Maybe try not reading every story as a personal attack?
This is a problem given goal of media is propagation of fear or outrage for the purpose of self enrichment.
From 60 minutes, to Saujani to Slashdot and everyone else in the chain of covering this placement was based on the premise of ability to draw ATTENTION, stew controversy and outrage rather than providing useful information.
Also please try to understand what patriarchy is. Men are sometimes disadvantaged by the legal system due to their gender, but that's because in a patriarchy women are seen as the more "natural" parents and toxic ideas about masculinity, that men are less suitable parents and less loving, are all part it.
By addressing this the system will get fairer for everyone, including men.
Assertions of patriarchy are clearly ridiculous in the context of this article. It's invoked not from reason but from the need for attention where none would otherwise be warranted.
It was a tax tax cut and an increase in standard deduction. "Fucked with withholdings". They took less out because tax rates went down. If your HR fucked with your withholding that doesn't have much ado about the government or tax cut.
Why would you want a return? That means you had the government take too much money. That means you coudn't use that money or save that money and earn some kind of interest in a savings account (any interest rate is better than what the government gives) or invest it (any return is better than what the government gives). Why would you let any institution hold your money for nothing?
While I tend to agree with this sentiment it's irrelevant WRT my comments.
The point is not every extra dollar in pay check is due to lower taxes. They lowered the margins on withholdings. You can have any opinion you want on the merits of it. My point is only that it occurred.
Trump was the one that got rid of net neutrality through his appointments to the FCC. Let's not pretend that he's in favor of it. If it weren't for him, we wouldn't need a bill.
I disagree with the premise.
Even our hero at FCC Tom Wheeler didn't want what went down regarding Title II reclassification. His hand was forced into it as a last resort either reclassification or nothing after losing Verizon lawsuit.
Best possible outcome was always a legislative fix imposing meaningful NN and competition without all the ancient POTS era title II bullshit.
When faced with an opportunity to address a problem the democrats elected to sit on their asses and squander it by creating an act that simply reverses Ajit Pai's bullshit.
Seriously they say they will pursuit legislation to address NN and save the Internet. Yet they go and pull this shit?
Democrats appear to be too lazy to even bother writing a real bill that cleanly addresses the issues of NN. They couldn't be bothered to peel anyone away from the war effort against orange clowns?
All this does is reinstates the same bullshit regime in place earlier with it's hodgepodge of arbitrary forbearances, looming threat of POTS style regressive USF taxes and pointless POTS era regulatory burdens on small providers.
Most people use really bad passwords over and over for multiple sites. Thus being able to use their mobile device is a vast improvement to their security.
The vector actually being exploited in the real world is the user. This is addressable by deployment of secure authentication protocols which protect users from themselves.
Throwing up new barriers that either have a negative impact on security (Automated password/device reset/recovery) or increase annoyance and risk of nuisance lockout... (my device broke and I can't login anymore) are not helpful to real people. They are simply annoying and pointless.
Fixing actual problems with password authentication by widespread use of secure authentication helps everyone.
By the way, do you have any evidence that Google/Apple are actually a security threat to you?
The question people face in the real world is "Can I trust x?" not "Can I prove x is untrustworthy?" Humans don't tend to entrust things of value to strangers based on absence of evidence of untrustworthiness. This isn't a useful, practical or reasonable standard.
For example, it seems like law enforcement is forced to spend hundreds of thousands of dollars to compromise phones because Google/Apple refuse to help them, so I'm wondering exactly what your threat model is.
My understanding is it's mostly Apple. Android is way less secure. Misleading to address them as you have on the same level.
Most peoples adversaries are not law enforcement. Our adversaries are stalkers and criminal enterprise that routinely exploit hostile permissive system of take it or leave it demands baked into Android by Google at the behest of app store vendors.
This is obviously immoral if the ideas are not only ridiculous but dangerous as well, and there's zero evidence it will look, and good reason to think it wouldn't. So no.
Your loss. Personally I've found pushing the ridiculous to the max is a good way to get people to discover their own errors in judgment and quite amusing to boot.
As for the rest of what you say... the focus of such sympathy as you are able to muster should not be with "those suspicious of vaccination". It should be with those harmed by people not vaccinating. That would be babies, old people, the immunocompromised, etc.
I have no interest in addressing symptoms. I only care about problems. Emotional reactions to suffering doesn't help anyone suffer less. Only sane rational policy does that.
