Archive

Posts Tagged ‘Moxie Marlinspike’

BSidesLV: How technology killed my heroes, and why they’ll never be born again

July 30th, 2010 No comments

By Moxie Marlinspike

Moxie’s talk does not have anything to do with IT security but talks about some of his heroes. Het started his talk talking about a young solo sailer who is very heavily supported by technology. If you compare the attempt with a previous attempt from 1985 which highlight of technology was a plasic sextant the contrast is huge.

Attempts to race non stop around the world non-stop have created a number of stories about sailors and fortune seekers who risked all to win the gloden globe race. Races like the Golden Globe Race will not happen anymore. Technology allows current solo sailers to set their autopilot and litterally tweet their way around the world in two months.

Is less technology really more? Is it about less technology, or is it about having less communication opportunities?

The Gloden Globe Race prompts athe question who are the heroes of our generation? Is it Twitter, is that a satisfying answer? Where did all the lunatics/weirdoes go? History seems to be full of them, but where are they now?

It appears that the increase of communication is causing a narrowing of culture. While individuals are experiencing more and thus feel that culture is widening, it is actually narrowing because diversity is decreasing.

Categories: Conferences, Security BSides Las Vegas Tags: , ,

TLS renegotiation attack. More bad news for SSL

November 8th, 2009 5 comments

Three days ago on the 3rd of November Marsh Ray and Steven Dispensa of PhoneFactor released a whitepaper that describes a man in the middle attack against TLS and SSL v3 by using the “renegotiation” feature of the protocol. Let there be no mistake, this is a limited, but still serious attack.

This new attack adds to the issues published by Moxie Marlinspike, Dan Kaminski and Mike Zusman I blogged about earlier.

So what does this new attack do?

The attack described by Marsh Ray et al. exploits a feature of the TLS protocol called renegotiation. Renegotiation allows the TLS client or server to initiate a renegotiation of the encryption of the connection in order to refresh keys, increase authentication, increase the strength of the cipher suite or any other reason. This renegotiation can be performed by the server or the client by sending a server or client hello message.

Read more…

Categories: Security, SSL Tags: , , , , , , , , , , , , , , , , , , , , ,