Advertisements

Archive for the ‘opinion’ Category

Nakamoto Family Foundation

July 7, 2018

Over what now approaches a decade since Satoshi first published the Bitcoin white paper there has been continued speculation of who might be Satoshi. Over time, various people—myself included—have been imagined to be Satoshi for various reasons. Certain would-be Satoshis have made attempts to claim that they are Satoshi. Unfortunately some have even been so persistent in their claims that they have been able to confuse newcomers to the distributed ledger and blockchain space and have been able to get seats on conference panels using these claims. Last week was the most recent version of this with the release of an excerpt from a book that accompanied a website, allegedly in advance of a forthcoming book.

Let me be clear: All of the information that relates to me in this published excerpt from the book can be sourced either from the emails that I published previously in my “I am Not Satoshi” blog post or can be sourced from conversations that I had with Satoshi on public forums in the earliest days of the Bitcoin project. The author does demonstrate some knowledge around software development and debugging in his synthesis of Satoshi and I’s published interactions, but this proves nothing. The excerpt (and presumed forthcoming book) strikes me more like an extremely well researched piece of performance art or first-person fan fiction than any new revelation-containing update or direct claim of the Satoshi identity.

I would also expect the real Satoshi to both be capable of devising and have the desire to publish a much more challenging crypto puzzle than the one accompanying the excerpt on the website.

Unless the real Satoshi has since destroyed the relevant private keys, it should be really straightforward for the real Satoshi—should he/she/they ever decide to go public—to make it absolutely certain that their words are their own: sign a message with Satoshi’s PGP key or presumed early bitcoin key(s). That’s the only proof that I’ll accept, and I advise you to demand the same of anyone’s claim to the Satoshi identity.

The author of this excerpt has not done that, nor has anyone else since the real Satoshi went dark.

Advertisements

REcon 2012

June 19, 2012

I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet.  I saw and enjoyed more of the lectures this year than I have in the past and seemed to have better interactions with the other conference attendees, better conversations, and generally enjoyed myself more than years past.  Perhaps it was because this year Montreal wasn’t in the middle of a heat wave with no air conditioning in the hotel and the conference hotel didn’t catch fire (:

(more…)

TSA Lectures, Lies, and Rude, Dismissive Behavior

February 21, 2012

On a recent trip to Orlando, I opted out of the full-body scan at AUS, as I always do at every airport security checkpoint.  While waiting for my pat-down, I was lectured by the TSA gate agent about how safe they are, was subsequently questioned about my cellphone use as a radiation exposure comparison, and was subjected to repeated attempts to get me to change my mind and just go through the scanner.

(more…)

ToorCon 12

October 27, 2010

After a two year absence due to unavoidable other obligations like good friends’ weddings, I finally made it back to one of my favorite hacker conferences, Toorcon.  San Diego is always beautiful when I happen to be there with nice weather and a cool mix of people, both locals and visitors who are there for the conference, and this year was no exception.

(more…)

Fame, Trinkets and Cash

March 29, 2010

Taking place over the last week was the CanSecWest 2010 security conference, with their now annual Pwn2Own contest. For those that are unfamiliar, the Pwn2Own contest presents a number of devices usually consisting of mobile or cellular devices and laptops as targets and allows contestants to attempt to compromise them in some way. These targets are patched up through the most recent vendor patches, and if a contestant is able to Pwn (compromise) the device, they get to Own (keep) it. This is always a nice publicity stunt as the contest is widely publicized by it’s sponsor, providing researchers with some fame and a prize as a bit of a return on their invested effort researching vulnerabilities and developing exploits.  The Zero Day Initiative (ZDI) who sponsors the contest also offers to buy the vulnerabilities used by the winners and “responsibly disclose” them to the affected vendors, providing a bit of a cash incentive as well.

Over the past few years however, some things have drastically changed in the value and marketability of such vulnerabilities.

(more…)

Cleverbot Not So Clever

December 29, 2009

Yesterday I came across Cleverbot, an “AI” from icogno.  As far as I can tell, it’s an incarnation of their jabberwacky AI which supposedly learns from it’s past interactions.  I’m always skeptical of anything that is claimed to be AI, because actually creating a convincing fake AI, much less a real one, is an extremely hard problem to tackle. So, chatting up Cleverbot, my skepticism was quickly justified in my own opinion, but I’ll let you be the judge.  Here’s the tail end of my conversation with Cleverbot:

(more…)

Microsoft Exploitability Index

November 5, 2009

Earlier today, this article from ComputerWorld came across my desk.  The headline grabbed my attention, having indicated controversy and disagreement, which of course I’m going to look into.  The article, which cites Microsoft’s semi-annual security intelligence report, claims that  Microsoft has only been right in it’s vulnerability exploitability predictions about 27% of the time.  Others quoted in the article purport that since their accuracy is so low, what’s the point?

They’re obviously missing the point, and I suggest that the premise of even trying to calculate such a metric as its accuracy is fundamentally flawed.

(more…)

Review: The IDA Pro Book

February 12, 2009

When a book is so well-received by your peers as The IDA Pro Book has been, even if reverse engineering isn’t a huge part of what you do every day, you pretty much have to give it a read.  The creator of IDA Pro, Ilfak Guilfanov, even recommends it himself for a number of reasons, calling it “the most thorough and accurate IDA Pro book.”  Even though I don’t do a whole lot of reversing, I do use IDA on occasion, so I thought it in my best interests to read this book.  Authored by Chris Eagle, a co-author of one of my favorite security books, Gray Hat Hacking, I had fairly high expectations.  I was not disappointed.

(more…)

When Magic Lost It’s Magic

January 7, 2009

Most that know me know that I’m an avid gamer.  I play video games, board games, card games, puzzles, pretty much anything I can get my hands on.  Because I like puzzles and strategy games, I’ve regularly been asked what I think the most strategic game I’ve ever played is, and I’ve gotten more than the occasional odd look when I don’t respond with “Chess” or “Go”, but with “Magic: The Gathering“.

(more…)

MD5? Really?

January 7, 2009

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m amazed at is that it had the impact that it actually did.

(more…)