You can talk as much bollocks as you like about TLAs being bought etc etc,
When bollocks = documented reality Houston we have a problem. Dismissing reality is the very thing anti-vaxxers are derided for and unsurprising here you are trying your hand at the same thing.
but I'd bet a large amount of money that if you or a loved one were in an ICU, you'd be perfectly happy to have the adenosine you're prescribed, be intubated as needed, have a central line in place, etc, without feeling the need to mutter darkly about your suspicions about the science all being faked because drug companies and med device companies are prone to evil and corrupt acts.
What I care about is correcting institutional failures having lead to unnecessary suffering. Loss of legitimacy often translates into human suffering.
So tell us, clever clogs: how do you get a virulent idea to die out? You can't argue against it, because its adherents see arguments as "persecution" even if you don't mean it that way. You can't choose not to stock books that promote it, even though you're a private company, because apparently that's also persecution. And if you do nothing, its adherents will continue to spread the message. So how *do* you get the idea to die out?
Invent something more ridiculous to replace it?
Personally I have little sympathy for those pissed off about all those suspicious of vaccination. There is more blame to be placed than just on the shoulders of crackpots.
There is way too much regulatory capture / corruption / lobbying / scope creep from drug industry spending big to try and make shit mandatory coupled with widespread culture of dismissiveness when it comes to filing of adverse reaction reports.
The government has only itself to blame for failing to act beyond reproach with resulting loss of legitimacy / confidence being entirely predictable consequence.
I mean WTF does anyone expect people to believe in an era where regulatory capture is pervasive? The FDA was bad enough... today we live in crazy land where even TLAs like the motherfucking DEA have been corrupted by industry from the top down.
AMT doesn't need VTd turned on to access the network, so keeping VTd off for that reason does absolutely nothing. AMT has its own dedicated side band access to the network hardware.
This simply isn't true. Without VTd the NICs can't be used by both AMT and the host system concurrently. My commentary was based on first hand real world observation of what actually occurs:
When VTd is enabled there is a an active IP stack responding to pings and incoming TCP requests when the computer is turned completely off.
When VTd is enabled and all ports are firewalled in the operating system you can still establish incoming TCP connections to ports that not only bypass the firewall but are completely unknown to the host operating system.
When VTd is disabled both of these things cease.
Actually, VTd HELPS mitigate AMT concerns because with it turned on AMT is unable to execute arbitrary DMA reads/writes to system RAM, VTd limits AMT's DMA to only the ranges of RAM that the OS allows.
The opposite is true.
I don't care about conspiracy theories involving AMT doing shady shit all by itself. I care about AMT being remotely commanded by someone exploiting a vuln or who is able to obtain a properly signed cert and has the ability to broadcast DHCP. You can't send commands to things that are unable to receive them.
By the way... there is a much better way to "stop Intel AMT"... just don't buy a system that is "VPro" branded. If the system doesn't have VPro then AMT isn't even present... it gets permanently fused off at the Intel factory. Intel has a special sticker for VPro, so labeling of systems is very clear:
Certainly good advice yet generally useless as it applies only when buying new systems. Keeping VTd disabled where AMT is unable to be "disabled" is applicable to a much wider audience.
Are you kidding me? It was a spectacle of epic proportions. She was doing nothing more than grandstanding.
There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.
She was getting Mark to make a public contradictory statement on the record about value of privacy given Equifax's lawyers have argued to the contrary in court.
Derisive characterizations "petulant child" "screaming temper tantrum"...are in my view absolutely ridiculous having listened to the exchange.
Everyone already knows that Equifax screwed up. We don't needs some blowhard reminding us of what we already know.
What to do about it is still very much in play on multiple levels. As a lawmaker it's important to get a read on the extent to which industry gives a fuck / recognizes a problem and willing to change themselves when considering policy options.
I doubt that would stand up in court though. If you deliberately set things up so that the fact you received a secret subpoena will be disclosed by your inaction, all you really did is demonstrate intent to violate the secrecy requirement through pre-meditation.
Courts tend not to be impressed with this kind of argument, and those who claim to have asked lawyers about it (such as Moxie Marlinspike) say they were advised against it.
Some orgs have tried things like having multiple people sign the canary, each in a different legal jurisdiction. But that doesn't really help either, unless all parties have some way of detecting when one of them is served with a secret subpoena, which seems far-fetched. It also doesn't really protect the person receiving the subpoena as it is actually just a conspiracy to thwart the court's legally issued order.
