Insights For Success

Strategy, Innovation, Leadership and Security

The start of the end for Symantec cert trust on Google's Chrome

GeneralEdward Kiledjian

A little history

Early 2017, a security researcher (Andrew Ayer from SSLMate) discovered that three certificate authorities (Symantec Trust Network, GeoTrust Inc., and Thawte Inc), owned by Symantec, had improperly issued 108 TLS certificates. It is important to understand that these improperly issued certificates would allow a threat actor to spoof or impersonate a website that was using HTTPS.

9 of these certificates were issued without the knowledge of the domain owners. 99 were issued without proper validation of domain ownership. 

This improper issuance of certificates directly contravenes the strict (prescriptive) guidelines of the CA/Browser Forum and raised the ire of internet giants like Google, Mozilla, and Microsoft. 

These guidelines and controls underpin the entire trust model of the encrypted internet.

There is no way to verify if these certificates were ever used in the wild but we also cannot verify that they were not used. 

You can see the list of certificates here

Chrome to distrust Symantec TLS Certs

https://bugs.chromium.org/p/chromium/issues/detail?id=796230

Very quickly after this second incident was made public, the developers of the Chromium project announced their intention to distrust all Symantec issued TLS certificates. Since Chromium powers Google Chrome, the most popular browser in the world, this was a punishment for Symantec's mismanagement. So started the two-year roadmap to achieve this goal. 

You can read the blog article on the Google Security blog entitled "Chrome’s Plan to Distrust Symantec Certificates".

As you can see above, the process is broken down into 3 distinct phases:

  1. Certificates issued after December 1, 2017, from Symantec's legacy infrastructure will not be trusted
  2. Certificates issued before June 1, 2016, from Symantec's legacy infrastructure will not be trusted
  3. All certificates issued from Symantec's legacy infrastructure will not be trusted.

The first phase is rolling out with Chrome beta version 66 on March 15, 2018. Domain admins still using Symantec certs issued before June 1, 2016, are encouraged to replace them ASAP. 

The full roadmap will come to fruition with Google Chrome beta 70 (due October 16, 2018). 

In an October 2017 Symantec security blog entry, we learned that Digicert will takeover certificate updated as of December 1, 2017. 

Google Chrome to block "bad" ads in February

GeneralEdward Kiledjian

The Sultan of Search, Google, announced in June that it would introduce ad blocking tech in an upcoming version of the Google Chrome browser (and Chromebook). 

We can now confirm that this feature will make it into our browser on February 15 (2018). Chrome 64 will be delivered on January 23 and Chrome 65 on March 6. Either this feature will be part of Chrome 64 and turned on with a remote trigger, or it will be a server-side function. We will have to wait and see how Google implements this feature. 

Google will deliver this functionality simultaneously to desktop and mobile clients.

Why would an advertising company block ads?

To be clear, the blocked will only prevent ads that don't meet the standards set by the Coalition for Better Ads

  • What kinds of ads will get blocked? 
  • Ads that pop-up when you open a website
  • Ads that fill the entire screen
  • Ads that automatically play a video
  • Ads that trick you into clicking on them by pretending to be a close button
  • and many more

A single violation won't move a site into the blocked list. There are thresholds Google will be looking for and a site can come off the "bad" list if it removes the offending ads.

Google probably realized that these ads are forcing users to install aggressive ad blocking add-ons which are having an impact on its revenue. 
 

Link: Google blog post

Review of the Morakniv Garberg outdoor knife

GeneralEdward Kiledjian

What is the best outdoor knife?

Those who know me well know that I love the outdoors and I love knives. If I were stranded on an island and could only bring one home comfort, it would be an outdoor knife. Having many outdoor enthusiast readers, I am regularly asked what knife I like best. 

When I first started studying survival skills, I had the misguided belief that the more expensive your equipment, the better it must be. I quickly learned that this wasn't always the case and sometimes even the most basic tool, used correctly, could be a lifesaver. 

Nowhere is this more true than outdoor (camping or survival knives). I say outdoor because my choice for an everyday carry knife is very different. 

Outdoors you say?

I have been camping for 30+ years and have been interested in wilderness survival and native survival skills for the last five years. I have been fortunate enough to have participated in training camps with some of the industries most recognized names in forests hours from the nearest city. 

