Posts by robin mccain

Ad Blocking is good security

It is so easy for web sites to be compromised that it makes good sense to run an ad blocker as well as tools like no-script. Very few sites actively enforce a rapid patch policy to guard against new attacks. Most large scale hosting providers are months behind the bleeding edge of attack vectors. This also seems to apply to operating system vendors (but they are getting better).

Facebook is to be commended for vigorously enforcing security measures to provide a safe space for users, but that ignores the fact that over 90% of the web sites that use anything beyond simple HTML are subject to attack via tools like SQL injection. To expect us to manually disable our ad blockers every time we use Facebook is silly. A word to the Facebook engineers: focus your efforts on taking down the script kiddies and work with the backbone providers to stop infected content at its origin. Facebook marketing: ads don't have to be intrusive to be effective.

What about CACert?

There has been a free SSL certificate issuing organization around for many years: CACert.org

And, yes you can revoke a certificate for free.

Unlike organizations that use email only for certificates of possibly dubious reputation, CACert relies on a network of trusted individuals who must meet new applicants in person and verify that person's identity before signing off on a credential.

The problem has always been that the major browser distributions have refused to add the CACert root certificate to their default list of vendors. How did WoSign and StartSSL manage to overcome this stumbling block?