Security Now 287
Recorded: February 9, 2011
Published: February 9, 2011
Security Now 287: BitCoin CryptoCurrency
- Microsoft's patch Tuesday
- 22 flaws patched, 5 rated critical, including the recent MHTML zero day flaw.
- Patch also disables auto-play for USB devices, unless they emulates a CD.
- Linux gains the auto-run problem! ShmooCon 2011: USB Autorun attacks against Linux on YouTube
- Adobe Reader X and Adobe Acrobat X. 29 critical security vunerabilities
- Flash Player updates
- AVI format buffer overflow attack fix, and a gentle nudge from Tom and Steve to use something else!
News & Errata
- Do Not Track feature added to Firefox v4 Beta 11, not enabled by default.
- Verizon Wireless
- Bandwidth throttling of top 5% of users.
- Content optimization to minimize bandwidth of images and video on http traffic VerizonWireless.com: Explanation of Optimization Deployment
- Mobile, the new malware battlefield.
- Spinrite and Mark Folkart fixes a customer's corporate drive when the corporation's IT department couldn't.
BitCoin P2P virtual currency
- Serious Internet Currency BitCoin.org by Satoshi Nakamoto, registered on Sourceforge in 2009.
- A currency, physical or virtual, relies on its value to its users. Currencies used to be backed by gold because it was valuable and scarce, but we ran out of gold to represent the currency we wanted.
- BitCoin network is up and running with Windows, Mac and Linux open source software to start generating currency by processing transactions within the system. The science bit Bitcoin: A Peer-to-Peer Electronic Cash System Technical Paper
- BitCoins can be traded on specialist currency markets for existing currencies, and some organisations on the net accept it as payment. BitCoin Trade
- Rate of generation of BitCoins is controlled by requiring nodes to find the solution to a hard problem, based on Adam Back's 1997 anti-spam solution "Proof of Work" Hashcash.org
- A computational problem is to hash some data so that x number of leading bits in the hash are all zero, which is computationally intensive for large values of x, and it cannot be pre-calculated, it takes multiple guesses and fudges. Didn't work for spam because the good guy mass-mailers were hurt by this too.
- Exchanges of bit coins are done using Public Key cryptography signed by the originator's private key, all transactions being broad cast on the network. The public key of the signer allows a transaction to be verified.
- Transactions that have been adopted by the network are collected into blocks, the creation of the blocks from the transactions being BitCoin's computationally intensive task, with the blocks chained together by incorporating the hash from the previous block, the genesis block being created on January 3rd, 2009, which is incorporated into the node software, which when run uses an irc chat run to find the other nodes, and receives the entire set of blocks, this history prevents BitCoins being re-issued.
- Nodes compete with each other to create the next block from new transactions not yet incorporated into a block , the node that earns 50 BTC, currently by "fudging" the hashing process so it produces a hash with 12 leading zeroes, the first transaction being paying yourself 50 BTC.
- Two blocks created so far during this explanation, information courtesy of Block Explorer
- Anonymity: Your public key address is the only identifier for you on the transaction, the software generating a key pair for you, and can produce as many key pairs as you want, sending coins between these keys.
- BTC's are created at 300 per hour, and the probability that a given node will create a block is based on its computational power as a proportion to the entire network of nodes, currently a modern PC will take about a year to generate 50 BTCs.
- Because the currency can be exchanged for existing currencies this has become valuable creating BitCoin creating boxes based on GPU's BitCoinMiner.com which is countered by the network making the problems more difficult as more power is on the network to stabilize the rate at which coins join the system, with 10.5 million being create in the first 4 years, 5.25 million in the next four years, halving every 4 yours until 21,000,000 BTC are generated, which gives a controlled rate of inflation. BTC are stored to 8 decimal places to allow for future capacity when the 21,0000,000 limit is reached. Profitability of generating BTC will decline as more and more hardware and energy is required to generate BTC.
- Free BTC to get you started BitCoin Faucet
- Network is currently doing 186 billion hash operations per second.
- The value of the blocks in BTC declines over time, so that system scales to create a secure stable currency.
- Only known weakness: With massive computational power the chain of blocks can theoretically be spoofed, offset by the increasing length of the chain and the number and power of good nodes.
- Users are joining computational pools to share the proceeds of winning BTC.
- When running the node for the first time it can take time to get going. Be patient and look into the FAQ for port-forwarding information.
- ad times: and 1:01-1:11 and 3:49-5:07
- Carbonite.com offer code SecurityNow
- carb 3
- ad times: 0:46-1:00 and 38:55-41:26
- Edited by: Jason
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|