Friday Squid Blogging: More Research Inspired by Squid Skin
Research on color-changing materials:
What do squid and jellyfish skin have in common with human skin? All three have inspired a team of chemists to create materials that change color or texture in response to variations in their surroundings. These materials could be used for encrypting secret messages, creating anti-glare surfaces, or detecting moisture or damage.
They don’t really mean “encrypting”; they mean hiding. But interesting nonetheless.
Jacob • September 9, 2016 4:37 PM
@Clive
A couple of months ago you mentioned that you don’t trust the certificates issued by WoSign.
I also jumped on that bandwagon after reading the scathing report by Mozilla at
https://wiki.mozilla.org/CA:WoSign_Issues#Issue_S:Backdated_SHA-1_Certs.28January_2016.29
Among other issues like certificate back-dating, they also issued more than 300 certs specifying different CN but with the same serial number:
https://crt.sh/?serial=056d1570da645bf6b44c0a7077cc6769&iCAID=1662
Sadly, now Startcom CA also fell under the trust ax. They were a great company and used by many shoestring operations since they provided free Class 1 certs and very effective and cheap unlimited Class 2 certs, but now it has been discovered that WoSign secretly bought them in Nov 2015, and moved the whole operation, still in secret, from Israel to China.
http://www.percya.com/2016/09/wosigns-secret-purchase-of-startcom.html
And an interesting (and very educational) linguistics analysis shows that the new Startcom site is actually written by WoSign:
http://www.percya.com/2016/09/startcom-operated-solely-in-china.html
Some years ago there were some cases whereby a couple of Firefox add-on writers who authored popular extensions were bought out by spam houses and then spam was delivered to unsuspecting users via a subsequent add-on update. Do they now similarly play with user trust via secret CA buyouts?
All the while the latest browsers are dumbing down the warning given to users when encountering a self-signed cert, screaming bloody hell “improprly configured! site will steal your info! not secured! Report this site now!” , instead of the preferred, albeit the anti-big business message “Self-signed cert is detected. The info exchange between you and the web site is still encrypted, but web site ownership information has not been attested by a recognized authority. See more…” , and under the more…: “This is the fingerprint of this site’s certificate xxxxx. To verify authenticity, please compare it to a fingerprint published at a trusted location”.