Profile

Cover photo
Robert Stratton
10,961 views
AboutPostsPhotos

Stream

Robert Stratton

Shared publicly  - 
 
Kudos to Comcast for doing their part to make the Internet safer. Comcast has just completed their full national deployment of DNSSEC. http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html

as if that wasn't enough, they turned off their Comcast Domain Helper service so as not to do anything to interfere with customer's use of DNSSEC. http://blog.comcast.com/2012/01/comcast-domain-helper-shuts-down.html
3
1
CZ Period's profile photoJoe Provo's profile photo
 
Nicely done I was just in a ces panel discussing dns sec


Robert Stratton

Shared publicly  - 
 
Protecting Intellectual Property is Good; Mandatory DNS Filtering is Bad. 13 Oct 2011. vixie. It has been about six months since I got together with four of my friends from the DNS world and we co-aut...
1
1
Randy Bush's profile photoRobert Stratton's profile photoDavid Gifford's profile photo
2 comments
 
Lauren Weinstein (of ARPANET Privacy Digest fame) has an interesting take on this problem called IDONS that is worth a look by people who appreciate how this sort of infrastructure works.

Robert Stratton

Shared publicly  - 
 
Mac users - your computer may be telling you that sites are legit even if the certificate is signed by an untrusted issuer. It's always something.
http://www.macworld.com/article/162086/2011/08/mac_os_x_cant_properly_revoke_dodgy_digital_certificates.html
1
1
Tamale Chica's profile photo

Robert Stratton

Shared publicly  - 
 
DC people be warned. valet parking at IAD will NOT save you time. The gate will eat your ticket and you'll sit for 20 minutes until one of the two guys on duty notices you, tries to diagnose the reader, and then manually activates the gate. Then their computers will go down and they'll disappear looking for tickets to hand-write. In the course of all that, someone may well crash through the aforementioned gate, presumably from impatience. Trust me on this one.
1
Robert Stratton's profile photo
 
Well, I suppose we can wait for another 5 years and a few billion dollars. I'm not sure that the Metro will be the most civilised option even then, however.

Robert Stratton

Shared publicly  - 
 
Props to the USENIX Security 2011 folks for putting their videos of talks up so quickly. These are worth watching. http://www.usenix.org/events/sec11/tech/
1

Robert Stratton

Shared publicly  - 
 
 
You MUST upgrade your iOS and OSX devices NOW to secure your network communications.

Apple SSL implementation is flawed and allows an attacker to intercept ALL encrypted (HTTPS) communication. Every iOS Apps are vulnerables (Safari, Facebook, Google+, Mail...) . On OSX and Safari and  many other apps  are also affected. Chrome is not affected on OSX.

Please it is very important that you  upgrade now as this vulnerability has been made public last night. In particular DO NOT connect to a public WiFi with an unpatched device.

To test if your device is vulnerable you can use the public website: https://gotofail.com

Help spread the word by re-sharing or +1 this post to ensure everyone promptly patch their devices.

For those interested in the technical details:
Apple cryptic patch notes http://support.apple.com/kb/HT6147 After refers to a bug introduced in libsecurity_ssl which is the SSL library used by Apple (http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c). This bug lead the SSL library to not check properly the hostname associated with a
given SSL cert which allows an attacker to easily snoop on any HTTPS site.
2
Joe Klein's profile photoTed Thibodeau Jr's profile photo
2 comments
 
From all I've been able to find...

Mac OS X 10.9 (Mavericks), iOS 6, and iOS 7 have this vulnerability. iOS 6 and 7 patches are available; Mavericks patch will come soon.

Older versions of Mac OS X (Mountain Lion, Lion, Snow Leopard, Leopard, etc.) and iOS do not appear to be affected.

Robert Stratton

Shared publicly  - 
Tuesday, November 22, 2011 10:35 AM. Posted by Adam Langley, Security Team Last year we introduced HTTPS by default for Gmail and encrypted search. We're pleased to see that other major communicat...
1

Robert Stratton

Shared publicly  - 
 
Traders are watching Tony Hawk do stunts on the floor of the Exchange rather than trading or watching Ben Bernanke testifying. Probably the right choice.
1

Robert Stratton

Shared publicly  - 
 
Thank you apcupsd developers, for making it relatively easy to disable UPS alarms in the middle of the night when the power goes off.
1
Chris Ross's profile photo
 
If only me new UPS in the family room ( an APC ES series) even gad a silence button! :-/

Robert Stratton

Shared publicly  - 
 
I'm beginning to believe that people more broadly appreciated the relationship between individuals' "eyeballs" and free web services back in 1995 than they seem to today. (At least if op-eds and satirical comics were any indication.)

Many of the people concerned today about personal information disclosure through social networking sites and pseudonymity/anonymity have forgotten that the advertising-supported free service model becomes unsustainable if there's no confidence on the part of the operator that accounts == real people.

I'm not suggesting for a moment that some of these companies aren't cavalier with our information. That's self-evident. Merely that we can't consider security, privacy, or pseudonymity in a vacuum without also considering business models and economic implications.
1
Chris Ross's profile photoBrad Passwaters's profile photoRobert Stratton's profile photoTodd Masco's profile photo
8 comments
 
Well, unless those sites carry ads provisioned by Google, and make no effort to integrate their data gathering with Google's (like, through Google Analytics). I think the set of sites that don't touch Google any time after the hand-off is decreasing rapidly.
Basic Information
Gender
Male