While camping or during a survival event, a knife could be the difference between life and death. It can help you catch & process food, build shelter, start a fire and much more. In the wild, I can

  • make a natural "sleeping bag" with logs and leaves
  • make utensils and plates from logs
  • use rocks as cookware on a fire

What I can't make in the wild is a knife. Sure you can use a sharp rock, but that won't allow you to batton firewood or perform any of the hundreds of tasks a real sturdy knife can.

Let's be clear, a knife without training won't save your life. But with decent knowledge, a bit of practice and a good knife, you can save your life even in the most treacherous environment. 

What about a multitool?

I carry a Victorinox Swiss Champ with me every day (EDC). I wouldn't leave home without it. I own and carry various dependable leatherman multitools, but in the wild, I want a knife. A multitool just wouldn't be able to take the abuse of real outdoor survival. You try batoning a log with a multitool and see how long it lasts. 

Aren't all survival knives the same?

The answer is No. Just in case you were confused, the answer is no, no and no. Go to any Walmart, and you will find a dozen knives marked as survival knives. Most are garbage, but unless you are an experienced user, you will undoubtedly be overwhelmed with conflicting marketing messages and the sheer number of possible options.

An excellent outdoor knife will:

  • Be a multi-use item but not a multi-tool. You will have to stay away from the specialized products (e.g., blades with hooks to help gut a catch, a tanto point to stab, etc.)
  • Be durable in the field. You need a tool that is designed to last and won't fail you when you need it most. Remember "that which can fail will fail." This is why I stay away from folding knives when looking for the ideal outdoor knife.
  • Be built for survival and hard use. The ideal knife must be full-tang which means the blade's steel runs into the handle. Some knives have a long thick tang in the handle (typically more expensive), while others use a skinnier metal body in the handle (typically less expensive). 
  • Be budget friendly. The more expensive your knife, the less likely you are to use and abuse it. The knife must be "expensive enough" to be well designed and crafted using quality materials, yet cheap enough that you will use it in the wild (you can't cry every time you baton logs with it). 

What characteristics should I look for?

Blade: My preference is the Scandinavian grind (SG). The SG is a wide flat bevel (V) that wind to the end of the blade. There is no secondary bevel. This produces a knife with excellent cut control. It is slightly more fragile than over edges and can be strengthened with a slight secondary bevel. This is a blade edge that is easy to maintain in the field with a single sharpening stone and sharpening requires less skill [compared to other edges]. 

Length: Blade length is a very personal decision, but I have found 4-6" to be the sweet spot. Too short and the knife's usefulness is greatly diminished. Too long and the blade will be difficult to control and will be on your way when hanging on your belt.

Price: As mentioned earlier, it has to be expensive enough to be well built from quality materials. It shouldn't be too expensive causing you to avoid using it in the field. 

What is the best outdoor knife?

If I had to pick one knife right now that I would want in a survival situation, it would be the Morakniv Garberg MultiMount. Anyone interested in camping or survival has probably heard of MoraKniv. The poster child for Mora knives (Mora is a region in Sweden) is Cody Lundin from the Aboriginal Living Skills School and TV personality.

The Garberg meets all of my requires. It is durable, versatile, easy to maintain in the field and affordable. I have used the cheaper $20 Mora knives in the early days, and most of them are still in my collection today and are regularly used.

The MoraKniv Garberg has a simple but comfortable plastic handle which means you have better control and won't have hand pain after extended use. 

It is a full-tang knife, which means it can withstand the abuse of batoning. You can easily baton 3.5-4inch pieces of wood with ease.

The Morakiv Garberg uses 14C28N stainless steel which does not rust, hold's an edge relatively well and is easy to sharpen in the wild with a stone. Surprise surprise it has a Scandinavian grind. 

The back end of the blade has a 90-degree spine so you can use it with magnesium or a feral rod to start a fire. 

The Garberg comes with a nice sheath that works well for righties or lefties. Mora also included Velcro straps that allow you to easily hang the knife on a free or a backpack (Molle attachment). The blade is made from rust-resistant stainless steel but Mora still included drainage holes in the sheath (a nice touch). 

To make a good knife deal even better, Morakniv offers a lifetime warranty that covers defects. As long as you have maintained the knife according to their guidelines and haven't abused the product, Morakniv will fix or replace the product if you have any issues (this is their Knife for Life guarantee).

