Addendum: compare the screenshot of the unsigned program mentioned above with that of a signed program. That check takes place in Windows Explorer when one opens an executable, before the UAC prompt for admin rights to install it.
That functionality has been in Windows since Windows XP.
So, it's the software that you download that verifies itself? Or, does Windows have a list of checked software along with their signatures?
The author(s) of individual software programs acquire a code-signing certificate from a certificate authority that Microsoft trusts for that purpose. The author(s) then sign their software using that certificate. Windows verifies the signature and ensures it's from a cert issued by a trusted CA.
I had a quick look in your link to the UAC and couldn't see much relevance as it all seemed to be about elevating privileges rather than authenticating 3rd party software. I've never seen Windows do any checking except for drivers.
Most software requires admin rights to install, so it's sensible that the results of the signature checks show up in the escalation prompt. (If the software is unsigned, it gets a scary yellow warning. If it's signed, it shows up in an ordinary looking prompt that lists the program name and the publisher details, as found in the certificate.)
Additionally, if you try opening unsigned executables Windows will prompt you with a moderately-scary warning. Here's a screenshot of such a warning that I took a few minutes ago.
In short: yes, Windows does check signatures on software but it (for better or worse) gives users the option of easily running or installing software even if the program is unsigned.
There's a world of difference between software having a digital signature and the software installer actually checking the digital signature. Does Windows even have a mechanism to check the signature?
Yes. Many (most?) installers for Windows check the signature when you open the installer. This has been the case for ages, with even Windows XP checking signatures (though not for nearly as many things as Windows Vista/7/8 do).
If a program wants admin rights (and many installers do), Windows will check the signature and display a different prompt for signed and unsigned code (see here for an example).
Hasn't LastPass always been $12/year? I've been a subscriber for years and I don't remember it ever being $10.
Anyway, there's no need to rely on LastPass existing for the rest of your life: they give you the option of exporting your data to a CSV file which can be read by just about everything. Other password manager utilities can import CSVs, making any transition pretty simple. Hopefully that won't come to pass, but if it does it's not a big deal.
The government is probably looking for subscriber information (e.g. name, address, etc.). Sprint would almost certainly have access to call logs and location history but probably don't have the personal information of subscribers of one of their MVNOs.
BTW, just out of curiosity, as somebody who has never had the need to install OpenWRT, DD-WRT, or Tomato on a router, what features do folks use that necessitate doing so?
1. Tomato doesn't support WPS, which is useful for security purposes (WPS is broken.). Several major router vendors don't enable you to turn off WPS, or have the GUI "off" switch not fully turn it off. I'd like to have push-button WPS support but do away with the WPS PIN code (the part that's broken) but alas, nobody's made such a setup.
2. Running an OpenVPN server on the router is useful, as it allows me to securely connect to my home network from anywhere.
3. Good IPv6 support.
4. dnsmasq. I have a custom config at home that has certain domains (e.g. netflix.com) get routed to specific DNS servers (https://unlocator.com/ -- useful for accessing Netflix, Pandora, etc. from outside the US) while all other DNS traffic goes to the default servers.
5. While no software is perfect, I'm more confident in the security of open-source firmware than I am in the closed-source stuff from the vendor.
6. A non-crappy interface. Many vendors (e.g. ASUS) make good hardware but have atrocious web interfaces. Tomato is quite nice.
Basically, the open-source firmwares open up a lot of useful options that the factory-supplied firmware doesn't include. Now, if only they'd update to newer kernels -- AFAIK all of the Tomato forks like shibby's use the same 2.6.22 kernel. It'd be nice to have something newer, at least in regards to bugfixes.
Classic* public-key crypto (SSL, TLS, GPG, PGP) would be dead except, and this is quite interesting, except the one based on elliptic curves, which NSA has been advocating for for a long time.
Sorry; perhaps I'm being incredibly ignorant here (I'm the AC that posted above), but my understanding was that Windows came with a bunch of generic drivers for devices, and only checked Windows Update for a device if you told it to when installing the device.
Am I wrong?
