Mastodon Feed
jsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
30 July 2013, Toronto ON Canada
Mastodon Feed
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
Many more findings are included in our full 101-page report. Read the full audit report for all findings & recommendations: https://cure53.de/audit-report_nym.pdf
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
Our audit demonstrates the importance of rigorous cryptographic reviews. Nym has been proactive in fixing these issues and pointed out that some had limited impact, reinforcing its privacy-focused mission. Kudos to their team for their responsiveness!
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
6/ A Bloom filter misconfiguration meant that 1 in 6 credential checks could result in false positives, potentially impacting the security of the Nym network. We suggested switching to Binary Fuse filters for better accuracy.
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
5/ Our team also found a signature forgery attack against the Pointcheval-Sanders scheme in Nym’s cryptography. Attackers could derive new valid signatures from existing ones! We recommended strict integrity checks.
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
4/ Nym’s gateway credential verification skipped serial number checks, meaning eCash tickets could be used multiple times—leading to double-spend attacks. We recommended ensuring strict checks across all verification paths.
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
3/ The audit found nonce-key reuse in AES-CTR within Nym gateways. With a zero nonce, attackers could decrypt communications with simple XOR operations! We recommended a switch to AES-GCM-SIV for better security.
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
2/ A partial signature bypass was also discovered in offline eCash, allowing attackers to generate valid signatures for arbitrary payloads. This mirrored the Coconut vulnerability and was promptly patched.
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
1/ Our audit identified BLS12-381 EC signature bypasses in the Coconut library. Attackers could forge credentials, bypass validation, and manipulate public attributes.
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
🚨 New cool audit alert!
Our audit at @cure53 of @nymproject is now public! We uncovered some fascinating findings in Nym's cryptography and infrastructure.
Joint work with Alex Pirker, Daniel Bleichenbacher, Luan Herrera & Marta Conde!
Some highlights: 🧵👇
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
“Matt Hopson, who was recently appointed USAID chief of staff by Mr. Trump, resigned Sunday, according to two current USAID staffers. There was no mass email about it. The staffers said it happened after his involvement, alongside the two other security staffers, in blocking DOGE officials [without security clearances] from getting access over the weekend. “
https://www.cbsnews.com/news/musk-says-administration-is-on-verge-of-shutting-usaid/
Mastodon Feedbcantrill ("Bryan Cantrill") wrote:
The release of DeepSeek R1 really shook things up last week. Today, @ahl and I will be joined by Andy Hock and James Wang from wafer-scale innovator Cerebras to talk about their experiences with DeepSeek -- and the future of AI disruption. Join us, 5p Pacific!
Mastodon FeedReblogged by jakedel@mamot.fr ("S. Delafond"):
thomasnoel@mamot.fr ("Thomas NOËL") wrote:
@CyrilBrulebois partly and proudly funded by @entrouvert , via @freexian
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
@StillIRise1963
That's better than the one from my power company.... announcing 18% rate increase as of beginning of 2025. Just got the highest power bill in my lifetime.My auto insurance rose over 50% this past year, despite no accidents or tickets.
My home owners insurance rose by $300.
Annual doctor visit over $300.
Trump just destroyed my IRA with tariffs.
And the idiots in the media think eggs are the big problem.... Fuck Eggs... I can do without them.
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
GottaLaff@mstdn.social ("Laffy") wrote:
Via Ann Telnaes:
Attachments:
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
People Seem To Be Figuring Out Other Countries Don't Pay Tariffs
Attachments:
-
[Just calculated a 25% tariff importing Canadian lumber to Miami. Same wood, same quality - but now costs me $7,800 more. My contractor profit margins = gone. This is hurting American builders, not too sure if it's helping border security? 2:09 am - 03 Feb 25 - 958K Views][5]
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
JustTooOdd@lor.sh ("Infinity Counter 🟦") wrote:
Bird flu crisis enters new phase
"The outbreak is intensifying as the . . . [current] administration maintains a pause on most external federal health agency communications, including publication of CDC's Morbidity and Mortality Weekly Report (MMWR), a venerable source of scientific reports on public health." #BirdFlu #AvianInfluenza #CDC
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
Michael de Adder in G&M
Attachments:
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
dave@social.masto.land ("Dave Winer's linkblog in Masto") wrote:
That Giant Sucking Sound? It’s Climate Change Devouring Your Home’s Value.
https://www.nytimes.com/2025/02/03/opinion/home-values-insurance-climate.html?smid=bsky-nytopinion
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
joeinwynnewood@mstdn.social ("Grassroots Joe") wrote:
It's a security clearance level they certainly don't have and could never get that has allowed them to compromise highly sensitive databases with no way to know what they have done/are doing to disable or bypass internal security systems and controls.
