"High Assurance" Certificates

Following up on previous posts on the concept of high assurance certificates (“Web Certificate Economics“), I’d like to draw attention to a CSOOnline blog post, “Phishers Now Targetting SSL:”

The spoofing has taken a number of forms, which appear to be becoming highly sophisticated. They vary from exploiting browser flaws, to hacking legitimate sites or even just frames on these sites, as a way of presenting what appears to be a legitimate banking site to visitors.

More sophisticated still, certificates can be purchased for domains that sound similar to banking websites, allowing the criminals to present the SSL lock icon, normally taken as a security guarantee.

Even though such attacks will trigger browser warnings regarding the certificate spoofing, Netcraft believes that many ordinary users will simply ignore these messages and proceed.

See also, “More than 450 Phishing Attacks Used SSL in 2005.” I’d really like to see usability studies, in which these higher assurance certificates and their user interfaces are presented to users, to see how well they’ll work. It’s great to see people thinking about the problem, but usability requires testing. I continue to believe that there are ways to preserve the internet channel in the face of these attacks, and that those ways are not centered on invocations of assurance, but techniques that break classes of attack. I’d like to see that tested, as well. Because I can talk a good game, but, err, usability requires testing.

(Today’s certificate from Perntacostalsofoc, on Flickr.)

Mobile Phones, Modernity, and Stress


The study, which followed more than 1,300 adults over 2 years, found that those who consistently used a mobile phone or pager throughout the study period were more likely to report negative “spillover” between work and home life — and, in turn, less satisfaction with their family life.

From “Cell phones tied to family tension,” via SmartphoneThoughts, who asks a good question about the implication–that this sounds like it’s tied to cell phones but not computers. It turns out that the article sounds like it addresses the question. The article is “Blurring Boundaries? Linking Technology Use, Spillover, Individual Distress, and Family Satisfaction” in the December 2005 Journal of Marriage and Family. I say it sounds like it answers the question because the article is $38.36, plus taxes. No word on if your taxes paid for the research or the abstract:

Information technology is entrenched in everyday life; yet, scholars have not firmly established whether this use blesses or vexes individuals and their families. This study analyzes longitudinal data (N =1,367) from the Cornell Couples and Careers Study to assess whether increases in spillover explain changes in distress and family satisfaction associated with technology use. Structural equation models indicate that cell phone use over time (but not computer use) is associated with increases in negative forms of spillover (positive spillover is not significant) and is linked to increased distress and lower family satisfaction. Overall, the evidence suggests that technology use may be blurring work/family boundaries with negative consequences for working people.

I find this to be fascinating, because as more and more new things flow into the market, and they’re used in new and innovative ways, new possibilities open up. Precision online package tracking is made possible by radios that are very similar to mobile phones. There are downsides, too. That same technology can be used to track people. As the rate of change increases, our ability to integrate change into our lives and agree on new social norms doesn’t always keep up. Witness people having inappropriate conversations on their cell phones, and the stress people feel witnessing those conversations, and feeling it rude to interrupt. Twenty years after mobile phones were introduced, we’re still trying to sort out the social mores which should surround them. Those mores have changed substantially as nalle (yuppie teddy bears) have come down in price to where the formerly scornful could become addicted to them. I hope and expect that the mores of accepting a call in the middle of a conversation will continue to shift to something approximating politeness.

More broadly, cell phones are one of a great many new technologies around which mores are unsettled. New technologies have costs and benefits which aren’t ‘perfectly’ distributed to those who bear the costs. Another example is the use and abuse of data about people by government agencies:

Last night Oliver Heald, the shadow constitutional affairs secretary, said: “There is growing concern among the public about Labour’s use of invasive ‘Big Brother’ computer databases – without transparency or clear backing from the public – such as for the forthcoming council tax revaluation.

“I believe local residents will be alarmed at the further prospect of town hall bureaucrats being told to investigate people’s homes for ID cards, backed up with the threat of thousand-pound fines.” (From “No identity card? You could be fined £2,500.”

I think that the personal privacy aspects of this are the only part that Toefler didn’t talk about in “Future Shock” thirty years ago. These are hard problems. They lead to people being disaffected and adrift. (On which topic, be sure to read John Perry Barlow’s “Here and Now in the Floating World.“)

Disaffected and adrift seems to be a fine description of this post as well. It had a point when I started it. Then chaos happened, and I’m powerless to do anything but say that the cute kid is from Kaiser T, on Flickr, and hope. [Update: Oooh, and I could spell ‘modernity’ correctly.]

On Grammar

I have friends who believe that grammar is handed down from on high, either by Safire, or Strunk and White, or some are strange adherents of something they call ‘Chicago.’ One of them even argues that the rules of grammar are no subject to evolution. Which is odd, given that we’re speaking really bad French, with some German thrown in. French is just a degenerate form of Latin with a funny bureaucracy claiming it achieved perfection sometime around the time of some Sun King or other.

One of the `rules’ they like to push is this whole ‘he/she’ thing, claiming that it’s bad grammar to use they with singular antecedents. Each and every one of them, they’re wrong:

There’s not a man I meet but doth salute me
As if I were their well-acquainted friend

(A Comedy of Errors, Act IV, Scene 3, via Language Logs’s “Shakespeare used they with singular antecedents so there.”) One thing I find interesting about the two examples he uses is that in each of example, there’s a crowd of singular antecedents. Clearly, each man is separately saluting Antipholus, but it seems somehow relevant that there are many who do it. The programmer in me sees this as a foreach statement: Foreach x, do this and that themselves, then move to the next x.

This seems a little different than the use of they to avoid he/she. I’ll cite it anyway.


