![]() Kobeissi wants Cryptocat to be something you want to use, not just need to. "I don't think Nadim really knew what he was in for when he started this project, but although it got off to a bumpy start, he's risen to the occasion admirably," said Patterson.īut Kobeissi also knows that it's equally important that Cryptocat be usable and pretty. "We implemented elliptic curve cryptography, (and) a cryptographically secure random number generator in the browser," along with creating a Cryptocat Chrome app to address the code delivery problem. ![]() Now more than a year later, "Cryptocat has significantly advanced the field of browser crypto," he said with obvious pride. Kobeissi faced criticism from the security community for even trying, but he persevered. The biggest problem is that delivery of Javascript code from server to browser could be intercepted and modified by breaking the SSL connection without a user ever knowing they were running malicious code. No libraries or standards existed to handle normal encryption functions in Javascript. Problems like bad browser sandboxing meant that something in one tab could affect a session in a Cryptocat window. Patterson deals with security and cryptography on an architectural level in her research, and has reviewed and commented on Cryptocat. "Browsers are huge, complex, multilayered beasts with lots of moving parts, and every last one of them implements at best some dialect of each of the many standards that a modern browser has to support," said Meredith Patterson, a senior research scientist at Red Lambda. The terrible state of browser security plagued Kobeissi in his work to build Cryptocat. "You have to make it just as easily accessible as Facebook Chat or Google Talk, which is what I'm trying to do with Cryptocat," he said.Įncrypting data to keep it away from prying eyes, be they hackers or nations has proved nearly impossible in the browser, which has relied on one standard to do everything: SSL, which is known to be broken. To get Cryptocat to the hands of Syrians resisting their government, or Canadians resisting being profiled by marketers, Kobeissi had to build a crypto tool in a place where no crypto tool has ever flourished - your browser. law.ĬBP strives to treat all travelers with respect and in a professional manner, while maintaining the focus of our mission to protect all citizens and visitors in the United States. CBP officers are charged with enforcing not only immigration and customs laws, but they enforce over 400 laws for 40 other agencies and have stopped thousands of violators of U.S. Our dual mission is to facilitate travel in the United States while we secure our borders, our people and our visitors from those that would do us harm like terrorists and terrorist weapons, criminals, and contraband. citizens and lawful permanent residents in the country but also wants to ensure the safety of our international travelers who come to visit, study and conduct legitimate business in our country. Customs and Border Protection not only protects U.S. The United States has been and continues to be a welcoming nation. But he's kept his sense of humor about the experience, even joking from the airport on his Twitter account. His SSSS's can mean hours of waiting, and Kobeissi says he has been searched, questioned, had his bags and even his passport taken away and returned later. "I know for certain that it's contributed to other defenders of WikiLeaks and Bradley Manning being harassed, so it's somewhat likely that I could also be targeted." Still, Kobeissi points out that he's never been questioned about WikiLeaks, only about Cryptocat. He mirrored WikiLeaks content and organized a march in support of the organization during the period in late 2010 when WikiLeaks found itself thrown off of Amazon's hosting service and blocked by credit card companies. "During 20 I was a defender of WikiLeaks and the free press in general, and I thought 'Collateral Murder' (the WikiLeaks publication of a controversial helicopter assault video) was a highly significant piece of journalism," he said. Online privacy doesn't have a lot of corporate or governmental fans these days, but Kobeissi has faced controversy before.
0 Comments
Leave a Reply. |