موكسي مارلين‌سپايك

(تم التحويل من Moxie Marlinspike)
موكسي مارلين‌سپايك
Moxie Marlinspike in 2022 02.jpg
مارلين‌سپايك عام 2022.
وُلِدَأوائل الثمانينيات [1]
جورجيا، الولايات المتحدة
عـُرِف بـ
السيرة العلمية
المجالات

موكسي مارلين‌سپايك (Moxie Marlinspike)، هو رائد أعمال، عالم تعمية وباحث أمريكي في علم الحاسوب.[1][2] مارلين‌سپايك هو صانع تطبيق سيگنال، مؤسس مشاركة لمؤسسة سيگنال تكنولوجي، وكان أول رئيس تنفيذي لشركة سيگنال ماسنجر. وهو أيضاً مؤلف مشارك لپروتوكول تعمية سيگنال المستخدم في سيگنال، واتس‌آپ،[3] گوگل مسدجز،[4] فيسبوك ماسنجر،[5] وسكايپ.[6]

موكسي مارلين‌سپايك هو الرئيس السابق لفريق الأمن في تويتر[7] ومؤلف نظام بديل مقترح لمصادقة SSL يسمى Convergence.[8] كان يدير سابقاً خدمة اختراق الوصول المحمي للشبكات اللاسلكية (WPA) القائمة على الحوسبة السحابية[9] وخدمة إخفاء الهوية المستهدفة المسماة گوگ‌شيرنگ GoogleSharing.[10]

مسيرته المهنية

Marlinspike began his career working for several technology companies, including enterprise infrastructure software maker BEA Systems Inc.[3][11]

In 2010, Marlinspike was the chief technology officer and co-founder of Whisper Systems,[12] an enterprise mobile security startup company. In May 2010, Whisper Systems launched TextSecure and RedPhone. These were applications that provided end-to-end encrypted SMS messaging and voice calling, respectively. Twitter acquired the company for an undisclosed amount in late 2011.[13] The acquisition was done "primarily so that Mr. Marlinspike could help the then-startup improve its security".[11] During his time as Twitter's head of cybersecurity,[14] the firm made Whisper Systems' apps open source.[15][16]

Marlinspike left Twitter in early 2013 and founded Open Whisper Systems as a collaborative open source project for the continued development of TextSecure and RedPhone.[17][18][19] At the time, Marlinspike and Trevor Perrin started developing the Signal Protocol, an early version of which was first introduced in the TextSecure app in February 2014.[20] In November 2015, Open Whisper Systems unified the TextSecure and RedPhone applications as Signal.[21] Between 2014 and 2016, Marlinspike worked with WhatsApp, Facebook, and Google to integrate the Signal Protocol into their messaging services.[22][23][24]

In 2017, Marlinspike assisted the cryptocurrency company MobileCoin as an early technical advisors alongside fellow former DARPA researcher Todd Huffman.[25][26][27][28][29] MobileCoin was designed to be the in-app payments for Signal and Mixin Messenger.[30]

On February 21, 2018, Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Technology Foundation and its subsidiary, Signal Messenger LLC.[31][1] Marlinspike served as Signal Messenger's first CEO until stepping down on January 10, 2022.[32] In the wake of the United States government group chat leak Marlinspike posted in March 2025 "There are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordinating sensitive military operations. Don't sleep on this opportunity..."[33]

الأبحاث

من القنبلة النووية إلى جوجل: قصة الإنترنت التي لا تعرفها، بدأت في الستينيات بشبكة عسكرية صممها پول باران لتصمد أمام الهجمات النووية، ثم جاء تيم برنرز-لي عام 1989 ليحولها إلى الفضاء الذي نعرفه، بقرار أخلاقي غير مسبوق: جعلها ملكية عامة مفتوحة للجميع. لكنه عاش ليرى كيف تحول حلمه إلى أداة للهيمنة بيد عمالقة التكنولوجيا، فقضى سنواته الأخيرة في معركة شرسة لاستعادة الإنترنت إلى جذوره الثورية: لامركزي، حر، وملك للجميع.

