Admin: Created page with "{{Infobox scientist | name = Moxie Marlinspike | image = Moxie Marlinspike.jpg | image_size = | alt = | caption = Marlinspike in 2013 | birth_date = <!- --> | birth_pl..."

2019-06-17T05:23:07Z

Created page with "{{Infobox scientist | name = Moxie Marlinspike | image = Moxie Marlinspike.jpg | image_size = | alt = | caption = Marlinspike in 2013 | birth_date = <!- --> | birth_pl..."

New page

{{Infobox scientist
| name = Moxie Marlinspike
| image = Moxie Marlinspike.jpg
| image_size =
| alt =
| caption = Marlinspike in 2013
| birth_date = <!- -->
| birth_place =
| other_names =
| death_date =
| death_place =
| residence =
| citizenship =
| nationality = American
| fields = [[Computer security]],<br />[[Software architect]]ure
| workplaces =
| patrons =
| alma_mater =
| thesis_title =
| thesis_url =
| thesis_year =
| doctoral_advisor =
| academic_advisors =
| doctoral_students =
| notable_students =
| known_for = [[Open Whisper Systems]] (founder),) is an American [[computer security]] researcher and [[cypherpunk]]. His research has focused primarily on techniques for intercepting communication, as well as methods for strengthening communication infrastructure against interception. Marlinspike is the former head of the security team at [[Twitter]] co-author of the [[Signal Protocol]], and a fellow at the Institute for Disruptive Studies. Marlinspike moved to [[San Francisco]] in the late 1990s. In 2004, Marlinspike bought a derelict sailboat and, along with three friends, refurbished it and sailed around the [[The Bahamas|Bahamas]] while making a documentary about their journey called ''Hold Fast''. the firm made Whisper Systems' apps [[Open-source software|open source]].

Marlinspike left Twitter in early 2013 and founded [[Open Whisper Systems]] as a collaborative open source project for the continued development of TextSecure and RedPhone. At the time, Marlinspike and Trevor Perrin started developing the [[Signal Protocol]], an early version of which was first introduced in the TextSecure app in February 2014. In November 2015, Open Whisper Systems unified the TextSecure and RedPhone applications as [[Signal (software)|Signal]]. Between 2014 and 2016, Marlinspike worked with [[WhatsApp]], [[Facebook]], and [[Google]] to integrate the Signal Protocol into their messaging services.

==Notable research==

===SSL stripping===
In a 2009 paper, Marlinspike introduced the concept of [[Secure Sockets Layer|SSL]] stripping, a [[man-in-the-middle attack]] in which a network attacker could prevent a [[web browser]] from upgrading to an SSL connection in a subtle way that would likely go unnoticed by a user. He also announced the release of a tool, <code>sslstrip</code>, which would automatically perform these types of man-in-the-middle attacks. The [[HTTP Strict Transport Security]] (HSTS) specification was subsequently developed to combat these attacks.

===SSL implementation attacks===
Marlinspike has discovered a number of different [[Vulnerability (computing)|vulnerabilities]] in popular SSL implementations. Notably, Marlinspike published a 2002 paper on exploiting [[SSL/TLS]] implementations that did not correctly verify the [[X.509 | X.509 v3]] "BasicConstraints" extension in [[public key certificate]] chains. This allowed anyone with a valid CA-signed certificate for any [[domain name]] to create what appeared to be valid CA-signed certificates for any other domain. The vulnerable SSL/TLS implementations included the [[Microsoft CryptoAPI]], making [[Internet Explorer]] and all other Windows software that relied on SSL/TLS connections vulnerable to a man-in-the-middle attack. In 2011, the same vulnerability was discovered to have remained present in the SSL/TLS implementation on [[Apple Inc.]]'s [[iOS]]. Also notably, Marlinspike presented a 2009 paper, where he introduced the concept of a null-prefix attack on SSL certificates. He revealed that all major SSL implementations failed to properly verify the Common Name value of a certificate, such that they could be tricked into accepting forged certificates by embedding [[null character]]s into the CN field.

===Solutions to the CA problem===
In 2011, Marlinspike presented a talk titled ''SSL And The Future Of Authenticity'' at the [[Black Hat Briefings|Black Hat]] security conference in Las Vegas. He outlined many of the current problems with [[certificate authorities]], and announced the release of a software project called [[Convergence (SSL)|Convergence]] to replace Certificate Authorities. In 2012, Marlinspike and Trevor Perrin submitted an Internet Draft for [[TACK]], which is designed to provide SSL [[certificate pinning]] and help solve the CA problem, to the IETF.

===Cracking MS-CHAPv2===
In 2012, Marlinspike and [[David Hulton]] presented research that makes it possible to reduce the security of [[MS-CHAPv2]] handshakes to a single [[Data Encryption Standard|DES encryption]]. Hulton built hardware capable of cracking the remaining DES encryption in less than 24 hours, and the two made the hardware available for anyone to use as an Internet service.

== Traveling ==

Marlinspike says that when flying within the United States he is unable to print his own [[boarding pass]], is required to have airline ticketing agents make a phone call in order to issue one, and is subjected to [[Secondary Security Screening Selection|secondary screening]] at [[Transportation Security Administration|TSA]] security checkpoints.

While entering the United States via a flight from the Dominican Republic in 2010, Marlinspike was detained for five hours; federal agents requested his passwords, and all his electronic devices were confiscated and then returned.

==Speaking engagements==

* [[DEF CON]] 17: "More Tricks for Defeating SSL"
* In 2016, [[Fortune (magazine)|''Fortune'' magazine]] named Marlinspike among its [[40 under 40 (Fortune magazine)|40 under 40]] for being the founder of Open Whisper Systems and "[encrypting] the communications of more than a billion people worldwide".
* In 2017, Moxie Marlinspike along with Trevor Perrin were awarded the Levchin Prize for Real World Cryptography "for the development and wide deployment of the Signal protocol".

==Source==

[http://wikipedia.org/ http://wikipedia.org/]
[[Category:People of the industry]]
[[Category:Security]]
==See Also on BitcoinWiki==
* [[Graft]]
* [[BlockCDN]]
* [[ETCWin]]
* [[Bubbletone]]
* [[E-veksel]]

Moxie Marlinspike - Revision history

Admin: Created page with "{{Infobox scientist | name = Moxie Marlinspike | image = Moxie Marlinspike.jpg | image_size = | alt = | caption = Marlinspike in 2013 | birth_date = <!- --> | birth_pl..."