Sign up to save your podcasts
Or
Share E17 - OPSEC at DEVCON 6 - 10/6/2022
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
E17 - OPSEC at DEVCON 6 - 10/6/2022
---> Full show notes on HackMD <---
I, Degen - E17: OPSEC at DEVCON 6 - 10/06/2022
Listen at: idegen.fm
Contact us: @idegenfm
Intro
Welcome to I, Degen - A podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we dig into a weekly look at crypto, cutting through the misinformation and hype in search of signal in the noise.
Episode Summary
This week we’ll do our usual weekly review of crypto security-related topics. We’re going to dig into the issue of conference OPSEC, or operational security, as we’re less than a week out from Ethereum’s flagship developer conference, and rumors swirl about security concerns in Bogota.
I,Degen - Weekly Review
- Sunday, October 2nd - Transit Swap Users Rocked for 21M
- Transit Swap has lost $21M to a vulnerability which allowed an unknown attacker to drain the wallets of users who had approved the protocol’s swap contracts.
- Leading up to Ethereum’s flagship developer conference being held in Bogota, Columbia next week, a wave of Tweets and some articles surfaced questioning the safety of conference goers. FUD or legit concern? Well dig more into this on deep dive in a few minutes.
- Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education
- Our Nation continues to face a significant shortfall in cyber talent, with estimates of approximately 700,000 open positions.
- October 1st, 2022 - No Digital Dollar Act Introduced - From Bitcoin.com
- U.S. Senator James Lankford (R-OK) announced Thursday that he has introduced a bill titled “No Digital Dollar Act to prohibit the U.S. Treasury and the Federal Reserve from interfering with Americans using paper currency if a digital currency is adopted and makes certain individuals can maintain privacy over their transactions using cash and coins.”
- October 4th, 2022 From Axios- Why Kim Kardashian got fined and Matt Damon didn’t
- Kim Kardashian was fined $1.26 million Monday for touting crypto schemes — even as much more high-profile pitches from the likes of Matt Damon and Larry David have gone unpunished. The seeming double standard is a function of a subtle yet crucial distinction in securities law.
- Where Kardashian crossed the line was when she endorsed a crypto asset security.
- How it works: If you’re endorsing a company, the only rules that apply are the relatively lax ones from the FTC.
- If you’re shilling a security, then disclosing that you were paid — as Kardashian did with an #AD hashtag — is not enough; you also need to disclose how much you were paid.
- The bottom line: If you’re going to tout crypto, tout a crypto company, not a coin.
Moving on… Usually, we focus on looking back at crypto security-related events of the previous week. I thought maybe we could also highlight any relevant upcoming events each week.
I, Degen - Looking Forward
- Devcon next week - There will be a keynote talk on the Nomad Bridge Hack. I think there will be a live stream if you are not attending.
- November 15th, PyChain - The First Virtual Event for Python and Blockchain Developers
- Call for speakers is open
- Free Tickets
I, Degen - Deep Dive
A wave of Tweets and some articles surfaced questioning the safety of conferencegoers leading up to Ethereum’s flagship developer conference in Bogota, Columbia, next week.
Veteran Devcon attendees will remember a similar panic from previous events, including Devcon III in Cancun, Mexico, where
Is this FUD or a legit concern? Let’s dig in.
Question: Is this a credible threat, in which there is a concentrated effort to target Devcon attendees, or is this FUD?
If we follow the Tweets, the picture is unclear.
This year Devcon security panic seems to have started with news outlets picking up a tweet from crypto_mackenna.
However, it’s worth note the article in question doesn’t mention Crypto_McKenna follow-up Tweet reply on that same day which balances the original Tweet.
Also, some sensational crypto influencer tweets that we’ll ignore. Mainly because they are purely opinion based, don’t provide any credible evidence of a threat, and are likely just ego-feeding clout farmers. I mention them because it is essential to understand and acknowledge that they play into the overall perception and conversation, even if they hold little substance and merit.
Staying safe at Devcon in Bogota Twitter threads:
- @lililashka
-@camiinthisthang
Good OPSEC at conferences in general
While those are important and contain good information relevant to staying safe in Bogota, I thought it might be helpful to dig deeper and tap into the wealth of existing information on conference OPSEC.
OPSEC for Defcon #1 from Darkangle.net
Before we continue, you should understand that everyone’s security needs are not the same.ZW: What is the personal threat model? Most crypto people don’t need to defend against nation states.
- Maintaining custody of your devices is a sound defense from parties that would seek to make modifications to your equipment or outright steal your hardware. This means of security only requires you to make sure you know where your stuff is, and whose handl...
