Articles about Privacy and Security

1 Like

Good blog post from Peter Van Valkenburgh last year: “Your Secret Right to Cash”

Just resurfaced that while searching through my Instapaper archive.

3 Likes

It is a strong argument against Libra and ripple too. (unless ripple has morphed into a crypto and I missed it)

1 Like

1 Like

Eric Wall’s report on privacy coins for the Human Rights Foundation, funded by ZF: https://medium.com/human-rights-foundation-hrf/privacy-and-cryptocurrency-part-iii-should-you-use-a-privacy-coin-22dc71732a2f

3 Likes

I really like Figleaf’s articles on their blog https://figleafapp.com/blog/, really clear and easy to understand.

1 Like

https://msrc-blog.microsoft.com/2019/07/16/a-proactive-approach-to-more-secure-code/

1 Like

here’s a good one, courtesy of Zooko on Twitter:

2 Likes

https://msrc-blog.microsoft.com/2019/07/22/why-rust-for-safe-systems-programming

I knew it was going to be a good review but I didn’t know it was going to be that good, fairly good reason to believe that transitioning from C and C++ will start to occur in the near future (well relatively near, I have a fairly basic understanding of rust and it presents some challenges to be solved)

Heh, I used to work there. I get their position, however each one of their ‘safe languages’ is actually unsafe. except maybe go and erlang. never used either.

The problem rust tries to address, I think, im still pretty new to it is process segregation. A lot of ‘secure’ operating systems. and by secure I mean secure from itself, like rust tries to do. would be most microkernel designs. My favourite is QNX - up until blackberry bought it for their phone OS and killed it.

It was really hard to setup properly, but because of the unique way they scheduler and IPC works (basically their is none) it can make a C program secure, if coded in a POSIX manner, and you fiddle a bit with the signals (ie change to semaphores)

Hal Finney (RIP) used a similar design (although I cannot confirm it was QNX, it certainly was an IBM microkernel with similar properties) as the HSM ledger for hashcash.

So what rust does at a code level, QNX can do at an OS level for the code. there are some differences obviously. But microkernels running of FPGA’s secure most counties things that need to be secure. (that seems vague enough to me).

I think I might have to start having a play with rust and its ‘sandboxing’ or whatever it does. haven’t read up on it for a while. Thanks for the link.

https://lwn.net/Articles/797828/

2 Likes

putting this here because it is one of my favourites.

nothing is immune. @shawn you like mr robot (ive only watched seasons 1 and 2) this is real life.

The Athens Affair. (I have loads of stuff like this if people are interested in reading about it - it isn’t your average hack. - its better than mr robot.)

https://spectrum.ieee.org/telecom/security/the-athens-affair

3 Likes
1 Like

Y’all might remember this, the ledger pin hack https://leveldown.de/blog/tensorflow-sidechannel-analysis/
Be careful out there
https://www.rtl-sdr.com/using-a-hackrf-sdr-to-sniff-rf-emissions-from-a-crytocurrency-hardware-wallet-and-obtain-the-pin/

2 Likes

Yeah, think that’s bad?

@tromer has managed to distract the cats at mistfpga with his shiny mouse shaped toy. - We were just getting to nano side channel attacks. now they are weaponizing this… (despite my best efforts to keep them focused)

His paper called “Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels” - really great read. however not my area. (side channels are, acoustics are not. neither is van eck radiation. However TEMPEST is. Yeah it is confusing to me too. I let others deal with that.

Would love to have a chat with @tromer after all this development fund stuff has died down, if they get the time, there is strong overlap in what we are interested in.

2 Likes

I remember reading about the acoustic side-channel attack around the time when I first got on the Forum here, it still freaks me out!

1 Like

This video is a great example of why it makes me sad that the ECC talks with China. (btw you get a small glimpse into how I make my money through out the video. and what weaponised exploits are worth :slight_smile: ) I don’t think I have ever worked with zerodium though. Mainly pentest companies.

Sure the iPhone has never been secure. but watch the whole thing. look at who was targeted and how.

Hard encryption is a tool. It can be used for good or for evil. That is just the way it works. There are some parallels with zcash to this video. But it is not the closed source. zcash isn’t, with zcash technology it is the high barrier to entry from both a maths and cryptographic standpoint.

It is also not a completely fair comparison, the iPhone is not disruptive technology. zcash is. bitcoin was for a bit. but that is for another post.