Nadim Kobeissi - Podcast Details

Shows

Day[0]Recycling Exploits in MacOS and Pirating AudiobooksWe cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack that abuses COM hijacking to elevate to SYSTEM through AVG Antivirus, and a permissions issue that allows unauthorized access to DRM'd audiobooks.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/273.html[00:00:00] Introduction[00:00:23] Attacking Hypervisors From KVM to Mobile Security Platforms [00:01:35] Endless Exploits: The Saga of a macOS Vulnerability...2025-02-181h 17

Cryptography FMEpisode 24: CryptoHack's Collection of Cryptic Conundrums!For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a wide-ranging and ever increasing library of puzzles for both the aspiring and accomplished cryptographer. On this episode, Nadim and Lucas are joined by Giacomo Pope and Laurence Tennant, the founders of CryptoHack, to discuss how the platform came to be, and how it evolved, as well as how to improve cryptographic pedagogy more broadly.Special Guests: Giacomo Pope and Laurence Tennant.Sponsored By:Symbolic Software: This...2023-02-2749 min

Cryptography FMEpisode 23: Psychic Signatures in Java!On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatures and allows an attacker to bypass signature checks entirely for these signatures. How are popular cryptographic protocol implementations in Java affected? What's the state of Java cryptography as a whole? Join Neil, Nadim and Lucas as they discuss. Music composed by Yasunori Mitsuda.Special Guest: Neil Madden.Sponsored By:Symbolic Software: Dr. Kobushi's Labyrinthine Laboratory® is a puzzle game that has been described as “a c...2023-01-2553 min

Cryptography FMEpisode 22: Three Lessons from Threema: Breaking a Secure Messenger!Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice. Links and papers...2023-01-1652 min

UAE Tech PodcastBlogchain: Can Web3 Save Digital Publishing?It had to happen: “Blogchain” - that’s blog, not block-chain - is a decentralized Substack competitor seeking to combine Web3 infrastructure with good writing. Built using IPFS and NEAR, the system hopes to free writers from the problems that have bedeviled Web2 creator platforms: politicization, unfair algorithms or writing for ad revenue, and not customers. Even getting paid will hopefully be easier, with crypto wallets. Of course the debate surrounding digital publishing isn’t simply technical. It’s also political and ideological. Will the blockchain empower free speech, or will communities find new architecture to moderate themselves? If centralized platforms...2022-07-1230 min

The Encrypted EconomyWeb 3.0, Censorship, and Why It Matters - Nadim Kobeissi, Co-founder of Capsule.Social and Anastasia Sazonova, Rising Ukrainian Writer - E76On this week’s episode of The Encrypted Economy, our guests are Nadim Kobeissi, Co-founder of Capsule.Social and Anastasia Sazonova, Ukrainian Blogger. We explore Nadim’s platform Capsule.Social, and the decentralized, censorship-resistant “Blogchain.” Be sure to subscribe to The Encrypted Economy for more insight on the innovations in Web 3.0 and tools that reinforce the free exchange of perspectives across the globe.Topics Covered:· Introduction· Nadim’s Background· Developing a Passion for Privacy Advocacy· Defining Web 3.0· Why Web 3.0 Matters· Use Cases for Censorship Resistant Discourse on Web 3.0· An Introduction to Capsule.Social · ...2022-04-121h 04

Cryptography FMEpisode 21: Proving Fundamental Equivalencies in Isogeny Mathematics!Benjamin Wesolowski talks about his latest paper in which he mathematically proved that the two fundamental problems underlying isogeny-based cryptography are equivalent. Links and papers discussed in the show: The supersingular isogeny path and endomorphism ring problems are equivalent Episode 5: Isogeny-based Cryptography for Dummies! Music composed by Toby Fox and performed by Sean Schafianski.Special Guest: Benjamin Wesolowski.Sponsored By:Capsule Social: At Capsule Social, Inc. we are building a platform for decentralized discourse. A place where content creators, writers, and thinkers have full ownership and control over their speech...2021-08-2446 min

Cryptography FMEpisode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2!A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security...2021-07-2042 min

Cryptography FMEpisode 19: Cross-Protocol Attacks on TLS with ALPACA!TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks...2021-07-1241 min

