Withdrawal approved addresses are an optional, self-service security feature available to all Gemini customers. You can find and configure approved addresses in your account settings here: Approved...
Cem PGemini addresses that scaling problem by allowing customers to submit new approved addresses while imposing a mandatory 7-day wait for changes to take effect
(Revoking an address takes effect immediately, since it is always safe)
More than a thousand Twitter employees and contractors as of earlier this year had access to internal tools that could change user account settings and hand control to others, two former employees said, making it hard to defend against the hacking...
Cem PPeriodic reminder: at scale, "unlikely" events become highly probable
If a customer support rep has 1 in a million chance of taking bribes any given day, a company with 1000 of them will almost certainly have an insider attack in a few years…
After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.
Cem PTwitter, meet Streisand Effect
PS: If my account mysteriously disappears from Twitter after this, that is your cue the company is escalating efforts to silence discussion of its internal security features 🤷♂️
A mathematician’s quest to make American elections more trustworthy.
Cem PGreat to see work on end-to-end verifiable voting by Josh Benaloh and other researchers getting much deserved coverage (New Yorker in this case)
It may be too late for 2020 election but cryptographic techniques will play a role in future ones…
Cem PBehold the clown-show that is #cryptocurrency hardware wallets:
According to Trezor, attacks involving physical access are outside the threat model🤦🏻♂️
Why not use a Windows 95 box then? Without a TCP/IP stack it's just as secure against remote attacks…
Cryptographic library. Contribute to Microsoft/SymCrypt development by creating an account on GitHub.
Cem P10 years ago, even #MSFT employees had to sign special paperwork to access Windows cryptography code, kept in a separate repo named "Enigma"— and people from specific nationalities were barred
Today it is open-sourced on Github:
QuadrigaCX survivors try to hack encrypted laptop in hopes of accessing cold wallet.
Cem PThere only two explanations for #QUADRIGACX losing customer funds this way:
1. Someone decided to store $100M+ USD in #cryptocurrency on *one* laptop with password known to *one* person
2. Exit scam
Keybase is notifying Android users of a bug in its mobile app that might have unintentionally included the users' private key —used to encrypt conversations and other private data— into the automatic backups created by the Android OS and uploaded on...
Cem PUnanswered: why did #Keybase app even have access to raw private-key bits to leak in the first place?
Android KeyStore allows generating unextractable keys in hardware eg TEE