Windows typically checks Windows Update for drivers for all newly-connected devices, then look for locally-installed drivers if the Windows Update check didn't find anything. Certain devices (like USB mass storage devices, for example)) are installed using local drivers first, as most people want their USB flash drives to work as soon as possible but are willing to wait a few tens of seconds for other devices.
Ignoring privacy concerns, this is a fairly sensible thing: more devices can be "plug and play" and this benefits users. Similarly, while a driver might be included on a CD that comes with a device, it might be outdated -- an online check with Windows Update can retrieve the latest driver.
DHT doesn't seem to be robust or fault-tolerant to me.
How so? The mainline DHT used for torrents has been operating without outages for years, with tens of millions of nodes taking part (with a churn of about 10 million a day). The DHT is self-healing in that if there's a small cluster of nodes that are interconnected with each other but disconnected from the main DHT, a single connection to the main DHT will result in that cluster completely rejoining the main DHT.
I also don't see how it would provide any anonymity as seems to be claimed.
Indeed. The system appears to provide decentralized, encrypted communications. That's a very important aspect to be sure, but it's not anonymous communication. I don't see any mention in the text or links of the summary saying that the system is intended to be anonymous, only encrypted and decentralized.
OTR over TOR might make more sense.
Perhaps. It'd be interesting to see a Tor-based DHT that would allow for this type of chat protocol to be extended -- that would make it both encrypted, decentralized, and anonymous.
OTR rides on top of underlying IM protocols (e.g. AIM, ICQ, XMPP, Yahoo Messenger, etc.) and encrypts the contents of communications. IM service providers can still shut down individual accounts, monitor who is accessing them, etc., even if they cannot read the contents of messages.
With BitTorrent Chat, the service takes advantage of the DHT (similar to "trackerless torrents" that don't have any single point of failure) to provide a decentralized, fault-tolerant means of exchanging data. There's no dependence on a single service -- all users would participate in the DHT, making it an extremely robust system.
If I read the description properly, it's similar to "OTR-over-DHT" but there's likely substantial differences in the details.
Users that utilize large amounts of storage are relatively uncommon and are subsidized, in part, by users who utilize less storage. If everyone used terabytes of storage at $4/month, that wouldn't really be sustainable.
Although just a personal anecdote, I've used CrashPlan for ~4 years now (with 11 computers belonging to various family members all backing up to their service with a total of around 500GB being stored with them). Zero complaints. It's done everything I expected, always worked, and never had issues. When I had a laptop stolen and purchased a replacement, I was able to restore all the files from CrashPlan in about a day or two of downloading. I highly recommend it.
It depends on your storage needs. For things that you need to regularly access, Amazon S3 will cost you about $175/month for 2TB storage plus transfer fees, but is readily accessible at any time.
Amazon Glacier would only cost you $20/month for that amount of storage, but has various limitations on retrieval time (~4 hour minimum) and higher costs if you need to retrieve more data in a shorter amount of time. As the name suggests, it's designed for "cold storage".
One example: my Nexus 7 draws so much power, even when sleeping, that it is possible to connect it to a weakly charging USB port, come back a few hours later, and it has a lower charge level. I'm sure the same is true for other tablets, and possibly even some phones.
Interesting. My wife has a Nexus 7 (2012 edition). It charges just fine (albeit relatively slowly) from 500mA USB chargers. It charges faster with the 2A charger that comes with it, but I've never had issues with it losing charge while plugged in to a standard charger.
How weak is your "weakly charging" USB port? Is it one on a keyboard or some other low-power accessory, or is it a port on the computer itself?
I was thinking more along the lines of people stocking up and staging a nice protest next spring/summer. Be pretty fun if half their customers dropped service for a couple months and just used their solar. Wonder how nice their profits would look for those other million customers.
That probably won't work: most (all?) grid-tie solar systems will cut off the solar panels if the grid connection is interrupted (so as to avoid feeding power back into the lines in an outage, which would endanger utility workers). Battery-backed solar systems could run independently, but are considerably more expensive and require more maintenance than simple grid-tie systems.
Also, most (again, all?) states have legal requirements that inhabited dwellings have basic utility service (e.g. electricity, water, sewer, etc.). If people were to cut off their power for several months they would likely be in violation of the law.
