We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. Get SSO for SSH! If Thomas was here, I’m sure he’d tell you that Fly.io uses Teleport internally. Oh also there's some thing called Black..pill? Black Pool? Something like that happening in Vegas, with crypto talks, so we chatted about them a bit, plus some other stuff

SCWPodCon 2025: https://securitycryptographywhatever.com/events/blackhat

Transcript: https://securitycryptographywhatever.com/2025/07/29/vegas-baby/

Links:

- Fault Injection attacks on PQCS signatures: https://www.blackhat.com/us-25/briefings/schedule/index.html#bypassing-pqc-signature-verification-with-fault-injection-dilithium-xmss-sphincs-46362
- Another attack on TETRA: https://www.blackhat.com/us-25/briefings/schedule/index.html#2-cops-2-broadcasting-tetra-end-to-end-under-scrutiny-46143
- Attacks on SCADA / ICS protocols (OPC UA): https://www.blackhat.com/us-25/briefings/schedule/index.html#no-vpn-needed-cryptographic-attacks-against-the-opc-ua-protocol-44760
- Attacks on Nostr:  https://www.blackhat.com/us-25/briefings/schedule/index.html#not-sealed-practical-attacks-on-nostr-a-decentralized-censorship-resistant-protocol-45726
- https://signal.org/blog/the-ecosystem-is-moving/
- https://en.wikipedia.org/wiki/Nostr
- https://eurosp2025.ieee-security.org/program.html
- https://cispa.de/en/research/publications/84648-attacking-and-fixing-the-android-protected-confirmation-protocol
- https://hal.science/hal-05038009v2/file/main.pdf
- 8-bit, abacus, and a dog: https://eprint.iacr.org/2025/1237.pdf
- https://www.youtube.com/watch?v=Dlsa9EBKDGI
- https://www.quantamagazine.org/computer-scientists-figure-out-how-to-prove-lies-20250709/
- https://eprint.iacr.org/2025/118

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)