A scary new paper discusses how certificate authorities (CAs) are a weak link in SSL and can be (or are being) compelled to issue fake cert that allow surveillance that is undetectable by any of the major web browsers. Caveat browsor, as always.

Super Baozi vs Sushi man from sun haipeng on Vimeo.

Via Vimeo which has a longer and more silly video of Super Baozi as well!