The Underhanded C contest opened to challengers yesterday and continues though New Years day 2015. This year's challenge features oversharing sites and National Security Letters in its theme, but with a twist in that the surveillance function is to subtly leak information about the act of surveillance. Last year's challenge involved a social media theme as well, though with a different angle for mischief. Challenges from past years are featured on the site which feature solutions perfect for ramping up a person's paranoia about software quality.
Category Archives: Security
Multisig Vault By Coinbase
Coinbase today unveiled their multisig wallet product which will allow customers to store their bitcoin with the site while restricting the ability for Coinbase and others to move the coins unbeknownst to the customer. Coinbase stated that they underestimated customer demand for such a product. Continue reading
GNU wget Vulnerability
A vulnerability in GNU wget which allowed a potential attack by maliciously crafted urls has been found and patched. Not every implementation of wget had this flaw at the time GNU wget was patched, OpenBSD's version was patched five years ago.
CurrentC Breeched
Fiat mobile payments system and Apple Pay competitor CurrentC has been hacked according to a number of reports. CurrentC says a number of customer email addresses were taken, and the damage is allegedly confined to that.
New Paper: Bitcoin over Tor a Bad Idea, Especially bad for SPV
In a new paper by Alex Biryukov and Ivan Pustogarov outline deterministic man in the middle attacks that can subject Bitcoin users over Tor to a number of adverse circumstances. From the paper: Continue reading
Yahoo and AOL Spread Ransomware Through Ad Network
A number of websites including Yahoo, AOL, and 9Gag have been exposing users to ransomware according to the International Business Times. They offer that none of the sites needed to be compromised as the malware was simply offered as advertising and the advertising networks didn't care to check the payload would be inoffensive to their audience.
AFP's Lulzsec Leader merely naughty, avoids prison
Matthew Flannery, who according to the Australian Federal Police was a leader in Lulz Security or LulzSec, has been sentenced by a local magistrate to 15 months of home detention. LulzSec notably included FBI Informant Hector Xavier Monsegur, also known as Sabu, among its founding members.
Army Research Office Funds MIT Bitcoin Price Research
In a recent press release, the MIT News Office announced the publication of a paper by researchers attempting to predict Bitcoin price by Bayesian regression. The paper's subject matter and methods are of specialist interest, but a matter of more general interest appears in the paper's acknowledgements: Continue reading
Intel Subsidiary Fined for Crypto Export
The Bureau of Industry and Security recently issued a $750,000 fine against Intel subsidiary Wind River Systems for the unlawful exportation of software products that enable encryption. This is a sharp departure from BIS’s historical practice and suggests the agency may take a tougher stance on such violations in the future. Among restricted foreign government end-users and organizations on the BIS Entity List, Wind River Systems shipped to China, Russia, Israel, Hong Kong, South Africa, and South Korea. Continue reading
Daniel J Bernstein Speaks on Keeping Crypto Insecure
Yesterday Daniel J Bernstein gave the Keynote speech at the 11th Hackers To Hackers Conference in Sao Paulo, Brazil. A PDF of his slides is available here, and the slide text is presented below for those with PDF aversions. The talk presented a narrative of how an attacker could manipulate the cryptographic ecosystem to culture insecurity. Continue reading