Free Counting from Zero by Alan B. Johnston Page B
Authors: Alan B. Johnston
was similar to the one that happened to his own server. He was still going through the data when Vince stopped by to say that everyone was going home for the day.
As he rode back to the inn, Mick shifted gears mentally, and focused back on Will's strange knowledge of Mick’s work on the web server attack.
Back in his room, Mick turned on his mobile and checked his social network that he had completely neglected since the morning. Everyone was buzzing with comments about some blog article that apparently mentioned him. Mick found the blog on the Internet Security World and read with disbelief:
ISW has just learned that last month’s major web server attack was uncovered by none other than Mick O'Malley, independent security consultant . In a PGP signed email to ISW , O’Malley claimed credit for detecting the attack and writing the patch that was widely distributed a few hours after the attack, and effectively ended the zero day . O'Malley also criticized the open source community for security complacency saying:
"... this should be a wake up call for the entire open source community. They need to do a much better job in the future or it will hurt the image of the entire movement."
O'Malley went on to claim that he has personally found and fixed multiple exploitable bugs in different packages in the past few months, and that frustration has forced him to speak out.
We will be tracking the reaction of the open source community to O'Malley's words, and we will have a complete analysis of the attack in next week's edition.
Mick had to read it a few times before he could believe it.
How could anyone believe I had written such self-serving drivel? And why in hell would I criticize the open source community? Why would ISW lie about receiving a signed email from me?
Lars had spoken to the editor of ISW who had shared the alleged email. Mick again read in disbelief that the signature on the email had validated.
The forged email was signed with my private key!
His private key, which he used to sign his secure email messages was only known to him. To have it stolen from one of his computers was inconceivable!
Fortunately, none of his friends seemed to believe the email was genuine, despite the signature. However, the fact that Mick hadn't weighed in himself seemed to be making them waver a little. He contacted Lars, Liz, and some other friends, confirming that he had sent no such email, nor would he make such derogatory comments.
At first, Mick was really angry with ISW ; why would they publish his email without confirmation? Then, he realized: how would they confirm it with him – call his mobile? His phone number wasn't published anywhere. He did nearly all his business using signed email. What more proof or confirmation would they need than his digital signature generated with his own secret private key – known only to him?
My private key has been compromised.
This realization hit home and made his knees feel weak. His private key – his identity – his ability to secure communications with, well, everyone. Without any further delay, he began a key revocation, canceling the compromised private key and making it unusable by the thief, but also, unfortunately, unusable by Mick as well. Having done that, he began the laborious process of generating new private keys and their associated public keys and getting the public keys signed by his friends and published in various places on the Internet.
He then read the comments to the blog entry, and needless to say they were not at all complimentary towards him. In fact, it was fair to say his reputation with the open source community was pretty well destroyed by this forged mail, although some of his friends had posted in his defense.
It was only a few hours until sunrise when he went to bed.
The next morning he had a scheduled video call with Sam. He didn't really feel like it, and
As he rode back to the inn, Mick shifted gears mentally, and focused back on Will's strange knowledge of Mick’s work on the web server attack.
Back in his room, Mick turned on his mobile and checked his social network that he had completely neglected since the morning. Everyone was buzzing with comments about some blog article that apparently mentioned him. Mick found the blog on the Internet Security World and read with disbelief:
ISW has just learned that last month’s major web server attack was uncovered by none other than Mick O'Malley, independent security consultant . In a PGP signed email to ISW , O’Malley claimed credit for detecting the attack and writing the patch that was widely distributed a few hours after the attack, and effectively ended the zero day . O'Malley also criticized the open source community for security complacency saying:
"... this should be a wake up call for the entire open source community. They need to do a much better job in the future or it will hurt the image of the entire movement."
O'Malley went on to claim that he has personally found and fixed multiple exploitable bugs in different packages in the past few months, and that frustration has forced him to speak out.
We will be tracking the reaction of the open source community to O'Malley's words, and we will have a complete analysis of the attack in next week's edition.
Mick had to read it a few times before he could believe it.
How could anyone believe I had written such self-serving drivel? And why in hell would I criticize the open source community? Why would ISW lie about receiving a signed email from me?
Lars had spoken to the editor of ISW who had shared the alleged email. Mick again read in disbelief that the signature on the email had validated.
The forged email was signed with my private key!
His private key, which he used to sign his secure email messages was only known to him. To have it stolen from one of his computers was inconceivable!
Fortunately, none of his friends seemed to believe the email was genuine, despite the signature. However, the fact that Mick hadn't weighed in himself seemed to be making them waver a little. He contacted Lars, Liz, and some other friends, confirming that he had sent no such email, nor would he make such derogatory comments.
At first, Mick was really angry with ISW ; why would they publish his email without confirmation? Then, he realized: how would they confirm it with him – call his mobile? His phone number wasn't published anywhere. He did nearly all his business using signed email. What more proof or confirmation would they need than his digital signature generated with his own secret private key – known only to him?
My private key has been compromised.
This realization hit home and made his knees feel weak. His private key – his identity – his ability to secure communications with, well, everyone. Without any further delay, he began a key revocation, canceling the compromised private key and making it unusable by the thief, but also, unfortunately, unusable by Mick as well. Having done that, he began the laborious process of generating new private keys and their associated public keys and getting the public keys signed by his friends and published in various places on the Internet.
He then read the comments to the blog entry, and needless to say they were not at all complimentary towards him. In fact, it was fair to say his reputation with the open source community was pretty well destroyed by this forged mail, although some of his friends had posted in his defense.
It was only a few hours until sunrise when he went to bed.
The next morning he had a scheduled video call with Sam. He didn't really feel like it, and
Similar Books
Oblivion
Dean Wesley Smith, Kristine Kathryn Rusch
Lost Without Them
Trista Ann Michaels
The Naked King
Sally MacKenzie
Beautiful Blue World
Suzanne LaFleur
A Magical Christmas
Heather Graham
Acid Dreams: The Complete Social History of LSD
Martin A. Lee, Bruce Shlain
Rosamanti
Noelle Clark
The American Lover
G E Griffin
Scrapyard Ship
Mark Wayne McGinnis