Cryptography FMEpisode 18: Optimizing Cryptography for Microcontrollers!Nadim talks with Peter Schwabe and Matthias Kannwischer about the considerations — both in terms of security and performance — when implementing cryptographic primitives for low-level and embedded platforms. Links and papers discussed in the show: Optimizing crypto on embedded microcontrollers Implementing post-quantum cryptography on embedded microcontrollers Optimizing crypto on embedded microcontrollers (ASEC 2018) Music composed by Toby Fox and performed by Sean Schafianski.Special Guests: Matthias Kannwischer and Peter Schwabe.Sponsored By:Capsule Social: At Capsule Social, Inc. we are building a platform for decentralized discourse. A place where content creators, writers, and...2021-06-2336 min

Cryptography FMEpisode 17: Breaking Wi-Fi With Frame Attacks!Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have been developed to ensure the privacy and authentication of Wi-Fi communications. However, a recent paper shows that every single Wi-Fi network protection standard since 1997, from WEP all the way to WPA3, is exposed to a critical vulnerability that allows the exfiltration of sensitive data. How far does this new attack go? How does it work? And why wasn’t it discovered before? We’ll d...2021-06-0135 min

The DFINITY Community ChannelFreeing social media with Nadim Kobeissi of CapsuleNadim Kobeissi of the Capsule decentralised social media project describes the need for an alternative to the existing big-tech offerings and the reason the Internet Computer was chosen as a hosting layer.capsule.socialcycleDAO.xyz 2021-05-2740 min

Cryptography FMEpisode 16: Contact Discovery in Mobile Messengers!Contact discovery is a core feature in popular mobile messaging apps such as WhatsApp, Signal and Telegram that lets users grant access to their address book in order to discover which of their contacts are on that messaging service. While contact discovery is critical for WhatsApp, Signal and Telegram to function properly, privacy concerns arise with the current methods and implementations of this feature, potentially resulting in the exposure of a range of sensitive information about users and their social circle. Do we really need to rely on sharing every phone number on our phone in order...2021-05-2446 min

The Third WebThe Internet Computer Weekly #1 - CapsuleNadim Kobeissi of the Capsule decentralised social media project describes the need for an alternative to the existing big-tech offerings and the reason the Internet Computer was chosen as a hosting layer.capsule.socialCycleDAO.xyz 2021-05-2040 min

Cryptography FMEpisode 15: Bringing Secure Multiparty Computation to the Real World!Secure multi-party computation is a fascinating field in cryptography, researching how to allow multiple parties to compute secure operations over inputs while keeping those inputs private. This makes multi-party computation a super relevant technology in areas such as code signing, hospital records and more. But what does it take to bring secure multi-party computation from the blank slate of academia and into the messiness of the real world? Today on Cryptography FM, we’re joined by Dr. Yehuda Lindell and Dr. Nigel Smart, from Unbound Security, to tell us about their research, their experiences with real world se...2021-04-2646 min

Cryptography FMEpisode 14: Schnorr, Factoring and Lattices!On March 1st, 2021, a curious paper appeared on the Cryptology ePrint Archive: senior cryptographer Claus Peter Schnorr submitted research that claims to use lattice mathematics to improve the fast factoring of integers so much that he was able to completely “destroy the RSA cryptosystem” -- certainly a serious claim. Strangely, while the paper’s ePrint abstract did mention RSA, the paper itself didn’t. Two days later, Schnorr pushed an updated version of the paper, clarifying his method. Does Schnorr’s proposed method for “destroying RSA” hold water, however? Some cryptographers aren’t convinced. Joining us today is Leo...2021-03-3046 min

Cryptography FMEpisode 13: Zero-Knowledge STARKs in the Real World!Zero-Knowledge proofs have broadened the realm of use cases for applied cryptography over the past decade, from privacy-enhanced cryptocurrencies to applications in voting, finance, protecting medical data and more. In 2018, Dr. Eli Ben-Sasson and his team introduced ZK-STARKs, a new zero-knowledge construction that functions without trusted setup, thereby broadening what zero-knowledge systems are capable of. We’ll talk about ZK-STARKs and more with Eli in this episode of Cryptography FM. Links and papers discussed in the show: Scalable, transparent, and post-quantum secure computational integrity Cairo Language Cairo Workshop, 14-15 March 2021! Music composed by Toby Fox an...2021-03-1447 min

