Crypto

[The State of Crypto Security. Hackers have stolen more than $2B from… by Kofi Kufuor Oct, 2022 The Control](https://thecontrol.co/the-state-of-crypto-security-d628ac5b609d)

(20) The Onion on Twitter: “Man Who Lost Everything In Crypto Just Wishes Several Thousand More People Had Warned Him https://t.co/ZyBuovjIiA https://t.co/COUssOnQHh” / Twitter

cloudflare/circl: CIRCL: Cloudflare Interoperable Reusable Cryptographic Library

Google’s Fully Homomorphic Encryption Compiler — A Primer – Math ∩ Programming

Making Crypto Hacking Less Lucrative - Bloomberg

[XREX CSO Publishes Web3 Open-source Tools to Enhance Smart Contract Development Security by The XREX team Aug, 2022 XREX Crypto Threat Research Blog](https://research.xrex.io/xrex-cso-publishes-web3-open-source-tools-to-enhance-smart-contract-development-security-94f9b432399b)

Ethereumwallet.com - A Case Study — Unciphered

OODA Loop - The Executive’s Guide To Quantum Computing: What you need to know for your strategy today

“Responsible Rescue” — Unciphered

Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits

Replicant: Reproducing a Fault Injection Attack on the Trezor One https://voidstarsec.com/about.html https://twitter.com/wrongbaud

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling – NCC Group Research

Building Safe End-to-End Encrypted Services for Business - a Google Workspace perspective

Web3 Is Going Great People rush to steal some of the $190 million in the Nomad bridge after an exploit is discovered

Is It Possible to Reconcile Encryption and Child Safety? - Lawfare

Cryptocurrency 2022 Legislation

MIke Privette: Thirty-seven US states have addressed legislation regarding cryptocurrency, digital or virtual currencies and other digital assets in the 2022 legislative session

Too Many Secrets - by Andy Manoske - Reality Deviance
A no math introduction to cryptography and secure protocols H/T HashiCorp’s Mitch Pronschinske.

(16) Adrian ⛩️ Hetman 🐺⚔️ on Twitter: “What are the most common smart contracts vulnerabilities?🧐 Many of the examples will be well known to people familiar with the web3 security. What makes this interesting, is how common these vulnerabilities are even after many hacks involving them!🫥 Let’s dive in!🧵👇 https://t.co/effYup1s0a” / Twitter

In defense of crypto(currency) – A Few Thoughts on Cryptographic Engineering


TLS validation: implement OCSP and CRL verifiers in Go - Cossack Labs We explore OCSP and CRL – the protocols for validating TLS certificates. These protocols are often seen as “too scary” or “too advanced”, while they are not.

OCSP and CRL are often used in PKI context: after the certificate generation there should be a procedure to handle their revocation.

The standard Golang library doesn’t support these protocols out-of-the-box, which led us to deep diving into the topic and building OCSP / CRL validation tooling in Go.

We describe the things we’ve learnt: design, implementation and security tips, example code and popular mistakes.

@vixntael

Application Level Encryption for Software Architects

Secure Search Over Encrypted Data

Maintaining cryptographic library for 12 languages - Speaker Deck

Announcing our open source security key test suite
Google open sourced its security key test suite, that can be used to test for bugs in security keys’ implementation of the CTAP protocol, the part of FIDO2