“Nadim Kobeissi”的意思、由来-开放百科全书

Kobeissi was born in Beirut, Lebanon. He studied psychology at the Lebanese American University in Beirut from 2008–2009, and graduated with a double major in political science and philosophy at Concordia University in Montreal in 2013.^[3]

After that he was a PhD student studying applied cryptography at the French Institute for Research in Computer Science and Automation (Inria), in France ^[4] and worked at Microsoft Research in Cambridge, United Kingdom.

Research

Kobeissi is the primary author of Cryptocat. In 2012, he presented Cryptocat at the HOPE hacker conference in New York City.^[5]^[6] During the following year, Kobeissi presented Cryptocat-related talks and research at Google's Internet at Liberty conference,^[7] Beirut's SHARE conference,^[8] the Chaos Computer Club's SIGINT2013 conference,^[9] at RightsCon in Rio de Janeiro,^[10] and at Republika in Rijeka, Croatia.^[11]

Kobeissi is also known for discovering a privacy issue in Windows 8, in which the operating system automatically reported to Microsoft what applications users were installing in an insecure fashion. Kobeissi's research was picked up by Gizmodo^[12] and Microsoft issued a response.^[13] Kobeissi is also a known proponent of browser cryptography^[14] and is a member of the W3C's Web Cryptography Working Group.^[15]

Activism

In 2010, Kobeissi was one of the earliest supporters of the Bradley Manning Support Network.^[16] He organized a march through Montreal in December that year in support of WikiLeaks, ran a WikiLeaks mirror site, and defended WikiLeaks on various Canadian news publications.^[17] During 2011 and 2012, Kobeissi hosted CHOMP.FM, a radio program on Internet activism that ran weekly on Montreal's CKUT-FM radio station. The show included guests from the Electronic Frontier Foundation (EFF), security researcher Bruce Schneier, and journalist Glenn Greenwald.^[18]

In 2013, Kobeissi led an effort known as the Skype Open Letter^[19] which brought together more than forty organizations, including the Electronic Frontier Foundation, Reporters Without Borders, and the Open Technology Institute, calling on Microsoft and Skype to release transparency reports regarding Skype monitoring and surveillance. The effort was successful, and Microsoft released its first transparency report shortly after the letter was published.^[20]

Controversies

Detention and entrapment attempt

Kobeissi was detained and questioned at the U.S. border by the DHS in June 2012 about Cryptocat's censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of Cryptocat.^[21]^[22] Kobeissi was regularly searched and questioned whenever he flew in the U.S. in 2012.^[23]

In 2012, the FBI attempted to entrap Kobeissi using Sabu – an American hacker involved with LulzSec, an offshoot of Anonymous – as an undercover informant.^[24] Kobeissi responded on his blog: "To all young hackers out there – use your talents for research. Never acquiesce to anything illegal with anyone, even if they do it with you."^[25]

Cryptocat vulnerability

In mid-2013, critical vulnerabilities were discovered and fixed in the Cryptocat application suite,^[26]^[27] potentially exposing prior communication via the chat program for over a year. The vulnerability was limited to group chat and did not affect private one-on-one conversations.^[28] The ensuing controversy centered on the technical naïveté of Nadim and others who had worked on the project.^[29] Steve Thomas, the security researcher who discovered the vulnerabilities, blogged criticizing Cryptocat as "run by people that don't know crypto, make stupid mistakes, and [does not have] enough eyes [that] are looking at their code to find the bugs."^[27]^[30] However, this comment was removed in more recent versions of Thomas's blog post.

Meanwhile, other security blogs and news sites called the vulnerability a "responsible disclosure" and praised Cryptocat's transparency regarding vulnerabilities and Kobeissi's warnings regarding the experimental nature of the project.^[31]^[32] Adam Caudill, an independent security researcher noted that "[Cryptocat developers] didn't understand the data they were working with. [...] anyone [could] crack the keys in a frighteningly short amount of time."^[33] However, Caudill later also stated that even in light of the controversy, "Cryptocat still achieves its basic goal."^[34]

Kobeissi himself had been vocal in the past about other services using encryption. In a Forbes online article investigating the security of encrypted storage service MEGA, Kobeissi, who voiced concern along with other security researchers, noted: "It's a nice website, but when it comes to cryptography they seem to have no experience".^[35] This made Cryptocat's own vulnerabilities a more high-profile discussion among security researchers. Nevertheless, MEGA eventually adopted Kobeissi's critique and implemented the suggested changes to their cryptographic code delivery methods.^[36]