Unfortunately, canaries are not reliable, either for detecting subpoenas/LEA requests or for protecting the person issuing them.
Why not just cut and paste the entire Wikipedia article while you're at it?
For this reason, Windows now has IOMMU virtualization enabled to prevent DMA attacks (starting with Windows 10 RS4/1803/April 2018 Update): https://twitter.com/AmarSaar/s... In conjunction, tianocore also has IOMMU based DMA protection for 2 years now: https://github.com/tianocore/e.... So even if the OS isn't up yet DMA attacks are still locked out. Assuming you are running a recent OS and firmware, this is now a non-issue.
The problem myself and others face with allowing VTd virtualization is that for some this will be the only lever available for stopping Intel AMT from being accessed externally.
When enabled and your computer is off it's still listening on TCP ports. When stealth mode firewall is on with all incoming ports blocked the port is still open. Virtualization is the only thing that physically allows the network hardware (wired and wireless) to be shared concurrently with both the host and management engine.
"has never terminated a customer or taken down content due to political pressure" They totally did, once as I recall, and Matt Prince back pedaled that like a MFer.
The crazy part of this is cloudflare themselves raised this same point.
"We're going to have a long debate internally about whether we need to remove the bullet about not terminating a customer due to political pressure. It's powerful to be able to say you've never done something. And, after today, make no mistake, it will be a little bit harder for us to argue against a government somewhere pressuring us into taking down a site they don't like."
Couldn't the same order that requires that they not disclose they are being investigated also include implicit disclosure to that effect?
Warrant canaries could reasonably constitute such implicit disclosure if they took them down or altered their update policy in any way that is commensurate with any previously made announcement to that effect.
Actively taking a canary down in response to subpoena is obviously the same thing as disclosing the existence of a subpoena.
Good warrant canaries are designed to avoid this problem by self destructing on their own when neglected.
The distinction / legal argument here is government cannot compel speech in the form of positive effort required by an individual to maintain existence of canary who no longer wishes to do so.
While suspicion is always a good thing, FIDO is less inclined to expose your identity to some arbitrary web service than classic TLS client certificates or simple cookies or JavaScript run-time environments are.
Why less? FIDO can be configured to prompt. TLS authentication can be configured likewise to prompt. FIDO has channel bindings allowing servers to get indications of usage at transport level same as TLS.
But unlike TLS client certificates, FIDO is well-prepared to work for web sites that want to make sure the client is actually using some sort of hardware key storage, from where it is never transferred into the main memory.
This idea that private key operations of client certs have to be handled in software requiring keys to be transferred to the host system is simply not correct.
Smart cards have enabled exactly this for at least a dozen years and counting. They also happen to cost four times less than current USB sticks.
If you're doing the signing on the computer, an attacker can copy the private key on its way from the module to the computer or copy it out of the browser process once it is in the computer. If you're doing the signing on the module, that is exactly what FIDO aims to do. What am I missing?
There are a number of deployment options. In high security systems keys are loaded onto smart cards and handed off to users. Private keys never leave the card.
In low security situations where you just want to protect users from phishing key pairs would just be downloaded initially during initial onboarding and loaded into systems user cert store.
You could also do signing request from the hardware itself. No matter what solution you pick it's all RSA and it's all about managing private keys. The same options can be available no matter what.
Personally I don't much care about arguments involving local system compromise. My view is successful hijacking of just a single session is game over. I see limited value in distinctions that attempt to "limit damage" to follow on sessions. Game over is game over.
If the system is compromised during initial key signing when trust is established with FIDO you're also screwed no matter where private key is stored. An attacker could simply submit their own signing request using their private key and MITM proxy a parallel handshake to make you think it worked when in fact the attacker registered as you not yourself. It's still all bets are off when local system is compromised.
I notice the sarcasm. It's required in a browser only because as of first quarter 2019, more customer-facing websites support FIDO than TLS client certificates.
As a site owner client certs are currently by far more universally supported with lower barrier to entry for security conscious users.
The structure of FIDO ensures that the private key never leaves the device, unlike with a TLS client certificate whose key pair must be copied into the TLS stack's address space to be used.
This is not true. With client certs RSA operations can occur within the smart card or security module. Private key need never leave the hardware.