There's plenty of DNS servers (both root servers, gTLD servers, and ccTLD servers) located outside of US jurisdiction.
While an unexpected shutdown could certainly cause some disruption both inside and outside the US, I'm not sure how effective a global DNS shutdown would be -- there's been significant fractions of the root DNS infrastructure that's been taken offline due to attacks in the past and the system continued to work without interruption. Even if there was a disruption, it's likely that non-US operators of root/gTLD/ccTLD servers would setup workarounds fairly quickly and the rest of the world would go about its business.
Anyway, it's something the government could ever do *once*. The instant they do it, the world changes and would highly unlikely to depend on a system managed by a single country.
Shutting down something like Google, for example, would likely be far more disruptive.
As an example, NameCheap, an American registrar and host, sells Comodo certs for $9/year. GeoTrust are $10.95/year, while Thawte certs are $40/year. Prices drop by a few dollars for multi-year purchases. Gandi, a French registrar and host, offers Comodo certs for $16/year, again with discounts for multi-year purchases.
StartSSL offers domain-validated certs completely free of cost for non-commercial uses. Commercial users are expected to undergo validation (they validate both the person requesting the certificate as well as the organization) which costs about $100/year but entitles them to issue an infinite number of certificates for systems they control (i.e., no issuing certs for your friends, but issuing certs for your work servers is fine). In short, they charge money for what costs them money: signing a cert is essentially free, while validating identity is expensive.
There's plenty of options for cheap certificates, particularly if you buy from a reseller rather than from the CA itself.
Browsers like Chrome can come with cert data for major sites pre-pinned, so as to prevent MITMs even using certs from trusted CAs. Firefox users can use something like Cert Patrol to detect unexpected changes in certificates. The use of HTTPS would prevent malicious packets from being inserted into the data stream (encrypted data is MACed to ensure integrity).
It'd be quite unlikely for nobody to notice an unusual certificate change, particularly if expected cert changes were publicly announced through some other medium (e.g. other forums, Twitter, etc.). It's not perfect, of course, but it raises the bar considerably and would make any such attacks publicly visible.
True, but it would prevent the insertion of malicious packets (the "Quantum Insert" technique they describe in the various articles). Invalid SSL/TLS packets would simply be discarded and it would not be possible to insert malicious packets into the encrypted, MACed datastream.
Yes, MITM would be possible but Slashdot could implement certificate pinning (either through having browsers like Chrome have the cert details baked-in, or having users use something like Cert Patrol for Firefox) to make this harder. It's not foolproof, but it would certainly make this type of attack considerably more difficult and easier to detect.
1. Shortened links allow you to share long URLs in a Tweet while maintaining the maximum number of characters for your message.
That's reasonable. Still, if that was the only reason why it existed then one should have the ability not to use it or use a different one.
2. Our link service measures information such as how many times a link has been clicked, which is an important quality signal in determining how relevant and interesting each Tweet is when compared to similar Tweets.
That information is valuable, I get that. Still, not really enough to justify requiring all links go through their shortener.
3. Having a link shortener protects users from malicious sites that engage in spreading malware, phishing attacks, and other harmful activity. A link converted by Twitter’s link service is checked against a list of potentially dangerous sites. Users are warned with the error message below when clicking on potentially harmful URLs.
In my view, this is what makes the mandatory use of t.co worthwhile -- malicious links can spread really quickly on Twitter and having a mechanism to help minimize the damage of malicious links is a good thing. Not all third-party shorteners have such checking, so it makes sense for Twitter to enforce the use of their shortener that does the checks.
Endpoint weakness is also important, and a good point. There are cryptographic tokens, but GPG realistically doesn't support them (I've tried), so one would have to use the commercial version of Symantec's product to generate/store/use tokens. However, tokens do provide a security increase since the key never leaves the device, and the device does the signing/decryption.
What I'd like to see is an "open source" cryptographic token that can work with gpg. This way, the worst an attacker can do is intercept the token's PIN and generate a bogus signature, but the key material is kept secure regardless.
The OpenPGP smartcard was developed by the primary developer of GnuPG. Pretty much any smartcard reader will work without issues -- I have an SCR355 reader for my desktop (it was plug-and-play on Windows and Linux) and the built-in reader in my Lenovo laptop and both work fine.
