As noticed by #bitcoin-assets user fluffypony, and later confirmed by reddit user CoinbaseAdrian, a sendgrid.net account associated with em.coinbase.com has been compromised. The scammers behind this attack have used it to send email to a list composed mostly of, but not limited to, users of localbitcoins.com. Continue reading
Category Archives: Security
Tewksbury Police Pay Ransom
Local weekly newspaper the Town Crier reports that Tewksbury, Massachusetts police have paid a $500 ransom after a version of the CryptoLocker ransomware encrypted essential files and rendered their network unusable. The initial infection was determined to have happened on December 7th when it entered the police department's network through the computer of the Officer in Charge. The malware's presence was not discovered until the next day. Continue reading
TI-89 Bitcoin Diceware Tool Released
Matt Whitlock has recently released a diceware tool for generating Bitcoin address and private key pairs on the venerable Texas Instruments TI-89 portable general purpose portable computer commonly marketed as a "graphing calculator." The software takes input derived from analog dice rolls. The source code, written in C, is available here and it compiles with TIGCC. Whitlock previously worked on the Lamassu Bitcoin ATM. A video where Whitlock demonstrates the key generation process at 10x speed is embedded below: Continue reading
Obama Orders War On Computing And Bitcoin With New "Emergency" Order (Full Text)
Today United States President Barack Hussein Obama has issued an executive order under which he claims emergency power in order to direct the Treasury Department to take action against the property of persons engaged in "malicious" computing related activity. The description of activities determined to be malicious under the order includes is so vague as to potentially include any user of a computing system, but especially targets the normal work of security researchers in civilian employment as Rob Graham (local archive) highlights. The declaration of National Emergency establishes "hackers" as a clear and present danger to the point that people who have merely associated with or even unknowingly contributed any form of support to "hackers" can be subjected to sanctions typically reserved for war criminals, terrorists, and the leaders of drug cartels. Continue reading
OpSec Lessons From Carl Mark Force IV
Yesterday's news about two Federal Agents arrested for various allegedly corrupt and self serving actions has introduced a substantial number of complications that could jeopardize the government's case on appeal. The charging document (plain text document image) rather than merely affecting the future disposition of the Ulbricht Silk Road case offers a number of lessons on operational security people involved with can take to heart as well as a good number of laughs. Continue reading
March Bitcoin Foundation Update
March was an eventful month for the Bitcoin Foundation as mod6's latest update informs us. The highlight of the month was the release of a Bitcoin software reference implementation as version 0.5.3.1 which includes a build script to create statically linked binary executables from the foundation's source code release. Since the month's release work has continued on building and testing the reference software on a number of platforms, and work to continue porting the software to more software platforms and hardware architectures is planned for the future. Now that the foundation has released a reference implementation, they plan to develop a roadmap of future development goals and projects to pursue next. The full statement contains a number of acknowledgements recognizing the substantial number of people who have contributed to the Foundation success and accomplishments it has enjoyed in its first five months.
Thermal Sidechannel Carries 8 Bits Per Hour in Proof of Concept
Researchers at Ben Gurion University in Israel have demonstrated an attack that allows malware to communitcate between air gapped computers in close proximity by using the machine's onboard thermal sensors. The demonstration required somewhat controlled conditions and only achieved a transmission rate of eight bits per hour. The slow rate of transmission could however over an extended period of time be sufficient to leak valuable information including cryptographic keys. Continue reading
Empire in Decline: US Retreats From Yemen, ISIS Escalates to Doxxing
In a double blow to the United State's interests in the Middle East their Special Forces soldiers have been compelled to abandon Yemen while ISIS has escalated their hostilities to include doxxing a hundred members of the United States Armed Forces. Continue reading
March 19th OpenSSL Vulnerabilities Overview
The pre-announced OpenSSL updates purport to address 13 vulnerabilities. Two of the vulnerabilities were graded as being of High severity by the OpenSSL project. The first, CVE-2015-0291 allows client connections to engage in a denial of service attack against servers running OpenSSL. The second high severity issue was the older CVE-2015-0204 where RSA connections could be silently degraded to export quality RSA, originally OpenSSL graded this as a low security vulnerability but reclassified this as a high severity vulnerability. Continue reading
Bitcoin Foundation Reaches Release
The Bitcoin Foundation chaired by mod6 and ben_vulpes has announced its first release milestone. The release dubbed 0.5.3.1 by the foundation consists of a set of patches applied to the original 0.5.3 Satoshi codebase and recipe for combining it all into a static Bitcoin daemon build. This release removes a substantial amount of cruft from the original 0.5.3 release including hooks for Qt and Windows builds along with the problematic alert system and universal plug and play. This release works on Linux with supported release for other platforms planned in the future. The release tarball is available here.