Cryptography FMEpisode 12: Special Real World Crypto 2021 Pre-Conference Coverage!Every year, the IACR Real World Cryptography symposium brings together researchers, engineers and practitioners in applied cryptography to discuss cryptography that matters, in the real world. To me, this is the big one! The one cryptography conference that matters the most. Who needs proceedings when you’ve got so much excitement in the air, and so many results and projects that actually have a measurable impact on how cryptography affects the real world? This year’s program is maybe the most exciting yet, with talks on secure channel protocols, multiparty computation, formal methods, post-quantum cryptography, humans, policy and...2021-01-071h 37

InfinitumBaba češlja vunuEp 145Konvertovanje između ćirilice i latinice u Wordu for Mac — Mikijev blogHow to translate a webpage in Safari on Mac into other languages — MaciPhone 11 Display Module Replacement Program for Touch Issues — AppleApple introduces AirPods Max, the magic of AirPods in a stunning over-ear design — Apple NewsroomApple Developers Now Able to Natively Run macOS Within AWS With Amazon EC2 Mac Instances — MacRumorsWhy is Apple’s M1 Chip So Fast — Erik EngheimApple Silicon M1: A Developer's Perspective — Peter SteinbergerApple Silicon: T...2020-12-131h 35

Cryptography FMEpisode 11: Breaking the Rainbow Post-Quantum Cryptography Candidate!The race for post-quantum cryptographic signature primitives is in its final lap over at NIST, which recently announced DILITHIUM, FALCON and Rainbow as the three signature primitive finalists. But a paper recently published by KU Leuven researcher Ward Beullens claims to find serious weaknesses in the security of Rainbow, one of those three finalists. In fact, the paper claims that the weaknesses are so severe that Rainbow’s security parameters now fall short of the security requirements set out by the NIST post-quantum competition. But how does Rainbow work, and how do these weaknesses affect it? And wh...2020-12-0838 min

Cryptography FMEpisode 10: Exploiting Authenticated Encryption Key Commitment!Authenticated encryption such as AES-GCM or ChaCha20-Poly1305 is used in a wide variety of applications, including potentially in settings for which it was not originally designed. A question given relatively little attention is whether an authenticated encryption scheme guarantees “key commitment”: the notion that ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext. In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in p...2020-12-0146 min

Cryptography FMEpisode 9: Off-the-Record Messaging and PKI Implementations!Before there was Signal, before there was WhatsApp, the realm of secure encrypted messaging was ruled by the Off-the-Record secure messaging protocol, created as an alternative to PGP that introduced security properties like forward secrecy and deniability that were considered exotic at the time. Now, more than a decade later, Off-the-Record messaging, or OTR, has been largely sidelined by Signal variants. But a small team of cryptography engineers is still working on pushing Off-the-Record messaging forward by focusing on use cases that they argue aren’t sufficiently covered by Signal. But what even is deniability, and how mu...2020-11-2041 min

Cryptography FMEpisode‌ ‌8:‌ ‌Breaking‌ ‌Elliptic-Curve‌ ‌Signatures‌ ‌With‌ ‌LadderLeak!‌Elliptic-curve signatures have become a highly used cryptographic primitive in secure messaging, TLS as well as in cryptocurrencies due to their high speed benefits over more traditional signature schemes. However, virtually all signature schemes are known to be susceptible to misuse, especially when information about the nonce is leaked to an attacker. LadderLeak is a new attack that exploits side channels present in ECDSA, claiming to allow real-world breaking of ECDSA with less than a bit of nonce leakage. But what does “less than a bit” mean in this context? Is LadderLeak really that effective at breaking ECDS...2020-11-1742 min

Cryptography FMEpisode 7: Scaling Up Secure Messaging to Large Groups With MLS!Secure messaging protocols like Signal have succeeded at making end-to-end encryption the norm in messaging more generally. Whether you’re using WhatsApp, Wire, Facebook Messenger’s Secret Chat feature, or Signal itself, you’re benefiting from end-to-end encryption across all of your messages and calls, and it’s so transparent that most users aren’t even aware of it! One area in which current secure messaging protocols have stalled, however, is the ability to scale secure conversations to groups of dozens, hundreds and even thousands of people. But the IETF’s Messaging Layer Security, or MLS, effort aims to make...2020-11-1045 min

