Wipe Off Your Chin

In my computer security class we just finished what I thought was one of the most personally useful homework assignments I have ever done.

Using Thawte.com as a Public Certificate Authority, we were assigned to acquire a email certificate for any of our email addresses and perform a secure email interaction with the TA.

This allows for two functions. Using my email I can now sign and encrypt emails. By signing an email, I verify to my recipients that the email is not spoofed and did in fact come from me. That verification occurs when the recipient takes my public certificate that I sent with the email and checks it with Thawte.com (the certificate authority).

Now, if my recipient also has a public certificate, we can now engage in secure communication. We can do this by encrypting (magic hand waving occurs) our emails with the other persons public certificate. Then the owner of the public certificate is the only one who can decrypt the email! (now, it is much more complicated than that, but to the common user, that's all you really need to know).

Now I can perform these two functions easily in Mail with two little buttons that magically appeared once I had acquired my certificate:

Now the only issue I had using a Mac was that Thawte.com seems to be a bit antiquated. The only help they provide for Macs is saying that version 10.3 of the operating system is not compatible with X.509 certificates! Well, I'm running 10.5.2 and it IS compatible with X.509 certificates. Sadly when they ask you what email client you're using, they don't even provide the option for Apple Mail. I searched around on the internet and couldn't find any clear useful information on which option to choose for my download. So finally I chose the Netscape/Mozilla Thunderbird option and Safari downloaded a deliver.exe file and automatically imported the certificate into my keychain. Now the .exe seems strange, but if you look at all of the Thawte.com's web addresses, they all have the same extension of .exe . Looking at the file in TextEdit, it seems to be a plain text file that Safari is programmed to parse and generate a certificate from.

For awhile now I've been strongly against the rampant addition of useless and ridiculous facebook apps. Many on the basis that they produce clutter and generally don't enhance the functionality, IMHO.

I also encountered my first outrage on the subject of privacy protection when Facebook introduced Facebook Beacon (you have to choose to turn this off). You can read about it here. Basically, if one was to be logged into facebook (according to facebook, other reports have shown you don't need to be logged into facebook) and bought a present for your friend, or the anarchist's cookbook, or some intimate apparel from cooperating sites such as Overstock.com or Fandango, that purchase would be heedlessly published on your newsfeed to alert all your friends as to your recently purchased items. Not a nice thing.

Now there's new privacy issues. This time the leak isn't driven directly by Facebook, but that facebook is allowing facebook apps to harvest/mine your personal data. Like superwall? I hope you like it enough to let them build a profile on you. They know your religion, sex and hometown. Why do they need that info? Well, maybe they're selling it.

Read about this issue here and here.

So one of my fellow interns puts it best in his note, so being lazy as I am, I'll just post his words here since the majority of you are not in his network:

So Kyle, Drew, and I decided it was high time for a visit to the Microsoft Company Store today after work. For those of you who don't know, I work in the same building as the executives at Microsoft, and many people speak of seeing some of them in the halls or on the elevator. Upon the three of us approaching the elevator, Drew whispers, "Come on...Bill Gates, Bill Gates, Bill Gates..." and crosses his fingers. Doors open--empty elevator.

As we're descending to the parking garage level (we park directly under the building), we start to talk about the possibility of meeting billg on the elevator and what we would do if we did.

When we get to the basement, I suggest that we look over to see his parking space, since Kyle hadn't seen it before (I don't think). We open the door over to where his car should be, but alas, there's only one older Lexus (at least as 7 years, based on the model) parked in the secluded VIP spots.

As I'm standing there holding the door, I said, "Nope, just somebody's old Lexus." I get the strange feeling that the guys behind me have lost interest and walked away, so I turn around...

...and look Bill Gates straight in the face, not realizing who he was at first. I think I said something like, "Oh, hi." He nodded or said something equally curt back to me. The other guys were standing there not saying anything at all, looking at billg and back at each other. I tried to walk away from the door I was holding, but the lanyard to my keys was looped around the door handle. After an awkward second, billg walked through the door I was holding open with my keys.

Ranks up there with the most surreal moments of my life, as we had just been talking about him, and I turned around and saw him with no warning.

For those of you who may wonder, as quick on my toes as I am, I had absolutely nothing to say at that point. I really wanted to pull a "Remember me?" but that just wasn't happening. He really kinda scared the crap outta me.

...I just wonder what he feels like now that I've referred to his car as an "old Lexus."

-end-

All I have to say is that if we had waited for the next elevator my chant would have had perfect timing... instead it was slightly delayed results.