http://simonwillison.net/2008-12-30T15:27:33+00:00Simon Willison2008-12-30T15:27:33+00:002008-12-30T15:27:33+00:00https://simonwillison.net/2008/Dec/30/fake/#atom-tag

<p><strong><a href="http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates">Researchers Show How to Forge Site Certificates</a></strong></p> Use an MD5 collision to create two certificates with the same hash, one for a domain you own and another for amazon.com. Get Equifax CA to sign your domain’s certificate using the outdated “MD5 with RSA” signing method. Copy that signature on to your home-made amazon.com certificate to create a fake certificate for Amazon that will be accepted by any browser. <p>Tags: <a href="https://simonwillison.net/tags/collisions">collisions</a>, <a href="https://simonwillison.net/tags/ed-felten">ed-felten</a>, <a href="https://simonwillison.net/tags/equifaxca">equifaxca</a>, <a href="https://simonwillison.net/tags/hashes">hashes</a>, <a href="https://simonwillison.net/tags/md5">md5</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/ssl">ssl</a></p>

2008-09-29T13:08:52+00:002008-09-29T13:08:52+00:00https://simonwillison.net/2008/Sep/29/csrf/#atom-tag

<p><strong><a href="http://www.freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks">Popular Websites Vulnerable to Cross-Site Request Forgery Attacks</a></strong></p> Ed Felten and Bill Zeller announce four CSRF holes, in ING Direct, YouTube, MetaFilter and the New York Times. The ING Direct hole allowed transfer of funds out of a user’s bank accounts! The first three were fixed before publication; the New York Times hole still exists (despite being reported a year ago), and allows you to silently steal e-mail addresses by CSRFing the “E-mail this” feature. <p>Tags: <a href="https://simonwillison.net/tags/bill-zeller">bill-zeller</a>, <a href="https://simonwillison.net/tags/csrf">csrf</a>, <a href="https://simonwillison.net/tags/ed-felten">ed-felten</a>, <a href="https://simonwillison.net/tags/ingdirect">ingdirect</a>, <a href="https://simonwillison.net/tags/metafilter">metafilter</a>, <a href="https://simonwillison.net/tags/new-york-times">new-york-times</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/youtube">youtube</a></p>

2007-10-18T17:39:43+00:002007-10-18T17:39:43+00:00https://simonwillison.net/2007/Oct/18/freedom/#atom-tag

<p><strong><a href="http://www.freedom-to-tinker.com/?p=1215">Radiohead Album Available for Free, But Fileshared Anyway</a></strong></p> “Why are some people getting In Rainbows from P2P rather than the band’s site? Probably because they find P2P easier to use.” <p>Tags: <a href="https://simonwillison.net/tags/ed-felten">ed-felten</a>, <a href="https://simonwillison.net/tags/filesharing">filesharing</a>, <a href="https://simonwillison.net/tags/inrainbows">inrainbows</a>, <a href="https://simonwillison.net/tags/music">music</a>, <a href="https://simonwillison.net/tags/p2p">p2p</a>, <a href="https://simonwillison.net/tags/radiohead">radiohead</a>, <a href="https://simonwillison.net/tags/usability">usability</a></p>

2007-08-20T15:19:36+00:002007-08-20T15:19:36+00:00https://simonwillison.net/2007/Aug/20/freedom/#atom-tag

<p><strong><a href="http://www.freedom-to-tinker.com/?p=1189">E-Voting Ballots Not Secret; Vendors Don&#x27;t See Problem</a></strong></p> “You know things are bad when questions about a technical matter like security are answered by a public-relations firm.” <p>Tags: <a href="https://simonwillison.net/tags/ed-felten">ed-felten</a>, <a href="https://simonwillison.net/tags/evoting">evoting</a>, <a href="https://simonwillison.net/tags/pr">pr</a>, <a href="https://simonwillison.net/tags/security">security</a></p>

2007-06-29T16:58:11+00:002007-06-29T16:58:11+00:00https://simonwillison.net/2007/Jun/29/freedom/#atom-tag

<blockquote cite="http://www.freedom-to-tinker.com/?p=1174"><p>Once people see that a pretty good phone can be a pretty good mobile computer, they won’t settle for less anymore; and mobile networks will be pried open.</p></blockquote> <p class="cite">&mdash; <a href="http://www.freedom-to-tinker.com/?p=1174">Ed Felten</a></p> <p>Tags: <a href="https://simonwillison.net/tags/ed-felten">ed-felten</a>, <a href="https://simonwillison.net/tags/iphone">iphone</a>, <a href="https://simonwillison.net/tags/mobile">mobile</a></p>

2007-05-11T15:47:59+00:002007-05-11T15:47:59+00:00https://simonwillison.net/2007/May/11/freedom/#atom-tag

<p><strong><a href="http://www.freedom-to-tinker.com/?p=1156">HBO Exec Wants to Rename DRM</a></strong></p> “... until recently nobody had complained that the term ’Digital Rights Management’ was insufficiently Orwellian.” <p>Tags: <a href="https://simonwillison.net/tags/drm">drm</a>, <a href="https://simonwillison.net/tags/ed-felten">ed-felten</a>, <a href="https://simonwillison.net/tags/hbo">hbo</a>, <a href="https://simonwillison.net/tags/orwellian">orwellian</a></p>