Peerio backdoor claims

In January 2016 Kobeissi tweeted his reasons for leaving Peerio, a cloud-based encrypted communications company he co-founded. These centred around potential plans to sell backdoored versions of the Peerio software to certain clients. Peerio soon denied the claims on their own blog.^[37]

See also

References

1. ^{{cite web|url=http://www.webbyawards.com/webbys/current_honorees.php?media_id=96&category_id=743&season=16|title=16th Annual Webby Awards Official Honorees|publisher=}}
2. ^{{cite web|url=http://newint.org/blog/2013/06/21/prism-surveillance-nsa-software/|title=How to fight PRISM|date=21 June 2013|publisher=}}
3. ^Resumé, nadim.cc. Retrieved 12 May 2012.
4. ^{{cite web|url=https://nadim.computer/|title=Nadim Kobeissi|website=nadim.computer}}
5. ^{{cite web|url=http://www.hopenumbernine.net/schedule/#whybrowser|title=Schedule - HOPE Number 9|website=www.hopenumbernine.net}}
6. ^{{cite web|url=https://www.youtube.com/watch?v=r95Apc5riyE|title=Nadim Kobeissi HOPE 9 Why Browser Cryptography Is Bad & How We Can Make It Great|first=|last=TheEthanwashere|date=1 October 2012|publisher=|via=YouTube}}
7. ^{{cite web|url=http://netizenproject.org/2012/06/10/cryptocat-and-internet-freedom-innovation/|title=Page not found – Netizen Project|publisher=}}
8. ^{{cite web|url=http://www.shareconference.net/en/talk/cryptocat-nadim-kobeissi|title=Cryptocat - Nadim Kobeissi - SHARE Foundation|first=Fermicoding Internet Engineering,|last=www.fermicoding.com|website=www.shareconference.net}}
9. ^{{cite web|url=http://sigint.ccc.de/schedule/speakers/3812.html|title=Cryptocat: The Social and Technical Challenges of Making Crypto Accessible to Everyone|publisher=}}
10. ^{{cite web|url=https://blog.crypto.cat/2012/06/a-cryptocat-spring/|title=A Cryptocat Spring|publisher=}}
11. ^http://www.republika.io/en/performer/103?width=560&height=80%2525&iframe=true Nadim Kobeissi: Cryptocat
12. ^{{cite web|url=https://gizmodo.com/5937649/windows-8-tells-microsoft-about-everything-you-install-not-very-securely|title=Windows 8 Tells Microsoft About Everything You Install, Not Very Securely|first=Nadim|last=Kobeissi|publisher=}}
13. ^{{cite web|url=http://bgr.com/2012/08/24/windows-8-privacy-microsoft-smartscreen/|title=Windows 8 sends Microsoft information about every program you install [updated]|first=Dan|last=Graziano|date=24 August 2012|publisher=}}
14. ^{{cite web|url=http://blog.nadim.computer/post/84140092153/thoughts-on-critiques-of-javascript-cryptography|title=Thoughts on Critiques of JavaScript Cryptography|publisher=}}
15. ^{{cite web|url=https://www.w3.org/2000/09/dbwg/details?group=54174&public=1&order=org|title=Participants in the Web Cryptography Working Group - DBWG, the Working Groups Database|website=www.w3.org}}
16. ^Nicks, Denver (2012). Private: Bradley Manning, WikiLeaks, and the Biggest Exposure of Official Secrets in American History. Chicago Review Press, p. 223.
17. ^{{cite web|url=http://www.cbc.ca/news/canada/montreal/story/2010/12/08/wikileaks-mirror-site-in-montreal.html|title=Montreal student hosts mirror WikiLeaks site|publisher=}}
18. ^For the march, see Shingler, Benjamin (18 December 2010). "Demonstrators march to support WikiLeaks in Montreal", The Canadian Press.*For the mirror site, see {{cite news | title=Montreal student hosts mirror WikiLeaks site | url=http://www.cbc.ca/news/canada/montreal/story/2010/12/08/wikileaks-mirror-site-in-montreal.html | newspaper=CBC News |date=8 December 2012}}*{{cite news | first=Jason | last=Magder | title=Proposed changes to copyright law go too far, protesters say | url=https://montrealgazette.com/business/Proposed+changes+copyright+protesters/6137394/story.html | newspaper=Montréal Gazette |date=11 February 2012}}
19. ^{{cite web|url=http://www.skypeopenletter.com/|title=PHEENIX::SELL|first=|last=Pheenix|website=www.skypeopenletter.com}}
