Ledger CEO says âshardedâ wallet keys could be shared if subpoenaed
The private seed phrases of Ledger users could be shared with governments if they are ordered to, but this is ânot a real concern,â says CEO Paul Gauthier.
View On WordPress
seen from Spain
seen from Malaysia
seen from Netherlands
seen from Yemen
seen from China
seen from Netherlands
seen from Malaysia
seen from Malaysia
seen from Yemen

seen from Spain
seen from Netherlands
seen from Brazil
seen from Belgium
seen from Lithuania

seen from United States
seen from Japan

seen from Malaysia
seen from Malaysia
seen from Indonesia
seen from Netherlands
Ledger CEO says âshardedâ wallet keys could be shared if subpoenaed
The private seed phrases of Ledger users could be shared with governments if they are ordered to, but this is ânot a real concern,â says CEO Paul Gauthier.
View On WordPress

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch ⢠No registration required ⢠HD streaming
Here's a tool named "Shhgit" that will scan across GitHub for private crypto keys exposed to hackers
New Post has been published on https://www.blockinspect.com/tech/heres-a-tool-named-shhgit-that-will-scan-across-github-for-private-crypto-keys-exposed-to-hackers/
Here's a tool named "Shhgit" that will scan across GitHub for private crypto keys exposed to hackers
As per recent reports, a new web app, called âShhgitâ is all set to scan GitHubâs code repository. Programmer and security expert Paul Price introduced his new tool that will scan public code repositories like GitHub for sensitive secrets like private crypto keys. Paul argued that such sensitive information if accessed by hackers can cause a potential data breach of an enormous scale. He further said that there are a number of open-source tools like gitrob and truggleHog, which have access to âcommit history to find secret tokens from specific repositories, users or organizations.â
Talking about the security of public code repositories, Price commented, âconfig files should be encrypted with an environment-based key.â
The recent data breach involving Capital One has exposed the personal data of over 100 million individuals, which point towards faulty security standards.Â
Price claims that Shhgit has the capability to get hold of relevant secret information in real-time, that might have been accidentally inserted. This will also enable developers to delete such secret information before hackers can get hold of these and endanger personal and private information.Â
(via https://www.youtube.com/watch?v=mxR8jSaU3VM)
The list of threats to your computerâs security grows daily: Keyloggers, trojans, ransomware...and now the rogue falafel sandwich.
THE LIST OF paranoia-inducing threats to your computerâs security grows daily: Keyloggers, trojans, infected USB sticks, ransomwareâŚand now the rogue falafel sandwich.
Researchers at Tel Aviv University and Israelâs Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processorâs power use. Their spy bug, built for less than $300, is designed to allow anyone to âlistenâ to the accidental radio emanations of a computerâs electronics from 19 inches away and derive the userâs secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper theyâre presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the pastâso small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.
âThe result is that a computer that holds secrets can be readily tapped with such cheap and compact items without the user even knowing he or she is being monitored,â says Eran Tomer, a senior lecturer in computer science at Tel Aviv University. âWe showed itâs not just possible, itâs easy to do with components you can find on eBay or even in your kitchen.â
Their key-stealing device, which they call the Portable Instrument for Trace Acquisition (yes, that spells PITA) consists of a loop of wire to act as an antenna, a Rikomagic controller chip, a Funcube software defined radio, and batteries. It can be configured to either collect its cache of stolen data on an SD storage card or to transmit it via Wifi to a remote eavesdropper. The idea to actually cloak the device in a pitaâand name it as suchâwas a last minute addition, Tomer says. The researchers found a piece of the bread in their lab on the night before their deadline and discovered that all their electronics could fit inside it.
The Tel Aviv researchers focused their attack on extracting the keys stored by GnuPG, an open source and widely used version of the encryption software PGP. They alerted GnuPG to their work in February, and an update to the software released at the same time as their paper is designed to protect against the attack. But they say their key-stealing method could be applied to other crypto systems that use RSA and ElGamal, the cryptographic algorithms integrated into GnuPG. Tromer says the group is also exploring whether the technique could be adapted and made more widely applicable, too, even allowing the theft of bitcoins by stealing the private keys created by usersâ âwalletâ programs. Their paper includes recommendations for how cryptographers can alter software to better foil their radio key thieving mechanism.
The Israeli researchersâ ability to steal data from unwitting computersâ radio waves isnât exactly new: Computer scientists have known for decades that computers leak sensitive data in the form of radio emissions from their electromagnetic components. The Dutch security researcher Wim van Eck demonstrated back in 1985 that he could pick up the radio emissions of CRT monitors and reconstruct on-screen images. In 2008, German and Iranian researchersused a similar radio analysis trick to âlistenâ to the computations inside wireless key fobs and clone them to unlock cars and open garage doors.
But the Tel Aviv researchersâ technique uses that same form of radio spying to target a laptopâa far more electromagnetically complicated target than a key fob or a monitorâand also to do it on the cheap. The team cleverly reduced the resources necessary for their attack by sampling the radio emanations from the processor only intermittently, while the chip does its decryption work of reading those emissions at a much faster frequency. PITA takes its samples at 100 kiloherz compared with the processorâs 20,000-times-faster computation rate of two gigaherz. But by tricking the target into decrypting a carefully chosen message, they were able to âtwist the algorithmâs armâ into leaking more sensitive information, creating more clues in the leaked emanations for their PITA radio to pick up.1
âItâs like someoneâs reciting secrets in a room, and you only get to hear a syllable a day to try to reconstruct what theyâre saying,â says Tromer. âYou can force that person in the room to always say one syllable over and over if the secret is âzero,â and another syllable over and over if the secret is âoneââŚThat allows us to take a very low frequency sample and still extract information.â
The notion of someone planting an eavesdropping device less than two feet away from a target computer may seem farfetched as an espionage techniqueâeven if that spy device is concealed in a pita (a potentially conspicuous object in certain contexts) or a stealthier disguise like a book or trashcan. But the PITA attack represents a significant advancement from less than a year ago, when the same researchers released an attack that required the attacker to actually touch a laptopâs metal components to pick up their charge.
Tromer says the team is now working on another upgrade that would allow much longer-distance snooping, though he declined to say more before the researchâs publication. If that more remote attack becomes practical, it could introduce the threat of radio-based crypto key theft through walls or floorsâwithout even a telltale sandwich to warn the user their secrets are being stolen.
Read the researchersâ full technical paper below.
Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
https://www.scribd.com/doc/269396737/Stealing-Keys-from-PCs-using-a-Radio-Cheap-Electromagnetic-Attacks-on-Windowed-Exponentiation
AUTHOR: ANDY GREENBERG
For more stories Joined us: Â Hakon India ; cybersquadblog on Facebook | Â Twitter | Â Linkedin