protect the Web \u2013 it secures your car\u2019s wireless interface to keep attackers out of your brakes and steering<\/a>; it secures your pacemaker against wireless attacks that can kill you where you stand<\/a>; it secures your phone against having the camera and mic remotely operated by \u201csextortionist\u201d voyeurs who blackmail their victims into performing live sex acts<\/a> on camera with the threat of disclosure of nude photos covertly snapped by their compromised networked cameras.\n<\/p>\n

\nOnce these vulnerabilites are inserted, they ripple out into devices that are placed in the field and never updated<\/a>,
\n whose owners and users have no way to know that they were broken by
\ndesign. There is only one way to attain cybersecurity, and that\u2019s by
\nmaking the Internet and the devices we connect to it as secure as
\npossible.<\/p>\n

Read the rest\u2026.<\/a>
<\/b><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

mostlysignssomeportents: The Logjam bug allows attackers to break secure connections by tricking the browser and server to communicate using weak crypto \u2013 but why do browsers and servers support weak crypto in the first place? The answer is in the … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-259","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":490,"url":"https:\/\/melange.dmaculate.me\/home\/2014\/07\/04\/own-your-crypto-extremism-with-the-torrorist-tee\/","url_meta":{"origin":259,"position":0},"title":"Own your crypto-extremism with the Torrorist tee","author":"aslam","date":"July 4, 2014","format":false,"excerpt":"mostlysignssomeportents: Celebrate yesterday\u2019s news that the NSA classes all Tor users as \u201cextremists\u201d and targets them for indefinite, deep surveillance\u2026with fashion! Read more\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":58,"url":"https:\/\/melange.dmaculate.me\/home\/2017\/05\/06\/hillary-clinton-to-launch-political-group-as-soon\/","url_meta":{"origin":259,"position":1},"title":"Hillary Clinton to launch political group as soon as next week – POLITICO","author":"aslam","date":"May 6, 2017","format":"link","excerpt":"Must keep the Dems comfortably captive.Hillary Clinton to launch political group as soon as next week - POLITICO","rel":"","context":"In \"Democrats\"","block_context":{"text":"Democrats","link":"https:\/\/melange.dmaculate.me\/home\/tag\/democrats\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1602,"url":"https:\/\/melange.dmaculate.me\/home\/2011\/06\/24\/hillary-clinton-gives-green-light-for-israeli\/","url_meta":{"origin":259,"position":2},"title":"Hillary Clinton gives green light for Israeli attack on Gaza flotilla","author":"aslam","date":"June 24, 2011","format":false,"excerpt":"Via Scoop.it - Rights & LibertiesIn comments yesterday, US Secretary of State Hillary Clinton seemed to lay the ground \u2013 indeed almost provide a green light \u2013 for an Israeli military attack on the upcoming Gaza Freedom Flotilla, which will include the US Boat to Gaza.Show original","rel":"","context":"In \"flotilla\"","block_context":{"text":"flotilla","link":"https:\/\/melange.dmaculate.me\/home\/tag\/flotilla\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":171,"url":"https:\/\/melange.dmaculate.me\/home\/2016\/03\/19\/hillary-clintons-indefensible-stance-on-the-death\/","url_meta":{"origin":259,"position":3},"title":"Hillary Clinton\u2019s Indefensible Stance on the Death Penalty","author":"aslam","date":"March 19, 2016","format":"link","excerpt":"As a trained defense attorney who once represented clients for violent crimes, Clinton has been long aware of how the criminal justice system works in theory versus reality. That she continues to defend the death penalty given everything we know about it now does not so much betray ignorance as\u2026","rel":"","context":"In \"death penalty\"","block_context":{"text":"death penalty","link":"https:\/\/melange.dmaculate.me\/home\/tag\/death-penalty\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":662,"url":"https:\/\/melange.dmaculate.me\/home\/2013\/05\/30\/dirty-wars-official-theatrical-trailer-by\/","url_meta":{"origin":259,"position":4},"title":"DIRTY WARS - Official Theatrical\u2026","author":"aslam","date":"May 30, 2013","format":"video","excerpt":"DIRTY WARS - Official Theatrical Trailer (by IFCFilmsTube)(Source: https:\/\/www.youtube.com\/)","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/gdDdaahMRuo\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":167,"url":"https:\/\/melange.dmaculate.me\/home\/2016\/04\/30\/the-line-that-may-have-won-hillary-clinton-the\/","url_meta":{"origin":259,"position":5},"title":"The Line That May Have Won Hillary Clinton the Nomination","author":"aslam","date":"April 30, 2016","format":"link","excerpt":"Thanks to a number of settlements, we now know that some companies got many of those new signatures via intentional strategies targeting black and Hispanic customers. The most infamous example was Wells Fargo, which paid a $175 million settlement for systematically overcharging black and Hispanic borrowers. It came out that\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/posts\/259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/comments?post=259"}],"version-history":[{"count":1,"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/posts\/259\/revisions"}],"predecessor-version":[{"id":2282,"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/posts\/259\/revisions\/2282"}],"wp:attachment":[{"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/media?parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/categories?post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/melange.dmaculate.me\/home\/wp-json\/wp\/v2\/tags?post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}