Who is the signer in common uses of TLS client certificates?
The site owner who has created their own CA to issue certs to their users.
In hypothetical use thereof on customer-facing websites, who would be the signer?
The site owner runs the CA and is the signer. If my company is called "Waffle's Widgets" when my user goes to one of my sites a certificate for Waffle's Widgets is loaded. If there is another company out there using the same name and the user happens to have an account on both they are prompted to select which cert they want to use. Picking the wrong one results in message authentication failure. Picking the right one results in successful sign-in. This issue is a nothing burger.
How does the deprecation of the keygen element change this answer?
My personal view is that keygen is pointless.
In order to improve the usability of TLS client certificates to the point where customer-facing websites can use them, an overhaul of the user interface is needed. Feel free to contribute a pair of pull requests, one to Firefox and one to Chromium, that does this.
Firefox user experience is really not that bad in this regard. If site pushes a pkcs file it comes right up and asks you to install cert which is just fine during signup/onboarding process.
I'm a million times more interested in getting existing TLS-SRP patches enabling secure mutual username / password authentication committed into the major browsers. This is much more important to me as in my view stands the best chance to meaningfully increase system security and mitigate phishing.
Slashdot Mirror
They resemble a victim narrative interpretation where everything is a personal attack.
This pretty much sums up SJW culture.
Maybe try not reading every story as a personal attack?
This is a problem given goal of media is propagation of fear or outrage for the purpose of self enrichment.
From 60 minutes, to Saujani to Slashdot and everyone else in the chain of covering this placement was based on the premise of ability to draw ATTENTION, stew controversy and outrage rather than providing useful information.
Also please try to understand what patriarchy is. Men are sometimes disadvantaged by the legal system due to their gender, but that's because in a patriarchy women are seen as the more "natural" parents and toxic ideas about masculinity, that men are less suitable parents and less loving, are all part it.
By addressing this the system will get fairer for everyone, including men.
Assertions of patriarchy are clearly ridiculous in the context of this article. It's invoked not from reason but from the need for attention where none would otherwise be warranted.
It was a tax tax cut and an increase in standard deduction. "Fucked with withholdings". They took less out because tax rates went down. If your HR fucked with your withholding that doesn't have much ado about the government or tax cut.
Of course tax rates influence withholdings yet this is not the entire story.
https://www.irs.gov/newsroom/n...
Why would you want a return? That means you had the government take too much money. That means you coudn't use that money or save that money and earn some kind of interest in a savings account (any interest rate is better than what the government gives) or invest it (any return is better than what the government gives). Why would you let any institution hold your money for nothing?
While I tend to agree with this sentiment it's irrelevant WRT my comments.
The point is not every extra dollar in pay check is due to lower taxes. They lowered the margins on withholdings. You can have any opinion you want on the merits of it. My point is only that it occurred.
I'm mesmerized by Avatar / Geostorm tablet foldouts from what start off as oversized pens. I'll buy a working one of those for $2k.
Trump was the one that got rid of net neutrality through his appointments to the FCC. Let's not pretend that he's in favor of it. If it weren't for him, we wouldn't need a bill.
I disagree with the premise.
Even our hero at FCC Tom Wheeler didn't want what went down regarding Title II reclassification. His hand was forced into it as a last resort either reclassification or nothing after losing Verizon lawsuit.
Best possible outcome was always a legislative fix imposing meaningful NN and competition without all the ancient POTS era title II bullshit.
When faced with an opportunity to address a problem the democrats elected to sit on their asses and squander it by creating an act that simply reverses Ajit Pai's bullshit.
Seriously they say they will pursuit legislation to address NN and save the Internet. Yet they go and pull this shit?
Democrats appear to be too lazy to even bother writing a real bill that cleanly addresses the issues of NN. They couldn't be bothered to peel anyone away from the war effort against orange clowns?
All this does is reinstates the same bullshit regime in place earlier with it's hodgepodge of arbitrary forbearances, looming threat of POTS style regressive USF taxes and pointless POTS era regulatory burdens on small providers.
What a pathetic cop out.
My paycheck grew, so whatever was in the tax cuts worked for me.
The clown and his circus fucked with withholdings to trick the masses into assuming it was tax cuts.
Tax day rolls around and millions are pissed they either get to pay or their refund is crap. LOL suckers.
