BR093 - ECDSA Key Extraction, ESP32 Security Concerns, COLDCARD, Cove Wallet, Krux, Nunchuk, Invalid Mining Jobs, Javascript Injection Attack, CTV Back on the table? + MORE ft. Rob & Vivek
I'm joined by guests Rob Hamilton & Vivek to go through the list.Housekeeping (00:01:18) Unleashed.chat rebrands to dataMachineUrgent Vulnerability Disclosures (00:01:52) Private key leak via malformed ECDSA input (00:09:12) ESP32 Security Concerns (00:21:32) Coinos revokes NWC connection secretsVivek's Corner (00:22:51) Invalid mining jobs by AntPool & friends during forksBitcoin • Software Releases & Project Updates (00:37:44) COLDCARD (00:52:47) Sparrow Wallet (00:54:33) Lark (00:55:03) Krux (00:56:37) Cove Wallet (00:59:09) Nunchuk Desktop (01:00:32) BTCPayServer (01:00:44) Bitcoin Keeper (01:01:25) BlueWallet (01:02:08) Bitcoin Safe (01:03:15) Bitkey App (01:04:05) libwally-core (01:06:00) Bisq2 (01:06:04) RoboSats (01:06:08) Boltz Exchange (01:06:10) Zaprite (01:06:13) Blockstream Explorer API (01:07:22) Mempal (01:07:29) Iris Wallet desktop (01:07:31) Utreexo (01:07:34) ESP Miner• Project Spotlight (01:07:38) Reorg Calculator (01:07:51) Bitcoin Core Config Generator (01:09:05) Bitcoin Core Snapshots (01:09:11) Boot Protocol (01:09:18) multisig-backup (01:09:58) Wallet backup (01:10:04) regtest-in-a-podVulnerability Disclosures (01:11:56) JavaScript injection attack (01:15:05) Malicious PyPI package 'set-utils' steals Ethereum private keys (01:16:57) OpenSSH vulnerabilities expose clients and servers to attacks (01:17:05) USB side-channel attacks (01:17:37) Cellebrite (01:17:49) Messengers vulnerabilities (01:17:56) GitVenom (01:18:10) Stablecoin payment firm Infini loses $50M in exploit (01:18:18) Five dollar wrench attacksAudience Questions (01:20:00) Comment on a flaw in Bitcoin Core regarding mining pools and their vulnerability against block withholding attacksNostr • Project spotlight (01:22:32) 24242.io (01:22:49) nostr.media (01:22:58) Frostr (01:23:33) nostr-double-ratchet (01:23:44) DVMCP (01:23:53) Samiz (01:24:00) Welshman (01:24:09) Norma (01:24:20) Wallet Relay (01:24:27) Nostr0 (01:24:35) nAuth Protocol (01:24:43) HostrBoosts (01:25:36) Shoutout to top boosters @sean, @pink monkey, @Anonymous, @martinbarilik, @Momo Tahmasbi & @jespada.Links & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: producer@coinkite.comNostr & LN: ⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-93