signature – Transaction signing and security: Different signing approaches

I am currently studying for an exam and reviewing a past one from the CS 251: Bitcoin and Crypto Currencies course in Stanford with the following question on transaction signing. I have written my answers afterwards and would appreciate it if you could feedback if this correct or if something would need to be considered differently:

Recall that a Bitcoin transaction has a set of input addresses and a set
of output addresses. Usually, each input address signs the entire transaction (minus the signatures) to
authorize payment. This signature type is called SIGHASH_ALL.
In this question we explore other signature types where only portions of the transaction are signed.
Some of these types are already supported by the Bitcoin network and some are new. Whenever a
Bitcoin node validates a transaction, it checks the signatures on exactly what was signed and rejects the
transaction if any of the signatures are invalid.
For each transaction signing method listed below, decide if an attacker can steal funds from an input
address of a transaction submitted to the Bitcoin network. If so, explain how; if not, explain why not.

A. The secret key of each input address is used to sign the entire Txin (the input part of the
transaction, minus the signatures) and nothing else. That is, the Txout (the output part of the
transaction) is not signed. (this signature type is called SIGHASH_NONE)

This is not secure since a miner could simply change the Txout and thus change the payment to his address.

B. The secret key of each input address is used to sign the entire Txout and nothing else.
Hint: consider an address C for which there are 50 valid UTXOs that each credit C with 2 BTC (so
that address C is worth 100 BTC). Is there a situation where a Bitcoin user can drain Bitcoin from
address C without the owner’s authorization?

I do not see a risk there since the Txout is secured and thus cannot be changed. It should not matter that the Txout is not secured as a whole.

C. Suppose there are two inputs and two outputs. The secret key of the first input is used to sign
the entire Txin and the first output UTXO, and nothing else. The secret key of the second input
is used to sign the entire Txin and the second output UTXO, and nothing else. (this signature
type is called SIGHASH_SINGLE)

I assume that the same issue can occur as for D that miners can add further outputs and thus make the transaction invalid. However, they should not be able to steel funds as each output is signed.

D. Suppose there are two inputs and two outputs. The secret key of the first input is used to sign
the first input in Txin and the first output UTXO, and nothing else. The secret key of the second
input is used to sign the second input Txin and the second output UTXO, and nothing else.

I assume that a miner could add additional in- and outputs to the transaction since it is not secured as a whole. However, he could not steal funds with this approach but only make a transaction invalid, e.g. by adding more outputs and thus having outputs>inputs.

Thank you very much in advance for your help! I would also appreciate hints if you just have an idea on one part.

security – Are those secure folders there by default?

A friend of mine suspect she has been hacked. She got called by a strange number, answered the phone, and then the call was immediately ended. She sent me the following screenshot:
enter image description here

My question is: Are those secure folders corresponding to the photos and contacts supposed to be there in the save-permissions list? (my friend cannot access them, and says that they were not there before). The phone is a Samsung Galaxy, but I don’t know which model.

Minecraft exploit finder – Information Security Stack Exchange


Your privacy


By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.




JWT token security – public key forgery prevention

Question on securing JWT token integrity, given the following scenario:

  1. Client sends a JWT to server signed with Client’s private key
  2. Server caches public key, but uses http (and not https) to retrieve the public key to validate that JWT is signed by the client.
  3. Attacker intercepts the http connection, changes the public key to the attacker’s public key, and sends a JWT to the server with the attacker’s signature on it – misrepresenting the message as if it were sent from the Client.

Is there a way out of this?
Thanks

Can we create separate SharePoint List View for each Security Group?

I have the SharePoint List where a few SharePoint Security Groups are having unique permissions.

Now, I want to create a separate view (personal view) for each of that security group, so that, the other group member can not see the view of the rest of the security groups.

How can I achieve the above behavior? Is it possible to set the permissions on List Views?

I am using SharePoint Online Modern site.

c# – Is it sane to create go for multiple threads for security reasons?

