Thursday, March 25, 2010

SSL secure, browsers NOT.

It turns out that the government IS spying on not just anyone, but EVERYONE. Not just any government - all governments. Browser weaknesses allow ANY browser accepting CAs to be used as an espionage tool without alerting the user. The weakness? Certificate Authorities willingly leak keys to agents who ask for them. This allows seamless interception of ALL messages, Email, web browsing, and in the case of Windows - your entire operating system.

1st Nail:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl

2nd Nail:
http://www.thoughtcrime.org/software/sslsniff/

3rd Nail:
http://www.tomsguide.com/us/Sony-PlayStation-PS3-VeriSign-SSL,news-3235.html

In Science, it is necessary to provide only ONE piece of evidence to disprove a theory, and at least three pieces to promote a theory. That makes things pretty robust, and that's why the "theory" of evolution is so strong. After 100+ years, nobody has introduced anything to actually disprove evolution. In the meantime, thousands of pieces of supporting evidence flow in each year - reinforcing the theory.

When THREE pieces of evidence come in to disprove a theory - it's considered absolutely dead in the water, sink it, bury the pond, and plant tulips. The theory that browsers are secure is utterly shattered.

Sleep well.

1 comment:

zeitgeaust said...

well ya man, but the burden of proof always rests on the party makin the claims, It isn't the job of anyone to disprove any thing; only disregard until proven. yet i suppose in your case, you have provided a burden of proof