SSL stripping

In a 2009 paper, Marlinspike introduced the concept of SSL stripping, a man-in-the-middle attack in which a network attacker could prevent a web browser from upgrading to an SSL connection in a way that would likely go unnoticed by a user. He also announced the release of a tool, sslstrip, that would automatically perform these types of man-in-the-middle attacks.[34][35] The HTTP Strict Transport Security (HSTS) specification was subsequently developed to combat these attacks.[36]

SSL implementation attacks

Marlinspike has discovered a number of different vulnerabilities in popular SSL implementations. Notably, he published a 2002 paper on exploiting SSL/TLS implementations that did not correctly verify the X.509 v3 "BasicConstraints" extension in public key certificate chains. This allowed anyone with a valid CA-signed certificate for any domain name to create what appeared to be valid CA-signed certificates for any other domain. The vulnerable SSL/TLS implementations included the Microsoft CryptoAPI, making Internet Explorer and all other Windows software that relied on SSL/TLS connections vulnerable to a man-in-the-middle attack. In 2011, the same vulnerability was discovered to have remained in the SSL/TLS implementation on Apple Inc.'s iOS.[37][38] Also notably, Marlinspike presented a 2009 paper in which he introduced the concept of a null-prefix attack on SSL certificates. He revealed that all major SSL implementations failed to properly verify the Common Name value of a certificate, so that they could be tricked into accepting forged certificates by embedding null characters into the CN field.[39][40]

Solutions to the CA problem

In 2011, Marlinspike presented a talk, "SSL And The Future Of Authenticity",[41] at the Black Hat security conference in Las Vegas. He outlined many of the problems with certificate authorities and announced the release of a software project called Convergence to replace them.[42][43] In 2012, Marlinspike and Perrin submitted an Internet Draft for TACK,[44] which is designed to provide SSL certificate pinning and help solve the CA problem, to the Internet Engineering Task Force.[45]

Cracking MS-CHAPv2

In 2012, Marlinspike and David Hulton presented research that makes it possible to reduce the security of MS-CHAPv2 handshakes to a single DES encryption. Hulton built hardware capable of cracking the remaining DES encryption in less than 24 hours, and the two made the hardware available for anyone to use as an Internet service.[46]

جدل تجسس موبيلي السعودية

In 2013, Marlinspike published emails on his blog that he claimed were from Saudi Arabian telecom service Mobily soliciting his help in surveilling their customers, including intercepting communications running through various applications. Marlinspike refused to help, making the emails public instead. Mobily denied the allegations. "We never communicate with hackers", the company said.[47]

السفر

Marlinspike says that when flying within the United States he is unable to print his own boarding pass, is required to have airline ticketing agents make a phone call in order to issue one, and is subjected to secondary screening at TSA security checkpoints.[48]

While entering the U.S. on a flight from the Dominican Republic in 2010, Marlinspike was detained by federal agents for nearly five hours, all his electronic devices were confiscated, and at first agents claimed he would only get them back if he provided his passwords so they could decrypt the data. Marlinspike refused to do this, and the devices were eventually returned, though he noted that he could no longer trust them, saying, "They could have modified the hardware or installed new keyboard firmware."[49]

تكريمات

  • In 2016, Fortune magazine named Marlinspike among its 40 under 40 for being the founder of Open Whisper Systems and "[encrypting] the communications of more than a billion people worldwide".[50] Wired also named him to its "Next List 2016," as one of "25 Geniuses Who Are Creating the Future of Business."[51]
  • In 2017, Marlinspike and Perrin were awarded the Levchin Prize for Real World Cryptography "for the development and wide deployment of the Signal protocol".[52][53]

حياته الشخصية

Originally from the state of Georgia,[3] Marlinspike moved to San Francisco in the late 1990s at age 18.[1][11] The name Moxie Marlinspike is an assumed name partly derived from a childhood nickname.[1][3]

Marlinspike is a sailing enthusiast and master mariner.[3][54] In 2004, he bought a derelict sailboat and, with three friends, refurbished it and sailed around the Bahamas while making a "video zine" about their journey called Hold Fast.[1][3][11] He is also an anarchist,[3] and several of his essays and speeches are published on the website The Anarchist Library, including "An Anarchist Critique of Democracy"[55] and "The Promise of Defeat."[56]

