EFTA02474302.pdf

From: jeffrey E. <jeevacation@gmail.com> Sent: Sunday, January 31, 2016 9:49 AM To: Vincenzo lozzo Subject: Re: it was helpful thanks =br> On Sun, Jan 31, 2016 at 4:40 AM, Vincenzo lo=zo > wrote: Hmm I realized that yesterday I might have dr=wn you in too much tech details, sorry. I think t=e short answer is: aside from the mesh network (which is doubtful and a bi= weak, mostly for lack of details) the rest mostly sounds good/feasible in=theory. The practice might be, and almost always is, weaker. </=iv> The stuff I said yesterday are the things I would s=art going after first if I were tasked to attack it. Sen= from my (phone On Jan 30, 2016, at 13:=7, Vincenzo lozzo > wrote: Btw (1) is a consequence of something Minsky says in the =ideo. Which is that essentially for all practical intent and purposes it i= impossible to verify that correctness of code. =div>Also if you have time, maybe it's worth for you to watch this:Q=A0https://twitter.com/enigmaconf/status/692825085317500928=/div> Keep in mind that since they cannot burn sources =nd methods this is a bit of "there's no truth in Pravda and no ne=s in Izvestia ", but it's a good intro to how attackers work CT> Sent from my (phone On Jan 30, 2=16, at 13:16, Vincenzo lozzo <vincenzo@tiqad.com <mailto:vincenzo@tiqad.com» wrote: It's hard to tell w/o proper code/documentation =couldn't find much online). In general the four things are: 1) the devil is in the details, meaning that even if i= theory it's all solid the implementation might have bugs. There's=no definitive technical solution for that though EFTA_R1_01586951 EFTA02474302 2) anything that is "custom" (eg: they have a custom wifi p=otocol) is a red flag because it means that it hasn't been properly ve=ted and might be broken/buggy 3) there aren=#39;t enough details online to tell but it seems to me that to speed up th= blockchain verification they partially centralize the network by using th=ir own "supernodes" (essentially the wallets talk to the superno=es vs the actual blockchain). The security of those servers seems key to m= and they gloss over it online 4) the mesh networ= implementation is completely up in the air (judging from what's publi=) and it could go horribly wrong. So that needs further verification =/div> Also (5), in general the disadvantage of distribu=ed /open things is that it is a lot easier to steal money vs a closed netw=rk (like swift). Are you looking to invest into t=is thing? If so , I'd suggest a few things: =/div> A) because problem (1) above is not completely solvable, t=ey need to have a plan. Part of it is technical (do continuous code auditi=g, pentesting, on board proper crypto people, etc), the other part is lega=/financial and pr. Specifically they should have some kind of insurance an= they should have a pr disaster recovery plan. A big disadvantage of decen=ralized system is that you don't have anybody to trust and you don'=t have a closed network that can make stealing money hard, they need to ad=ress that B) realistically nobody is going =o attack them until they become significant enough from a financial standp=int. This gives them time to work on A. That said they should avoid making=enemies (the "disgruntled" hacker type) Hope this is useful, if you get more stuff from them I'm happy t= look into it more. Also if you do invest I can help them with (A) if need=d. It's a very dumb platitude but "=security is a process" is true. Unrela=ed: checkout edge.org <http://edge.org> , l=think you'll like it. There's a short video with Minsky =hat is absolutely fantastic Sent from my (phone On Jan 30, 2016, at 11:26, jeffrey E. <jeevacation@gmail.com&=t; wrote: (<= href="https://mycelium.com/phone/index.html" target="_blank">https://=ycelium.com/phone/index.html). what are its weak poi=ts? =C24> please note The information contained in t=is communication is confidential, may be attorney-client privileged, ma= constitute inside information, and is intended only for the use of =he addressee. It is the property of 2 EFTA_R1_01586952 EFTA02474303 JEE Unauthorized use, disclosure=or copying of this communication or any part thereof is strictly prohib=ted and may be unlawful. If you have received this communication in =rror, please notify us immediately by return e-mail or by e-mail to jeevacation@gmail.c=m, and destroy this communication and all copies thereof, includ=ng all attachments. copyright -all rights reserved please note confidential, may be=attorney-client privileged, may constitute inside information, and is i=tended only for the use of the addressee. It is the property of JEE<=r>Unauthorized use, disclosure or copying of this communication or any =art thereof is strictly prohibited and may be unlawful. If you have rec=ived this communication in error, please notify us immediately by re=urn e-mail or by e-mail to jeevacation@gmail.com <mailto:jeevacation@gmail.com> , and destroy this communication an= all copies thereof, including all attachments. copyright -all rights r=served 3 EFTA_R1_01586953 EFTA02474304