Network Security Theatre

Summer is nearly here, and with that comes the preparations for the largest gathering of security researchers on the planet. In early August, researchers, geeks, nerds, and other extremely cool people will descend upon the high desert of Las Vegas, Nevada to discuss the vulnerabilities of software, the exploits of hardware, and the questionable activities of government entities. This is Black Hat and DEF CON, when taken together it’s the largest security conference on the planet.

These conferences serve a very important purpose. Unlike academia, security professionals don’t make a name for themselves by publishing in journals. The pecking order of the security world is determined at these talks. The best talks, and the best media coverage command higher consultancy fees. It’s an economy, and of course there will always be people ready to game the system.

Like academia, these talks are peer-reviewed. Press releases given before the talks are not, and between the knowledge of security researchers and the tech press is network security theatre. In this network security theatre, you don’t really need an interesting exploit, technique, or device, you just need to convince the right people you have one.

Continue reading “Network Security Theatre”

I Am Satoshi Nakamoto

OK, you got me. I’m not. Neither is Dorian Nakamoto, pictured above, and neither is this [Craig White] guy. Or at least, his supposed proof that he is “Satoshi” doesn’t stand up to scrutiny. Indeed, you can re-create it yourself and pretend to be “Satoshi” too.

If you haven’t been following along, “Satoshi Nakamoto” is the person or group of people who invented Bitcoin, and who holds a decent fortune’s worth of the currency. He’s been exceedingly careful at keeping his identity secret. So much so, that upon hearing another “We Found Satoshi” story in the news, we actually laughed at our wife this morning. But then it was picked up by the BBC and is forthcoming in the Economist. Serious journalism.

Well, if you read the BBC piece, they note that “Security expert Dan Kaminsky said the procedure was almost ‘maliciously resistant’ to validation.” Hint: If Dan “DNSSEC” Kaminsky can’t verify a signature, there’s a good chance it’s not the real deal.

The really embarrassing part is that this [Craig White] character claimed to be Satoshi in December 2015. If he actually were Satoshi, who is probably a cryptographic genius, do you think it would take him five months to figure out a cryptographically sound way of proving his identity? Nope.

So here’s how he did it, according to [Patrick McKenzie]’s GitHub, linked above. There is a hashed secret out there that only “Satoshi” knows. Hashes are one-way functions; they produce a number that’s easy to calculate if you know the original data, but devilishly hard to work from the hash backwards to get the data out. This hashed value is public, and part of the blockchain, so we can be pretty sure that it hasn’t been altered.

[Craig] claimed to have some text from Sartre hashed with “Satoshi’s” key, and that this proves his identity. But instead of providing the hash of the Sartre text, [Craig] apparently substituted a hash from the blockchain. When this supposed Sartre hash is validated against the blockchain, of course, it works. In short, he swapped hashes, and people failed to notice.

So I’m not “Satoshi”, and neither is this guy. Who is? The mystery continues. And given how careful “Satoshi” has been so far, it’s likely to remain so for a long while. But one thing’s for sure, when “he” does choose to reveal himself, it won’t be difficult to verify. After all “Satoshi” knows “Satoshi’s” password.

Image via the BBC, of another guy who isn’t “Satoshi”.

(Late Edit: Here’s another really nice writeup, this one by [ErrataRob].)

Applications for the Bitcoin Blockchain

Bitcoin, the libertarian’s dream currency, is far past the heady days of late 2013. When one Bitcoin was worth $1000 USD, there was no end to what could be done; new, gigantic mining rigs were being created, every online store jumped onto the bandwagon, and the price of Bitcoin inevitably crashed. Right now, the exchange rate sits at about $280 USD per coin, valuing all the Bitcoins ever mined somewhere around $4 Billion USD. That’s a lot of coins out there, and a lot of miners constantly verifying the integrity of the greatest thing to come from the Bitcoin community: the blockchain.

The bitcoin is just a record, or the ledger, of every transaction that has ever occurred on the Bitcoin network. It’s distributed, and the act of mining coins creates new blocks, or another set of data committed to the blockchain for eternity. While magical Internet money™ is by far the most visible product of the blockchain, developers, investors, and other people in the know are gushing about the possibilities of what can be done with a distributed record that can’t practically be altered and can’t be deleted.

[Jon Matonis], a figurehead for the entire cryptocurrency movement, recently said Bitcoin has become the strongest computer in the world, and stronger than all of the top 500 supercomputers combined. All of this computational power is effectively funneled in to verifying the integrity of the blockchain.

Bitcoin and other cryptocurrencies are not just a completely anonymous payment system; that’s only a side effect of the blockchain. The blockchain is the only inherently valuable part of a bitcoin; each transaction is logged in the blockchain, providing incredible security over how every coin is spent. No currency in the history of mankind has ever had a record of how every dollar or denarius is spent, and at the very least makes for very interesting economics research. Now, thousands of researchers across the globe are wondering what else the blockchain can do; tapping the power of the most powerful computer on the planet must have some interesting applications, and in the last few months, a few ideas have popped up.