View all episodes
By Zak & Hunt---> Full show notes on HackMD <---
I, Degen - E17: OPSEC at DEVCON 6 - 10/06/2022
Listen at: idegen.fm
Contact us: @idegenfm
Intro
Welcome to I, Degen - A podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we dig into a weekly look at crypto, cutting through the misinformation and hype in search of signal in the noise.
Episode Summary
This week we’ll do our usual weekly review of crypto security-related topics. We’re going to dig into the issue of conference OPSEC, or operational security, as we’re less than a week out from Ethereum’s flagship developer conference, and rumors swirl about security concerns in Bogota.
I,Degen - Weekly Review
- Sunday, October 2nd - Transit Swap Users Rocked for 21M
- Transit Swap has lost $21M to a vulnerability which allowed an unknown attacker to drain the wallets of users who had approved the protocol’s swap contracts.
- Leading up to Ethereum’s flagship developer conference being held in Bogota, Columbia next week, a wave of Tweets and some articles surfaced questioning the safety of conference goers. FUD or legit concern? Well dig more into this on deep dive in a few minutes.
- Office of the National Cyber Director Requests Your Insight and Expertise on Cyber Workforce, Training, and Education
- Our Nation continues to face a significant shortfall in cyber talent, with estimates of approximately 700,000 open positions.
- October 1st, 2022 - No Digital Dollar Act Introduced - From Bitcoin.com
- U.S. Senator James Lankford (R-OK) announced Thursday that he has introduced a bill titled “No Digital Dollar Act to prohibit the U.S. Treasury and the Federal Reserve from interfering with Americans using paper currency if a digital currency is adopted and makes certain individuals can maintain privacy over their transactions using cash and coins.”
- October 4th, 2022 From Axios- Why Kim Kardashian got fined and Matt Damon didn’t
- Kim Kardashian was fined $1.26 million Monday for touting crypto schemes — even as much more high-profile pitches from the likes of Matt Damon and Larry David have gone unpunished. The seeming double standard is a function of a subtle yet crucial distinction in securities law.
- Where Kardashian crossed the line was when she endorsed a crypto asset security.
- How it works: If you’re endorsing a company, the only rules that apply are the relatively lax ones from the FTC.
- If you’re shilling a security, then disclosing that you were paid — as Kardashian did with an #AD hashtag — is not enough; you also need to disclose how much you were paid.
- The bottom line: If you’re going to tout crypto, tout a crypto company, not a coin.
Moving on… Usually, we focus on looking back at crypto security-related events of the previous week. I thought maybe we could also highlight any relevant upcoming events each week.
I, Degen - Looking Forward
- Devcon next week - There will be a keynote talk on the Nomad Bridge Hack. I think there will be a live stream if you are not attending.
- November 15th, PyChain - The First Virtual Event for Python and Blockchain Developers
- Call for speakers is open
- Free Tickets
I, Degen - Deep Dive
A wave of Tweets and some articles surfaced questioning the safety of conferencegoers leading up to Ethereum’s flagship developer conference in Bogota, Columbia, next week.
Veteran Devcon attendees will remember a similar panic from previous events, including Devcon III in Cancun, Mexico, where
Is this FUD or a legit concern? Let’s dig in.
Question: Is this a credible threat, in which there is a concentrated effort to target Devcon attendees, or is this FUD?
If we follow the Tweets, the picture is unclear.
This year Devcon security panic seems to have started with news outlets picking up a tweet from crypto_mackenna.
However, it’s worth note the article in question doesn’t mention Crypto_McKenna follow-up Tweet reply on that same day which balances the original Tweet.
Also, some sensational crypto influencer tweets that we’ll ignore. Mainly because they are purely opinion based, don’t provide any credible evidence of a threat, and are likely just ego-feeding clout farmers. I mention them because it is essential to understand and acknowledge that they play into the overall perception and conversation, even if they hold little substance and merit.
Staying safe at Devcon in Bogota Twitter threads:
- @lililashka
-@camiinthisthang
Good OPSEC at conferences in general
While those are important and contain good information relevant to staying safe in Bogota, I thought it might be helpful to dig deeper and tap into the wealth of existing information on conference OPSEC.
OPSEC for Defcon #1 from Darkangle.net
Before we continue, you should understand that everyone’s security needs are not the same.ZW: What is the personal threat model? Most crypto people don’t need to defend against nation states.
- Maintaining custody of your devices is a sound defense from parties that would seek to make modifications to your equipment or outright steal your hardware. This means of security only requires you to make sure you know where your stuff is, and whose handl...