US Department of "Justice" Absconding With Botnet In Spanish Arrest

Fresh on the heels of an arresting alleged hacker Peter Levashov in Spain, the Department of Justice announced plans to disable a botnet – known as Kelihos – they claim was under his control and used to send spam emails and infect systems with ransomware. Acting assistant attorney-general Kenneth Blanco said the operation will "redirect Kelihos-infected computers to a substitute server", in order to block communications between infected devices and the botnet server, instead redirecting the compromised machines to the DOJ's own botnet servers. Levashov reportedly had been operating the botnet since 2010, and targeted computers running all variants of Microsoft Windows, the preferred target OS of botnet harvesters worldwide. The Department of Justice statement concluded by stating that "The US government will share samples of the malware with antivirus vendors in facilitate updates to their programs which will allow them to detect and remove Kelihos" while leaving government backdoors firmly in place.

"Bitcoin" (Altcoin) Unlimited Experiences Drop In Node Count Due To Remote Crash Vulnerability

The "Bitcoin Unlimited" node count experienced a very sharp ~65% drop around 7:30 PM UTC as a remote-crash vulnerability was made public on Twitter. The node count, as reported by, fell to 259 from a previous measurement of 764 moments earlier.

The actual vulnerability is a result of the ineptitude of the "Bitcoin Unlimited" developers to incorrectly implement the usual "monkey see, monkey do" approach to software, by messing up the copy-pasting of power-rangerolade.

Peter Todd's straight Twitter disclosure was made in a context of heightened tensions among the two main flavors of idiocy, namely the SegWit peddlers and the Roger Verified "Bitcoin Unlimited" followers.

Death Cult Propagates Among Some Chinese Miners

As mentioned in Shinohai's latest shitcoin Roundup, a few single language Chinese miners have taken to expressing an unjustified degree of loyalty to yet another doomed anti-Bitcoin forking effort. In the same week the fork effort's defective client unintentionally fell out of consensus due to its inherent slop, Andrew Quentson (WOT:nonperson) published a purported "cosmetically corrected" interview with Jiang Zhuoer (WOT:nonperson) where among other things Zhuoer confesses to "SPV mining" while asserting to have 100 million dollars1 committed to destroying any actual Bitcoin network which remains after splitting his favored altcoin from Bitcoin.

If Zhuoer's intent actually corresponds to what the words printed in English mean,2 it represents a paltry counter to the deterrent presented by Mircea Popescu and other lords of the Most Serene Republic, which has thus far damped off earlier social engineering attempts to fork Bitcoin into something else before they could root.

Continued imprudence among mining pool operators suggests that a solution to the mining bug3 in order to disabuse certain activist factions of their imagined participation in Bitcoin. Importantly, recent efforts by the People's Bank of China to bring sanity to their local fiat/Bitcoin interfaces does not preclude future statal attempts to attack Bitcoin via the mining vector from the People's Republic of China.  Sorry for your loss.

  1. A mere 10,000 Bitcoins today, less tomorrow 

  2. Such is the least of the curses handicapping the monophone single language speaker.  

  3. Some solutions have been proposed to constrain the impact of the bug  

Bitcoin Foundation Celebrates Month Of Activity And RELEASE Milestone

In their September state of Bitcoin address the Bitcoin Foundation was able to celebrate a substantial milestone in the clean up of the reference Bitcoin implementation. A flurry of testing and tweaking has lead to foundation co-chair mod6 (WOT:mod6) declaring the project has finally reached its long awaited milestone of version 0.5.4 RELEASE. Though most of the functional improvements to the reference implementation have long been enjoyed on actual running of Bitcoin nodes, the title of RELEASE was withheld until sanity could be brought to the makefiles and build process at large. Substantial contributions in time, sweat, and blood were made by ben_vulpes (WOT:ben_vulpes), shinohai (shinohai), and trinque (trinque).

Datskovskiy Publishes Tool For Making "Parachute" Lamport Keypairs

Saint Stanislav Datskovskiy (WOT:asciilifeform) published today a tool for creating a one time use "parachute" Lamport keypair. This type of keypair is referred to as a "parachute" because it allows a person to recover their cryptographic identity after the catastrophic compromise of the extant cryptographic system in which their identity was born. For maximum readability and understandability the ever consumate craftsman implemented this tool in bash using common userland utilities.