There's also the GPF Crypto Stick, which is the same smartcard in a USB token form factor. I also have one, and it works well (though I prefer the card form factor as cards fit in my wallet better).
StartSSL offers free-of-charge domain-validated certificates that are widely trusted. Other CAs like GoDaddy and Comodo offer (often through resellers) domain-validated certs that cost less than $20/year. Thawte DV certs from resellers cost about $30/year. The cost (or lack thereof) for such certs is probably the least important reason why people aren't using HTTPS more.
EV certs are well within the budget for even small businesses, and usually cost around $150/year. Again, hardly unreasonable.
It'd be nice to see more hosting companies implement Server Name Indication (SNI) so that clients can implement SSL/TLS without needing to waste a dedicated IP address. This really should be the default.
As soon as you trust key servers you have the same issue as the root CA's they can be manipulated.
PGP/GPG potentially works rather well, it's weakness is having to move around and validate public keys. The secondary issue is halving to store them on a PC. An opensource smartcard device would seem to deal with the second part. But centralized key stores just beg to be abused.
The key servers don't need to be trusted, at least not in the same way that certificate authorities need to be trusted. The keyservers don't do any sort of crypto at all. They simply store keys that users submit to them and retrieve those that users request.
Someone can simply say "Hey, I have a PGP key with $FINGERPRINT. You can get it on the keyserver." and one can retrieve it. It's trivial to validate that a key retrieved from the keyserver matches the fingerprint given by the expected person.
While not immune to manipulation, keyservers can be difficult to trick: they're append-only (there's no way to remove data from keyservers) and they sync with each other. All keys are self-signed and many are signed by other users. If one keyserver were modified such that a key was altered, that is easily detectable and the changes would likely be undone as the server syncs with others.
Could one upload keys that falsely claim to be someone else? Sure, but that's not a problem with the keyserver, but rather a problem with human validation of fingerprints and other details. In the end, one needs to verify the fingerprint on the key.
Switzerland, where I reside, is similar in many ways (though at a somewhat smaller scale): the Zurich metro area has about 1.1 million people. Geneva and Basel metro areas are each around 500,000 people. The Bern metro area is about 350,000 people and yet the small suburb where I live (pop ~30,000 people) has a relatively large amount of competition: Swisscom (20 Mbps max) and Sunrise (30 Mbps max) each have DSL offerings, UPC Cablecom offers fiber-to-the-node with a EuroDOCSIS 3.0 coax last mile (currently the top plan is 150 Mbps max but this can increase in the future up to 400 Mbps), the electric company is running fiber to every property (it's at most homes now, with 90% availability in 5 years and 100% availability by 2020) and there's a variety of private companies that offer service over the municipal fiber. There's also several 3G and 4G mobile phone providers who offer service with varying speeds (up to 42 Mbps) and bandwidth caps with essentially total coverage.
In short: even with a relatively low-density city composed mostly of private homes and low-rise (under 4 floors) apartment buildings it's economically viable to have many competing firms providing high-speed connectivity. There's really no excuse why US cities like Houston, Phoenix, etc. shouldn't have a good amount of competition in regards to connectivity.
If anything, I'd posit that super dense cities like NYC and the like would be more difficult to run high-speed connections particularly due to the huge amount of legacy lines and equipment (e.g. gobs of twisted copper pairs in cable ducts where a modern fiber line would use much less space but replacing the copper would be disruptive and expensive) and the inability to just plop down equipment as needed due to limited aboveground space. In a lower-density city there's probably more room in cable ducts, places to put above or below-ground equipment boxes, less legacy cruft, etc. that should make it easier to build out high-speed networks and provide competition to customers. Ideally, things could be simplified by having a municipal fiber network that's owned and managed by the city (or, if they must, a contractor) but has service provided by competing private companies over that fiber.
Slashdot Mirror
Addendum: compare the screenshot of the unsigned program mentioned above with that of a signed program. That check takes place in Windows Explorer when one opens an executable, before the UAC prompt for admin rights to install it.
