Incumbent Somers Point Councilman James Toto is sworn in to office in January, while his wife Beverly, holds the Bible and City Clerk Lucy Samuelson administers the oath of office. James Toto, a longtime Somers Point resident, said in a statement he intends to run for New Jersey’s 2nd Congressional District. Toto will officially announce his candidacy on the “Hurley in the Morning” radio program on Feb. 1 at 7 a.m. with Harry Hurley, WPG Talk Radio 104.1 FM, 1450 AM. Toto will seek the Republican nomination to succeed congressman Frank LoBiondo.“New Jersey’s 2nd district is very unique, it encompasses tourism, gaming, farming and aviation research among other industries,” Toto said in a release. “The people of our district are tired of the infighting in Washington and yearning for simple, common sense solutions to our problems. I love the people of south Jersey and I am looking forward to providing a voice for all of us in Washington” Toto is a disabled veteran who served in the United States Army in Psychological Operations under Special Operations Command. He is a former United States Federal Air Marshall and is serving in his second term as a councilman in Somers Point.
The basic process was to create a new commit signed with the old key that marks where the key will change and explains the revocation, followed by a another commit using the newly generated key that will mark prior commits with a note explaining that despite GitHub’s mark for an invalid key, they can be trusted as long as the current key is valid.Though Kornel says there are some weaknesses to this method, one of which involves someone potentially accessing his computer. The other he addresses with an out-of-band posting.“What I’ve done is, in my opinion, a good human-readable solution,” Kornel wrote. “I’m sure there are problems that I’ve missed, but I hope this provides at least some protection. Of course, this only works if a human actually reads it: programs using git verify-commit will continue to complain about commits made with my revoked sub-key.”The full write-up can be found on Kornel’s blog. After the “Revenge of Coppersmith’s Attack,” or RoCA, vulnerability left his Yubico-provided SSH key compromised, Stanford University senior infrastructure systems engineer A. Karl Kornel found that, thanks to GitHub’s necessary but inconvenient security measures, every commit he’d signed would no longer pass certification.The Center for Research on Cryptography and security describes RoCA as a “vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key.”In a post on his personal blog, Kornel outlined his process to resign all of his commits in the least time-consuming or inconvenient way for himself and others that relied on those repositories.“I have used my now-revoked key to sign tags and commits; in public repositories, and in Stanford-internal repositories,” Kornel wrote. “One of the internal Git repositories mandates that all commits be signed; that repository validates signatures against keys kept in a separate, server-local keyring. The signed tags are easy enough to deal with: I simply re-create them, using my new key. The annoyance is that I have to go through each tag to find the ones that I have signed.”