Sending Episode Feedback
We normally remind our podcast listeners that feedback about our episodes, which we value highly, can be sent by visiting the page: grc.com/feedback
. But amid all the news and content of this very special episode, I don't think that was said. So please accept this reminder in the event that you wish to . . .
feed back. Thanks!
Resource links for Security Now! Episode #177:
Breaking SSL, PDP-8's
Bob Armstrong's PDP-8 Single Board Computer & optional Front Panel
THIS WILL BE THE LAST CHANCE EVER
to obtain various kits to build a working PDP-8 computer
— with optional fully functional front panel — and own a piece of history forever. If this is not your sort of thing, but you know someone who might be interested, please let them know
. I would hate to have anyone miss out on this last chance to create one of these lovely systems:
Photo of the first run of FP6120 front panels
for the SBC6120 single-board computer.
The SBC6120 single-board computer kits are made possible not only thanks to Bob Armstrong's peerless design work, but also by the extremely limited availability of the long-since-discontinued Harris HD6120 PDP-8 on-a-chip.
Some PDP-8 references and resources:
PLEASE NOTE the following important details:
EEStor and UltraCapacitors
- The EEStor Patent #7,466,536
This is a PDF (http://www.pat2pdf.org/patents/pat7466536.pdf) of the complete EEStor patent, granted on December 16, 2008 which provides a detailed description of the construction and composition of their "EESU" Electrical Energy Storage Units.
- The Tesla Roadster Battery System (A conventional high-performance Li-ion solution.)
This PDF file (http://www.teslamotors.com/display_data/TeslaRoadsterBatterySystem.pdf) provides details about the design of the Tesla Roadster's lithium-ion (Li-ion) battery pack, also known as the ESS, or Energy Storage System.
- A nice intro article on the gas2.0 alternative energy site
Here's a locally sourced PDF of their article if the original link dies.
- Wikipedia has a terrific comprehensive article about the EEStor EESU
- An earlier EEStor Patent #7,033,406
This earlier patent, granted on April 25th, 2006, shows the progress in materials selection and development made over the course of several years.
- Georgia Tech Research News / April 26, 2007
EEStor is not the only group looking into using barium titanate nanoparticles as a capacitor's dielectric. This Georgia Tech article discusses it, and BASF has a pending patent covering their own process.
- Wikipedia on "Permittivity"
The EEStor patent describes their process of aligning the barium titanate dielectric's field — under the influence of 4,000 volts — to dramatically increase the dielectric's electric field permittivity, and thus the effective energy storage capacitance of the EEStor ultracapacitor.
- And finally . . . This Pure Energy Systems Wiki page has a large number of additional interesting links about EEStor and their EESU.
Breaking SSL by Spoofing a Certificate Authority
Tricking your browser into believing a FAKE SSL server certificate:
How to browse Windows' built-in root certificates
After recording this week's podcast (#177) I found a better way for users to browse and examine their root certificate store which does not require the use of the awkward user-interface of the Microsoft Management Console system:
- Start up copy of Internet Explorer. (It needs to be IE and not Firefox, Opera, or anything else.)
- Under the Tools menu, choose "Internet Options."
- Select the "Content" tab and click the "Certificates" button.
- Select the "Trusted Root Certification Authorities" tab.
You are now looking at a list of your system's Trusted Root Certificates:
You may find that the "Friendly Name" column provides a more useful and understandable name for the certificates. For example, “COMODO” is much more well known than “AAA Certificate Services”.
Double-click on any certificate listed to display its properties, then click the “Details” tab to view the certificate's properties:
Above, we can see that the Equifax certificate, which has been exploited in the hacker's demonstration, is using the “md5RSA” Signature Algorithm. Fully secure certificates will ONLY be signed using the “sha1RSA” algorithm.