That functionality has been in Windows since Windows XP.
So, it's the software that you download that verifies itself? Or, does Windows have a list of checked software along with their signatures?
The author(s) of individual software programs acquire a code-signing certificate from a certificate authority that Microsoft trusts for that purpose. The author(s) then sign their software using that certificate. Windows verifies the signature and ensures it's from a cert issued by a trusted CA.
I had a quick look in your link to the UAC and couldn't see much relevance as it all seemed to be about elevating privileges rather than authenticating 3rd party software. I've never seen Windows do any checking except for drivers.
Most software requires admin rights to install, so it's sensible that the results of the signature checks show up in the escalation prompt. (If the software is unsigned, it gets a scary yellow warning. If it's signed, it shows up in an ordinary looking prompt that lists the program name and the publisher details, as found in the certificate.)
Additionally, if you try opening unsigned executables Windows will prompt you with a moderately-scary warning. Here's a screenshot of such a warning that I took a few minutes ago.
In short: yes, Windows does check signatures on software but it (for better or worse) gives users the option of easily running or installing software even if the program is unsigned.
There's a world of difference between software having a digital signature and the software installer actually checking the digital signature. Does Windows even have a mechanism to check the signature?
Yes. Many (most?) installers for Windows check the signature when you open the installer. This has been the case for ages, with even Windows XP checking signatures (though not for nearly as many things as Windows Vista/7/8 do).
If a program wants admin rights (and many installers do), Windows will check the signature and display a different prompt for signed and unsigned code (see here for an example).
Hasn't LastPass always been $12/year? I've been a subscriber for years and I don't remember it ever being $10.
Anyway, there's no need to rely on LastPass existing for the rest of your life: they give you the option of exporting your data to a CSV file which can be read by just about everything. Other password manager utilities can import CSVs, making any transition pretty simple. Hopefully that won't come to pass, but if it does it's not a big deal.
The government is probably looking for subscriber information (e.g. name, address, etc.). Sprint would almost certainly have access to call logs and location history but probably don't have the personal information of subscribers of one of their MVNOs.
BTW, just out of curiosity, as somebody who has never had the need to install OpenWRT, DD-WRT, or Tomato on a router, what features do folks use that necessitate doing so?
1. Tomato doesn't support WPS, which is useful for security purposes (WPS is broken.). Several major router vendors don't enable you to turn off WPS, or have the GUI "off" switch not fully turn it off. I'd like to have push-button WPS support but do away with the WPS PIN code (the part that's broken) but alas, nobody's made such a setup.
2. Running an OpenVPN server on the router is useful, as it allows me to securely connect to my home network from anywhere.
3. Good IPv6 support.
4. dnsmasq. I have a custom config at home that has certain domains (e.g. netflix.com) get routed to specific DNS servers (https://unlocator.com/ -- useful for accessing Netflix, Pandora, etc. from outside the US) while all other DNS traffic goes to the default servers.
5. While no software is perfect, I'm more confident in the security of open-source firmware than I am in the closed-source stuff from the vendor.
6. A non-crappy interface. Many vendors (e.g. ASUS) make good hardware but have atrocious web interfaces. Tomato is quite nice.
Basically, the open-source firmwares open up a lot of useful options that the factory-supplied firmware doesn't include. Now, if only they'd update to newer kernels -- AFAIK all of the Tomato forks like shibby's use the same 2.6.22 kernel. It'd be nice to have something newer, at least in regards to bugfixes.
US citizens cannot cop out like that. You must take the responsibility for what is done by your elected officials with your tax dollars.
How, exactly?
Classic* public-key crypto (SSL, TLS, GPG, PGP) would be dead except, and this is quite interesting, except the one based on elliptic curves, which NSA has been advocating for for a long time.
Actually...
Sorry; perhaps I'm being incredibly ignorant here (I'm the AC that posted above), but my understanding was that Windows came with a bunch of generic drivers for devices, and only checked Windows Update for a device if you told it to when installing the device.
Am I wrong?
Windows typically checks Windows Update for drivers for all newly-connected devices, then look for locally-installed drivers if the Windows Update check didn't find anything. Certain devices (like USB mass storage devices, for example)) are installed using local drivers first, as most people want their USB flash drives to work as soon as possible but are willing to wait a few tens of seconds for other devices.
