Articles about Privacy and Security

https://msrc-blog.microsoft.com/2019/07/16/a-proactive-approach-to-more-secure-code/

1 Like

here’s a good one, courtesy of Zooko on Twitter:

2 Likes

https://msrc-blog.microsoft.com/2019/07/22/why-rust-for-safe-systems-programming

I knew it was going to be a good review but I didn’t know it was going to be that good, fairly good reason to believe that transitioning from C and C++ will start to occur in the near future (well relatively near, I have a fairly basic understanding of rust and it presents some challenges to be solved)

Heh, I used to work there. I get their position, however each one of their ‘safe languages’ is actually unsafe. except maybe go and erlang. never used either.

The problem rust tries to address, I think, im still pretty new to it is process segregation. A lot of ‘secure’ operating systems. and by secure I mean secure from itself, like rust tries to do. would be most microkernel designs. My favourite is QNX - up until blackberry bought it for their phone OS and killed it.

It was really hard to setup properly, but because of the unique way they scheduler and IPC works (basically their is none) it can make a C program secure, if coded in a POSIX manner, and you fiddle a bit with the signals (ie change to semaphores)

Hal Finney (RIP) used a similar design (although I cannot confirm it was QNX, it certainly was an IBM microkernel with similar properties) as the HSM ledger for hashcash.

So what rust does at a code level, QNX can do at an OS level for the code. there are some differences obviously. But microkernels running of FPGA’s secure most counties things that need to be secure. (that seems vague enough to me).

I think I might have to start having a play with rust and its ‘sandboxing’ or whatever it does. haven’t read up on it for a while. Thanks for the link.

https://lwn.net/Articles/797828/

2 Likes

putting this here because it is one of my favourites.

nothing is immune. @shawn you like mr robot (ive only watched seasons 1 and 2) this is real life.

The Athens Affair. (I have loads of stuff like this if people are interested in reading about it - it isn’t your average hack. - its better than mr robot.)

https://spectrum.ieee.org/telecom/security/the-athens-affair

3 Likes
1 Like

Y’all might remember this, the ledger pin hack https://leveldown.de/blog/tensorflow-sidechannel-analysis/
Be careful out there
https://www.rtl-sdr.com/using-a-hackrf-sdr-to-sniff-rf-emissions-from-a-crytocurrency-hardware-wallet-and-obtain-the-pin/

2 Likes

Yeah, think that’s bad?

@tromer has managed to distract the cats at mistfpga with his shiny mouse shaped toy. - We were just getting to nano side channel attacks. now they are weaponizing this… (despite my best efforts to keep them focused)

His paper called “Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels” - really great read. however not my area. (side channels are, acoustics are not. neither is van eck radiation. However TEMPEST is. Yeah it is confusing to me too. I let others deal with that.

Would love to have a chat with @tromer after all this development fund stuff has died down, if they get the time, there is strong overlap in what we are interested in.

2 Likes

I remember reading about the acoustic side-channel attack around the time when I first got on the Forum here, it still freaks me out!

2 Likes

This video is a great example of why it makes me sad that the ECC talks with China. (btw you get a small glimpse into how I make my money through out the video. and what weaponised exploits are worth :slight_smile: ) I don’t think I have ever worked with zerodium though. Mainly pentest companies.

Sure the iPhone has never been secure. but watch the whole thing. look at who was targeted and how.

Hard encryption is a tool. It can be used for good or for evil. That is just the way it works. There are some parallels with zcash to this video. But it is not the closed source. zcash isn’t, with zcash technology it is the high barrier to entry from both a maths and cryptographic standpoint.

It is also not a completely fair comparison, the iPhone is not disruptive technology. zcash is. bitcoin was for a bit. but that is for another post.

1 Like

Just published this! :smiley:

5 Likes

OpenBazaar / Haven is so cool:

2 Likes

Thank you so much for these links. I found really useful information there!

3 Likes

Excerpt
“To give that power to Russia, China and other authoritarian states is complete dereliction of duty of the U.S. government to protect us.”

Sex offenders breathe air, let’s pass a law against it! That’ll get em maybe right?!
( this is an exaggeration exemplifying the ridiculousness of justifying an overarching infringement on basic rights to distinguish an extremely small minority of individuals
I hope they get all the sickos but its their job and I don’t know why they think it’s my responsibility to give up my basic rights just to help them do that specifically wtf)

1 Like
5 Likes

The 3 consecutive reply limit is a lil bit annoying sometimes I will admit :sweat_smile:

Srsly

1 Like

Thanks for posting these. have a 3 reply reset. :slight_smile:

1 Like