Understanding encryption seems to be a rare skill these days. Two stories this week stand out:
First, the Kazakhstan government is trying once again to force its citizens to install its own browser certificate. (No cert, no web access.) The idea, originally attempted several years ago, is to be able to snoop on all HTTPS traffic. It isn’t clear if they will be successful, and also what the browser vendors will do if the goernment succeeds in getting this cert deployed across their country. Part of the problem is that if the vendors block the cert, users will have to find a browser that allows communications if they want to get any useful work done online. I will be following this story carefully and report on what happens.
Contrast this deliberate invasion of privacy with inept bungling by the state of Maryland. The state stored personal data of more than 1.4M students and more than 200,000 teachers in clear text, rather than using any encryption.
Today’s newsletter is chock full of the more notable security reports that I received this week, along with new details about the Slack 2015 hack and a Follow Friday link to forensics expert Heather Mahalik.
-- David Strom