The real world effect of policy to arbitrarily increment major number is widespread unnecessary confusion.
Most people use really bad passwords over and over for multiple sites. Thus being able to use their mobile device is a vast improvement to their security.
The vector actually being exploited in the real world is the user. This is addressable by deployment of secure authentication protocols which protect users from themselves.
Throwing up new barriers that either have a negative impact on security (Automated password/device reset/recovery) or increase annoyance and risk of nuisance lockout... (my device broke and I can't login anymore) are not helpful to real people. They are simply annoying and pointless.
Fixing actual problems with password authentication by widespread use of secure authentication helps everyone.
By the way, do you have any evidence that Google/Apple are actually a security threat to you?
The question people face in the real world is "Can I trust x?" not "Can I prove x is untrustworthy?" Humans don't tend to entrust things of value to strangers based on absence of evidence of untrustworthiness. This isn't a useful, practical or reasonable standard.
For example, it seems like law enforcement is forced to spend hundreds of thousands of dollars to compromise phones because Google/Apple refuse to help them, so I'm wondering exactly what your threat model is.
My understanding is it's mostly Apple. Android is way less secure. Misleading to address them as you have on the same level.
Most peoples adversaries are not law enforcement. Our adversaries are stalkers and criminal enterprise that routinely exploit hostile permissive system of take it or leave it demands baked into Android by Google at the behest of app store vendors.
This is obviously immoral if the ideas are not only ridiculous but dangerous as well, and there's zero evidence it will look, and good reason to think it wouldn't. So no.
Your loss. Personally I've found pushing the ridiculous to the max is a good way to get people to discover their own errors in judgment and quite amusing to boot.
As for the rest of what you say... the focus of such sympathy as you are able to muster should not be with "those suspicious of vaccination". It should be with those harmed by people not vaccinating. That would be babies, old people, the immunocompromised, etc.
I have no interest in addressing symptoms. I only care about problems. Emotional reactions to suffering doesn't help anyone suffer less. Only sane rational policy does that.
You can talk as much bollocks as you like about TLAs being bought etc etc,
When bollocks = documented reality Houston we have a problem. Dismissing reality is the very thing anti-vaxxers are derided for and unsurprising here you are trying your hand at the same thing.
but I'd bet a large amount of money that if you or a loved one were in an ICU, you'd be perfectly happy to have the adenosine you're prescribed, be intubated as needed, have a central line in place, etc, without feeling the need to mutter darkly about your suspicions about the science all being faked because drug companies and med device companies are prone to evil and corrupt acts.
What I care about is correcting institutional failures having lead to unnecessary suffering. Loss of legitimacy often translates into human suffering.
So tell us, clever clogs: how do you get a virulent idea to die out? You can't argue against it, because its adherents see arguments as "persecution" even if you don't mean it that way. You can't choose not to stock books that promote it, even though you're a private company, because apparently that's also persecution. And if you do nothing, its adherents will continue to spread the message. So how *do* you get the idea to die out?
Invent something more ridiculous to replace it?
Personally I have little sympathy for those pissed off about all those suspicious of vaccination. There is more blame to be placed than just on the shoulders of crackpots.
There is way too much regulatory capture / corruption / lobbying / scope creep from drug industry spending big to try and make shit mandatory coupled with widespread culture of dismissiveness when it comes to filing of adverse reaction reports.
The government has only itself to blame for failing to act beyond reproach with resulting loss of legitimacy / confidence being entirely predictable consequence.
I mean WTF does anyone expect people to believe in an era where regulatory capture is pervasive? The FDA was bad enough... today we live in crazy land where even TLAs like the motherfucking DEA have been corrupted by industry from the top down.
Yet another person who fails to understand the First Amendment.
Who said anything about first amendment?
It does not protect you and me from each other -- or in this case, Amazon.
What is this in response to?
Being an asshole isn't a protected class.
Assholes deserve just as much protection as any other "class".
When someone comes along and labels you an asshole you'll understand why.
There's a huge difference between organizations enforcing their own rules and the government running a system to disenfranchise people.
I'll bite.
What's the difference between government running a disenfranchisement system and government allowing someone else to run it?
AMT doesn't need VTd turned on to access the network, so keeping VTd off for that reason does absolutely nothing. AMT has its own dedicated side band access to the network hardware.
