Category: Privacy & Security
-
Bitcoin hacks and thefts: The underlying reason
Emin Gün Sirer has a fascinating post about how the use of NoSQL caused technical failures that led to the demise of Bitcoin exchanges Flexcoin and Poloniex. But these are only the latest in a long line of hacks of exchanges, other services, and individuals; a wide variety of bugs have been implicated. This suggests…
-
Heartbleed and passwords: don't panic
The Heartbleed bug has captured public attention this week like few security vulnerabilities before it. This is a good thing, as indeed this is a catastrophic flaw. Many people have focused on its impact on passwords with headlines like “Security Flaw Exposes Millions Of Passwords” and “Change these passwords right now.” Heartbleed certainly could have been used…
-
Heartsick about Heartbleed
Ed Felten provides good advice on this blog about what to do in the wake of Heartbleed, and I’ve read some good technical discussions of the technical problem (see this for a particularly understandable explanation). Update Apr 11: To understand what Heartbleed is all about, see XKCD. Best. Explanation. Ever. In this brief posting, I…
-
How to protect yourself from Heartbleed
The Heartbleed vulnerability is one of the worst Internet security problems we have seen. I’ll be writing more about what we can learn from Heartbleed and the response to it. For now, here is a quick checklist of what you can do to protect yourself.
-
Historic E.U. Net Neutrality Win Shows Maturing Digital Rights Advocacy
After a 5-year long campaign by European and U.S. digital rights NGOs, today the European Parliament turned a dubious Commission proposal on its head to safeguard the principle of net neutrality. It’s a historic win, and all over the news. It also shows how digital rights advocacy is maturing.
-
Secure protocols for accountable warrant execution
Last week the press reported that the White House will seek to redesign the NSA’s mass phone call data program, so that data will be held by the phone companies and accessed by the NSA, subject to a new warrant requirement. The Foreign Intelligence Surveillance Court will issue the warrants. Today Josh Kroll and I,…
-
New research: Better wallet security for Bitcoin
[UPDATE (April 3, 2014): We’ve found an error in our paper. In the threshold signature scheme that we used, there are restrictions on the threshold value. In particular if the key is shared over a degree t polynomial, then 2t+1 players (not t+1) are required to to construct a signature. We thought that this could…
-
Why Dorian Nakamoto Probably Isn't Satoshi
When Newsweek published its cover story last week claiming to have identified the creator of Bitcoin, I tweeted that I was reserving judgment on their claim, pending more evidence. At this point it looks like they don’t have more evidence to show us—and that Newsweek is probably wrong.
-
9 Problems of Government Hacking: Why IT-Systems Deserve Constitutional Protection
Governments around the world are increasingly hacking into IT-systems. But for every apparent benefit, government hacking creates deeper problems. Time to unpack 9 of them, and to discuss one unique perspective: in response to a proposed hacking law in 2008, the German Constitutional Court created a new human right protecting the ‘confidentiality and integrity of…