Messaging Threat models

I talked yesterday at Bornhack about the current state of secure messaging and the different primitives and threats that groups are working to address. The talk is on youtube. The slides are on this site, as are the directions for dogfooding the talek system.

IETF 98

Last week I talked briefly about the state of open internet measurement for network anomalies at IETF 98. This was my first time attending an IETF in-person meeting, and it was very useful in getting a better understanding of how to navigate the standards process, how it’s used by others, and what value can be… Continue reading IETF 98

Another Strike against Domain Fronting

In 2014, Domain Fronting became the newest obfuscation technique for covert, difficult to censor communication. Even today, the Meek Pluggable transport serves ~400GB of Tor traffic each day, at a cost of ~$3000/month. The basic technique is to make an HTTPS connection to the CDN directly, and then once the encryption has begun, make the… Continue reading Another Strike against Domain Fronting

First-party Google Analytics

Third party analytics services are suffering from the growing prevalence of ad blocking, tracking protection, and the trend of minimizing connections and requests. However, from a site owner perspective, receiving usage information remains important for measuring site growth. My expectation is that we are already on the curve where ads and tracking software will be… Continue reading First-party Google Analytics

Watch your PAC

In the last week at Blackhat / Defcon two groups looked deeply at one of the lesser known implementations of network policy called Proxy Autoconfig. (In particular, badWPAD by Maxim and Crippling HTTPS with unholy PAC by Safebreach.) Proxy AutoConfig (PAC) is a mechanism used by many organizations to configure an advanced policy for connecting… Continue reading Watch your PAC