![]() Marlinspike refused to help, making the emails public instead. In 2013, Marlinspike published emails on his blog that he claimed were from Saudi Arabian telecom service Mobily soliciting his help in surveilling their customers, including intercepting communications running through various applications. Hulton built hardware capable of cracking the remaining DES encryption in less than 24 hours, and the two made the hardware available for anyone to use as an Internet service. In 2012, Marlinspike and David Hulton presented research that makes it possible to reduce the security of MS-CHAPv2 handshakes to a single DES encryption. In 2012, Marlinspike and Perrin submitted an Internet Draft for TACK, which is designed to provide SSL certificate pinning and help solve the CA problem, to the Internet Engineering Task Force. He outlined many of the problems with certificate authorities and announced the release of a software project called Convergence to replace them. In 2011, Marlinspike presented a talk, "SSL And The Future Of Authenticity", at the Black Hat security conference in Las Vegas. He revealed that all major SSL implementations failed to properly verify the Common Name value of a certificate, so that they could be tricked into accepting forged certificates by embedding null characters into the CN field. Also notably, Marlinspike presented a 2009 paper in which he introduced the concept of a null-prefix attack on SSL certificates. In 2011, the same vulnerability was discovered to have remained in the SSL/TLS implementation on Apple Inc.'s iOS. The vulnerable SSL/TLS implementations included the Microsoft CryptoAPI, making Internet Explorer and all other Windows software that relied on SSL/TLS connections vulnerable to a man-in-the-middle attack. This allowed anyone with a valid CA-signed certificate for any domain name to create what appeared to be valid CA-signed certificates for any other domain. Notably, he published a 2002 paper on exploiting SSL/TLS implementations that did not correctly verify the X.509 v3 "BasicConstraints" extension in public key certificate chains. Marlinspike has discovered a number of different vulnerabilities in popular SSL implementations. The HTTP Strict Transport Security (HSTS) specification was subsequently developed to combat these attacks. He also announced the release of a tool, sslstrip, that would automatically perform these types of man-in-the-middle attacks. In a 2009 paper, Marlinspike introduced the concept of SSL stripping, a man-in-the-middle attack in which a network attacker could prevent a web browser from upgrading to an SSL connection in a way that would likely go unnoticed by a user. Marlinspike served as Signal Messenger's first CEO until stepping down on January 10, 2022. On February 21, 2018, Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Technology Foundation and its subsidiary, Signal Messenger LLC. Between 20, Marlinspike worked with WhatsApp, Facebook, and Google to integrate the Signal Protocol into their messaging services. In November 2015, Open Whisper Systems unified the TextSecure and RedPhone applications as Signal. At the time, Marlinspike and Trevor Perrin started developing the Signal Protocol, an early version of which was first introduced in the TextSecure app in February 2014. Marlinspike left Twitter in early 2013 and founded Open Whisper Systems as a collaborative open source project for the continued development of TextSecure and RedPhone. During his time as Twitter's head of cybersecurity, the firm made Whisper Systems' apps open source. Marlinspike could help the then-startup improve its security". The acquisition was done "primarily so that Mr. Twitter acquired the company for an undisclosed amount in late 2011. These were applications that provided end-to-end encrypted SMS messaging and voice calling, respectively. In May 2010, Whisper Systems launched TextSecure and RedPhone. In 2010, Marlinspike was the chief technology officer and co-founder of Whisper Systems, an enterprise mobile security startup company. Marlinspike began his career working for several technology companies, including enterprise infrastructure software maker BEA Systems Inc. He previously maintained a cloud-based WPA cracking service and a targeted anonymity service called GoogleSharing. Marlinspike is a former head of the security team at Twitter and the author of a proposed SSL authentication system replacement called Convergence. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |