<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (guardiantech)</title>
    <link>https://pinboard.in/u:guardiantech/public/</link>
    <description>recent bookmarks from guardiantech</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="http://arstechnica.com/security/2014/05/al-qaedas-new-homebrew-crypto-apps-may-make-us-intel-gathering-easier/"/>
	<rdf:li rdf:resource="http://www.forbes.com/sites/andygreenberg/2014/03/25/satoshi-nakamotos-neighbor-the-bitcoin-ghostwriter-who-wasnt/"/>
	<rdf:li rdf:resource="http://threatpost.com/weak-random-number-generator-threatens-ios-7-kernel-exploit-mitigations/104757"/>
	<rdf:li rdf:resource="http://www.dailydot.com/opinion/matthew-green-on-nsa-crypto/"/>
	<rdf:li rdf:resource="http://reason.com/blog/2013/06/21/dont-want-the-nsa-to-read-your-email-use"/>
	<rdf:li rdf:resource="http://gigaom.com/2013/04/04/yes-you-should-care-about-bitcoin-and-heres-why/"/>
	<rdf:li rdf:resource="http://hackertarget.com/tor-exit-node-visualization/"/>
	<rdf:li rdf:resource="http://o.canada.com/2013/02/26/blackberry-not-as-secure-as-believed-memo-warns-federal-workers/#.US_PS-sR6zJ"/>
	<rdf:li rdf:resource="http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/"/>
	<rdf:li rdf:resource="http://www.v3.co.uk/v3-uk/news/2152760/thousands-public-encryption-keys-offer-security"/>
	<rdf:li rdf:resource="http://www.geekwire.com/2011/bitcoin-befuddles-customs-agents-thwarting-seattle-visit-digital-currency-guru"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="http://arstechnica.com/security/2014/05/al-qaedas-new-homebrew-crypto-apps-may-make-us-intel-gathering-easier/">
    <title>Al-Qaeda’s new homebrew crypto apps may make US intel-gathering easier &gt;&gt; Ars Technica</title>
    <dc:date>2014-05-14T16:27:30+00:00</dc:date>
    <link>http://arstechnica.com/security/2014/05/al-qaedas-new-homebrew-crypto-apps-may-make-us-intel-gathering-easier/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[At least, that's the expectation - because they're abandoning the US-developer crypto for their own, and crypto software is notoriously hard to do well.]]></description>
<dc:subject>crypto alquaeda</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:6029c3381d55/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:alquaeda"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.forbes.com/sites/andygreenberg/2014/03/25/satoshi-nakamotos-neighbor-the-bitcoin-ghostwriter-who-wasnt/">
    <title>Nakamoto's neighbour: my hunt for Bitcoin's creator led ro a paralyzed crypto genius &gt;&gt; Forbes</title>
    <dc:date>2014-03-27T06:54:16+00:00</dc:date>
    <link>http://www.forbes.com/sites/andygreenberg/2014/03/25/satoshi-nakamotos-neighbor-the-bitcoin-ghostwriter-who-wasnt/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Andy Greenberg: <blockquote>A week earlier, I was following clues that seemed to point to either Finney’s involvement in the creation of Bitcoin or one of the most improbable coincidences I’d ever encountered. Today, I believe those connections were in fact random, that Finney is telling the truth when he denies helping to invent Bitcoin, and that I am only the most recent of a long string of journalists to succumb to the mirage of a Satoshi Nakamoto-shaped pattern in a collection of meaningless facts.<p>

But in following the clues that led me to Finney, I found something equally significant: a dying man who had been something like a far-more-brilliant Forrest Gump of cryptographic history: a witness to and participant in practically every important moment in the recent history of secret-keeping technologies. From the development of the first widely used strong encryption software known as PGP, to early anonymity systems, to the first Bitcoin transaction, Finney was there.</blockquote>

Must-read.]]></description>
<dc:subject>crypto bitcoin pgp nakamoto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:bcee213ecb35/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bitcoin"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:pgp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:nakamoto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://threatpost.com/weak-random-number-generator-threatens-ios-7-kernel-exploit-mitigations/104757">
    <title>Weak early random PRNG threatens iOS 7 kernel mitigations &gt;&gt; Threatpost</title>
    <dc:date>2014-03-13T13:14:41+00:00</dc:date>
    <link>http://threatpost.com/weak-random-number-generator-threatens-ios-7-kernel-exploit-mitigations/104757</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>IOS 6’s PRNG [pseudo-random number generator], [Tarjei] Mandt [of Asimuth Security] said, suffered from poor entropy sources and poor use of seed data used to generate outputs. Similar to its deployment in OS X, Mandt said, the PRNG in iOS 6 used Mach Absolute Time to derive outputs.<p>