Ignoring privacy concerns, this is a fairly sensible thing: more devices can be "plug and play" and this benefits users. Similarly, while a driver might be included on a CD that comes with a device, it might be outdated -- an online check with Windows Update can retrieve the latest driver.
DHT doesn't seem to be robust or fault-tolerant to me.
How so? The mainline DHT used for torrents has been operating without outages for years, with tens of millions of nodes taking part (with a churn of about 10 million a day). The DHT is self-healing in that if there's a small cluster of nodes that are interconnected with each other but disconnected from the main DHT, a single connection to the main DHT will result in that cluster completely rejoining the main DHT.
I also don't see how it would provide any anonymity as seems to be claimed.
Indeed. The system appears to provide decentralized, encrypted communications. That's a very important aspect to be sure, but it's not anonymous communication. I don't see any mention in the text or links of the summary saying that the system is intended to be anonymous, only encrypted and decentralized.
OTR over TOR might make more sense.
Perhaps. It'd be interesting to see a Tor-based DHT that would allow for this type of chat protocol to be extended -- that would make it both encrypted, decentralized, and anonymous.
How is this different from OTR?
OTR rides on top of underlying IM protocols (e.g. AIM, ICQ, XMPP, Yahoo Messenger, etc.) and encrypts the contents of communications. IM service providers can still shut down individual accounts, monitor who is accessing them, etc., even if they cannot read the contents of messages.
With BitTorrent Chat, the service takes advantage of the DHT (similar to "trackerless torrents" that don't have any single point of failure) to provide a decentralized, fault-tolerant means of exchanging data. There's no dependence on a single service -- all users would participate in the DHT, making it an extremely robust system.
If I read the description properly, it's similar to "OTR-over-DHT" but there's likely substantial differences in the details.
Users that utilize large amounts of storage are relatively uncommon and are subsidized, in part, by users who utilize less storage. If everyone used terabytes of storage at $4/month, that wouldn't really be sustainable.
Although just a personal anecdote, I've used CrashPlan for ~4 years now (with 11 computers belonging to various family members all backing up to their service with a total of around 500GB being stored with them). Zero complaints. It's done everything I expected, always worked, and never had issues. When I had a laptop stolen and purchased a replacement, I was able to restore all the files from CrashPlan in about a day or two of downloading. I highly recommend it.
It depends on your storage needs. For things that you need to regularly access, Amazon S3 will cost you about $175/month for 2TB storage plus transfer fees, but is readily accessible at any time.
Amazon Glacier would only cost you $20/month for that amount of storage, but has various limitations on retrieval time (~4 hour minimum) and higher costs if you need to retrieve more data in a shorter amount of time. As the name suggests, it's designed for "cold storage".
Both offer extremely high degrees of reliability.
One example: my Nexus 7 draws so much power, even when sleeping, that it is possible to connect it to a weakly charging USB port, come back a few hours later, and it has a lower charge level. I'm sure the same is true for other tablets, and possibly even some phones.
Interesting. My wife has a Nexus 7 (2012 edition). It charges just fine (albeit relatively slowly) from 500mA USB chargers. It charges faster with the 2A charger that comes with it, but I've never had issues with it losing charge while plugged in to a standard charger.
How weak is your "weakly charging" USB port? Is it one on a keyboard or some other low-power accessory, or is it a port on the computer itself?
(Ubuntu, which never ever mentions the word Linux on its websites and webpages)
That's demonstrably false. There's plenty of references to Linux on the Ubuntu site.
I was thinking more along the lines of people stocking up and staging a nice protest next spring/summer. Be pretty fun if half their customers dropped service for a couple months and just used their solar. Wonder how nice their profits would look for those other million customers.
That probably won't work: most (all?) grid-tie solar systems will cut off the solar panels if the grid connection is interrupted (so as to avoid feeding power back into the lines in an outage, which would endanger utility workers). Battery-backed solar systems could run independently, but are considerably more expensive and require more maintenance than simple grid-tie systems.