20. ^{{cite web|url=https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal|title=It's Time for Transparency Reports to Become the New Normal|date=29 January 2013|publisher=}}
21. ^{{cite web|url=https://www.forbes.com/sites/jonmatonis/2012/06/07/detaining-developer-at-us-border-increases-cryptocat-popularity|title=Detaining Developer At US Border Increases Cryptocat Popularity|first=Jon|last=Matonis|publisher=}}
22. ^{{cite web|url=http://www.itbusiness.ca/it/client/en/home/News.asp?id=67866|title=Developer’s detention spikes interest in Montreal’s Cryptocat|publisher=}}
23. ^{{cite web|url=https://www.wired.com/threatlevel/2012/07/crypto-cat-encryption-for-all/|title=This Cute Chat Site Could Save Your Life and Help Overthrow Your Government|publisher=}}
24. ^{{cite news | first=Somini | last=Sengupta | title=A Hacker Charms and Disappoints | url=http://bits.blogs.nytimes.com/2012/03/12/a-hacker-charms-and-disappoints/ | newspaper=The New York Times |date=12 March 2012}}
25. ^{{Cite web | first=Nadim | last=Kobeissi | title=On Sabu and FBI Entrapment | url=http://log.nadim.cc/?p=65 | publisher=nadim.cc | date=12 March 2012 | deadurl=yes | archiveurl=https://web.archive.org/web/20120618010832/http://log.nadim.cc/?p=65 | archivedate=18 June 2012 | df= }}
26. ^{{Cite web| title=DecryptoCat | url=http://tobtu.com/decryptocat.php}}
27. ^¹{{cite web|url=http://tobtu.com/decryptocat-old.php|title=DecryptoCat - TobTu|website=tobtu.com}}
28. ^{{cite web|url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details|publisher=|deadurl=yes|archiveurl=https://web.archive.org/web/20130705051050/https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|archivedate=2013-07-05|df=}}
29. ^{{cite news | title=Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap | url=https://arstechnica.com/security/2013/07/bad-kitty-rooky-mistake-in-cryptocat-chat-app-makes-cracking-a-snap/ }}
30. ^{{cite web|url=https://www.theregister.co.uk/2013/07/04/cryptocat_wide_open_new_version_a_must/|title=Cryptocat WIDE OPEN, new version a must|first=Richard Chirgwin 4 Jul 2013 at 22:27|last=tweet_btn()|publisher=}}
31. ^{{cite web|url=https://nakedsecurity.sophos.com/2013/07/06/cryptocat-encrypted-group-chats-may-have-been-crackable-for-7-months/|title=Cryptocat ‘encrypted’ group chats may have been crackable for 7 months|first=Dubstepcat|last=Says|date=5 July 2013|publisher=}}
32. ^{{cite web|url=http://www.staysmartonline.gov.au/alert_service/alerts/_popular_encrypted_chat_service_cryptocat_contained_a_vulnerability_for_7_months|title=Popular "encrypted chat" service Cryptocat contained a vulnerability for 7 months|first=Stay Smart|last=Online|date=18 July 2013|website=www.staysmartonline.gov.au}}
33. ^{{cite web|url=https://adamcaudill.com/2013/07/04/do-one-thing-right/|title=Do one thing right…|first=Adam|last=Caudill|date=4 July 2013|publisher=}}
34. ^{{cite web|url=https://adamcaudill.com/2013/07/16/cryptocat-what-is-the-measure/|title=Cryptocat: What is the measure…|first=Adam|last=Caudill|date=16 July 2013|publisher=}}
35. ^{{cite web|url=https://www.forbes.com/sites/andygreenberg/2013/01/21/researchers-warn-megas-new-encrypted-cloud-cant-keep-its-megasecurity-promises/|title=Researchers Warn: Mega's New Encrypted Cloud Doesn't Keep Its Megasecurity Promises|first=Andy|last=Greenberg|publisher=}}
36. ^https://twitter.com/kaepora/status/359684121221537792
37. ^{{cite web|last1=Grauer|first1=Yael|title=Peerio Co-Founder On Why He Left The Company (Hint: It Had To Do With Admin Backdoors)|url=https://www.forbes.com/sites/ygrauer/2016/01/25/peerio-co-founder-on-why-he-left-the-company-hint-it-had-to-do-with-admin-backdoors/|website=Forbes.com|publisher=Forbes|accessdate=9 February 2016}}

Early life and education