Rss

    Archives for : January2010

    The Internet is the modern day electricity

    Recently I have been been sorting through some of my old electronic engineering books and found myself randomly flicking through circuit design principals and practical electronics/radio theory application of calculus.

    I remember the amount of hours I spent trying to get the different laws (Faraday, Coulomb, Kirchhoff, Lenz, Ohm, etc.) stuck in my head ready for the gruelling exams at the end of each term. I quickly realised that as I have moved from radio/electronics to the computer industry that most of my applied detailed knowledge has been lost.

    I think the old adage that you loose it if you don’t use it, definitely applies here.

    internet

    This got me thinking about the evolution of computing and the Internet and how there are many parallels to the introduction of electricity to the modern world and how we consider/use the Internet today.

    Examples that came to mind are:

    • Electricity was originally only available to business and the very wealthy
    • Electricity was originally only available in isolated segments of heavily populated areas
    • Electricity grids, once created, provided many more distribution opportunities, introduced redundancy and increased the customer reach which in-turn provided economies of scale to drive down costs
    • Modern society can not function without electricity
    • Electricity production methods and the resulting pollution has had a profound effect on our planet, where the production of consumer electronics and infrastructure supporting the never ending thirst of modern society for faster, more feature rich, communication methods. This is still spiralling out of control through the production of extraordinary high levels of non-recyclable waist, heavy metals and other planet destroying bi-products
    • Electricity has been essential to survive in modern day society for some time.

    The internet is quickly becoming (some would argue has become) essential to survival in our modern society and required to be available to all socio-economic groups and developing countries to allow them to participate in the global economy.

    But at what cost?

    SSLv3 / TLS Man in the Middle vulnerability

    Recently I have been looking into the vulnerabilities in the TLS negotiation process discovered late last year.

    There are a range of experts debating the exploit methods, tools and how it may be fixed (server or client site or both). From what I have seen so far this may prompt a change to the TLS standard to introduce an extension to the protocol to validate sessions (session hand off and certificate validity).

    www.ietf.org

    isc.sans.org

    www.win.tue.nl/hashclash/rogue-ca/

    www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html

    I’m also trying to find some tools which may assist in testing for this. It looks like the exploit relies on an ARP poison or similar and then inserting plain text into the negotiation process.

    Could be something that can be fixed over time as servers and clients are patched.