A couple of weeks back, somebody I know asked me how I went about deploying SSL certificates from the Let's Encrypt project across all of my stuff. Without going into too much detail about what SSL and TLS are (but here's a good introduction to them), the Let's Encrypt project will issue SSL certificates to anyone who wants one, provided that they can prove somehow that they control what they're cutting a certificate for. You can't use Let's Encrypt to generate a certificate for google.com because they'd try to communicate with the server (there isn't any such thing but …
As you may or may not be aware, I've been a customer of Dreamhost for many years now (if you want to give them a try, here's my referral link). Both professionally and personally, I've been hosting stuff with them without many complaints (their grousing about my websites being too large is entirely reasonable given that I'm on their shared hosting plan). Something always got me about their SSL support, though, was that you had to buy a unique IP address from them if you wanted to use it. That cost a pretty penny, almost as much as I pay …
I've updated the SSL certificate on my website as a response to the Heartbleed vulnerability.
Relevant information on the new certificate is here, PGP signed with my usual key (0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1).
Official Wikileaks document submission URLs:
http://suw74isz7wqzpmgu.onion/ (Tor only)
Source: /pictures/the_next_hope-2010/img_1624.jpg, taken 17 July 2010 at the keynote address. Image taken of Jacob Appelbaum's presentation slide.
Official SHA-256, SHA-1, and MD5 fingerprints of the Wikileaks document submission URLs:
If you've been following net.news in the past twenty-four to forty-eight hours you heard about what went down at the Chaos Computer Congress yesterday - a group of security researchers figured out how to exploit the flaws in the MD5 hash algorithm to forge CA certificates, thus placing SSL encryption as we know it in jeopardy.
...right? Breaking SSL is bad, yeah?
Like many things in life (and nearly everything in cryptography) it's not that simple or that straightforward. Yes, this is bad, but it's not "go back to punchcards" bad.
Let's take it step by step. First of all …
It's been said that the killer app that made the Net as ubiquitous as it is today is the web browser, with e-mail running a close second. Just about everyone uses a browser in some capacity or another to access news, information, and e-mail, possibly moreso than dedicated applications (such as e-mail readers, RSS readers, or database searching applications). As great as they are, web browsers have their own unique sets of problems and vulnerabilities that have to be taken into account, especially if privacy is of concern to you.
Firefox, in my considered opinion, is an excellent web browser …
Well, I'm the field again, back in Philadelphia, Pennsylvania to fight the good fight.
Or get myself so worked up that I'll blow through an incarnation, I'm not sure which. It's too early to tell.
My cow-orkers picked me up around 1000 EST5EDT on Monday morning (so written because it'll be well after midnight when I get around to posting this) - apparently my vehicle is distinctive enough that they found my apartment building without too much trouble. Apparently they like the magnets on my car, something that I find endlessly amusing because so few people mention them. After a quick …