Profile

Cover photo
Paul Pearce
Attends University of California, Berkeley
43,698 views
AboutPostsPhotosVideos

Stream

Paul Pearce

Shared publicly  - 
 
I found Don Knuth's favorite night club in Seoul South Korea (yes, that's a \tex)
7
Jonathan Kummerfeld's profile photo
 
Awesome!
Add a comment...

Paul Pearce

Shared publicly  - 
 
VeriSign, the Rolls-Royce of internet security, catches a flat
VeriSign, the Rolls-Royce of internet security, catches a flat http://t.co/jqMxoXhh
1
Add a comment...

Paul Pearce

Shared publicly  - 
 
MPAA Press release on the SOPA blackout. It calls the blackout an "abuse of power" to "further [the tech companies] corporate interests". No. Seriously.
1
2
Glenn Sugden's profile photoD Coetzee's profile photoAri Rabkin's profile photoIbrahim Awwal's profile photo
4 comments
 
Yes, Wikipedia is obviously only interested in furthering its corporate interests.
Add a comment...

Paul Pearce

Shared publicly  - 
 
Reddit is going dark for 12 hours on January 18th to raise awareness about SOPA
2
James Cook's profile photoPaul Pearce's profile photoHarish Venkatachalam's profile photo
3 comments
 
Don't forget PIPA too.
Add a comment...

Paul Pearce

Shared publicly  - 
 
UCPD beating UC Berkeley students with batons.
1
4
James Cook's profile photoAndrew Wang's profile photoJoel Weinberger's profile photoHaonan Zhang's profile photo

Paul Pearce

Shared publicly  - 
 
The Tor Blog has a great pair of great writeups on the scope of the damage done by the DigiNotar mess. Included in this article is a list of 531 known fake certificates issued by DigiNotar. This includes things like *.*.com, *.*.org, Google, TorProject, Windows Update, Twitter, Facebook, Skype, MS Live, EquiFax, www.cia.gov, *.mossad.gov.il, and even other intermediate CA's. There are only the known certs issued, it is believed there are more.
2
Paul Pearce's profile photoD Coetzee's profile photo
2 comments
 
The Farsi calling card was interesting. I also enjoyed this quote: "Right now, if we found a DigiNotar-issued certificate certifying that water was wet, we wouldn't believe it without checking for ourselves. Twice."
Add a comment...

Paul Pearce

Shared publicly  - 
 
This is absolutely hilarious. The details are golden.
5
1
Paul Pearce's profile photoJeff Anderson-Lee's profile photoChris Cartland's profile photo
2 comments
 
I love the fact that they secured it against other attackers and added in the fight song.
Add a comment...

Paul Pearce

Shared publicly  - 
 
Best rump/lightning session talk I've ever seen.
Wat. A lightning talk by Gary Bernhardt from CodeMash 2012. The sarcasm in this talk does not represent anyone's actual opinion. For a more serious take on software, try Destroy All Software Scree...
1
Add a comment...

Paul Pearce

Shared publicly  - 
 
A federal judge has ruled that the 5th amendment does not prevent the police from compelling a citizen to decrypt their hard drive. This is an extremely dangerous precedent.
1
1
Ari Rabkin's profile photoAdrienne Porter Felt's profile photoD Coetzee's profile photoLandon Harris's profile photo
4 comments
 
I have to wonder, what if you just, you know, encrypt some data and forget your passphrase? Can you be held liable? What if you just send a bunch of pseudorandom data to someone and the feds think it's encrypted data?
Add a comment...

Paul Pearce

Shared publicly  - 
 
Matthew Inman originally shared:
 
I made an animated GIF about SOPA.

http://theoatmeal.com/sopa
1
Add a comment...

Paul Pearce

Shared publicly  - 
 
Awesome video showing the location of victims being attacked with the rouge DigiNotar *.google.com certificate. This is data pulled from OCSP logs. (OCSP is a mechanism by which your web browser checks to see if a certificate is valid.) The full report is here: http://www.rijksoverheid.nl/documenten-en-publicaties/rapporten/2011/09/05/fox-it-operation-black-tulip.html (Note: The non-Iranian hits appear to be VPN's and Tor exit notes, mainly.)
1
Andrew Tamm (Tammathy)'s profile photoPaul Pearce's profile photo
2 comments
 
I'd argue that a map of instances of attack is the same thing as a map of the victims. But yes, this is the map of victims. I'll tweak my wording.
Add a comment...

Paul Pearce

Shared publicly  - 
 
Alright class. Today we're going to learn how to disable a system root CA in your operating system. Why are we going to learn this? Because Dutch CA DigiNotar signed a fraudulent *.google.com certificate over 5 weeks ago, and has yet to explain how this happened.

This means until the problem is explained, every certificate signed by DigiNotar should be viewed as fraudulent. And because of how the current Public Key Infrastructure (PKI) works, they can sign a certificate for any domain, and your browser will trust it. What does this mean for you? Well, it means right now that spiffy TLS connection to your favorite website (google, bank, etc) might not actually be secure. Scary stuff.

Mozilla has removed the CA from their products, but if you use any other web browser, you need to remove the CA from your OS manually. (Chrome, Safari, et al use whatever root CA's are trusted by your OS.)

Here's how to remove the DigiNotar CA under OSX:
1) From spotlight, type in "keychain access," and then open the tool. This can also be found under "Utilities."
2) In the top left corner of the tool, under "Keychains" select "System Roots"
3) In the bottom left corner of the tool, under "Category" select "Certificates"
4) In the main dialog, scroll through the list of System Roots until you find anything labeled "DigiNotar"
5) Double click on each "DigiNotar" entry, or click on the little info "i" icon
6) Expand the "Trust" sub field by clicking on the arrow.
7) Set "When using this certificate" to "never trust".
8) Close the tool. (At some point it should prompt you for your system administration password.)
9) Reboot.

And that's it. 9 ridiculously complicated steps to untrusting a root CA. 1 down, 174 to go.
5
12
Seshadri Mahalingam's profile photoDustin Li's profile photoSteve Hanna's profile photoAvani Gadani's profile photo
6 comments
Add a comment...
Story
Tagline
Frequently passionate about random things
Introduction
Berkeley CS person
Education
  • University of California, Berkeley
    Computer Science, 2007 - present
Links
Other profiles
Work
Occupation
Computer Security Graduate Student
Basic Information
Gender
Male