Also, most (again, all?) states have legal requirements that inhabited dwellings have basic utility service (e.g. electricity, water, sewer, etc.). If people were to cut off their power for several months they would likely be in violation of the law.
There's plenty of DNS servers (both root servers, gTLD servers, and ccTLD servers) located outside of US jurisdiction.
While an unexpected shutdown could certainly cause some disruption both inside and outside the US, I'm not sure how effective a global DNS shutdown would be -- there's been significant fractions of the root DNS infrastructure that's been taken offline due to attacks in the past and the system continued to work without interruption. Even if there was a disruption, it's likely that non-US operators of root/gTLD/ccTLD servers would setup workarounds fairly quickly and the rest of the world would go about its business.
Anyway, it's something the government could ever do *once*. The instant they do it, the world changes and would highly unlikely to depend on a system managed by a single country.
Shutting down something like Google, for example, would likely be far more disruptive.
As an example, NameCheap, an American registrar and host, sells Comodo certs for $9/year. GeoTrust are $10.95/year, while Thawte certs are $40/year. Prices drop by a few dollars for multi-year purchases. Gandi, a French registrar and host, offers Comodo certs for $16/year, again with discounts for multi-year purchases.
StartSSL offers domain-validated certs completely free of cost for non-commercial uses. Commercial users are expected to undergo validation (they validate both the person requesting the certificate as well as the organization) which costs about $100/year but entitles them to issue an infinite number of certificates for systems they control (i.e., no issuing certs for your friends, but issuing certs for your work servers is fine). In short, they charge money for what costs them money: signing a cert is essentially free, while validating identity is expensive.
There's plenty of options for cheap certificates, particularly if you buy from a reseller rather than from the CA itself.
Browsers like Chrome can come with cert data for major sites pre-pinned, so as to prevent MITMs even using certs from trusted CAs. Firefox users can use something like Cert Patrol to detect unexpected changes in certificates. The use of HTTPS would prevent malicious packets from being inserted into the data stream (encrypted data is MACed to ensure integrity).
It'd be quite unlikely for nobody to notice an unusual certificate change, particularly if expected cert changes were publicly announced through some other medium (e.g. other forums, Twitter, etc.). It's not perfect, of course, but it raises the bar considerably and would make any such attacks publicly visible.
True, but it would prevent the insertion of malicious packets (the "Quantum Insert" technique they describe in the various articles). Invalid SSL/TLS packets would simply be discarded and it would not be possible to insert malicious packets into the encrypted, MACed datastream.
Yes, MITM would be possible but Slashdot could implement certificate pinning (either through having browsers like Chrome have the cert details baked-in, or having users use something like Cert Patrol for Firefox) to make this harder. It's not foolproof, but it would certainly make this type of attack considerably more difficult and easier to detect.
Twitter's article about their shortener lists 3 reasons for why they do it:
1. Shortened links allow you to share long URLs in a Tweet while maintaining the maximum number of characters for your message.
That's reasonable. Still, if that was the only reason why it existed then one should have the ability not to use it or use a different one.
2. Our link service measures information such as how many times a link has been clicked, which is an important quality signal in determining how relevant and interesting each Tweet is when compared to similar Tweets.
That information is valuable, I get that. Still, not really enough to justify requiring all links go through their shortener.
3. Having a link shortener protects users from malicious sites that engage in spreading malware, phishing attacks, and other harmful activity. A link converted by Twitter’s link service is checked against a list of potentially dangerous sites. Users are warned with the error message below when clicking on potentially harmful URLs.
In my view, this is what makes the mandatory use of t.co worthwhile -- malicious links can spread really quickly on Twitter and having a mechanism to help minimize the damage of malicious links is a good thing. Not all third-party shorteners have such checking, so it makes sense for Twitter to enforce the use of their shortener that does the checks.
Endpoint weakness is also important, and a good point. There are cryptographic tokens, but GPG realistically doesn't support them (I've tried), so one would have to use the commercial version of Symantec's product to generate/store/use tokens. However, tokens do provide a security increase since the key never leaves the device, and the device does the signing/decryption.
What I'd like to see is an "open source" cryptographic token that can work with gpg. This way, the worst an attacker can do is intercept the token's PIN and generate a bogus signature, but the key material is kept secure regardless.
