Security Collapse in the HTTPS Market | ACM Queue

Axel Arnbak, Hadi Asghari, Michel van Eeten, Nico Van Eijk; Security Collapse in the HTTPS Market; In ACM Queue; Volume 12, issue 8; 2014-09-23
Teaser: Assessing legal and technical solutions to secure HTTPS

Mentions

  • <quote> An outdated implementation, as long as the browser accepts it, appears similar to the state-of-the-art implementation.</quote>
  • SSL Pulse, a dashboard of the Trustworthy Internet Movement, 2016-03-05, commencing 2012-04-25.
  • Much of the value proposition in PKI comes from the “trust signals” (the badging) that does nothing.

Argot

  • Hypertext Transfer Protocol Secure (HTTPS)
  • Transport Layer Security (TLS)
  • Secure Sockets Layer (SSL)
  • Certificate Authority (CA)
  • Validation Levels
    • Domain Validated DV)
    • Organization Validated (OV)
    • Extended Validation (EV)

Breaches

  • DigiNotar
  • Comodo
  • Verisigh
  • Trustwave

Failures

  • OpenSSL
  • Apple #gotofail
  • OpenSSL Hearbleed
  • BULLRUN
  • MUSCULAR
  • FLYING PIG
  • DigiNotar
    • 2011
    • Dutch

Transparency Proposals

  • Convergence
  • Perspectives
  • DANE
  • Sovereign Keys
  • Certificate Transparency
  • Public Key Pinning
  • TACK

Vulnerabilities

  • Weakest link
  • Information assymetry
  • ineffective auditing
  • Liability dumping

Mapping the Market

  • CA of GoDaddy had signed 26 percent of all valid HTTPS certificates in March 2013.
  • …other factoids…

References

35 references

A next-generation Firefox would/could/might use WebKit (Blink) engine

The future of Firefox is … ChromeKieren McCarthy; In The Register; 2016-04-11.
Teaser: Start your shouting engines

Original Sources

Mentions

(the componentry)

Previously

Smartphone Encryption: Protecting Victim Privacy While Holding Offenders Accountable | Technology Safety

Smartphone Encryption: Protecting Victim Privacy While Holding Offenders Accountable; staff; In Technology Safety; 2016-04-16.
The site Technology Safety is an outreach of the National Network to End Domestic Violence (NNEDV).

tl;dr → crypto facilitates domestic violence, yet victims use crypto as privacy to develop safety from perps

Mentions

  • International Association of Chiefs of Police (IACP)
  • Technology Summit, of Tech Safety

Referenced

Marketers Find You at 2:00 a.m. | WSJ

Marketers Find You at 2:00 a.m.; Charlie Wells; In The Wall Street Journal (WSJ); 2016-04-12.
Teaser: You know you want a breakfast burrito; companies use social media for ads in the wee hours

tl;dr → day parting works, sortof, maybe.

Mentions

  • Folgers Coffee
    • “Wakin’ Up Alarm Clock”
    • first release, 2013.
  • Influence Central,
    various factoids

Exemplars

Publishers
  • Facebook
  • Instagram
  • Twitter
  • YouTube
Consumers
  • Shaaz Nasir, age 27, Ottawa, Canada,
Advertisers
  • Asos, a clothing retailer, UK
  • Folgers Coffee
  • Gilette, Proctor & Gamble
  • Taco Bell

Quoted

  • Laura Beaudin, partner, customer strategy and marketing, Bain.
  • Scott Heimes, chief marketing officer, SendGrid.
  • Kevin Akeroyd, general manager and senior vice president, Oracle Marketing Cloud, Oracle Inc.
  • Klodiana Lanaj, assistant professor, Warrington College of Business, University of Florida.

The Decline of Play and Rise in Children’s Mental Disorders | Psychology Today

The Decline of Play and Rise in Children’s Mental Disorders; Peter Gray; In Psychology Today; 2010-01-26.
Teaser: There’s a reason kids are more anxious and depressed than ever.

Related

Referenced

  1. J. Twenge, et al. (2010). Birth cohort increases in psychopathology among young Americans, 1938-2007: A cross-temporal meta-analysis of the MMPI. In press, Clinical Psychology Review 30, 145-154.
    Nearby: Jean M. Twenge; Time Period and Birth Cohort Differences in Depressive Symptoms in the U.S., 1982–2013; In Social Indicators Research; 2015-04; 36 pages; draft; paywall. separately filled.
  2. J. Twenge et al. (2004). Its beyond my control: A cross-temporal meta-analysis of increasing externality in locus of control, 1960-2002. Personality and Social Psychology Review, 8, 308-319.
  3. J. H. Pryor, et al. (2007). The American freshman: Forty-year trends, 1966-2006. Los Angeles: Higher Education Research Institute.
  4. Hara Estroff Marano. A Nation of Wimps
  5. Lenore Skenazy Free Range Kids.
  6. K. C. Herman, et al. (2009). Childhood depression: Rethinking the role of school. Psychology in the Schools, 46, 433-446.
  7. M. Csikszentmihalyi, J. Hunter. (2003). Happiness in everyday life: The uses of experience sampling. Journal of Happiness Studies, 4, 185-199.