المصادر

  1. ^ أ ب ت ث ج ح Wiener, Anna (19 October 2020). "Taking Back Our Privacy : Moxie Marlinspike, the founder of the end-to-end encrypted messaging service Signal, is "trying to bring normality to the Internet."". The New Yorker. Archived from the original on March 5, 2021. Retrieved 27 October 2020.
  2. ^ Rosenblum, Andrew (26 April 2016). "Moxie Marlinspike Makes Encryption for Everyone". Popular Science. Bonnier Corporation. Retrieved 9 July 2016.
  3. ^ أ ب ت ث ج ح خ Greenberg, Andy (31 July 2016). "Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us". Wired. Condé Nast. Archived from the original on January 25, 2021. Retrieved 31 July 2016.
  4. ^ Amadeo, Ron (2021-06-16). "Google enables end-to-end encryption for Android's default SMS/RCS app". Ars Technica (in الإنجليزية الأمريكية). Retrieved 2022-03-03.
  5. ^ Greenberg, Andy (4 October 2016). "You can finally encrypt Facebook Messenger, so do it". Wired.
  6. ^ Newman, Lily Hay (11 January 2018). "Skype Finally Starts Rolling Out End-to-End Encryption". Wired.
  7. ^ Hern, Alex (17 October 2014). "Twitter's former security head condemns Whisper's privacy flaws". The Guardian. Retrieved 22 January 2015.
  8. ^ Messmer, Ellen (12 October 2011). "The SSL certificate industry can and should be replaced". Network World. IDG. Archived from the original on 1 March 2014. Retrieved 25 September 2016.
  9. ^ "New Cloud-Based Service Steals Wi-fi Passwords". PC World. Archived from the original on 20 April 2012. Retrieved 2013-12-09.
  10. ^ "A Better Way To Hide From Google". Forbes. 2013-11-25. Archived from the original on 12 October 2013. Retrieved 2013-12-09.
  11. ^ أ ب ت ث Yadron, Danny (9 July 2015). "Moxie Marlinspike: The Coder Who Encrypted Your Texts". The Wall Street Journal. Archived from the original on 10 July 2015. Retrieved 27 September 2016.
  12. ^ Mills, Elinor (2011-03-15). "CNet: WhisperCore App Encrypts All Data For Android". News.cnet.com. Retrieved 2013-12-09.
  13. ^ "Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems". Forbes. Retrieved 2013-10-04.
  14. ^ Powers, Shawn M.; Jablonski, Michael (February 2015). The Real Cyber War: The Political Economy of Internet Freedom. University of Illinois Press. p. 198. ISBN 978-0-252-09710-2. JSTOR 10.5406/j.ctt130jtjf.
  15. ^ Chris Aniszczyk (20 December 2011). "The Whispers Are True". The Twitter Developer Blog. Twitter. Archived from the original on 24 October 2014. Retrieved 22 January 2015.
  16. ^ "RedPhone is now Open Source!". Whisper Systems. 18 July 2012. Archived from the original on 31 July 2012. Retrieved 22 January 2015.
  17. ^ Yadron, Danny (10 July 2015). "What Moxie Marlinspike Did at Twitter". Digits. The Wall Street Journal. Archived from the original on 18 March 2016. Retrieved 27 September 2016.
  18. ^ Andy Greenberg (29 July 2014). "Your iPhone Can Finally Make Free, Encrypted Calls". Wired. Retrieved 18 January 2015.
  19. ^ "A New Home". Open Whisper Systems. 21 January 2013. Retrieved 11 July 2015.
  20. ^ Donohue, Brian (24 February 2014). "TextSecure Sheds SMS in Latest Version". Threatpost. Retrieved 14 July 2016.
  21. ^ Greenberg, Andy (2 November 2015). "Signal, the Snowden-Approved Crypto App, Comes to Android". Wired. Condé Nast. Retrieved 24 November 2015.
  22. ^ Metz, Cade (5 April 2016). "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired. Condé Nast. Retrieved 2 August 2016.
  23. ^ Greenberg, Andy (8 July 2016). "'Secret Conversations:' End-to-End Encryption Comes to Facebook Messenger". Wired. Condé Nast. Retrieved 24 September 2016.
  24. ^ Greenberg, Andy (18 May 2016). "With Allo and Duo, Google Finally Encrypts Conversations End-to-End". Wired. Condé Nast. Retrieved 24 September 2016.
  25. ^ Loizos, Connie (August 18, 2021). "MobileCoin closes on $66 million in equity in Series B round". TechCrunch (in الإنجليزية الأمريكية). Retrieved 2021-12-01.
  26. ^ Newman, Lily Hay (15 December 2017). "The Creator of Signal Has a Plan to Fix Cryptocurrency". Wired. Retrieved 7 April 2021.
  27. ^ Goldbard, Joshua (8 April 2021). "Comment". Reddit. Retrieved 16 December 2021. Moxie is not and has never been an employee, he's not an officer, he's not on the board of directors, he isn't a person who has worked day to day on the project, he gave us advice, which we are very thankful for because it was helpful to figure out what to build, but Moxie didn't write a single line of code in MobileCoin.
