The man behind the Silk Road, Ross Ulbricht, received a life sentence after being convicted of money laundering and drug trafficking. It’s estimated that he made around $18 million on the website, which ran as a hidden service in the Tor network. Some of the operators for the Silk Road argue that it was a haven for libertarian philosophy, but does that really excuse the amount of damage they enabled? The Economist notes that since the Silk Road fell, illegal drug sales on the Internet have doubled.
In May, I taught a class on the History of Cryptography at Portland Underground Grad School. I’m extremely grateful to PUGS for asking me to teach, because I’d never done it before. It was a great experience. My students were intelligent and the discussion was good. I learned quite a few things in the process.
Kind of good news: Senators Ron Wyden and Rand Paul teamed up to squash the Patriot Act extension. It’s going to expire on June 1st unless another vote is called on the 31st. The USA Freedom Act (which I think is good?) unfortunately didn’t make it through Senate, either.
Objected to extending the Patriot Act #EndThisDragnet
— Ron Wyden (@RonWyden) May 23, 2015
Regarding the Logjam vulnerability that I mentioned last week, if you’ve got a cloud server and you’re generating new Diffie-Hellman parameters, make sure you’ve got good random numbers! Digital Ocean has advice on generating sufficient random data on cloud servers. The short version is that you should be running haveged on all of your servers.
Regarding #LOGJAM, I wonder how many people are generating new 2048 bit primes on virtual machines with bad RNG right now.
— 🅳🅰🆅🅸🅳 🅷🅾🅻🅼🅴🆂 (@capmblade) May 22, 2015
I’m in the middle of some major migrations and upgrades on the Arnesonium servers. So far, the results have been positive. For instance, the SSL/TLS configuration on my webserver is finally awesome. I’ve also got MaxCDN configured properly, so the entire website is now served via SSL/TLS only!
Here’s what the Qualys SSL Labs checker had to say:
My four-week History of Cryptography class at Portland Underground Grad School is almost over. While I’ve had plenty of experience with speaking to audiences about difficult subjects, this has been my first time with an ongoing class. I think I’m learning as much as my students! Because this class has helped rekindle my passion for cryptography and computer security, this link rodeo is going to focus on those subjects.
Version 1.3.0 of the OpenPGP Form Encryption for WordPress plugin is now available. It’s important to upgrade. It includes the following changes.
- Updates OpenPGP.js to version 1.0.1
- Tests the plugin against WordPress 4.2.2
- Ensures that the browser can support OpenPGP.js
There are a few new features planned for this plugin. Expect a major version release in the next few months.
Check out the plugin page on the WordPress Plugin Repository.
WordPress sends out email sometimes, and it doesn’t encrypt any of them by default. Integration of WordPress and OpenPGP for a better security is a case study by Paweł Bulwan that examines the security implications of all of these emails. Are they leaking important information? Should WordPress site owners worry about them?
Near the end of November, I began fiddling with OpenPGP.js and building a WordPress plugin. My goal is to create a method by which visitors can encrypt messages to me on my Contact page using my public key.
However, when I finished earlier this week and decided to submit it to the WordPress Plugin Directory, I found that somebody had beat me to it by almost a month. I’ve taken a look at the code and it looks pretty good. You can check out my plugin, which was published as OpenPGP Form Encryption for WordPress, and you can check out the other guy’s plugin, PGP Contact plugin.