The issues facing us today are incomparable to any other time. Humanity has never faced a moment quite like this.
Let’s run down the series of events we are currently facing:
With the news of Google achieving “quantum supremacy”, I found it pertinent to speak about the current landscape of quantum computing. What does this mean to us as a potential threat? What is currently being done in the world of cryptography to further protect/prepare us.
Google along with a few other major tech players are currently developing their own quantum computers. The companies working on this are the largest tech companies ranging from IBM to Lockheed Martin to Microsoft. Before we dive into the importance of what Google has achieved, first we must understand the current working environment.
Quantum computing development began towards the end of the 20th century, revolving around theoretical plausibility of non-classical computation. Three decades later and with the advancement of technological quantum processors, Google has proclaimed to have achieved quantum supremacy. Google said they completed a problem with their current quantum computer “Sycamore” that would take the top super-computers of today 10,000 years to compute. …
We constantly hear the dangers that centralized exchanges face. Stealing of assets is the biggest concern. The remote nature of a crypto hack causes people to feel they’re so vulnerable since inherently, it can come from anywhere. I think there is a bigger threat than a crypto robbery of an exchange. The information that is potentially available to attackers if they are to gain access to crypto exchange data will cause much more damage than funnelling of stolen crypto funds.
The linkability of real world identities to crypto addresses make it extremely easy to use publicly available information against someone. With enough data points, an attacker can use websites like people finder or been verified, that host publicly available data to discover the residences of their targets within minutes. …
This past weekend, the Monero comuntiy hosted its first conference in Denver. The event was livestreamed and also consisted of a collaboration panel with zcash at zcon1. zcon1 was held on the same weekend in Croatia. I was invited to speak on the topic of “Network Attacks and Obfuscation of Payment Channels” My slides from the event are available at airfoil.services/MoneroKon2019
The video from the talk is located here: Network Attacks and Obfuscation of Payment Channels
As well as the rest of the talks/livestream are located here for Saturday (6/22/2019): MoneroKon day 1 livestream
The Livestream for Sunday (6/23/2019) are located here: MoneroKon day 2 livestream
The playlist for zcon1 talks are located here: zcon1 playlist
With the exit scam and proceeding arrests of administrators for the dark web market Wall Street Market(WSM), there are some important takeaways from the investigative work on the blockchain forensics. The arrests arose from the de-anonymizing of the bitcoin that were tumbled by the administrators of WSM.
The largest concern here is not so much that these anonymization services are failing but that the online operational security practices of the people interacting on the site were so poor. There were references in the DoJ document segregation of accounts between a specific user. Page 28 and 29 of the DoJ document details how one user was tied to multiple accounts by PGP key and Bitcoin wallet identification. The bitcoin wallets were anonymized using a bitcoin tumbling service similar to bestmixer.io. …
The first major hack of Binance occurred yesterday. 7,074 BTC were stolen from Binance’s hot wallet. In a press release, Changpeng Zhao, Binance’s CEO stated :
We have discovered a large scale security breach today, May 7, 2019 at 17:15:24. Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.
Much of what I am suggesting are based on assumptions of how the events unraveled. I aim to address the best security practices that organizations should have in place. This all assumes that everything Binance stated is true as well. There isn’t much information about the attack available yet. For various reasons Binance has not disclosed the exact points of penetration. If there are still security vulnerabilities, Binance would want to correct these before disclosing what the definitive issues were. Binance also does not want to alert the attackers, if the attackers are still inside their network infrastructure, that Binance knows how they breached the network. This would allow for the attacker to play a game of cat and mouse and further their unwanted stay. From the security release and from CZ’s AMA that followed a few hours later, he mentioned that every account should change their API keys as well as 2FA keys. This would lead me to believe that this breach could have affected the seed generation for both the API keys and 2FA keys. This centralized creation of keys will always be a point of vulnerability. Technology in the recent years has allowed for end-users to be able to create and manage these keys. If created client-side, the new risk would then shift to making sure the user properly uses/stores these keys. …
Today marks the mainnet launch of Grin. I have put together a guide for launch. It is VERY rough and there will definitely be a few edits along the way.
I have gathered resources from the respected github repo’s and included the sources as you should be doing your own verification. I would like to thank the Grin community as they have tirelessly been getting ready launch day. Once again, this is a guide to help point you in the right direction and things might break along the way as everything is still very new.
1. Open a terminal session
Install the newest RUST v1.31.1
curl https://sh.rustup.rs -sSf | sh; source $HOME/.cargo/env …
In the final week of 2018, three hardware researchers disclosed several attacks against 2 cryptocurrency hardware wallet companies. These 3 researchers have been disclosing vulnerabilities since 2017. On December 27th, 2018 they disclosed these attacks against the two largest personal crypto hardware wallet providers, Ledger and Trezor.
Also Read: Best Bitcoin Hardware Wallets
After reviewing these specific attacks, I decided to write about the potential danger these attacks pose and what a crypto-holder can do to prevent attacks mentioned. The attacks were disclosed at the recent Computer Chaos Congress in Leipzig by 3 researchers who detailed a handful of different attacks. …
Sadly, this past week we lost an icon that helped to spur the cypherpunk movement. Timothy May, who wrote The Crypto Anarchist Manifesto in 1988, lauched a movement that is still very prominent today. For the uninitiated, a Crypto-Anarchist focuses on subverting the current laws and using new technologies to the benefit of the common man. In the original manifesto, May says crypto-anarchy focuses on “encryption, digital money, anonymous networks, digital pseudonyms, zero-knowledge, reputations, information markets, black markets, collapse of governments”.
The manifesto was written just before the first crypto wars began during the early 1990’s. The governments of the world fiercely opposed the general public using cryptographic encryption protocols. The idea that a normal citizen could completely hide what they say in an electronic message was their biggest concern. The governments cited national security as a concern(We’ve heard this excuse used many times before). …
When asked what services I use for something like email or cloud storage, I always to suggest to future proof against an encroaching data breach or information leak. Leaning heavily on privacy and security applications that respect their customer’s data. There are many more services that are now available that were not around even a few years ago. People are looking for these security tools, you just need to know what to look for. You should consider a few fields when deciding on what type of service to use.