Bytecoin was exploited

Bug in CryptoNote A rather serious bug in all CryptoNote-based cryptocoins was recently released by the monero-community. The bug allowed for forging of keyimages, essentially allowing skilled individuals to mint new coins at will. First i would like to congratulate Fluffypony and the other monero-developers to have handled this situation VERY professionally and responsible. Bytecoin Although i consider Bytecoin to be shady at best and an outright scam at worst, there are lots of new people in the community that […]

Read More

Introducing KnCMinion – A pimped UI for the KnC Titan miner

KnCMinion User-interfaces for cryptocurrency-miners are notoriously old-fashioned. A machine such as the Titan, priced in the $10000-range, deserves a better user-interface. KnCMinion is my way of giving back a more modern and beautiful UI to KnC and the mining-community. Titan UI – Before The original interface only provides the most basic information. (The HTML is, by the way, generated by a server-side bash-script, yuck!) Titan UI – After The KnCMinion interface is located in a subdirectory (/kncminion) and is designed […]

Read More

My take on bitcoin paper wallets

Cryptocurrencies Most of my energy the last few months have been devoted to cryptocurrencies such as Bitcoin, Litecoin and Monero. When (not IF) cryptocurrencies become more mainstream, i have no doubt that the frontiers for security will move there too. The common common quote [insert-random-term-here]-hacking for fun and profit will literally mean actual profit. I will leave this topic open for another post in the future. Paper-wallets The safe storage of cryptocurrencies such as Bitcoin have been and will continue […]

Read More

Unicode visual spoofing for fun and profit

Swift Apple recently announced Swift, an innovative new programming language for iOS/OSX. According to their product-page the language is designed for safety: Swift eliminates entire classes of unsafe code. Variables are always initialized before use, arrays and integers are checked for overflow, and memory is managed automatically. Syntax is tuned to make it easy to define your intent — for example, simple three-character keywords define a variable (var) or constant (let). I really like the idea of shifting the security […]

Read More

JavaZone 2013

I will be giving a talk at JavaZone 2013 in Oslo on September 11th. [http://jz13.java.no/] The topic is the ten most common mistakes made during the software development process that leads to security problems in the finished product. The focus is not on hard-core technical issues, but rather about language- and OS-independent security-aspects such as design decisions, concepts, mistakes and bad luck when thinking. See you there!

Read More

When feature-rich is bad

Feature-rich or bloat? Every now and then I wonder if one of the security problems facing the software industry is the huge amount of features enabled by default in large frameworks. These frameworks give developers powerful tools, classes and libraries, and give the developer the possibility to develop applications faster and better. There are, however, two caveats related to security here: Most frameworks enable too much functionality by default The developer rarely know about this extra functionality. My most common […]

Read More

Whatever works, works!

SEC-T 2012 I recently had the privilege of attending SEC-T 2012, one of the few really technical Swedish security conferences. [http://www.sec-t.org] All in all a really great conference, i got to talk to some cool people and i really think that everyone left with a vast amount of new knowledge and ideas. But that is not really what this post is about.. This post is a lesson in practicality. The problem SEC-T had a on-site competition during the entire conference. […]

Read More

The fun way to change perspective

In my talk at DevCon12 in Karlskrona my main message to the audience was: Change perspective! The main topic for the talk was an introduction to Capture the Flag (CTF). CTFs are computer security wargames, or loosely put: Hacker-competitions. Why this talk at a software engineering conference you might ask? Well, my opinion is that the ability to look at a problem from several perspectives is what separates a good developer from a great developer. The perspective as the attacker […]

Read More