Imagine leaving your house keys sticking out your front door...and not noticing it for a year and a half. Experts at Google discovered and have now fixed a dangerous security flaw that might have allowed bad guys to steal the private information of customers for 18 months. It involved the theft of what are called security certificates from a Turkish company authorized to give them out. Marketplace Tech regular Chester Wisniewski at the online security firm Sophos says it's like the embossed stamp used by a notary public.
"The notary out there is authorized to confirm people's identity and kind of issue them a digital passport," says Wisniewski. "So when someone is able to steal the notary stamp and start running around the Internet issuing anybody a passport that wants one, this is kind of a big problem for our security."
A fake internet certificate could be used to trick you into thinking you are typing your passwords and other data into Google or other official webpages, when in fact the info is handed over to an invisible middleman. 1,400 outfits around the world issue these certificates, in this case one in Turkey. But this isn't the first time certificates got into the wrong hands, and a question for all internet users is whether its time to rein in the process. Why not just have a handful of these notaries -- five or something -- and police them very carefully. Except for the red tape.
"The problem is if you're the U.S. government, you're not going to allow one of the five to be the North Korean government, for sure," says Wisniewski. "And if you're the North Koreans, you're never going to accept that one of the companies of the five is the Department of Homeland Security. And because it's political it's just never gonna happen."
It's not clear who was using the bogus certificates discovered by Google and what, if any, harm was done.
These short January days mean it is what season? Skiing, you say? How about electronics. An annual circus of gizmos gets under way in Las Vegas this week. The Consumer Electronics Show (or as it is now called International CES) is a festival of both hype and innovation that boasts companies of all sizes -- even if Apple and Microsoft are staying away. We'll be checking on some of the event's biggest and brightest ideas.
Today let's meet a small but honored fish jumping back into CES's big pond. The product is Cublets: Lego-like bricks full of sensors that snap together into little robots. Last year the Colorado-based startup had little more than T-shirts and a few prototypes, and they still won a best-of-show award. This year, they're ramping up.
"Now we've got five of us and banners and demonstrations and videos playing," says Eric Schweikardt, CEO of Modular Robotics, which makes Cublets. He's looking for more exposure at CES, despite the ocean of companies also vying for attention. And Shweikardt also wants show that last year's investments have brought his company to a new level.
"CES is a funny place," says Schweikardt. "Millions of square feet of new iPad cases and Android devices and the next little gadget. So we're sort of from outer space at CES. We have a different way of thinking about the world. Last time at CES we were just a couple of kids with a prototype construction kit and big dreams. Now we're back with fancy packaging, so this is kind of our debut to show ourselves to the world. "
We'll be checking in with Eric, as well as Marketplace's tech reporter Queena Kim at the Consumer Electronic Show this week.
“I think the best compliment I can give is not to say how much your programs have taught me (a ton), but how much Marketplace has motivated me to go out and teach myself.” – Michael in Arlington, VABEFORE YOU GO