BR093 - ECDSA Key Extraction, ESP32 Security Concerns, COLDCARD, Cove Wallet, Krux, Nunchuk, Invalid Mining Jobs, Javascript Injection Attack, CTV Back on the table? + MORE ft. Rob & Vivek
Bitcoin.Review Podcast with NVK & Guests
I'm joined by guests Rob Hamilton & Vivek to go through the list.
Housekeeping
(00:01:18) Unleashed.chat rebrands to dataMachine
Urgent Vulnerability Disclosures
(00:01:52) Private key leak via malformed ECDSA input
(00:09:12) ESP32 Security Concerns
(00:21:32) Coinos revokes NWC connection secrets
Vivek's Corner
(00:22:51) Invalid mining jobs by AntPool & friends during forks
Bitcoin
• Software Releases & Project Updates
(00:37:44) COLDCARD
(00:52:47) Sparrow Wallet
(00:54:33) Lark
(00:55:03) Krux
(00:56:37) Cove Wallet
(00:59:09) Nunchuk Desktop
(01:00:32) BTCPayServer
(01:00:44) Bitcoin Keeper
(01:01:25) BlueWallet
(01:02:08) Bitcoin Safe
(01:03:15) Bitkey App
(01:04:05) libwally-core
(01:06:00) Bisq2
(01:06:04) RoboSats
(01:06:08) Boltz Exchange
(01:06:10) Zaprite
(01:06:13) Blockstream Explorer API
(01:07:22) Mempal
(01:07:29) Iris Wallet desktop
(01:07:31) Utreexo
(01:07:34) ESP Miner
• Project Spotlight
(01:07:38) Reorg Calculator
(01:07:51) Bitcoin Core Config Generator
(01:09:05) Bitcoin Core Snapshots
(01:09:11) Boot Protocol
(01:09:18) multisig-backup
(01:09:58) Wallet backup
(01:10:04) regtest-in-a-pod
Vulnerability Disclosures
(01:11:56) JavaScript injection attack
(01:15:05) Malicious PyPI package 'set-utils' steals Ethereum private keys
(01:16:57) OpenSSH vulnerabilities expose clients and servers to attacks
(01:17:05) USB side-channel attacks
(01:17:37) Cellebrite
(01:17:49) Messengers vulnerabilities
(01:17:56) GitVenom
(01:18:10) Stablecoin payment firm Infini loses $50M in exploit
(01:18:18) Five dollar wrench attacks
Audience Questions
(01:20:00) Comment on a flaw in Bitcoin Core regarding mining pools and their vulnerability against block withholding attacks
Nostr
• Project spotlight
(01:22:32) 24242.io
(01:22:49) nostr.media
(01:22:58) Frostr
(01:23:33) nostr-double-ratchet
(01:23:44) DVMCP
(01:23:53) Samiz
(01:24:00) Welshman
(01:24:09) Norma
(01:24:20) Wallet Relay
(01:24:27) Nostr0
(01:24:35) nAuth Protocol
(01:24:43) Hostr
Boosts
(01:25:36) Shoutout to top boosters @sean, @pink monkey, @Anonymous, @martinbarilik, @Momo Tahmasbi & @jespada.
Links & Contacts:
Website: https://bitcoin.review/
Substack: https://substack.bitcoin.review/
Twitter: https://twitter.com/bitcoinreviewhq
NVK Twitter: https://twitter.com/nvk
Telegram: https://t.me/BitcoinReviewPod
Email: producer@coinkite.com
Nostr & LN: ⚡nvk@nvk.org (not an email!)
Full show notes: https://bitcoin.review/podcast/episode-93
Housekeeping
(00:01:18) Unleashed.chat rebrands to dataMachine
Urgent Vulnerability Disclosures
(00:01:52) Private key leak via malformed ECDSA input
(00:09:12) ESP32 Security Concerns
(00:21:32) Coinos revokes NWC connection secrets
Vivek's Corner
(00:22:51) Invalid mining jobs by AntPool & friends during forks
Bitcoin
• Software Releases & Project Updates
(00:37:44) COLDCARD
(00:52:47) Sparrow Wallet
(00:54:33) Lark
(00:55:03) Krux
(00:56:37) Cove Wallet
(00:59:09) Nunchuk Desktop
(01:00:32) BTCPayServer
(01:00:44) Bitcoin Keeper
(01:01:25) BlueWallet
(01:02:08) Bitcoin Safe
(01:03:15) Bitkey App
(01:04:05) libwally-core
(01:06:00) Bisq2
(01:06:04) RoboSats
(01:06:08) Boltz Exchange
(01:06:10) Zaprite
(01:06:13) Blockstream Explorer API
(01:07:22) Mempal
(01:07:29) Iris Wallet desktop
(01:07:31) Utreexo
(01:07:34) ESP Miner
• Project Spotlight
(01:07:38) Reorg Calculator
(01:07:51) Bitcoin Core Config Generator
(01:09:05) Bitcoin Core Snapshots
(01:09:11) Boot Protocol
(01:09:18) multisig-backup
(01:09:58) Wallet backup
(01:10:04) regtest-in-a-pod
Vulnerability Disclosures
(01:11:56) JavaScript injection attack
(01:15:05) Malicious PyPI package 'set-utils' steals Ethereum private keys
(01:16:57) OpenSSH vulnerabilities expose clients and servers to attacks
(01:17:05) USB side-channel attacks
(01:17:37) Cellebrite
(01:17:49) Messengers vulnerabilities
(01:17:56) GitVenom
(01:18:10) Stablecoin payment firm Infini loses $50M in exploit
(01:18:18) Five dollar wrench attacks
Audience Questions
(01:20:00) Comment on a flaw in Bitcoin Core regarding mining pools and their vulnerability against block withholding attacks
Nostr
• Project spotlight
(01:22:32) 24242.io
(01:22:49) nostr.media
(01:22:58) Frostr
(01:23:33) nostr-double-ratchet
(01:23:44) DVMCP
(01:23:53) Samiz
(01:24:00) Welshman
(01:24:09) Norma
(01:24:20) Wallet Relay
(01:24:27) Nostr0
(01:24:35) nAuth Protocol
(01:24:43) Hostr
Boosts
(01:25:36) Shoutout to top boosters @sean, @pink monkey, @Anonymous, @martinbarilik, @Momo Tahmasbi & @jespada.
Links & Contacts:
Website: https://bitcoin.review/
Substack: https://substack.bitcoin.review/
Twitter: https://twitter.com/bitcoinreviewhq
NVK Twitter: https://twitter.com/nvk
Telegram: https://t.me/BitcoinReviewPod
Email: producer@coinkite.com
Nostr & LN: ⚡nvk@nvk.org (not an email!)
Full show notes: https://bitcoin.review/podcast/episode-93
Activity