The price

This is not a sponsored post so I won't link to any specific retailer but you should be able to buy a Morakniv Garberg Multi-Mount (make sure you pick up the multi-mount version) for $70-$80 USD (~$125CAD). Online retailers, you can check out include:

  • USA: Amazon, KnifeCenter, Cutlery USA, MEC, etc.
  • Canada: Adventure Pro Zone, Canadian Outdoor Equipment, Bushcraft Canada, etc
  • Europe: Bushgear UK, Knives, and Tools, Amazon, etc. 

Make sure you shop around because prices can be $10-30 different per site for the same item.

You sure?

I have tested over 50 knives in the last 3 years and conducted hours of research before choosing this knife. I take this type of review seriously and put in the hours, so you don't have to. As I write this (December 2017) The Morakniv Garber multi-mount is the best deal on an outdoor knife available. The offers the biggest band for the buck and has the least negative characteristics. 

Link to Morakniv

Note: This is not a sponsored review. 

Google Home forced me to switch to Spotify

GeneralEdward Kiledjian


Tech titans Google and Amazon chose Christmas 2017 to battle it out for your love and money. These smart speakers are designed to quickly provide access to each company's ecosystem and make your life easier. At least that is the promise. 

I am heavily invested in the Google ecosystem and have been for over ten years. In addition to using their free services, I pay for Google Music, storage, have an android phone (so I buy apps), etc. 

I signed up for the free Google Apps service in 2007 (predecessor to GSuite) when each domain was given 100 free user accounts. This was a great way to provide essential internet services to my family for my kiledjian.com domain (emails, calendar, etc.)

The Google home

These devices can answer questions about science, history and everything in between. Most buyers use these smart speakers as intelligent modern voice-controlled boomboxes. 

I have owned a Google home almost from its original release date and picked up a Google home mini for my bedroom. 

In addition to making money from the sale of these devices, companies like Amazon and Google hope to lock users into the ecosystem. Except...

The Google Home and Google's account issues forced me to move from Google Music to Spotify.

The music problem GSuite accounts

With an individual music subscription, I can only stream to a single device at a time. I can't listen to music on my smartphone in the gym while my kids listen to music at home. 

I tried to upgrade to a family account, only to be told by a support agent that GSuite accounts are not eligible. So if I wanted to enable on-demand commercial-free music on my multiple devices, I needed to move to Spotify, which I begrudgingly did.

Rant

There have always been irritants when using Gsuite (Google Apps) accounts with some Google services. Until now, all of my issues have been irritants for me, but have not affected Google, which may be why they have never solved this issue. 

This is a situation where their complacency has cost them subscription dollars (steady recurring income). I know that only a small minority of Google's millions of users are affected by this issue, but I receive a constant flow of complaints from my readers about it. 

This is the issue when dealing with giant faceless internet companies like Google. No matter how annoying some of their actions may be, there is nothing you can do as a customer. Your only option is to pick up and spend your money elsewhere. 

Was Google, Apple, Facebook & Microsoft traffic redirected to Russia?

GeneralEdward Kiledjian

TL;DR: Internet traffic to and from major tech companies (Apple, Facebook, Google, Microsoft, Twitch, NTT Communications and Riot Games) were redirected through a Russian provider Wednesday. This appears to have been a deliberate hijack and not an error. 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

BGP is a routing and reachability protocol used on internet backbones around the world. It is what allows carriers to find routing information between each other (in simple terms).

2 BGP monitoring services have reported short changes to the routing of key internet giants, and they do not believe this was a mistake. 

BGPMon recorded two three-minute hijacks affecting roughly 80 address blocks.

One of the interesting things about this incident is the prefixes that were affected are all network prefixes for well known and high traffic internet organizations. The other odd thing is that the Origin AS 39523 (DV-LINK-AS) hasn’t been seen announcing any prefixes for many years (with one exception below), so why does it all of sudden appear and announce prefixes for networks such as Google?
— BGPMon

Qrator Labs recorded a two-hour hijack affecting 40 to 80 address blocks.

Qrator dashboard for the offending AS

As mentioned in the BGPMon release, AS39523 is a Russian organization that has been inactive for years. The last time we saw them, they were involved in another BGP "incident" that involved Google.

Luckily most of the traffic that passes through these providers is encrypted at a level that is believed to be currently unbreakable. The concern is that a state-sponsored attacker could have new decryption algorithms that are not yet publicly known and it does means the traffic "could" have been decrypted (however unlikely it remains a possibility).