The OpenPGP smartcard was developed by the primary developer of GnuPG. Pretty much any smartcard reader will work without issues -- I have an SCR355 reader for my desktop (it was plug-and-play on Windows and Linux) and the built-in reader in my Lenovo laptop and both work fine.
There's also the GPF Crypto Stick, which is the same smartcard in a USB token form factor. I also have one, and it works well (though I prefer the card form factor as cards fit in my wallet better).
StartSSL offers free-of-charge domain-validated certificates that are widely trusted. Other CAs like GoDaddy and Comodo offer (often through resellers) domain-validated certs that cost less than $20/year. Thawte DV certs from resellers cost about $30/year. The cost (or lack thereof) for such certs is probably the least important reason why people aren't using HTTPS more.
EV certs are well within the budget for even small businesses, and usually cost around $150/year. Again, hardly unreasonable.
It'd be nice to see more hosting companies implement Server Name Indication (SNI) so that clients can implement SSL/TLS without needing to waste a dedicated IP address. This really should be the default.
As soon as you trust key servers you have the same issue as the root CA's they can be manipulated.
PGP/GPG potentially works rather well, it's weakness is having to move around and validate public keys. The secondary issue is halving to store them on a PC. An opensource smartcard device would seem to deal with the second part. But centralized key stores just beg to be abused.
The key servers don't need to be trusted, at least not in the same way that certificate authorities need to be trusted. The keyservers don't do any sort of crypto at all. They simply store keys that users submit to them and retrieve those that users request.
Someone can simply say "Hey, I have a PGP key with $FINGERPRINT. You can get it on the keyserver." and one can retrieve it. It's trivial to validate that a key retrieved from the keyserver matches the fingerprint given by the expected person.
While not immune to manipulation, keyservers can be difficult to trick: they're append-only (there's no way to remove data from keyservers) and they sync with each other. All keys are self-signed and many are signed by other users. If one keyserver were modified such that a key was altered, that is easily detectable and the changes would likely be undone as the server syncs with others.
Could one upload keys that falsely claim to be someone else? Sure, but that's not a problem with the keyserver, but rather a problem with human validation of fingerprints and other details. In the end, one needs to verify the fingerprint on the key.
Switzerland, where I reside, is similar in many ways (though at a somewhat smaller scale): the Zurich metro area has about 1.1 million people. Geneva and Basel metro areas are each around 500,000 people. The Bern metro area is about 350,000 people and yet the small suburb where I live (pop ~30,000 people) has a relatively large amount of competition: Swisscom (20 Mbps max) and Sunrise (30 Mbps max) each have DSL offerings, UPC Cablecom offers fiber-to-the-node with a EuroDOCSIS 3.0 coax last mile (currently the top plan is 150 Mbps max but this can increase in the future up to 400 Mbps), the electric company is running fiber to every property (it's at most homes now, with 90% availability in 5 years and 100% availability by 2020) and there's a variety of private companies that offer service over the municipal fiber. There's also several 3G and 4G mobile phone providers who offer service with varying speeds (up to 42 Mbps) and bandwidth caps with essentially total coverage.
In short: even with a relatively low-density city composed mostly of private homes and low-rise (under 4 floors) apartment buildings it's economically viable to have many competing firms providing high-speed connectivity. There's really no excuse why US cities like Houston, Phoenix, etc. shouldn't have a good amount of competition in regards to connectivity.
If anything, I'd posit that super dense cities like NYC and the like would be more difficult to run high-speed connections particularly due to the huge amount of legacy lines and equipment (e.g. gobs of twisted copper pairs in cable ducts where a modern fiber line would use much less space but replacing the copper would be disruptive and expensive) and the inability to just plop down equipment as needed due to limited aboveground space. In a lower-density city there's probably more room in cable ducts, places to put above or below-ground equipment boxes, less legacy cruft, etc. that should make it easier to build out high-speed networks and provide competition to customers. Ideally, things could be simplified by having a municipal fiber network that's owned and managed by the city (or, if they must, a contractor) but has service provided by competing private companies over that fiber.