Random Idiot Accepts People's Time And Work, Idiot Turns Around And Sells It For Politics

Kiwi social engineer Leah Rowe (WOT:nonperson) during a recent tantrum brought attention to the problematic structure of the open source "Libreboot" project. For its entire history Libreboot consisted of a forked repository of another open source project to which Rowe added still other people's patches under Rowe's name rather than the actual authors' (archived). The catalyst which brought this problem to the fore was a political statement made by Rowe using the name "Libreboot" without consulting the actual authors of Libreboot code. These authors who had not particularly cared that Rowe took their names from their code however decided that they definitely did not want Rowe's political tantrums to be misconstrued as their own.

Authorship matters.

RNG Whitening Bug Weakened All Versions of GPG

Werner Koch, maintainer of Libgcrypt and GnuPG, announced today:

"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. … All Libgcrypt and GnuPG versions released before 2016-08-17 are affected on all platforms. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened."

However, in the text of one of the patches (archived) which accompanied this announcement, we find a slightly different statement:

"This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable."

In effect, this means that no key created with GPG to date carries more than 580 bytes of effective entropy (e.g., all 4096-bit and above RSA keys have 'subkeys' which – we now find – mathematically relate, in a possibly-exploitable way, to the primary key.)

It should be remembered that, due to the structure of the OpenPGP format, breaking a GPG subkey is often quite nearly as good as breaking the primary key – i.e. it will allow the attacker to create valid signatures, in the case of a signature-only subkey, or else to read intercepted ciphertext, or both.

And thus we find that, due to the staggeringly-braindamaged design of the protocol and of this implementation, GPG users who elected to use longer-than-default GPG keys (Phuctor presently contains 1,090,450 RSA moduli which exceed 2048 bits in length1) ended up with smaller-than-default effective cryptographic strength.

Likewise noteworthy is the fact that this bug was contained in an RNG 'whitening' routine. The popular but wholly-pseudoscientific practice of RNG 'whitening' creates the appearance of an effective source of entropy at times when – potentially – none exists2, at the cost of introducing a mathematical relationship (sometimes, as in the case at hand, a very exploitable one) between RNG output bits, which by their nature are intended to be wholly uncorrelated.

  1. Not all of these moduli were generated using GPG. 

  2. A whitened (walked over with, e.g., RIPEMD – as in GPG, or SHA2, or AES) stream of zeroes, will typically pass mathematical tests of entropy (e.g., the Diehard suite) with flying colors. While at the same time containing no meaningful entropy in the cryptographic sense. 

Eulora 0.1.2 Update Released, Record Loot Follows

Earlier this week the Ministry of Games released version 0.1.2 of their real cash economy MMORPG Eulora to the world. The new client software was made available July 31st and the servers rolled over to the new version on August 3rd. Shortly after the update was made available Daniel P. Barron (WOT:danielpbarron) found a record setting loot pop in the game world. The drop composed of boulders and assorted other loot has a base value of 0.81 Bitcoins with a potentially higher market value in the game's real money economy. Eulora's real cash economy makes it one of several avenues available for earning Bitcoin without dealing with the AML/KYC indignity of the various fiat/Bitcoin interfaces.

Windows Print Spooler Vulnerability Spent 20 Years Unaddressed

A  vulnerability in the way Microsoft Windows communicates with printers survived 20 years in the wild (archived). It was addressed in the latest round of Windows Update patches, which if the Stuxnet backdoor is any example means that Microsoft merely tightened the conditions for exploiting it until the probable new vulnerability becomes public knowledge. Sorry for your loss.

"Pokemon Go" Ushers In New Phase Of Smartphone Surveillance

This past week's release of the smartphone gamified reality app "Pokemon Go" heralds the beginning of a new phase of the smartphone surveillance era. Billed as an "augmented reality" game the app uses in game incentives to direct users to physically visit locations that they would not otherwise. The app has already lead to a teenager discovering a dead body in a location she would have not otherwise visited.

In addition to directing users to physical locations the app encourages users to enable their smartphone's camera so that they may see pokemon "appear" in the real world. This active scanning of the real world by app users presents far greater potential for image collection than the typical social media app which relies on the user's vanity to get them to use their smartphone's camera.

It almost makes the app's requirement to turn on the smartphone's location services, one that will likely snare low intelligence "criminals", seem mundane.

Pokemon Go was preceeded by an alternate reality game called Ingress also developed by Pokemon Go creator Niantic. Ingress however lacked tie ins to any popular media franchises1 which would have delivered a ready made user base in the manner Pokemon Go has. Peace in our time!

  1. Deepening the rabbit hole is Nintendo's long refusal to allow media properties they have a stake in to run on devices that aren't also sold by Nintendo.