Administered by:
#privatekey
New ESP32 Chip Flaw Lets Hackers Steal Bitcoin Keys from Popular Wallets - Key Takeaways:
ESP32 chips expose crypto wallets and IoT devices to silent attac... - https://cryptonews.com/news/crypto-wallets-using-chinese-made-esp32-chip-vulnerable-to-private-key-theft-report/ #bitcoinhardwarewallets #blockchainnews #privatekey #esp32chip
Public key cryptografie voor leken
Het is een beetje behelpen met "ASCII graphics", maar in https://www.security.nl/posting/884482/Public+keys+voor+leken probeer ik, ook aan minder digitaal vaardigen, uit te leggen hoe asymmetrische cryptografie werkt.
Doe er uw voordeel mee, want deze techniek is een belangrijk fundament van de steeds verder digtaliserende maatschappij.
U leert hoe een digitale handtekening werkt en wat een digitaal certificaat is.
Veel te weinig mensen begrijpen dat goed, en dat bemoeilijkt een fatsoenlijke discussie over deze technieken enorm.
Big tech is de lachende derde: zij maximaliseren hun winsten terwijl alle risico's voor uw rekening komen.
ZKSync Admin Wallet Compromised, $5M Stolen - An admin wallet for layer-2 blockchain ZKsync was compromised on Tuesday with the hacker ... - https://www.coindesk.com/business/2025/04/15/zksync-admin-wallet-compromised-usd5m-stolen #privatekey #zksyncera #finance #hack
@hon1nbo @foone yeah, but all these things would essentially necessitate a fundamentally incompatible #Fork of the #USB standard, creating #costs, #fragmentation and lessen the likelyhood of success.
- Not to mention it'll require significant investments in #UserAwareness, #Training and would still have some issues...
I gues a sort-of "Secure HID Port" that mandates proper authentification and does full #E2EE from the Keyboard Matrix / Pointing Device controller up is an option, but you'd have to expect state-sponsored attackers willing to do "Kamikaze" Hacks...
- There's like a long talk by #TonyChen from #Microsoft explaining how they secured the #XboxOne.
#TLDW: It requires custom silicon and a hard root of trust…
- And as we saw with #GoldenKeyBoot all it takes is a single #leak of a #PrivateKey and that entire system is fucked!
Clipper DEX says recent $450K hack wasn’t caused by private key leak - A $450,000 hack on Clipper was likely from a withdrawal vulnerability, n... - https://cointelegraph.com/news/clipper-dex-clarifies-hack-not-private-key-leak #cryptohacks #privatekey #exchange #clipper #hack #leak #dex
@puppygirlhornypost2 @navi And whilst it's easy to blame #GoldenKeyBoot, a leaked #PrivateKey that was impossible to be removed, the problem is that #Windows is architecturally "insecure-able" because any changes necessary to make this not a problem would inherently mean the end for Windows as it's known to most.
- In fact, everything is done better by #Linux on the #Desktop for almost two decades, which is why classic #Malware isn't a thing on Linux systems.
Shure, you get some #Cryptojacking and some #CMS|es like #WordPress that are constantly being attacked but generally, the way #updates and #distribution of #Software works on Linux Distros for the most part is completely antithetical to Windows.
- And that's how we got this realistic scenario
And anything #Microsoft could do at this point if they weren't horny for money but avtually cared is to scrap Windows and instead invest into #Wine to ease the transition...
Why is everyone using #base64 to encode their private SSH keys to store them in masked variables in #GitLab CI?! 
GitLab cannot effectively mask your private key in CI logs if you only give it a base64-encoded version of it!
Instead I found a solution that stores the *original* private key format from #OpenSSH in a one-line CI variable and recreates the begin/end markers for a valid OpenSSH identity file with commands inside the CI.
Criminal Assets Bureau: Zugriff auf 378 Mio. USD in Bitcoin-Wallets verwehrt
#DarkCommerce #Krypto #Bitcoin #CliftonCollins #CriminalAssetsBureau #Irland #PrivateKey #Wallet https://sc.tarnkappe.info/84ffe3
Wirex Pay launches non-custodial crypto payments - Wirex Pay introduces its modular chain for payments, enhancing security ... - https://cointelegraph.com/news/wirex-launches-pay-app-non-custodial-crypto-payments #non-custodialwallets #cryptopayments #blockchain #privatekey #mastercard #wirexpay #ethereum
Defi Platform Delta Prime Loses $4.9 Million in Hack - According to Cyvers, Delta Prime, the decentralized finance (defi) platform, lost ... - https://news.bitcoin.com/defi-platform-delta-prime-loses-4-9-million-in-hack/ #decentralizedfinance #maliciouscontract #newsbyte-3 #privatekey #newsbytes #hacking
Dark Skippy: Angriff kapert Hardware-Wallet-Schlüssel
#ITSicherheit #Krypto #Blockchain #DarkSkippy #HardwareWallet #Nonce #PrivateKey #SeedPhrase https://sc.tarnkappe.info/1161e0
#SecureBoot is completely broken on 200+ models from 5 big device makers: Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway, 20240725,
by Dan G,
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
public perpetuation of test platform key #privateKey marked #DoNotShip #DoNotTrust, of #AMI corp, via centralized source code repository host
#Binarly corp
#temporaryIsPermanent
MicroStrategy to launch Bitcoin-based decentralized ID solution - MicroStrategy has already built an application on “MicroStrategy Orange”... - https://cointelegraph.com/news/microstrategy-bitcoin-decentralized-identity-solution #bitcoinforcoporationsconference #microstrategyorange #digitalsignatures #orangeforoutlook #microstrategy #michaelsaylor #privatekey #publickey #github
#Tagesschau, 20-Uhr-Ausgabe: Ist da tatsächlich ein nutzbarer privater Schlüssel abgebildet? 