This simply isn't true. Without VTd the NICs can't be used by both AMT and the host system concurrently. My commentary was based on first hand real world observation of what actually occurs:
When VTd is enabled there is a an active IP stack responding to pings and incoming TCP requests when the computer is turned completely off.
When VTd is enabled and all ports are firewalled in the operating system you can still establish incoming TCP connections to ports that not only bypass the firewall but are completely unknown to the host operating system.
When VTd is disabled both of these things cease.
Actually, VTd HELPS mitigate AMT concerns because with it turned on AMT is unable to execute arbitrary DMA reads/writes to system RAM, VTd limits AMT's DMA to only the ranges of RAM that the OS allows.
The opposite is true.
I don't care about conspiracy theories involving AMT doing shady shit all by itself. I care about AMT being remotely commanded by someone exploiting a vuln or who is able to obtain a properly signed cert and has the ability to broadcast DHCP. You can't send commands to things that are unable to receive them.
By the way... there is a much better way to "stop Intel AMT"... just don't buy a system that is "VPro" branded. If the system doesn't have VPro then AMT isn't even present... it gets permanently fused off at the Intel factory. Intel has a special sticker for VPro, so labeling of systems is very clear:
Certainly good advice yet generally useless as it applies only when buying new systems. Keeping VTd disabled where AMT is unable to be "disabled" is applicable to a much wider audience.
Are you kidding me? It was a spectacle of epic proportions. She was doing nothing more than grandstanding.
There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.
She was getting Mark to make a public contradictory statement on the record about value of privacy given Equifax's lawyers have argued to the contrary in court.
Derisive characterizations "petulant child" "screaming temper tantrum"...are in my view absolutely ridiculous having listened to the exchange.
Everyone already knows that Equifax screwed up. We don't needs some blowhard reminding us of what we already know.
What to do about it is still very much in play on multiple levels. As a lawmaker it's important to get a read on the extent to which industry gives a fuck / recognizes a problem and willing to change themselves when considering policy options.
I doubt that would stand up in court though. If you deliberately set things up so that the fact you received a secret subpoena will be disclosed by your inaction, all you really did is demonstrate intent to violate the secrecy requirement through pre-meditation.
Courts tend not to be impressed with this kind of argument, and those who claim to have asked lawyers about it (such as Moxie Marlinspike) say they were advised against it.
Some orgs have tried things like having multiple people sign the canary, each in a different legal jurisdiction. But that doesn't really help either, unless all parties have some way of detecting when one of them is served with a secret subpoena, which seems far-fetched. It also doesn't really protect the person receiving the subpoena as it is actually just a conspiracy to thwart the court's legally issued order.
Unfortunately, canaries are not reliable, either for detecting subpoenas/LEA requests or for protecting the person issuing them.
Why not just cut and paste the entire Wikipedia article while you're at it?
For this reason, Windows now has IOMMU virtualization enabled to prevent DMA attacks (starting with Windows 10 RS4/1803/April 2018 Update): https://twitter.com/AmarSaar/s... In conjunction, tianocore also has IOMMU based DMA protection for 2 years now: https://github.com/tianocore/e.... So even if the OS isn't up yet DMA attacks are still locked out. Assuming you are running a recent OS and firmware, this is now a non-issue.
The problem myself and others face with allowing VTd virtualization is that for some this will be the only lever available for stopping Intel AMT from being accessed externally.
When enabled and your computer is off it's still listening on TCP ports. When stealth mode firewall is on with all incoming ports blocked the port is still open. Virtualization is the only thing that physically allows the network hardware (wired and wireless) to be shared concurrently with both the host and management engine.
"has never terminated a customer or taken down content due to political pressure" They totally did, once as I recall, and Matt Prince back pedaled that like a MFer.
The crazy part of this is cloudflare themselves raised this same point.
"We're going to have a long debate internally about whether we need to remove the bullet about not terminating a customer due to political pressure. It's powerful to be able to say you've never done something. And, after today, make no mistake, it will be a little bit harder for us to argue against a government somewhere pressuring us into taking down a site they don't like."
https://blog.cloudflare.com/wh...
Apparently they decided not to even though it is obvious to everyone they did exactly this.
Given documented self-admitted instance of lying about a canary why would anyone believe ANY assertions of cloudflare about remaining canaries?
Couldn't the same order that requires that they not disclose they are being investigated also include implicit disclosure to that effect?