Continue reading “Applications for the Bitcoin Blockchain”

Tracking Bitcoin With The ESP8266

[Kendrick] was looking for something to do with an ESP8266 WiFi module, and since he loves Bitcoin and Arduino, the obvious solution was to make a Bitcoin price tracker.

The ESP8266 is a complete microcontroller with a WiFi chip and a few pins for a serial connection. It’s certainly possible to write some firmware for the ESP to get the current conversion rate of Bitcoin, but for simplicity’s sake, [Kendrick] chose to use an Arduino for this project. He’s using a 5V Arduino, and the ESP operates on 3.3V logic, but a few Zeners take care of the logic level conversion.

The code running on the Arduino checks the CoinDesk API minute, parses the JSON coming from the API, and prints the current Bitcoin price to the serial port. For tracking the current conversion rate of Bitcoin, it’s vastly overkill. This project could have a few interesting applications, from hooking up a few seven-segment displays, to an RGB LED mood lamp that keeps track of this magic Internet money.

The Most Powerful Bitcoin Mining Rig Yet

In days of yore, one could mine Bitcoin without much more than an AMD graphics card. Now, without specialized hardware it’s unlikely that you’ll make any appreciable headway in the bitcoin world. This latest project, however, goes completely in the other direction: [Ken] programmed a 55-year-old IBM mainframe to mine Bitcoin. Note that this is technically the most powerful rig ever made… if you consider the power usage per hash.

Engineering wordplay aside, the project is really quite fascinating. [Ken] goes into great detail about how Bitcoin mining actually works, how to program an assembly program for an IBM 1401 via punch cards, and even a section about networking a computer from this era. (Bonus points if he can get to load!) The IBM boasts some impressive stats for the era as well: It can store up to 16,000 characters in memory and uses binary-coded decimal. All great things if you are running financial software in the early ’60s or demonstrating Bitcoin in the mid-2010s!

If it wasn’t immediately obvious, this rig will probably never mine a block. At 80 seconds per hash, it would take longer than the lifetime of the universe to do, but it is quite a feat of computer science to demonstrate that it is technically possible. This isn’t the first time we’ve seen one of [Ken]’s mainframe projects, and hopefully there are more gems to come!

Hackaday wants all your Bitcoin

Bitcoin, the solution to the two generals’ problem, an economic case study in the history of currency, and the reason AMD graphics cards were so expensive a few years ago, is now accepted in The Hackaday Store.

Yes, we have a store, loaded up with swag, tools, and cool toys. We’re always stocking more  If you have coin sitting around, you can pick up a great little logic analyzer, a 3D printer, an ingenius two channel multimeter, ESP8266 boards, the ever popular Hackaday swag and a ton more. That 3D printer will cost you ฿ 3.75. A Mooshimeter is just ฿ 0.50.

It’s the perfect time to turn magical Internet money into something with real, intrinsic value, before the value of Bitcoin drops even more. Sure, we accept government-backed currency as well… but when will you have the chance to spend those hard-mined dollars hashes?

Ask Hackaday: A Robot’s Black Market Shopping Spree

It was bad when kids first started running up cell phone bills with excessive text messaging. Now we’re living in an age where our robots can go off and binge shop on the Silk Road with our hard earned bitcoins. What’s this world coming to? (_sarcasm;)

For their project ‘Random Darknet Shopper’, Swiss artists [Carmen Weisskopf] and [Domagoj Smoljo] developed a computer program that was given 100 dollars in bitcoins and granted permission to lurk on the dark inter-ether and make purchases at its own digression. Once a week, the AI would carrying out a transaction and have the spoils sent back home to its parents in Switzerland. As the random items trickled in, they were photographed and put on display as part of their exhibition, ‘The Darknet. From Memes to Onionland’ at Kunst Halle St. Gallen. The trove of random purchases they received aren’t all illegal, but they will all most definitely get you thinking… which is the point of course. They include everything from a benign Lord of the Rings audio book collection to a knock-off Hungarian passport, as well as the things you’d expect from the black market, like baggies of ecstasy and a stolen Visa credit card. The project is meant to question current sanctions on trade and investigate the world’s reaction to those limitations. In spite of dabbling in a world of questionable ethics and hazy legitimacy, the artists note that of all the purchases made, not a single one of them turned out to be a scam.

Though [Weisskopf] and [Smoljo] aren’t worried about being persecuted for illegal activity, as Swiss law protects their right to freely express ideas publicly through art, the implications behind their exhibition did raise some questions along those lines. If your robot goes out and buys a bounty of crack on its own accord and then gives it to its owner, who is liable for having purchased the crack?

If a collection of code (we’ll loosely use the term AI here) is autonomous, acting independent of its creator’s control, should the creator still be held accountable for their creation’s intent? If the answer is ‘no’ and the AI is responsible for the repercussions, then we’re entering a time when its necessary to address AI as separate liable entities. However, if you can blame something on an AI, this suggests that it in some way has rights…

Before I get ahead of myself though, this whole notion circulates around the idea of intent. Can we assign an artificial form of life with the capacity to have intent?