Ladies and Gentlemen of the Quantum Physics Community:   I want you to make a Pseudorandom Number Generator!   And why not!  I’m just a crypto nerd working on computers, I only get a few discrete bits and a handful of mathematical operations.  You have such an enormous bag of tricks to work with!  You’ve got a continuous domain, trigonometry, complex...

0day is cool.  Killing 0day, sight unseen, at scale — that’s cooler. If you agree with me, you might be my kind of defender, and the upcoming O’Reilly Security Conference(s) might be your kind of cons. Don’t get me wrong.  Offense is critical.  Defense without Offense is after all just Compliance.  But Defense could use a home.  The Blue Team does...

It’s not actually surprising that somebody would claim to be the creator of Bitcoin.  Whoever “Satoshi Nakamoto” is, is worth several hundred million dollars.  What is surprising is that credible people were backing Craig Wright’s increasingly bizarre claims.  I could speculate why, or I could just ask.  So I mailed Gavin Andresen, Chief Scientist of...

UPDATE:  This signature does actually validate, you just have to use a different version of OpenSSL than I did originally. Of course, if this is the signature that already went out with that block, it doesn’t matter.  So I’m looking into that right now. Update 2: OK, yes, this is intentional scammery.  This is the 2009 transaction.  See this: ...

I’ve made some comments regarding Apple vs. the FBI at Wired.

CVE-2015-7547 is not actually the first bug found in glibc’s DNS implementation.  A few people have privately asked me how this particular flaw compares to last year’s issue, dubbed “Ghost” by its finders at Qualys.  Well, here’s a list of what that flaw could not exploit: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils,...