August 2009

Dear Client,

As some of you know, the origins of today’s Internet grew out of a project funded by DARPA to see if stand-alone computing centers and researchers could communicate with each other over a network. Once they established they could, those that were on that network knew one another…literally. There was no problem with establishing identity since it was a close-knit community and there was controlled access. So there was no need to develop methods of verifying identity and establishing credibility.

Fast forward to today’s Internet. Now you visit a website and purchase something. When you pay by credit card, you are giving someone you really don’t know a way to take money from you (legitimately) in exchange for a service or goods of some kind.

Most of us are aware of being in ‘secure mode’ when entering credit card information on a website. If the site has a secure certificate, you know the transaction gets encrypted during transmission to their site. That’s what the secure certificate enables that site to do. What you may not know is this certificate has a second function—prior to granting it, the company that issues them must go through some kind of verification process to ensure the company is who they say they are. That way you know that when you go in your web browser to say, BankofAmerica.com, it really is BankofAmerica.com

Unfortunately a recent bug found enables a clever hacker to obtain a secure certificate in such a way as to fool most web browsers—they think they are at a secure site when in fact they aren’t. The site will display in the browser as https://www.bankofamerica.com/ but may actually be going to https://www.bankofamerica.com.HackersAreUs.com/. This opens the door to spoofing to a whole new level.

Realistically, the only way this will be effective is to have this bogus link in an email. Typing in the link directly in a browser circumvents the bug. And most browser developers will have this fixed shortly. This is just another one of the growing pains this experiment called the Internet is going through. Much smaller than some known bugs that will take much greater efforts to fix.

Most of the garden is now officially fried. We’re still fighting bunnies but the gopher population has pretty much gone away. When it starts to cool off I’m going to redo the raised beds to make them easier to work in and increase the growing area by 2/3 in the same space. This will give the bunnies more to eat and leave some for us.

Best wishes!

Sincerely,

Ben Conner