In 2012, Marlinspike and Perrin submitted an Internet Draft for TACK, which is designed to provide SSL certificate pinning and help solve the CA problem, to the Internet Engineering Task Force.
Marlin spike software#
He outlined many of the problems with certificate authorities and announced the release of a software project called Convergence to replace them. In 2011, Marlinspike presented a talk, "SSL And The Future Of Authenticity", at the Black Hat security conference in Las Vegas. He revealed that all major SSL implementations failed to properly verify the Common Name value of a certificate, so that they could be tricked into accepting forged certificates by embedding null characters into the CN field. Also notably, Marlinspike presented a 2009 paper in which he introduced the concept of a null-prefix attack on SSL certificates. In 2011, the same vulnerability was discovered to have remained in the SSL/TLS implementation on Apple Inc.'s iOS.
Marlin spike windows#
The vulnerable SSL/TLS implementations included the Microsoft CryptoAPI, making Internet Explorer and all other Windows software that relied on SSL/TLS connections vulnerable to a man-in-the-middle attack. This allowed anyone with a valid CA-signed certificate for any domain name to create what appeared to be valid CA-signed certificates for any other domain. Notably, he published a 2002 paper on exploiting SSL/TLS implementations that did not correctly verify the X.509 v3 "BasicConstraints" extension in public key certificate chains. Marlinspike has discovered a number of different vulnerabilities in popular SSL implementations. The HTTP Strict Transport Security (HSTS) specification was subsequently developed to combat these attacks. He also announced the release of a tool, sslstrip, that would automatically perform these types of man-in-the-middle attacks. In a 2009 paper, Marlinspike introduced the concept of SSL stripping, a man-in-the-middle attack in which a network attacker could prevent a web browser from upgrading to an SSL connection in a way that would likely go unnoticed by a user. Marlinspike served as Signal Messenger's first CEO until stepping down on January 10, 2022. On February 21, 2018, Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Technology Foundation and its subsidiary, Signal Messenger LLC. Between 20, Marlinspike worked with WhatsApp, Facebook, and Google to integrate the Signal Protocol into their messaging services. In November 2015, Open Whisper Systems unified the TextSecure and RedPhone applications as Signal. At the time, Marlinspike and Trevor Perrin started developing the Signal Protocol, an early version of which was first introduced in the TextSecure app in February 2014. Marlinspike left Twitter in early 2013 and founded Open Whisper Systems as a collaborative open source project for the continued development of TextSecure and RedPhone. During his time as Twitter's head of cybersecurity, the firm made Whisper Systems' apps open source. Marlinspike could help the then-startup improve its security".
![marlin spike marlin spike](https://images.squarespace-cdn.com/content/v1/55872cd2e4b0eb99d4b00064/1588688376854-498AR9G6O2V1107BZQHJ/ke17ZwdGBToddI8pDm48kNiEM88mrzHRsd1mQ3bxVct7gQa3H78H3Y0txjaiv_0fDoOvxcdMmMKkDsyUqMSsMWxHk725yiiHCCLfrh8O1z4YTzHvnKhyp6Da-NYroOW3ZGjoBKy3azqku80C789l0s0XaMNjCqAzRibjnE_wBlkZ2axuMlPfqFLWy-3Tjp4nKScCHg1XF4aLsQJlo6oYbA/Photo+Jan+09%2C+10+25+06+AM.jpg)
The acquisition was done "primarily so that Mr. Twitter acquired the company for an undisclosed amount in late 2011. These were applications that provided end-to-end encrypted SMS messaging and voice calling, respectively. In May 2010, Whisper Systems launched TextSecure and RedPhone. In 2010, Marlinspike was the chief technology officer and co-founder of Whisper Systems, an enterprise mobile security startup company. In 2004, Marlinspike bought a derelict sailboat and, with three friends, refurbished it and sailed around the Bahamas while making a " video zine" about their journey called Hold Fast. He then worked for several technology companies, including enterprise infrastructure software maker BEA Systems Inc. Originally from the state of Georgia, Marlinspike moved to San Francisco in the late 1990s at the age of 18.