I realized today that Chris Hoofnagle’s blog at EPIC West wasn’t on my blogroll. He’s had lots of important posts up lately, from the informational (“ CA OPP: 13 New Privacy Laws in Effect“) to the amusingly disgusting (“Pretexting Isn’t Lying, According to Bestpeoplesearch.com“)

California’s Office of Privacy Protection just released an announcement that 13 new laws took effect on January 1 related to privacy. The annoucement is not yet online, but is reprinted in full in the extended entry section below.
One critical issue is how the phone records are obtained. There appear to be three methods in which online data brokers perform this service. We believe that the bulk are obtained through “pretexting,” a practice where an investigator impersonates the account holder, and gains access to the records by fooling a customer service representative. We believe that this is the case, because investigators have subscriptions to “commercial data broker” services that allow them to obtain account holders’ Social Security numbers, mother’s maiden names, and dates of birth, that facilitate impersonation and identity theft.

That California passed 13 laws about privacy is foreshadowing. Unless we have a strong national law, State Legislatures will continue to act, passing laws to protect people. So I’ve added Epic West to the blogroll.

How to Blog for Your Company

Here at SiteAdvisor, we strongly believe in the importance of this feature. But we admit that so far we’ve done a mediocre job explaining our motivation and our initial implementation.

So writes Chris Dixon in “The Role of Affiliates in Spyware, Adware, and Spam.” Chris is using the Siteadvisor blog as an extended discussion of what the company is doing and why. It seems to me that their blog is targeted at security professionals and enthusiasts, rather than customers. Their prospective customers aren’t going to sit around and read that for weeks and weeks. However, there’s a whole class of influencers, people who might say “Why don’t you try this?” I think the combined “Here’s what the problem is, here’s how we think about the problem, and here’s what we’ve built to address it” nails what those influencers want to read.

So go read it. My only critique is their screen shots. The detail is too hard to read.

Beautiful Evidence, by Edward Tufte

After 9 years, I have completed Beautiful Evidence, except for the index and a few loose ends. We are currently proofing some difficult images on press, negotiating with printers, planning the order for paper and binding, and working through other production issues. Probably the major threats to breaking the schedule will be in color-correcting images and in importing some paper used in one section of the book.

We should have books in mid-April (p = .7). There will be some kind of pre-publication ordering mechanism on this site; details to follow in about 1 month from now when we have greater certainty about the schedule for printing and binding.

From Beautiful Evidence, the book, on Edwardtufte.com. I’m very excited.

Privacy Competition in Politics

Two leading governor candidates are trying to outdo each other in protecting Minnesotans’ privacy…The candidates’ dueling news conferences produced more politics than policy, with each charging the other with not doing enough to protect citizens’ privacy.

From “Governor is seeking privacy law changes.” I don’t like some of the proposals. It seems to me that facial recognition searches of databases don’t enhance privacy, but authentication when trying to get a license, and hassle when the computer is wrong. I point out the article because I suspect that competing on privacy or data protection policy may be the start of a trend.

There’s also the interesting question of what to call higher quality standards for issuance of ID cards or benefits. There is an interaction with privacy in the sense of reducing fraud-by-impersonation, and a drive to extract more and more data in order to approach the possibility of perhaps achieving the goals of such a system, with the associated data protection and exceptions issue.

Brilliant Evil Redux

Following up with further conspiracy theory on Adam’s post, I also have to wonder just how accidental it was that a properly cryptographically signed version of the patch for WinXP was “posted to a community site” yesterday. Given the pressure to quickly product a patch combined with the one produced by Ilfak Guilfanov, it wouldn’t surprise me in the least if it was allowed to go out, purely for customers who were willing to take a chance, but without the potential for liability or poor publicity for MS.

WMF Patch Timing: Brilliantly Evil?

evil-santa.jpgIf you’ve followed the “WMF Vulnerability” that’s been all over the security blogosphere, with leaks into the mainstream media, then you know that today Microsoft released a patch. (If you don’t know this, please just go run Windows update.) I haven’t talked about it because I haven’t had much to add, but today’s release of an update may well have been brilliantly evil.

I think that Mike Nash is being quite candid in his post on the MSRC blog. Microsoft would really like their customers to patch, and those customers have a much longer memory for patches that cause failures than patches that just work. (In some ways, this is a displacement of the sysadmin’s curse.)

The timing of the patch was driven by Microsoft’s need to understand the quality of the patch before shipping. It was also driven, in part, by real world exploits, but of yesterday, Mike Reavy wrote:

I just wanted to provide another quick update on the WMF vulnerability situation. Microsoft is continuing to work on finalizing a security update for the vulnerability in WMF that is currently being exploited by some malicious attackers. The update has been on an expedited track since Microsoft became aware of the attacks on December 27th. We still anticipate releasing the security fix for this issue on January 10, 2006, once testing for quality and application compatibility is complete. (“WMF Vulnerability Security Update.”)

I’ve been thinking a lot about the game theory aspects of this, and asking myself, when is the ideal time to release another vector, say a mass mailing worm? The worm author has to trade off time testing their worm versus the chance that a patch would come out before they released. So the worm author wants to release fairly late, but not so late that he’s scooped by other worms, or my a patch.

In light of the strong words from Microsoft that a patch would be released Tuesday, the pressure on worm authors to release was lessened. The rational trade-off between testing and release was shifted towards a later release.

At the same time as Microsoft was making these statements, they had knowledge about how the patch testing was going. Were they misleading the hackers (and, incidentally, everyone else) in their statements before today? Was it an intentional application of lessons from game theory about the shadow of the future?

If so, I’m impressed. Evil like that is all too rare.

(Evil Santa from Janx.)