A new trend emerging in regional legislatures governing subdivisions of the United States are efforts to protect "law enforcement" officers by passing "Blue Lives Matters" laws making attacks on police subject to enhanced penalties as "hate" crimes. Apparently the existing mechanism for enhanced penalties, which work because attacking a "law enforcement" officer is already its own unique additional criminal charge, aren't working. Tensions between "law enforcement" and the public are high for a number of reasons. Peace in our time.
Category Archives: Security
Blog Post On Insurance Disappears From BitGo Website
On February 25th 2015 BitGo, the firm which "held" the recently liberated Bitfinex customer coins in a sort of deviant escrow demanded by the United States Commodity and Futures Trading Commision, published a blog post on how they were insured against theft. That blog post is no longer available on BitGo's website. Bitstamp reportedly also uses BitGo in a similar capacity though they assure customers that the particulars of their arrangement are so different this could never happen to their customers.
P2SH considered harmful, sorry for your loss.
Phree Software Download Website Fosshub Distributed MBR Tainting Malware
This week the free software download website Fosshub distributed master boot record tainting malware after reportedly being compromised (archived). The alleged attackers are trumpeting that in spite of producing malware that infected the master boot record of affected machines, that bundling further malware with an impact beyond vandalizing machine start up output was too much for them. Such claims are to be taken with a grain of salt and affected machines cleansed with fire. Sorry for your loss.
Woman's Facebook Account Suspended During Fatal Standoff
Korryn Gaines (WOT:nonperson) was killed by Baltimore County police during a standoff. Before killing the 23 year old woman police requested that Facebook suspend the social media accounts she was using to broadcast her personal revolution. Facebook obliged, she died. Apparently the revolution will not be Facebooked, Instagrammed or Whatapp'd.1 Peace in our time.
As these are all Facebook social media properties. ↩
First US Cop Faces Terrorism Charges, Crime: Buying Gift Cards
In what mainstream media is reporting as the first case of terrorism charges targeting a law enforcement officer in the United States, a DC area transit cop bought ~250 United States dollars worth of gift cards (archived). Prosecutors allege he then distributed the gift card codes to FBI agents so that those FBI agents could buy paid mobile messaging apps for the Islamic State.
Law enforcement officers not facing terrorism charges in the United States include:
- Lon Horiuchi, member of civilian murdering death squad at Ruby Ridge and Waco (archived)
- Carl Mark Force IV, extortionist and moved gift cards well in excess of 250 United States dollars
- Shaun Bridges, moved gift cards well in excess of 250United States dollars, failed international man of mystery
- Members of the FBI death squad that murdered Lavoy Finicum
- Unconfirmed but probably FBI agents providing agar for the Rebel But Gangster Black Rebels
- The Department of Homeland Security officer who went on a mass shooting spree back in May
Those most be some serious mobile messaging apps.
Bitfinex Director Claims 119,756 Bitcoins Lost
Reddit user zanetackett, Director of Community and Product Development for Bitfinex, is now claiming that losses total 119,756 BTC in the hack reported on earlier today. Attackers were apparently able to obtain the offline keys used for the multisig setup used by the exchange, though Buttfinex officials have yet to comment on the exact attack vector. The company further states that "their insurance does not cover these losses" and that "Any settlements will be at the current market prices as of 18:00 UTC" which was just at $600 per coin.
Yet Another Underwhelming Effort To Fork Bitcoin Unveiled
After the grossly underwhelming reveal of last month's "Terminator Plan" hard fork buzz this month brings yet another social engineering attempt. A new subreddit named "btcfork" was publicly announced and it swiftly filled with a bunch of activity from people who won't attach names to the positions they are trying to advance. Apparently having people with names was the problem this whole time! This latest attempt comes after Ethereum hard forked with substantial lulz. The nameless posters however insist that this will be different and successful. Sorry fork, your loss.
Network Difficulty Experiences Modest Drop Of ~5.4% In Second Change Post Halving
Bitcoin network difficulty fell ~5.43 percent from 213492501107.51336670 to 201893210853.05895996 in its second adjustment following the second halving of the Bitcoin block reward subsidy. The first adjustment following the halving was a very slight increase in difficulty. Paired with the bleeding and breaking occurring among fiat/Bitcoin interfaces it looks like the short term forecast is "there will be lulz."
Phuctor Finds Seven Keys Produced With Null RNG, And Other Curiosities
Phuctor is a public service, operated by S.NSA. It catalogues extant RSA public keys which are known to be inexpensively breakable.1
Recently, Phuctor's algorithmic arsenal was expanded to include a search for perfect squares, which was then further generalized to Fermat's factorization method. A perfect square RSA modulus results from an ill-conceived, subverted, or otherwise catastrophically-broken key generator where a cryptographic prime P is created and immediately re-used verbatim, as prime Q. An RSA modulus factorable via Fermat's method contains two factors which are dangerously (i.e., cheaply-discoverably) close together. This typically results from a lulzimplementation of RSA where prime Q is generated by finding NextPrime(P), rather than independently.
