Nakamoto Family Foundation

Over what now approaches a decade since Satoshi first published the Bitcoin white paper there has been continued speculation of who might be Satoshi. Over time, various people—myself included—have been imagined to be Satoshi for various reasons. Certain would-be Satoshis have made attempts to claim that they are Satoshi. Unfortunately some have even been so […]

Advertisements

I Am Not Satoshi

There has been a lot of speculation recently regarding whether or not I am Satoshi Nakamoto, the infamous creator of Bitcoin, and more recently whether or not a Bitcoin address which I control was used to fund the Silk Road marketplace.  I would like to address these two issues now and hopefully put them to […]

REcon 2012

I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet.  I saw and enjoyed more of the lectures this […]

MD5? Really?

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m […]

Configuring DNSSEC in BIND

DNSSEC, which I mentioned in my previous post about mitigation for Kaminsky’s recent DNS cache poisoning flaw, are the SECurity extensions for the Domain Name System (DNS). It essentially adds cryptography to DNS, allowing authoritative nameservers to cryptographically sign their zones and resource records, which in turn allows caching/recursive nameservers to verify them. This prevents […]

The Information Security Industry is like the War on Drugs

After reading this article regarding the state of the IDS/IPS market and how IDS systems still and will likely have their niche, I was reminded of the common problem that plagues both Information Security and the War on Drugs; the majority of the focus is on detection and policing rather than on prevention and treatment, […]

Crack crack crack, all day long…

The other day while migrating data from my old Linux workstation to my new one, I came across a file that had my login credentials for both my personal account and the CAU team account over at Distributed.net. If you’re not familiar with Distributed.net, it’s a massively multi-player (heh) encryption-cracking effort. By sheer force of […]

Vulnerability Disclosure, Cryptography Research, and Open Source

Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two […]