The Mempool Open Source Project® v3.0.0 recently dropped 🚀
Includes exciting new features: Mempool Accelerator, Mempool Goggles, "pizza tracker" UI, and much more.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc discuss the update in BR074.
Ever wondered what it takes to build a #bitcoin hardware wallet?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and Lloyd Fournier go into some of the logistics involved, in BR073.
🚀 BR074 - Fountain Podcasting 2.0 on Nostr, SGX Key Extraction, Nunchuk, Mempool, Floresta, + MORE ft. nostr:npub1unmftuzmkpdjxyj4en8r63cm34uuvjn9hnxqz3nz6fls7l5jzzfqtvd0j2, nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc & nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
Listen to the episode:
➡️ Fountain: https://fountain.fm/episode/meY9nyt70HnirLta6MZC
➡️ Spotify: https://tinyurl.com/57c7fzpc
➡️ Amazon: https://tinyurl.com/mtjx7svh
➡️ Apple: https://tinyurl.com/bde34hx6
➡️ YouTube: https://youtu.be/V990d0q62bU
Shownotes:
➡️ Website: https://bitcoin.review/podcast/episode-74
➡️ Substack: https://substack.bitcoin.review/p/br074-fountain-podcasting-20-on-nostr
Oscar discusses with NVK how Fountain is seeking to onboard the podcasting industry to nostr, bringing cross app comments and boosts to podcasting 2.0. 👇
PSA: Good quality (and REAL) SD cards cost money! 🫰
Make sure you're using quality memory when it comes to your #bitcoin security.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 talks about the true cost of SLC memory in BR073.
The most successful #bitcoin attacks remain the simplest: social and phishing attacks designed to get you to reveal your seed.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and Lloyd Fournier discuss these common attacks in BR073.
It's not just the user experience, but also the developer experience that is needed to build tools which improve #bitcoin security.
nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw explains the importance of this in BR073.
Could the technology behind FrostSnap prevent (non-social) attacks by utilising security techniques and practices at the protocol level?
Lloyd Fournier discusses the goal of FrostSnap in BR073.
🚀 BR073 - Security Challenges in Bitcoin Hardware Wallets: A Technical Overview ft. Lloyd Fournier, nostr:npub1hea99yd4xt5tjx8jmjvpfz2g5v7nurdqw7ydwst0ww6vw520prnq6fg9v2 , nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw , nostr:npub1r4y9mtc2sm020d2fa25qhzept3633ad7mstegu80ur60s4qnqs5sxsuwud & nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
Listen to the episode:
➡️ Fountain: https://fountain.fm/episode/EFkCsswzEAnxNwEcbUjJ
➡️ Spotify: https://tinyurl.com/mrnf2c74
➡️ Amazon: https://tinyurl.com/2z7e5bmu
➡️ Apple: https://tinyurl.com/wn99nbxn
➡️ YouTube: https://youtu.be/ORFc8CjTjns
Shownotes:
➡️ Website: https://bitcoin.review/podcast/episode-73
➡️ Substack: https://open.substack.com/pub/bitcoinreview/p/br073-security-challenges-in-bitcoin
Craig shares his thoughts around improving security without compromising usability. 👇
A recent Telegram zero-day exploit allowed malicious APKs to be sent as videos.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 , nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc and nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw discuss the exploit and the security questions it raises, in BR072.
A security breach at Indian crypto exchange WazirX resulted in a $230m loss - 45% of their holdings.
The payload is suspected to have been altered to grant the attacker wallet control.
What lessons can we learn from the this latest hack? nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 & nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw give their take.
A security breach at a bank linked to Coinbase compromised the personal information of 154 customers, revealing names, bank account numbers, and routing numbers.
Could lawsuits against companies lead to a changing of KYC laws?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 , nostr:npub1p4kg8zxukpym3h20erfa3samj00rm2gt4q5wfuyu3tg0x3jg3gesvncxf8 and nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw discuss.
Could some of the 'solutions' to Dark Skippy result in worse security tradeoffs?
Using anti-kepto with the current solution requires exposing the signer to USB, the hardware may not be able to verify the nonce, and there's no Core implementation.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 breaks down the issues.
What's the next benchmark of security regarding nonces? And how do Schnorr based MPC systems like musig and FROST affect what systems we can and should build?
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 , nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc and nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw discuss this in BR072.
Dark Skippy has revealed some legitimate security issues which need to be addressed.
That said, we don’t need to freak out. There are already a number of mitigations in place (and more on the horizon).
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw discuss some of these mitigations in BR072.
Could there be a way to leverage the fact that the signer and the desktop have BI32 keys pre-shared, in order to defend against attacks like Dark Skippy?
Developers are already discussing this potential. nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw share their thoughts.
I have podverse on another phone.... I'll switch to that.
I don't see nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz8thwden5te0dehhxarj9ekh2arfdeuhwctvd3jhgtnrdakj7qgkwaehxw309ajkgetw9ehx7um5wghxcctwvshspg7dju podcast on there. 😞
We're on Podverse👇
How do bad nonces function between computers and hardware wallets? And what are the mitigations on the signer side?
nostr:npub1p4kg8zxukpym3h20erfa3samj00rm2gt4q5wfuyu3tg0x3jg3gesvncxf8 , nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 & nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw discuss this question in BR072.
What is the anti-klepto protocol, and could a standard which interoperates with PSBTs be the primary security upgrade we need to mitigate against attacks like Dark Skippy?
nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc discusses the potential in BR072.
If signing devices want to be evil and have the signing device sign malicious transactions, there are simpler ways than leaking keys through maliciously chosen nonces.
nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc explains with nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 and nostr:npub1p4kg8zxukpym3h20erfa3samj00rm2gt4q5wfuyu3tg0x3jg3gesvncxf8 why signed firmware matters in BR072. #DarkSkippy
Are hardware wallets perfect? No.
But #bitcoin security today is still better than at any point in history.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 , nostr:npub1emdtsxly9m68m00x206t574jttp65vk0c2m89ms038q047yz7ylqcac9aw & nostr:npub1mxrssnzg8y9zjr6a9g6xqwhxfa23xlvmftluakxqatsrp6ez9gjssu0htc discuss the main considerations for hardware wallets in defending against malicious firmware attacks like Dark Skippy in BR072.