“It could return the same value over and over because it was reliant on clock information,” Mandt said.<p>

This was supposedly addressed in iOS 7 where time-based correlation issues were avoided through the use of a Linear Congruential Generator (LCG). The LCG in iOS 7 leverages information from four state generations, Mandt said, each one producing 16 bits of output. Each time, the lower three bits of each piece of output are discarded because they are considered weak.<p>

Mandt said there are generally known problems associated with LCGs, including serial correlation between outputs making them susceptible to brute force attacks.</blockquote>

It's clearly Really Quite Abstruse Theoretical Security Weakness Day, if you read on...]]></description>
<dc:subject>ios7 crypto prng weakness</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:793f151544b3/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:ios7"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:prng"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:weakness"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.dailydot.com/opinion/matthew-green-on-nsa-crypto/">
    <title>On the NSA &gt;&gt; The Daily Dot</title>
    <dc:date>2013-09-08T20:38:15+00:00</dc:date>
    <link>http://www.dailydot.com/opinion/matthew-green-on-nsa-crypto/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Matthew Green is a cryptographer and a professor at Johns Hopkins University: <blockquote>It should be extremely difficult to weaken a standard without someone noticing. And yet the Guardian and NYT stories are extremely specific in their allegations about the NSA weakening standards.<p>

The Guardian specifically calls out the National Institute of Standards and Technology (NIST) for a standard they published in 2006. Cryptographers have always had complicated feelings about NIST, and that's mostly because NIST has a complicated relationship with the NSA.<p>

Here's the problem: the NSA ostensibly has both a defensive and an offensive mission.</blockquote>]]></description>
<dc:subject>computing crypto guardian nsa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:892bf8e06a01/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:computing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:guardian"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:nsa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://reason.com/blog/2013/06/21/dont-want-the-nsa-to-read-your-email-use">
    <title>Don't want the NSA to read your documents? Use this font. &gt;&gt; Reason.com</title>
    <dc:date>2013-06-23T21:10:33+00:00</dc:date>
    <link>http://reason.com/blog/2013/06/21/dont-want-the-nsa-to-read-your-email-use</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>It's a font designed to be difficult for machines to read.</blockquote>

Oh dear. It's difficult for <em>OCR</em> machines to read. However, the NCR and GCHW don't work that way at all.]]></description>
<dc:subject>crypto nsa wrong</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:27a00267dc54/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:nsa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:wrong"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://gigaom.com/2013/04/04/yes-you-should-care-about-bitcoin-and-heres-why/">
    <title>Yes, you should care about Bitcoin, and here’s why &gt;&gt; Gigaom</title>
    <dc:date>2013-04-05T11:49:41+00:00</dc:date>
    <link>http://gigaom.com/2013/04/04/yes-you-should-care-about-bitcoin-and-heres-why/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[David Meyer: <blockquote>in a sense it doesn’t really matter if Bitcoin succeeds or fails. The original Napster failed and guess what? Unlawful file-sharing is still with us, and will remain with us for a long time. On a conceptual level, whatever happens, it’s now very difficult to see a future without Bitcoin or something like it. It may not replace fiat currencies, just as unlawful file-sharing has not killed off lawful distribution, but it may persist as a viable alternative and, by doing so, force change in the way its traditional predecessors function.</blockquote>

The Napster point is apposite. However Bitcoin's real power is as a medium of exchange, not as a currency. Too many people confuse the two. It lacks sufficient liquidity to be a currency, but as an anonymous method of exchange, it's great. Until it reaches a parity where the amount of money flowing in from real currencies is roughly equal to the amount flowing out, its value will vary too widely to make it useful for anything long-term.]]></description>
<dc:subject>bitcoin crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:c9be0e876375/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bitcoin"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://hackertarget.com/tor-exit-node-visualization/">
    <title>Tor exit nodes mapped and located &gt;&gt; HackerTarget.com</title>
    <dc:date>2013-03-10T17:30:46+00:00</dc:date>
    <link>http://hackertarget.com/tor-exit-node-visualization/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be abused to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine. However if the exit traffic is unencrypted and contains identifying information then an exit node can be abused.<p>