I’m working on an application implemented in different microservices, which uses a message broker (event bus) to consume events (simple pub/sub).

As for now, in a given microservice, we are spawning 1 thread per event subscriber, which will be running in background checking for new published events (specifically) to process. I was told that the idea behind this approach is to avoid one event consumer to shutdown other subscribers in the case of an unhandled exception in the processing of this specific event.

The problem as I see is that this approach doesn’t scale well. As our application grows and different events are created, this list of active threads will grow as well.

I think we should stick with 1 background thread responsible for handling any new event needed by a given microservice and handling the processing of an event in the same thread via async/await or use a queue to dispatch the processing of each event; and implement strategies to ensure that this thread will keep alive for the duration of the application.

Which approach is better in this scenario? One thread per event subscriber or 1 thread for processing all events?

Content security and preservation | Web Hosting Talk

Content security and preservation | Web Hosting Talk


‘);
var sidebar_align = ‘right’;
var content_container_margin = parseInt(‘350px’);
var sidebar_width = parseInt(‘330px’);
//–>









  1. Content security and preservation


    Imagine that you are running your own blog with unique content and one day you notice that your content is being stolen. You are furious, trying to contact the owner of the domain or contact the provider, and maybe one of them will meet you halfway.

    What to do?













Similar Threads


  1. Replies: 9


    Last Post: 07-14-2002, 05:48 PM


  2. Replies: 8


    Last Post: 03-25-2002, 12:43 PM


  3. Replies: 1


    Last Post: 03-13-2002, 11:10 AM


  4. Replies: 43


    Last Post: 03-12-2002, 11:45 PM



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  








bitcoin core – Crossing borders: security scheme ideas

More and more airports force you to decrypt your data, they will also dump your stuff keeping a backup. This could happen in just about any border you try to cross. It is only safe to expect this to get more common.

The question: how do you keep your wallet.dat file safe?

-Full disk encryption: A big problem since you are prompted with a password right at the start when you turn the laptop on, no way out.

-Hiding it in some obscure file somewhere: Forensics have tools to find headers that match encrypted volumes made by popular encryption programs, so I don’t think it would fly. Also realize that they do data dumps so your stuff would be there for them to find eventually.

-Putting your encrypted wallet file somewhere on the net: Where, and why would you trust this anyway? you don’t control the servers. If you have to pay for the service, you have already linked yourself to the file. If it’s free, you still can’t trust these services, for instance these famous “end to end encryption email services”. Who says they cannot access the data or that a database leak wouldn’t happen? Plus the general not so nice feel of knowing a backup of your file is somewhere and even temporarily, once you delete it you don’t really know if it was really deleted. Any encrypted file now is like a treasure for crackers since Bitcoin is a thing. Of course if we assume Bitcoin private keys are safe then a strong 64 character password should be impossible to bruteforce, but you must be able to remember this password on your mind, and im not so sure that you can generate a 64 character password strong enough that you can remember it while being safe from bruteforce.

Anyway, im looking for your ideas. Also because I only trust Bitcoin Core I do not store coins in Electrum so the “12 character password seed” is not a thing. HW wallets are just big signs that say “look, this dude has coins there” so it’s pretty pointless. Im really out of ideas in how to try to move around borders while storing coins in the Core wallet format so please let me know your ideas. Cheers.

Tech blogs for cyber security

Tech blogs for cyber security – Information Security Stack Exchange

iThemes Security Pro | NullScripts

To update iThemes Security Pro WordPress Plugin for your site manually, please first of all create backup of your site.
iThemes Security Pro 4.85 WordPress Plugin Changes

  • Security Fix: Fixed display of unescaped data on logs page.
  • Enhancement: The logging system now differentiates between WP-CLI commands, WP-Cron scheduled events, and normal page requests.
  • Bug Fix: Fixed the File Change scanner in that it previously could fail to exclude selected…

.

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies 5000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Buy Cheap Private Proxies; Best Quality USA Private Proxies