How browsers store passwords

RaiderSec has an older article on how major browsers store passwords.

Before anyone pontificates about how terrible of a job these browsers did, I’d like to point out the impossibility of encrypting something when all encryption keys are on disk. Firefox allows you to set a master password, at which point your passwords are stored fairly securely.

Alternately, I use LastPass and highly recommend it. The UI is weird, but once you get used to it, it is quite powerful.

WhatsApp rolls out end-to-end encryption

Open Whisper systems has partnered with WhatsApp to roll out end-to-end encrypted messaging!

I’m tempted to start using this once I hear more confirmation from security experts that it is actually fairly well done.

If you aren’t familiar with encryption, this means that your device encrypts the message before passing it to the receiver. Since this is done at the device level, WhatsApp is unable to decrypt your messages even if they wanted to. This completely foils the NSA’s automated data gathering and many kinds of search warrants. It still allows the government to require that WhatsApp introduce a backdoor, but hopefully they have a canary for that.

Let’s Encrypt: A free and open CA

The EFF strikes again. They are working on an open Certificate Authority which they hope starts to get all websites encrypted by default.

I’m looking forward to this coming out! I have been using StartSSL for my personal sites (including this blog), but they have restrictions on using their certs for sites which accept payment and such.

In combination with the free SSL enabled CloudFlare options, this could be really cool!

This blog as aggregation location

I’m trying to figure out ways to get off of Facebook, and one of the things I use it for is to share stuff I find interesting. I doubt anyone else finds it interesting, so this blog is a much better location anyway.

I’ll try to post links, sometimes with commentary. Content will be far ranging based on my interests at the moment. I don’t particularly expect this to be interesting to anyone other than myself.