I was working on a project recently that involved creating a Java applet to select and upload files to a web server. After some investigation, I found that embedding such an applet in web browser required paying a certification authority $150 for a signing certificate. This fee does not include any sort of attestation that the applet is not malicious; it simply associates it with a known publisher (who is willing to pay $150) and prevents man-in-the-middle modifications. My next thought was: why don’t I just create a stand-alone executable? An executable is easier and cheaper to deploy, and it is more access to the system. From a security perspective this seems completely backwards. Not only should it be easier to safely deploy a simple program, such as one that uploads selected files, but there should also be more checks on anonymous executable downloads. The current web download trust model is broken, and this article shows how to fix it with user-generated feedback following the wiki model. (more…)

Have you ever seen that little icon on so many sites nowadays that says “Hacker Safe”? After seeing that certification on a former hosting provider of mine that has a laundry-list of egregious security practices, such as mailing clear-text passwords and only allowing uploads via FTP, I decided to take a closer look at what it actually means for consumers. This article takes a look some shortcomings of the “Hacker Safe” certification and what should be changed to improve website security. (more…)

David Lie from the University of Toronto gave a very provocative talk today at HotSec about an infrastructure for quantifying system security. The basic idea is that a central organization runs reward-based challenges for testing system security, and then publishes certificates stating how long attackers had to break a system and the size of the reward. This information allows one to make more intelligent decisions about protecting valuable resources. (more…)