This isn't a five alarm fire, it's Los Angeles County at the height of the wild fires.
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
molly0xfff@hachyderm.io ("Molly White") wrote:
Attachments:
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
jeff@newsie.social ("Jeff (of the internet)") wrote:
Can someone tell me when I missed Congress creating the Dept of Government Efficiency and Musk's subsequent appointment hearings?
My understanding is that while the president manages the conduct of executive branch offices, it is Congress, not the President, that establishes official departments and agencies, and to whatever degree it chooses, the internal organization of agencies.
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
jeffjarvis ("Jeff Jarvis") wrote:
Quebec removes U.S. liquor from its shelves and restaurants.
https://www.montrealgazette.com/news/article725959.html
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
seachanger@alaskan.social ("wet forest moon folklorist") wrote:
We cannot, we CANNOT, let Elon Musk put the US Treasury on blockchain
please join with others and find a way to fight back. Courage is contagious. Community beats chaos.
✊🏼❤️
Attachments:
- Mario Nawfal © [gl @MarioNawfal - 4h Should the treasury be put on the blockchain so this doesn't happen? Elon Musk ® (x] @elonmusk • 4h Career Treasury officials are breaking the law every hour of every day by approving payments that are fraudulent or do not match the funding laws passed by Congress. This needs to stop NOW!. Show more • 172 17 312 O 2.4K tha 177K Elon Musk © |X & @elonmusk Subscribe Yes! 4:25 PM • Feb 2, 2025 • 244.8K Views • 364 17 355 О зк ~ 92 (remote)
![Mario Nawfal © [gl @MarioNawfal - 4h Should the treasury be put on the blockchain so this doesn't happen? Elon Musk ® (x] @elonmusk • 4h Career Treasury officials are breaking the law every hour of every day by approving payments that are fraudulent or do not match the funding laws passed by Congress. This needs to stop NOW!. Show more • 172 17 312 O 2.4K tha 177K Elon Musk © |X & @elonmusk Subscribe Yes! 4:25 PM • Feb 2, 2025 • 244.8K Views • 364 17 355 О зк ~ 92](https://files.mastodon.social/cache/media_attachments/files/113/937/739/136/031/979/original/a6e3bf74be5de634.jpeg){kind=link}
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
emptywheel.bsky.social@bsky.brid.gy wrote:
Here's one of the victim impact letters--from family members of a guy who died of a heroin overdose--submitted when Ross Ulbricht was sentenced.
This is who Trump pardoned, while claiming to care abt trafficking.
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
JoshuaHolland ("Joshua Holland") wrote:
Two headlines this am:
"Dow futures drop more than 650 points after #Trump hits U.S. trading partners with tariffs"
"Trump's meme coin made nearly $100 million in trading fees, as small traders lost money"
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
neurovagrant@masto.deoan.org ("Ian Campbell") wrote:
Aside from the cruelty of decimating USAID, it's the biggest gift possible to China.
PRC is an expert at pouncing in with soft power wherever a vacuum emerges.
That vacuum is now the entire globe.
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
faduda@mastodon.ie ("Gerard Cunningham ✒️") wrote:
How much spyware (Russian and otherwise) do you reckon they installed on US government systems since Friday?
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
Without an FBI and DoJ, who enforces the constitutions at all? The Constitution Fairy?
Has a single famous person yet called for aggressive resistance or noncompliance, if not outright rebellion against this hijacking of our nation by Trump, Musk, Putin, and their GOP enablers? If not now, WHEN?
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
jwcph@helvede.net ("JW Prince of CPH, Radicalized") wrote:
"What's standing in the way of a Canadian industrial policy that focuses on raiding the sky-high margins of American monopolists with third-party add-ons, mods and jailbreaks?
Only the IP laws that Canada has agreed to in order to get tariff-free access to American markets. You know, the access that Trump has promised to end in less than a week's time?..." - @pluralistic
This is a brilliant idea. Someone call Trudeau.
https://pluralistic.net/2025/01/15/beauty-eh/#its-the-only-war-the-yankees-lost-except-for-vietnam-and-also-the-alamo-and-the-bay-of-ham #canada #intpol #tech #business #trade