The perfect square finder immediately yielded up a modulus which consisted merely of the square of the next prime following 2^1023. This type of RSA public modulus is consistent with a scenario where a PGP client is operated on a system containing a null-outputting RNG. This trivially-breakable modulus was found to occur in no fewer than seven RSA public keys, claiming the following user IDs:
- Mahmood Khadeer <mhkhadee AT hotmail.com>
- none <algemeenoptie2 AT gmail.com>
- Godless Prayer <godless.prayer AT gmx.de>
- john <john.k.pescador AT hawaii.gov>
- Bjoern Schroedel <bjoern AT schroedel.cc>
- Bjoern Schroedel <bjoern.schroedel AT gmx.de>
- Nick Ruston <alliancemicro AT dodemall.redcheetah.com>
Mr. Pescador appears to be, or to have once been, an employee of the State of Hawaii, a curator of data.hawaii.gov (archived), and — apparently — of an empty GitHub repository. (archived). Mr. Khadeer is the President of the Muslim Association of Puget Sound (MAPS) in Redmond (archived), famous primarily for 'heartfelt condemnations' (archived) of this and that, published like clockwork for the past decade. Not much is publicly known about the other victims and/or perpetrators of brain-damaged cryptography in the above list.
The subsequent search for Fermat-factorable RSA moduli yielded exactly one additional result. This very peculiar PGP public key is suggestive of an aborted attempt at the development of a cross-site scripting (XSS) attack against PGP users who might decode the key and display its User ID field in certain WWW browsers.
Peace in our ctime();
For the comedic gold let it be pointed out that prior to Phuctor's existence this kind of key simply did not exist, as per official truth. Nowadays they "obviously" do exist, but after the failure of embrace-extend-hijack attempts spearheaded by Hanno Böck, the deceitful shitbag they're simply "not interesting" as per the same official narrative ; and moreover, systematic causes for their existence still do not exist, at any rate not past "Cosmic Rays did it". Certainly the involvement of the usual array of inept USG agencies can not possibly be suspected. Isn't official nonsense ever so fascinating ? ↩
Coinbase Engineering Director Jokes That Roger VERified Their Coins Are Safe
Coinbase Director of Engineering Charles Lee1 (WOT:coblee) today joked on Twitter that Roger Ver has VERified the Coinbase coins are safe. Roger similarly VERified that the coins at Mt Gox were safe and present in their reserves up until the moment Mt Gox died and even then for a bit of time after that. The history of Roger VERified jokes stretches back to December of 2012.
In December 2012 Roger Ver (WOT:nonperson) used his access to the administrative panel of Blockchain.info in order to compromise the supposedly secret information of a user of that service following a dispute over a payment error made by an unrelated venture of Roger Ver's (archived). The payment error was for 4.5119 Bitcoin, an amount that summed to less than 50 United States dollars at a time when buying that amount of Bitcoin was still an easy task.2
Compounding Roger Ver's mistake was his attempt at a cover up insisting that he was a sufficiently special snowflake to have all threads discussing the matter retitled, locked, and deleted (archived). At the time MPOE-PR (WOT:hanbot) wrote of his efforts:
We're not discussing the "change the thread title" part of your statement. We're discussing the "better yet, lock the thread and ask the mods to delete it" part of your statement.
It is not this thread that is causing undue alarm. The alarm is very much due, this BS of divulging customer details is widespread to the point of universality. Aurum did it, MtGox did it, the list is pretty much "everyone except MPEx". This has to cease, universally, as it has no place in BTC.
The other thing that has to cease is the unwarranted delusions of self importance. You personally are not great enough to request moderators to delete the signs of your stupidity "so as not to harm bitcoin". Should you want to request it, do it in the adequate terms, which are "I've been really stupid, please delete this before it ruins my reputation".
That aside, you personally are not big enough to harm Bitcoin, for one, and moreover this "too big to fail" mentality and the corresponding expectation of throwing everything to the wind for the sake of propping up random doods with self-awarded VIP status is completely irrational.
Since the Blockchain.info episode Roger Ver has continued his pursuit of pennies at the expense of potential fortunes. He publicly defended the insovlent Mt Gox, engaged in premature passport shennanigans that greatly restricted his ability to travel, further sold his illusion of credibility in the XTCoin and ClassicCoin pushes, and jumped on the ether huffing train shortly before their huffing bag detonated. Sorry for your Roger VERified loss.
Of "Litecoin" infamy. Litecoin was this "better Bitcoin" endorsed by Wired Magazine in August 2013 much like DogeCoin and Ethereum would later be "better Bitcoins" endorsed by mainstream media rags until they sunk. ↩
It was indeed less that four years ago that a person could acquire 5 whole Bitcoins for less than the price of a nice restaurant meal. ↩