The man behind the Silk Road, Ross Ulbricht, received a life sentence after being convicted of money laundering and drug trafficking. It’s estimated that he made around $18 million on the website, which ran as a hidden service in the Tor network. Some of the operators for the Silk Road argue that it was a haven for libertarian philosophy, but does that really excuse the amount of damage they enabled? The Economist notes that since the Silk Road fell, illegal drug sales on the Internet have doubled.
… Read more
In May, I taught a class on the History of Cryptography at Portland Underground Grad School. I’m extremely grateful to PUGS for asking me to teach, because I’d never done it before. It was a great experience. My students were intelligent and the discussion was good. I learned quite a few things in the process.
… Read more
Kind of good news: Senators Ron Wyden and Rand Paul teamed up to squash the Patriot Act extension. It’s going to expire on June 1st unless another vote is called on the 31st. The USA Freedom Act (which I think is good?) unfortunately didn’t make it through Senate, either.
Objected to extending the Patriot Act #EndThisDragnet
— Ron Wyden (@RonWyden) May 23, 2015
Regarding the Logjam vulnerability that I mentioned last week, if you’ve got a cloud server and you’re generating new Diffie-Hellman parameters, make sure you’ve got good random numbers! Digital Ocean has advice on generating sufficient random data on cloud servers. The short version is that you should be running haveged on all of your servers.
Regarding #LOGJAM, I wonder how many people are generating new 2048 bit primes on virtual machines with bad RNG right now.
— David Holmes (@dholmesf5) May 22, 2015
I am now working with my good friends at CommerceCollective! CommerceCollective is a web presence management company located here in Portland, Oregon, and they are great at SEO and social media stuff. They also are really talented web designers. If you’re looking for a full website solution, from design down to the nuts and bolts, we are the place to go.
I’ll be supplementing their services with full-stack web development, IT consulting, and a little bit of copy writing. Read more about our team here!
I’m in the middle of some major migrations and upgrades on the Arnesonium servers. So far, the results have been positive. For instance, the SSL/TLS configuration on my webserver is finally awesome. I’ve also got MaxCDN configured properly, so the entire website is now served via SSL/TLS only!
Here’s what the Qualys SSL Labs checker had to say:
My four-week History of Cryptography class at Portland Underground Grad School is almost over. While I’ve had plenty of experience with speaking to audiences about difficult subjects, this has been my first time with an ongoing class. I think I’m learning as much as my students! Because this class has helped rekindle my passion for cryptography and computer security, this link rodeo is going to focus on those subjects.
… Read more
Version 1.3.0 of the OpenPGP Form Encryption for WordPress plugin is now available. It’s important to upgrade. It includes the following changes.
- Updates OpenPGP.js to version 1.0.1
- Tests the plugin against WordPress 4.2.2
- Ensures that the browser can support OpenPGP.js
There are a few new features planned for this plugin. Expect a major version release in the next few months.
Check out the plugin page on the WordPress Plugin Repository.
Portland Underground Graduate School (PUGS) has invited me to teach a class on the history of cryptography starting May 4th. The class will be four sessions and is very affordable: only $40!
We will cover the basics of cryptography, where it came from, and why it’s important. In addition, I will teach you how to use a number of manual cryptographic techniques. I’m really excited about this class, and I can’t wait to share my knowledge!
To learn more and to sign up, please visit the PUGS class listing here.
WordPress sends out email sometimes, and it doesn’t encrypt any of them by default. Integration of WordPress and OpenPGP for a better security is a case study by Paweł Bulwan that examines the security implications of all of these emails. Are they leaking important information? Should WordPress site owners worry about them?
… Read more