Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

# Hacking Week

## posted February 2014

A teacher from my uni (and who was teaching Programming last semester) is organizing a Hacking Week next week. Signs up are still possible there : http://hackingweek.fr/contestant/list/

It should be a Capture The Flag kind of contest. It should be interesting, although I'm going to ski with some friends so I won't be able to be really into it...

comment on this story

# Bitpay launches Bitcore

## posted February 2014

Bitcore seems to be an opensource node application that lets you deal with the bitcoin protocole easily (they give as exemple an function to validate a bitcoin address)

comment on this story

# Coinbase organizing a hackaton

## posted January 2014

So this guy owned @N on twitter and got extorted his account by a phishing attack. The story is well written and you should read it here : https://medium.com/p/24eb09e026dd

but for a tl;dr the attacker called his paypal account to ask them for his credit card's last 4 digits. Then he called godaddy to ask them to reset the password. They only asked him for the 2 first digits and the last 4s. The attacker just had to guess the 2 first digits (and he did it on the first try, he could have kept calling and trying otherwise).

Now that he had @N's domain's name, he could now see his emails. Took over @N's facebook account and started mailing him "threats".

It's pretty crazy how easy phishing is.

comment on this story

# Initial Permutations in DES

## posted January 2014

I have to code a whitebox using DES encryption in a class. Which is pretty cool (I would have prefered doing it with AES but the other group got tails and we got heads).

Here is where the Stanford course I passed on Coursera shines. The explanation of DES on it is brilliant. I was wondering about the initial and final permutations that occurs in the algorithm though and Dan Boneh doesn't really talk about it besides saying it's not for cryptographic purposes.

I found a solution on a new sub-stackoverflow dedicated to Cryptography : http://crypto.stackexchange.com/questions/3/what-are-the-benefits-of-the-two-permutation-tables-in-des

comment on this story

# VPN hacked and server used to mine bitcoins

## posted January 2014

That kind of stuff happens and it's always pretty hard to know it happened and how it happened.

Here's an article about a guy who doesn't seem to know much about security but does a fine job finding out what happened to him and what he can do to avoid future hacks.

comment on this story