In the FB case:
GOOD: FB 2FA SENDING UNEXPECTED SMSES, NOTED GEEKS CRITIQUE
BAD: FB 2FA NOW DEEMED A CAPITALIST SPAMCANNON, RUN AWAY FROM IT AND SPEAK DISPARAGINGLY OF ANYTHING SIMILAR OVER DRINKS WITH YOUR FRIENDS
I saw @matthew_d_green's tweets about IOTA so I decided to skim through what is apparently its official whitepaper https://iota.org/IOTA_Whitepaper.pdf [pdf]
I would suggest you don't invest any money in a cryptocurrency that is based on a paper like this.
I covered this because it happened to me for nearly a year and I finally realized I wasn’t alone. It seemed useful to report so the issue could be fixed. Some of us are in this to improve conditions, not for emotional satisfaction or to kick FB’s shins.
This is getting fixed, post: https://m.facebook.com/notes/facebook-security/fixing-sms-notifications-for-those-using-two-factor-authentication/10155124741945766/
The vast majority of compromises are not due to a single “showstopper” bug, but rather a collection of them. The value of individual bugs (and a vendor’s response to reports) is as a measure of how careful the vendor is — and thus how likely those other bugs are to exist.
Fact: when you shuffle a deck of cards, the resulting order has probably never existed in the universe before.
The Russians didn't show up with arrogance and lack of preparations. They did their homework. Digital and IRL. They tracked online metrics. They learned our political language.
If you think about it, it’s really weird to accept that Russia would hack (with impunity) election systems in 21 states, but not try to change a single vote. Why would this seem reasonable to you? http://www.jsonline.com/story/news/politics/2017/09/22/homeland-security-russians-tried-hack-wisconsins-election-system/694570001
The problem is that the election systems you’d have to tamper with are tiny little Mom+Pop ballot-programming companies, running unpatched Windows. If they got spear-phished, nobody would have even noticed.
When people say “they only tampered with Twitter or Facebook” read that as “we caught them doing that”. It’s hard to believe they’d do that and not also try for election systems. (And of course we know they did.)
All we know is (1) from a technical point of view this wouldn’t be that hard, and (2) foreign powers spent tens of millions to illegally tamper with the election in 2016 alone.
Reminder: nobody has any clue if our paperless electronic voting machines were compromised in 2016, or will be in 2018. Not the NSA, CIA or FBI.
I would like an update on how this project is going. https://twitter.com/realdonaldtrump/status/884016887692234753
Shameless plug of my signaling theory model of cryptocurrency: https://ethresear.ch/t/a-signaling-theory-model-of-cryptocurrency-issuance-and-value/1081
Basically, even if you assume rational actors, we can expect to see large parts of cryptocurrency seignorage burned on "marketing as proof of work".
This is why the 2017 Bitcoin scaling debate was so disastrous for the community. It set back the actual payment-usage of these currencies by so much.
If the future value of a currency depends on bringing suckers in off the street, then you want to see A LOT of suckers.
Since almost nobody uses cryptocurrency for payments yet, they get speculated on. In that setting, the existence of a large and technically-uninformed commmunity becomes the main determinant of value.
This is mindblowing -- the Russians' monthly budget for this operation exceeded $1.2 million
I teach my crypto students three things:
1. If standard, well-studied tools already exist: use them. Never make your own.
2. Where they don’t exist, try to write proofs of security.
3. If you can’t (or in addition), get expert peer review.
Friendly piece of advice: Fuck cultivating a professional brand image. Talk about the things you are passionate about. Get hype about those things.
This is about self-care. If you repress and control how other people see you then that is who you become. You lose everything else.