Der ist doch sicher noch mit einem Passwort geschützt, oder?
EvS infosec Myth#0: Authentication
MYTH:
1) Authentication: prove that you are you.
Factors: 1 or more (MFA, 2=2FA) of:
2.a) Something you know;
2.b) Something you have;
2.c) Something you are.
MAY BE MISUNDERSTOOD AS:
1) supplying full name + birth date.
2.a) 1 + 1 = 10 (in binary notation);
2.b) Kitchen;
2.c) Nerd.
TYPICAL WEAK USE CASE:
1) Supplying your SSN to verify your identity: this is IDENTIFICATION, not authentication aka VERIFICATION of identity: typical serving side stupidity, extremely misunderstood, causing lots of misery (identity fraud).
———— OR ————
2.a) Password: 12345
2.b) Phone number + OTP via SMS.
———— OR ————
2.a) Password: qwerty
2.b) TOTP-app with secrets not being backed up, or using insecure / privacy unfriendly cloud backups [5].
AUTHENTICATION SHOULD HAVE BEEN COMMUNICATED AS, FROM THE START:
1) Authentication: PREVENT IMPERSONATION [1], [2], [3], [4].
2) "MFA HAD FAILED" [5] (Microsoft, already in 2019). Reason: an ESSENTIAL REQUIREMENT of EACH FACTOR is that it cannot be easily obtained by an attacker (e.g. intercepted, copied, guessed, stolen etc.).
2.a) A strong (not predictable, not guessable, not brute forceable and not deducible via OSINT) secret that only YOU and MAX. 1 OTHER PARTY know, transported only via reliable, CLEARLY IDENTIFIED server-authenticated, E2EE connections. With more than a few accounts, normal humans will be unable to remember strong passwords (preferable solution in [5]);
2.b) Physical device with an "HSM" in your possession with strong anti-attacker-access measures in place;
2.c) "Neural hash" of biometrics (usually weak because your biometrics are not a secret), stored in (and never leaving) a strongly protected "HSM" (see 2.b), transported from the scanner to the "HSM" in a secure manner.
Plus, less often mentioned:
2.d) "Passport" / digital certificate issued by TTP: typically strong if the provisioning infrastructure (such as PKI) is highly trustworthy. Theft of passports and unwanted copying of private keys must me made as hard as possible. A scan or photocopy of a passport MUST be considered worthless w.r.t. authentication (as knowledge of PII such as an SSN);
2.e) Location: weak (easily spoofable).
CONCLUSION
A safer internet mandates that we stop oversimplifying complicated matters.
EXAMPLES / MORE INFO:
[1] https://english.defensie.nl/topics/travel-documents/identity-fraud-and-safe-airports
Note: this page contains a lie, at least in NL: "Making a photocopy of your identity document is prohibited by law". The Dutch government even provides a free app that may obfuscate "sensitive" parts of ID documents in order to create "secure" copies (idiots):
https://www.government.nl/topics/identity-fraud/question-and-answer/how-do-i-make-a-secure-copy-of-my-id-with-the-kopieid-app
[2] In Dutch: https://www.security.nl/posting/792391/Authenticatie+en+impersonatie
[3] https://infosec.exchange/@ErikvanStraten/111943593509649252
[4] *NOT* Trump: https://twitter.com/realDonaldTrump/status/890617797956456448
[5] https://infosec.exchange/@ErikvanStraten/111989393380873096
Do you know where your certificates reside when you use AWS ACM with a “Trusted Enclave”?
~~
I was surprised at what I discovered when digging into the details
~~
#AWS #ACM #Certificate #TLS #PrivateKey
Ethereum Wallet Drainer Steals $60M in Six Months - Hackers that stole more than $60 million worth of crypto in six months are using a piece ... - https://www.coindesk.com/business/2023/11/13/ethereum-wallet-drainer-steals-60m-in-six-months/?utm_medium=referral&utm_source=rss&utm_campaign=headlines #privatekey #finance #exploit #wallet #news #hack
Contame tu secreto más profundo 
#ssh #privatekey #linux