EFTA02472825.pdf

From: Vincenzo lozzo Sent: Saturday, January 30, 2016 1:28 PM To: Jeffrey E. Subject: Re: Btw (1) is a consequence of something &=bsp;Minsky says in the video. Which is that essentially for all practical i=tent and purposes it is impossible to verify that correctness of code. = Also if you have time, maybe it's worth for you t= watch this: https://twitter.com/enigmaconf/status/692825085317500928 chttps://twitter.com/enigmacongstatus/69282508=317500928> Keep in mind that since they cannot burn sources and m=thods this is a bit of "there's no truth in Pravda and no news in Izvestia "= but it's a good intro to how attackers work Sent from my Iphon= On Jan 30, 2016, at 13:16, Vincenzo loz=o wrot=: It's hard to tell w/o prope= code/documentation (couldn't find much online). In general the four things=are: 1) the devil is in the details, meaning that even if in theory i='s all solid the implementation might have bugs. There's no definitive tech=ical solution for that though 2) anything that is "custom" (eg: they=have a custom wifi protocol) is a red flag because it means that it hasn't b=en properly vetted and might be broken/buggy 3) there aren't enough d=tails online to tell but it seems to me that to speed up the blockchain ver=fication they partially centralize the network by using their own "supernod=s" (essentially the wallets talk to the supernodes vs the actual blockchain=. The security of those servers seems key to me and they gloss over it onli=e 4) the mesh network implementation is completely up in the air (judging f=om what's public) and it could go horribly wrong. So that needs further ver=fication Also (5), in general the disadvantage of distributed /open t=ings is that it is a lot easier to steal money vs a closed network (like sw=ft). Are you looking to invest into this thing? If so , I'd suggest a=few things: A) because problem (1) above is not completely sol=able, they need to have a plan. Part of it is technical (do continuous code=auditing, pentesting, on board proper crypto people, etc), the other part i= legal/financial and pr. Specifically they should have some kind of insuran=e and they should have a pr disaster recovery plan. A big disadvantage of d=centralized system is that you don't have anybody to trust and you don't ha=e a closed network that can make stealing money hard, they need to address t=at EFTA_R1_01584943 EFTA02472825  B) realistically nobody is going to attack them until they become=significant enough from a financial standpoint. This gives them time to wor= on A. That said they should avoid making enemies (the "disgruntled" hacker=type) Hope this is useful, if you get more stuff from them I'm happy=to look into it more. Also if you do invest I can help them with (A) if nee=ed. It's a very dumb platitude but "security is a process" is true.&=bsp; Unrelated: checkout edge.org <http://edge.org> , I think=you'll like it. There's a short video w=th Minsky that is absolutely fantastic Sent from my (phone On Jan 30, 2016, a= 11:26, jeffrey E. <jeevacation=gmail.com <mailto:[email protected]» wrote: (https://mycelium.com/phone/index.html). what are i=s weak points? <=iv dir="ltr"> please note The information contained in this communication is confidential, may b= attorney-client privileged, may constitute inside information, and is i=tended only for the use of the addressee. It is the property of JEEUnauthorized use, disclosure or copying of this communication or any pa=t thereof is strictly prohibited and may be unlawful. If you have receiv=d this communication in error, please notify us immediately by return=e-mail or by e-mail to [email protected] <mailto:[email protected]> , and destroy this communication and all c=pies thereof, including all attachments. copyright -all rights reserved<=r> 2 EFTA_R1_01584944 EFTA02472826