Monkeysphere

Pushing the CA into taking responsibility for the MiTM, an interesting article which poses some interesting questions, such as "what happens when a CA MITM's its own customer?"

Pushing the CA into taking responsibility for the MiTM, an interesting article which poses some interesting questions, such as "what happens when a CA MITM's its own customer?"

They aren't trusted-third-parties, they are centralised-vulnerability-parties. An article in Financial Cryptography argues "why the browsers must change their old SSL security model".

They aren't trusted-third-parties, they are centralised-vulnerability-parties. An article in Financial Cryptography argues "why the browsers must change their old SSL security model".

Monkeysphere 0.30 has been released. Notes from the changelog: * changing tarball creation and packaging strategies * make non-ssh parts of monkeysphere work well when openssh is not installed; degrade ssh-specific parts gracefully when openssh is not installed. Download it now!

Monkeysphere 0.30 has been released. Notes from the changelog: * changing tarball creation and packaging strategies * make non-ssh parts of monkeysphere work well when openssh is not installed; degrade ssh-specific parts gracefully when openssh is not installed. Download it now!

Christopher Soghoian and Sid Stamm's draft research paper entitled "Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL" presents evidence that CAs may be cooperating with government agencies to help them spy undetected on "secure" encrypted communications: http://files.cloudprivacy.net/ssl-mitm.pdf

Bruce Schneier summarizes the current Man-in-the-Middle Attacks Against SSL: http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html

Bruce Schneier summarizes the current Man-in-the-Middle Attacks Against SSL: http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html

Jake Edge writes in Linux Weekly News on The Monkeysphere: http://lwn.net/Articles/373988/