November/December 2018 issue of acmqueue The November/December issue of acmqueue is out now

Subscribers and ACM Professional members login here


  Download PDF version of this article PDF

Error 526 Ray ID: 49dcfea65d96c5fa • 2019-01-23 20:26:20 UTC

Invalid SSL certificate








What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.


Originally published in Queue vol. 12, no. 5
see this item in the ACM Digital Library



Simson Garfinkel, John M. Abowd, Christian Martindale - Understanding Database Reconstruction Attacks on Public Data
These attacks on statistical databases are no longer a theoretical danger.

Rich Bennett, Craig Callahan, Stacy Jones, Matt Levine, Merrill Miller, Andy Ozment - How to Live in a Post-Meltdown and -Spectre World
Learn from the past to prepare for the next battle.

Arvind Narayanan, Jeremy Clark - Bitcoin's Academic Pedigree
The concept of cryptocurrencies is built from forgotten ideas in research literature.

Geetanjali Sampemane - Internal Access Controls
Trust, but Verify


(newest first)

Terry A. Davis | Sun, 08 Jun 2014 13:18:19 UTC

National Institute of Standards

"First, the Beacon-generated numbers cannot be predicted before they are published. Second, the public, time-bound, and authenticated nature of the Beacon allows a user application to prove to anybody that it used truly random numbers not known before a certain point in time. Third, this proof can be presented offline and at any point in the future."

Terry A. Davis | Sun, 08 Jun 2014 12:55:49 UTC

Doubting the National Institute of standards randomness beacon is tin-foil-hat crazy.

R | Sat, 07 Jun 2014 13:06:46 UTC

The Terry Childs case is interesting, I think, because everybody involved was at fault. The California political machine for putting career politicians in charge, the city administrators who were so focused on the bottom line during a recession that they let a very strange person control the network; and Terry himself, who considered the network to be personal property and was actually denying service for personal reasons.

For more details, you could try listening to one of those self-congratulatory talks that Jeana Pieralde has been giving. I found out about her from the Healthy Paranoia podcast.

One practical solution is to keep anybody from having 24/7/365 access to any critical resource. I just read about bank security, and reportedly they require everybody to take at least a week of vacation every year, so nobody is in a position to keep a discrepancy secret. That would be interesting to apply to system and network administrators, too.

R | Sat, 07 Jun 2014 12:50:00 UTC

That is a terrible title. By using "who" instead of "whom," you have inverted the meaning of the sentence.

Patrick S. Lockett | Sat, 07 Jun 2014 02:25:32 UTC

Somehow this brief article managed to encompass what many SA's, DBA's, NA's, programmers attempt to grasp as a single thought. I greatly appreciate the down to earth, candid approach of the writer. Security has no alpha and omega. "...a belt-and-suspenders world" Excellent job - now if we can expose programmers from day one.... Cheers, Patrick S. Lockett

Leave this field empty

Post a Comment:

© 2018 ACM, Inc. All Rights Reserved.