The torproject therefore is dependent on a diverse and wide range of exit nodes. This update to an older page is where I attempt to display the exit nodes diversity in a Google map with Geolocation.</blockquote>]]></description>
<dc:subject>crypto map privacy torvalds</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:6b72071acae4/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:map"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:torvalds"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://o.canada.com/2013/02/26/blackberry-not-as-secure-as-believed-memo-warns-federal-workers/#.US_PS-sR6zJ">
    <title>BlackBerry not as secure as believed, memo warns federal workers &gt;&gt; canada.com</title>
    <dc:date>2013-02-28T21:44:25+00:00</dc:date>
    <link>http://o.canada.com/2013/02/26/blackberry-not-as-secure-as-believed-memo-warns-federal-workers/#.US_PS-sR6zJ</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>OTTAWA — The federal department charged with overseeing cyber-security has warned its workers to think twice before sending a BlackBerry message, suggesting that the device believed to be the most secure in the world is more vulnerable than users may believe.<p>

The one-page policy memo from Public Safety Canada, updated in mid-January, attempts to dissuade government BlackBerry users from sending a PIN-to-PIN message largely because it could be read by any BlackBerry user, anywhere in the world. The messages are “the most vulnerable method of communicating on a BlackBerry,” a Public Safety Canada presentation says…<p>


Political staffers use the device as well, regularly sending PIN-to-PIN messages and emails as government business has progressively migrated to mobile devices.<p>

“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” the memo reads. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”</blockquote>

You wonder whether certain governments have been granted access to that cryptographic key, don't you?]]></description>
<dc:subject>blackberry crypto keyboard</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:bb750503773e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:blackberry"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:keyboard"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/">
    <title>How a Google headhunter's email unravelled a massive net security hole &gt;&gt; Wired.com</title>
    <dc:date>2012-10-24T21:00:13+00:00</dc:date>
    <link>http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Michael Orlando, vulnerability analyst with CERT, said his group planned to <a href="http://www.kb.cert.org/vuls/id/268267">release an announcement about the issue</a> this week to spread the word.<p>

The fix is an easy one – companies simply need to generate a new key at the stronger length and place it in their DNS records. But they also need to remember to revoke their old key, Harris says.<p>

“As long as the old one is still in the DNS record, even if you’re not using it, an attacker can still use it,” he says.</blockquote>

(Thanks @ponk2k for the link.)]]></description>
<dc:subject>email google security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:e9d2b68b7f48/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:email"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.v3.co.uk/v3-uk/news/2152760/thousands-public-encryption-keys-offer-security">
    <title>Thousands of public encryption keys found to offer no security &gt;&gt; V3.co.uk</title>
    <dc:date>2012-02-15T22:53:05+00:00</dc:date>
    <link>http://www.v3.co.uk/v3-uk/news/2152760/thousands-public-encryption-keys-offer-security</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The flaw came to light by analysing more than seven million public keys which are used to secure online transactions, email messages and other web services.
The researchers discovered that a flaw in the process for generating random prime numbers – a critical component of the public key encryption – resulted in thousands of public keys sharing common prime numbers.

"What surprised us most is that many thousands of 1024-bit RSA moduli, including thousands that are contained in still valid X.509 certificates, offer no security at all," the research paper states.</blockquote>

Well, not exactly <em>no</em> security. Just rather less than immense security.]]></description>
<dc:subject>security crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:ff43b3cf9e32/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.geekwire.com/2011/bitcoin-befuddles-customs-agents-thwarting-seattle-visit-digital-currency-guru">
    <title>Bitcoin befuddles U.S. customs agents, thwarting Seattle visit by digital currency guru &gt;&gt; GeekWire</title>
    <dc:date>2011-07-27T14:56:10+00:00</dc:date>
    <link>http://www.geekwire.com/2011/bitcoin-befuddles-customs-agents-thwarting-seattle-visit-digital-currency-guru</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA["A developer who specializes in the Bitcoin digital currency says he was sent back to China last week after he arrived at Sea-Tac Airport with only $600 in cash and wasn’t able to convince U.S. Customs and Border Patrol agents that he would be able to fund his two-month visit using Bitcoin.<br />
"The developer, who goes by the alias “Doctor Nefario,” identifies himself as the founder of the Global Bitcoin Stock Exchange."<br />
<br />
Would have loved to be a fly on the wall during that interview.]]></description>
<dc:subject>bitcoin crypto digital</dc:subject>
<dc:identifier>https://pinboard.in/u:guardiantech/b:7f6500bf68d8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bitcoin"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:digital"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>