vik writes: The whole SSL process has been infiltrated by the NSA, GCSB and other n'er-do-wells. If governments want a man-in-the-middle certificate they simply issue a secret gagging order to the CA to make them issue one. Consequently "certified" SSL certificates can no longer be trusted. Ironically self-issued certificates are more secure, but not easily verified.
However, PGP/GPG keys can be trusted and independently verified. They are as secure as we can get for now. Why not replace the broken SSL CA system with GPG/PGP encryption keys? Make the NSA-infiltrated stuff obsolete, and rely on a real-world web of trust?
vik writes: "As Megaupload's Kim Dotcom's megafarce trial continues, the New Zealand Herald reports that his alleged offence not only falls below the threshold for extradition, but also the warrant may not be properly served. "My understanding as to why they haven't done that is because they can't. We don't believe Megaupload can be served in a criminal matter because it is not located within the jurisdiction of the United States," says Megaupload's lawyer Ira Rothken.
Not surprisingly, Kim Dotcom has a few choice words to say about having his business trashed this way, with 220 jobs lost, and millions left without access to their legitimate data."
vik writes: A sysadmin of my acquaintance recently received a phone call from "Computer Maintenance" purporting to be on behalf of Microsoft, and smelt a rat. The scammers want you to visit supportvirtual.com ( or perhaps curingyourpc.com ) and want remote access to your computer, to install malware, your credit card or both. This is how he tracked Rajat Kumar Jain of JARS services to his lair.