Archives for May, 2008

Chaos of Randomness

The previously reported bug in the Debian OpenSSL library had besides the directly associated negative impact also brought forward a lot of good things! Consciousness about random numbers (unpredictable numbers) and their importance in cryptography and security in general, has highly improved, as many discussions on mailing lists and forums can attest. New tools for […]

Phishing or Legitimate?

Today I received the email shown below, which looked like a phishing attempt to me, since I don’t have an account at and the mail was sent typically to “undisclosed-recipients“. Hovering over the link in the mail revealed the URL https:// (I deliberately broke the link).

My Own Street

I’m one of the lucky guys having my own street! My friend Wes just sent this image over to me after he discovered the street sign in his hometown. And having my own street has many advantages, believe me! I’m also one of the lucky ones who has his own street in the online virtual […]

Extended Validation - What it really means

I’m going to give you a better understanding about what extended validation (EV) means and what it really gives to you. Throughout many discussion at Mozilla and elsewhere - and specially since my last article about spoofing the secure state of the upcoming Firefox browser, EV certificates are touted by many as the solution […]

Spoofing SSL in Firefox 3

In just a few days the new Firefox 3 browser from the house of Mozilla will be release. Except of course if another re-build of the current release candidate has to be made, which would push the publishing of the newest browser to sometime in June. One such reason could be the ease somebody can […]

Randomly Broken Randomness

No, it’s not a news item anymore. Nevertheless, after scores of revocation requests came in at the StartCom CA because of a vulnerability in the pseudo random number generator of Debian’s OpenSSL package and dozens of news site reported this stupidity, I can’t hold myself back anymore. The developers of Debian apparently decided to fix […]