Privacy Archive

Cyber War


It wasn’t entirely obvious to me, when we made the decision some six years ago to implement a certification authority that does things differently, that we’d end up against a country sponsored cyber-war. And even though I incidentally called this very blog “Join the Revolution“, I didn’t had in mind to have anything to do […]

Securing the Enterprise


Securing internal networks of enterprises is a very important task - for that matter any Intranet is. Today, the threats are manifold and are coming from various directions, being it through the corporate firewalls, VPN gateways, WiFi access points, compromised computers and laptops or employees and third party contractors, to mention only the most obvious. […]

Beat the Drum: Open Web needs to be Secure!


Mozilla is beating the drum for an Open Web at their new project page “Drumbeat“. Mitchell Baker, the Chair of the Mozilla Foundation has been regularly blogging about a more Open Web and what it might mean for us. There is lots of talk about openness, decentralization, freedom and public resources of the public Internet, […]

Securing a Revolution


It’s my own and StartCom’s company policy to refrain from voicing personal opinions regarding political matters. Otherwise however StartCom takes a clear stance when proclaiming:
We believe in the right to protect and secure information between two entities without discrimination of race, origin and financial capabilities.

MITM attacks - do they really happen?


(If you happen to know what an MITM attack is, fast forward to here)
The man-in-the-middle (MITM) attack is the attempt by an attacker to implant himself between the client (browser, mail client, IM client) and a server serving some web page or other content. The attacker receives all requests and responses to and from the […]

Accountability and Privacy


The only condition and requirement StartCom puts forward to potential subscribers of free digital certificates and other services the StartCom Certification Authority provides, is that the subscriber must disclose his private details. This means, the name and address of residence (home address) must be provided during registration for a StartSSL account.
Obviously many try to circumvent […]

Spoofing SSL in Firefox 3


In just a few days the new Firefox 3 browser from the house of Mozilla will be release. Except of course if another re-build of the current release candidate has to be made, which would push the publishing of the newest browser to sometime in June. One such reason could be the ease somebody can […]

Impact of Cyber Risk


BBC reports from the RSA conference in San Fransisco about the heartfelt plea made by Michael Chertoff, the US homeland security chief, to save the world (or at least the US) from threats comparable to the worst of all. He pointed out that securing the nation’s internet highways and byways was a job the federal […]

Smart Cards made easy on Linux and Firefox


The managing of smart cards on Linux has never been easy. There are various projects dedicated to providing drivers and libraries to standard interfaces like PKCS11, most notably the OpenSC project. However despite the hard work and some really good tools these projects produced, there was nothing the more casual user could use easily (and […]

Another Mozilla security hole!


After Mozilla had some hard time fixing a Password Manager bug, which exposed passwords willingly and without the users consent to different sites, it seems that there is another yet controversial security problem surfacing:
You browse the Internet as we all do and from time to time you come across various login facilities. Being it a […]