Time period and birth cohort differences in depressive symptoms in the U.S. | Jean M. Twenge

Jean M. Twenge; Time Period and Birth Cohort Differences in Depressive Symptoms in the U.S., 1982–2013; In Social Indicators Research; 2015-04; 36 pages; draft; paywall.

Abstract

Across four surveys (N = 6.9 million), Americans reported substantially higher levels of depressive symptoms, particularly somatic symptoms, in the 2000s–2010s compared to the 1980s–1990s. High school students in the 2010s (vs. the 1980s) reported more somatic symptoms (e.g., trouble sleeping, thinking, and remembering; shortness of breath) and were twice as likely to have seen a professional for mental issues. College students in recent years (vs. the 1980s) were more likely to report feeling overwhelmed and to believe they were below average in mental and physical health, but were less likely to say they felt depressed. Total Center for Epidemiological Studies Depression scores were higher among adults in 2000 (vs. 1988), especially somatic symptoms. Teens displayed less suicidal ideation in 2011 versus 1991 and were slightly less likely to commit suicide. Thus, more subtle symptoms of depression became more prevalent even as some overt indicators of depression became less prevalent.

Promotion

Top Firefox extensions can hide silent malware using easy pre-fab tool | The Register

Top Firefox extensions can hide silent malware using easy pre-fab tool; Darren Pauli; In The Register; 2016-04-04.
Teaser: The fix? No patch, just destroy all extensions.

Original Sources

  • Some Talk, at Black Hat Asia

Mentions

  • Firefox, Mozilla
  • Crossfire, demonstrator
  • Who
    • Ahmet Buyukkayhan, PhD (candidate, graduate?), Boston University
    • William Robertson, professor, Northeastern University.
  • Quoted
    • Nick Nguyen, product, Firefox, Mozilla
  • Firefox, next generation
    • WebExtensions, an API
    • Electrolysis initiative
  • Vulnerable
    • NoScript
    • Video DownloadHelper
    • GreaseMonkey
  • Unaffected
    • Adblock Plus

Previously

In The Register

 

The Decline of Play and the Rise of Psychopathology in Children and Adolescents | Peter Gray

Peter Gray; The Decline of Play and the Rise of Psychopathology in Children and Adolescents; In American Journal of Play; Volume 3, Number 4; Spring, 2011; 21 pages.

Abstract

Over the past half century, in the United States and other developed nations, children’s free play with other children has declined sharply. Over the same period, anxiety, depression, suicide, feelings of helplessness, and narcissism have increased sharply in children, adolescents, and young adults. This article documents these historical changes and contends that the decline in play has contributed to the rise in the psychopathology of young people. Play functions as the major means by which children

  1. develop intrinsic interests and competencies;
  2. learn how to make decisions, solve problems, exert self-control, and follow rules;
  3. learn to regulate their emotions;
  4. make friends and learn to get along with others as equals; and
  5. experience joy.

Through all of these effects, play promotes mental health.

Key words: anxiety; decline of play; depression; feelings of helplessness; free play; narcissism; psychopathology in children; suicide

Mentions

  • <quote>Clinicians know for certain that anxiety and depression correlate strongly with individuals’ sense of control or lack of control over their own lives.</quote>

Decimeter-Level Localization with a Single WiFi Access Point | Vasisht, Kumar, Katabi

Deepak Vashisht (MIT), Swarun Kumar (CMU), Dina Katabi (MIT); Decimeter-Level Localization with a Single WiFi Access Point; In Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16); 2016-03-16; 15 pages; landing.
Slides: Decimeter-Level Localization with a Single WiFi Access Point; 52 slides.

Abstract

We present Chronos, a system that enables a single WiFi access point to localize clients to within tens of centimeters. Such a system can bring indoor position- ing to homes and small businesses which typically have a single access point.

The key enabler underlying Chronos is a novel algorithm that can compute sub-nanosecond time-of-flight using commodity WiFi cards. By multiplying the time-of-flight with the speed of light, a MIMO access point computes the distance between each of its antennas and the client, hence localizing it. Our implementation on commodity WiFi cards demonstrates that Chronos’s accuracy is comparable to state-of-the-art localization systems, which use four or five access points.

Mentions

  • Chronos
  • AscTec Quadrotor, a drone
  • Intel 5300 WiFi card
  • Concept: Emulate a wideband radio by transmitting packets on different frequencies

Argot

  • Angle of Arrival (AoA)
  • Channel State Information (CSI)
  • Non-uniform Discrete Fourier Transform (NDFT)