Posts tagged security

We do a deep-dive into Parity's multisig bug.
The bug in the Parity multisig wallet that caused the loss of $30M has the same root cause as a bug in the BitGo multisig wallet that I found a year ago.
I make the case that the current trend towards outsourcing functions out of universities to third-party providers constitutes a security vulnerability, and that progressive institutions need to resist this trend to fight large-scale surveillance operations.
The Bitfinex attack, and similar heists from Bitcoin exchanges, are preventable with a small extension to Bitcoin.
There was a series of heists at ShapeShift, followed by an offered explanation. That offered explanation has more holes in it than Swiss cheese.
New details are emerging about the state of security at the Central Bank of Bangladesh, and it puts Bitcoin exchanges to shame.
Bitcoin vaults have the potential to stop Bitcoin thefts from Bitcoin clients. This post answers some frequently asked questions about them.
We have come up with a simple and elegant technique for implementing hack-proof Bitcoin vaults, to deter Bitcoin thefts.
The biggest data breach of the year. Of course, it involves Mongo.
HyperDex 1.6.0 release, with MongoDB compatibility
In a new analysis of Bitcoin mining, Ittay Eyal shows that the equilibrium between miners is unstable, and identifies a stable equilibrium that might, as a side effect, reduce the size of open, public mining pools.
State of computer security remains dismal, as evidenced by the lengths Bitcoin users must go through to secure their digital assets.
It's time to secure data in NoSQL databases with strong guarantees, at fine granularity, and with low overhead. Macaroons, from Google, are designed for this purpose. This post shows have Macaroons can be used in HyperDex to secure NoSQL data.
HyperDex 1.5.0 release, with authorization
This is a quick blog post to dispel a common Bitcoin misconception/myth involving voting power.
We outline a small change to the Bitcoin mining protocol that rules out big, public mining pools. It preserves the current investment in Bitcoin by both existing users and by existing miners. It presents a fix to GHash's recent 51% excursion.
There seems to be a lot of confusion over the kinds of attacks that a Bitcoin mining monopoly can engage in. We clarify the space of attacks available to a Bitcoin mining monopoly.
A Bitcoin mining pool, called GHash and operated by an anonymous entity called, just reached 51% of total network mining power today. Bitcoin is no longer decentralized. This note describes what we should do about it.
Macaroons provide a safer way to authenticate users than using raw cookies. In this article, we walk through how to get started with the macaroons library, and how to create and verify your first macaroon.
Macaroons are a new way to perform authorization in distributed systems.
BTC Guild released a number of blocks in quick succession, making some people worry that they are selfish mining. We discuss the evidence.
New measurements show that successful selfish mining attacks are quite feasible.
The Feds testified exuberantly in favor of Bitcoins yesterday, driving the BTC price through the roof to $900 USD. This is my quick reaction to what happened and what we should do about it.
There is now a visual simulator for our selfish mining attack.
There have been some early, and often misplaced, responses to the vulnerabilities we discovered in the Bitcoin system. This post addresses them.
The claim that our results were previously known to the Bitcoin community is specious.
Fairweather mining has been suggested to argue that selfish mining would be a short-lived strategy, but fairweather mining analysis is flawed because it does not take proofs of work into account.
If the health of your cryptocurrency requires Gordon Gekko to make sacrifices, it is doomed.
Some clarifications and answers to frequently asked questions about the selfish mining attack on Bitcoin.
We discovered an attack against the Bitcoin mining protocol that can have a significant impact on the Bitcoin community.

DNS Fails the NYTimes

DNS continues to be a weak, fragile system.