Cryptosmith

A fellow calling himself (herself?) "ichsun" claims responsiblity for breaking into the Comodo CA to create bogus certificates.

He has posted (pasted, actually) a series of statements on pastbin.com that describe what happened and provide some evidence to support his claim. Note that the link above will probably go sour in a while, since Pastebin's policy is to recycle the pasted storage periodically.

I few months back I retold the story of a bogus Microsoft certificate issued by Verisign in 2001. It's a difficult story to track down ten years later because many articles published by then have either disappeared or been 'updated' to remove details.

I'm collecting links to good primary sources and on-line examples of information security concepts. I'm especially interested in finding videos that aren't simply text-based Powerpoint set to mpeg.

Yes, Cryptosmith has been down for a week. Last Saturday I directed GoDaddy to migrate me to a new set of clustered servers. After 3 days of asking the help desk about delays, they "escalated" the problem to the next level. The next level never answers the phone or bothers with mundane things like status reports.

This site may be up and down over the next few days - March 12 to 16 - as I am trying to migrate to a higher performance hosting cluster. While I dearly love the capabilities of Drupal, my current hosting is dreadfully sluggish.

This is why you may occasionally visit this site and be greeted by a blank page. There are performance problems and I'm trying to fix them.

David Pogue has finally illustrated to me the true purpose of 140-character tweets: they provide a crowdsource for one-liners.

While writing Elementary Information Security, I wanted simple and obvious reasons to introduce various obscure security topics. Initially I wrote a series of stories about those famous cryptographic protagonists, Bob and Alice.

The actual stories never made it into the textbook, so I'm posting them on the web site.

There are eight or nine of them. I've posted two so far and will post the rest as time permits.

I'm always annoyed when I register for a web site only to have my user ID mysteriously disappear. The "scouting.org" web site has recreated itself about four times in the past decade. Each time has led to re-registration by the entire user community.

Therefore I decided to make a strong effort to retain my user community while migrating my site. The easy part was to contact those who provided email addresses and tell them what was happening. The hard part was to deal with passwords.

If you visited Cryptosmith during the afternoon of February 5, you may have seen this:

This appeared while I was removing WordPress files from the site and inserting Drupal files. The "Site Down" display was controlled by the ".htaccess" file stored in the site's root directory. As soon as Drupal stored a new .htaccess file, links were redirected to Drupal's scripts.

WordPress is well designed for blogging. I got used to the TinyMCE editor and easy-to-reach features to import graphics when using WordPress. I also got used to less sophisticated things like paragraph breaks and section subheadings. And I like the email alert when there's something to moderate.

I was appalled to discover that these things are omitted by default in Drupal.