  28. ^ "MobileCoin Whitepaper" (PDF). MobileCoin. Retrieved 14 February 2025.
  29. ^ Wise, Aaron (2023-02-15). "MobileCoin: The project that doomed FTX a year before Terra Luna". Protos (in الإنجليزية الأمريكية). Retrieved 2025-08-15.
  30. ^ Mixin [@Mixin_Network] (18 Jan 2021). "Mixin Network supports the 33rd public chain @mobilecoin, $MOB, that focuses on Building Secure Payment Systems for Mobile. We'r the 1st project connected its Layer2 network, and also contribute codes for Node in Golang. Deposit & withdrawal are available on @MixinMessenger" (Tweet) (in الإنجليزية). Archived from the original on 3 May 2021. Retrieved 12 April 2021 – via Twitter. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  31. ^ Marlinspike, Moxie; Acton, Brian (21 February 2018). "Signal Foundation". Signal.org. Retrieved 21 February 2018.
  32. ^ Marlinspike, Moxie (10 January 2022). "New year, new CEO". signal.org. Signal Messenger. Retrieved 10 January 2022.
  33. ^ Plunkett, John (2025-03-27). "The founder of Signal just threw epic shade at JD Vance and it's nothing short of magnificent". Retrieved 2025-04-01.
  34. ^ Greenberg, Andy (18 February 2009). "Breaking Your Browser's Padlock". Forbes. Archived from the original on 27 February 2014.
  35. ^ Higgins, Kelly Jackson (2009-02-24). "SSLStrip Hacking Tool Released". Darkreading.com. Archived from the original on 2013-10-02. Retrieved 2013-12-09.
  36. ^ Bramwell, Phil (2018). Hands-On Penetration Testing on Windows: Unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis (in الإنجليزية). Packt Publishing. p. 96. ISBN 978-1-78829-509-3.
  37. ^ Apple iOS Bug Worse Than Advertised/
  38. ^ "iPhone data interception tool released". Scmagazine.com.au. 2011-07-27. Archived from the original on 2013-12-14. Retrieved 2013-12-09.
  39. ^ Zetter, Kim (2009-07-30). "Vulnerabilities Allow Attackers To Impersonate Any Website". Wired.com. Retrieved 2013-12-09.
  40. ^ Goodin, Dan (2009-07-30). "Wildcard certificate spoofs web authentication". Theregister.co.uk. Retrieved 2013-12-09.
  41. ^ "SSL And The Future Of Authenticity". Youtube.com. 2011-08-18. Archived from the original on 2021-12-21. Retrieved 2013-12-09.
  42. ^ "New SSL Alternative". Informationweek.com. Archived from the original on 2011-10-01. Retrieved 2013-12-09.
  43. ^ "Future of SSL in doubt?". Infosecurity-magazine.com. 2011-08-09. Retrieved 2013-12-09.
  44. ^ "Trust Assertions For Certificate Keys". Tack.io. Retrieved 2013-12-09.
  45. ^ Goodin, Dan (2012-05-23). "SSL fix flags forged certificates". Arstechnica.com. Retrieved 2013-12-09.
  46. ^ Fisher, Dennis (2012-07-30). "New Tool From Moxie Marlinspike Cracks Some Crypto Passwords". Threatpost. Archived from the original on 2012-08-19.
  47. ^ Smith, Matt (15 May 2013). "Saudi's Mobily denies asking for help to spy on customers". Reuters. Retrieved 21 February 2018.
  48. ^ Mills, Elinor (2010-11-18). "Security researcher: I keep getting detained by feds". CNET. Retrieved 2019-06-19.
  49. ^ Zetter, Kim (2010-11-18). "Another Hacker's Laptop, Cellphones Searched At Border". Wired.com. Retrieved 2024-11-08.
  50. ^ "Moxie Marlinspike - 40 under 40". Fortune. Time Inc. 2016. Archived from the original on August 18, 2017. Retrieved 22 September 2016.
  51. ^ WIRED Staff (2016-04-26). "25 Geniuses Who Are Creating the Future of Business". Wired. ISSN 1059-1028. Retrieved 2020-03-19.
  52. ^ "The Levchin Prize for Real World Cryptography". RealWorldCrypto.
  53. ^ Levchin, Max (4 January 2017). "2017 Levchin Prize for Real World Cryptography". Yahoo! Finance. Retrieved 7 February 2018.
  54. ^ "Moxie Marlinspike >> About". Retrieved 2022-11-22.
  55. ^ Marlinspike, Moxie; Hart, Windy (2012-06-21). "An Anarchist Critique of Democracy". The Anarchist Library. Retrieved 2022-11-22.
  56. ^ Marlinspike, Moxie (2020-08-04). "The Promise of Defeat". The Anarchist Library. Retrieved 2022-11-22.

وصلات خارجية

  • No URL found. Please specify a URL here or add one to Wikidata.
?
تمّ الاسترجاع من "https://www.marefa.org/w/index.php?title=موكسي_مارلين‌سپايك&oldid=4227023"