Warrant canaries could reasonably constitute such implicit disclosure if they took them down or altered their update policy in any way that is commensurate with any previously made announcement to that effect.
Actively taking a canary down in response to subpoena is obviously the same thing as disclosing the existence of a subpoena.
Good warrant canaries are designed to avoid this problem by self destructing on their own when neglected.
The distinction / legal argument here is government cannot compel speech in the form of positive effort required by an individual to maintain existence of canary who no longer wishes to do so.
The only way to win is not to play. It's not worth it.
Even when you include the cost of a smart card reader that connects to one of the ports on the outside of a smartphone, tablet, or laptop computer?
USB card readers are $10-20 if you don't already have one. Individual cards run $0.50 - $1.00 /ea. OTG adaptors sold separately.
Not only is it cheaper having card readers be the interface people interact rather than raw USB improves system security.
A trojan authenticator plugged into a USB port can own a system in seconds.
While suspicion is always a good thing, FIDO is less inclined to expose your identity to some arbitrary web service than classic TLS client certificates or simple cookies or JavaScript run-time environments are.
Why less? FIDO can be configured to prompt. TLS authentication can be configured likewise to prompt. FIDO has channel bindings allowing servers to get indications of usage at transport level same as TLS.
What specifically makes FIDO *less* inclined?
But unlike TLS client certificates, FIDO is well-prepared to work for web sites that want to make sure the client is actually using some sort of hardware key storage, from where it is never transferred into the main memory.
This idea that private key operations of client certs have to be handled in software requiring keys to be transferred to the host system is simply not correct.
Smart cards have enabled exactly this for at least a dozen years and counting. They also happen to cost four times less than current USB sticks.
If you're doing the signing on the computer, an attacker can copy the private key on its way from the module to the computer or copy it out of the browser process once it is in the computer. If you're doing the signing on the module, that is exactly what FIDO aims to do. What am I missing?
There are a number of deployment options. In high security systems keys are loaded onto smart cards and handed off to users. Private keys never leave the card.
In low security situations where you just want to protect users from phishing key pairs would just be downloaded initially during initial onboarding and loaded into systems user cert store.
You could also do signing request from the hardware itself. No matter what solution you pick it's all RSA and it's all about managing private keys. The same options can be available no matter what.
Personally I don't much care about arguments involving local system compromise. My view is successful hijacking of just a single session is game over. I see limited value in distinctions that attempt to "limit damage" to follow on sessions. Game over is game over.
If the system is compromised during initial key signing when trust is established with FIDO you're also screwed no matter where private key is stored. An attacker could simply submit their own signing request using their private key and MITM proxy a parallel handshake to make you think it worked when in fact the attacker registered as you not yourself. It's still all bets are off when local system is compromised.
I notice the sarcasm. It's required in a browser only because as of first quarter 2019, more customer-facing websites support FIDO than TLS client certificates.
As a site owner client certs are currently by far more universally supported with lower barrier to entry for security conscious users.
The structure of FIDO ensures that the private key never leaves the device, unlike with a TLS client certificate whose key pair must be copied into the TLS stack's address space to be used.
This is not true. With client certs RSA operations can occur within the smart card or security module. Private key need never leave the hardware.
Who is the signer in common uses of TLS client certificates?
The site owner who has created their own CA to issue certs to their users.
In hypothetical use thereof on customer-facing websites, who would be the signer?
The site owner runs the CA and is the signer. If my company is called "Waffle's Widgets" when my user goes to one of my sites a certificate for Waffle's Widgets is loaded. If there is another company out there using the same name and the user happens to have an account on both they are prompted to select which cert they want to use. Picking the wrong one results in message authentication failure. Picking the right one results in successful sign-in. This issue is a nothing burger.
How does the deprecation of the keygen element change this answer?
My personal view is that keygen is pointless.
In order to improve the usability of TLS client certificates to the point where customer-facing websites can use them, an overhaul of the user interface is needed. Feel free to contribute a pair of pull requests, one to Firefox and one to Chromium, that does this.
Firefox user experience is really not that bad in this regard. If site pushes a pkcs file it comes right up and asks you to install cert which is just fine during signup/onboarding process.
I'm a million times more interested in getting existing TLS-SRP patches enabling secure mutual username / password authentication committed into the major browsers. This is much more important to me as in my view stands the best chance to meaningfully increase system security and mitigate phishing.
I see public facing 2FA as a marketing pl