Cryptography FMEpisode 6: Proving the Existence of Vulnerabilities With Zero-Knowledge Proofs!Zero-knowledge proofs have been a notorious research target ever since Zcash and other cryptocurrencies have invented lots of new use cases for them. Range proofs, bullet proofs, you name it – all kinds of zero-knowledge mechanisms have received more and more attention. But what about using zero-knowledge proofs to prove the existence of a software vulnerability? That way, you can prove that you have a zero-day without risking it getting stolen, putting both vulnerability researchers as well as companies looking to secure their software in a better position! That’s what Dr. David Archer from Galois is w...2020-11-0341 min

Cryptography FMEpisode 5: Isogeny-based Cryptography for Dummies!The NIST post-quantum competition has started a race for post-quantum cryptography. As a result, we’ve seen a great deal of research into alternative hard mathematical problems to use as a basis for public-key cryptography schemes. Lattice-based cryptography! Error-correcting code based cryptography! And of course, isogeny-based cryptography, have all received enormous renewed interest as a result. While the NIST post-quantum competition recently announced that it’s favoring candidates founded on lattice-based cryptography, it also encouraged further research into isogeny-based cryptography. But what even is isogeny-based cryptography? Is it as intimidating as it sounds? And what’s keeping it beh...2020-10-2748 min

Cryptography FMEpisode 4: Formally Verifying Your Taxes With Catala!Anyone who’s looked at the French civil code -- or, God forbid, the French tax code -- will tell you that it takes more than a mere human mind to decipher its meaning, given how it’s been growing and growing ever since it was established by Napoleon hundreds of years ago. Well, Catala is a new project that takes this adage perhaps a bit too literally, by applying formal methods -- a field increasingly seen as immediately adjacent to cryptography -- on the French tax code! Catala aims to provide a “domain-specific programming language designed for de...2020-10-2043 min

Cryptography FMEpisode 3: BLAKE3, A Parallelizable Hash Function Using Merkle Trees!Ever since its introduction in 2012, the BLAKE hash function has been reputed for achieving performance matching and even exceeding MD5 while still maintaining a high security margin. While the original BLAKE did make it as a finalist to the NIST SHA3 competition, Keccak was ultimately selected. But this hasn’t discouraged the BLAKE team, who in January of this year, published BLAKE3, promising to be even faster than BLAKE2 thanks to a highly parallelizable design and fewer rounds. But wait, what exactly is a parallelizable hash function? Isn't a lower round number risky? And heck, ho...2020-10-1345 min

Cryptography FMEpisode 2: Breaking Lightweight Symmetric Cryptography!Aside from working on a competition for standardizing post-quantum primitives, the United States National Institute of Standards and Technology, or NIST, has also organized a lightweight cryptography competition meant to attract designs for symmetric primitives, such as hash functions and authenticated encryption ciphers, that work in use cases where even AES is not an adequately speedy standard. Among the submissions to NIST’s lightweight cryptography competition has been Gimli, a family of cryptographic primitives comprised of a hash function and of an authenticated encryption with associated data (AEAD) cipher. Named after the Lord of the Rings Dwarf wa...2020-10-0634 min

Cryptography FMEpisode 1: Post-Quantum TLS With KEMs Instead of Signatures!TLS 1.3 has been widely praised as a major upgrade to the Transport Layer Security protocol responsible for securing the majority of Web traffic. But one area in which TLS 1.3 seems to be lacking is its potential for resistance to attacks that utilize quantum computing – computers that, theoretically, could factor the products of large primes and solve the discrete logarithm problem in relatively short periods of time, significantly affecting the security of TLS 1.3. Today however, we’re discussing an interesting new paper, to be published at this year’s ACM CCS, which introduces KEMTLS: a modified version of TLS 1...2020-09-2935 min

SustainEpisode 48: Security and Cryptography with Nadim KobeissiHello and welcome to Sustain! On today's episode, we have special guest, Nadim Kobeissi, who runs a small company in Paris called Symbolic Software. We are going to find out how Nadim got into doing security and cryptography and all about his new project called Verifpal. We will also learn more about PEPP-PT effort, RustTLS's code, Cure53, and we discuss the effectiveness of the Code of Conduct. Download this episode to find out all this and much more! [00:00:45] Nadim tells us what Symbolic Software does and how he got into doing security and cryptography. He also tells...2020-08-0747 min

Marketplace DiscussionsDecafQuest #18 - Nadim Kobeissi | ديكاف كويست #١٨ - نديم قبيسيNadim Kobeissi is a researcher in applied cryptography and the director of Symbolic Software, a small applied cryptography research office in Paris where Nadim and his team develop new scientific analysis tools and perform security audits for the private sector. Previously, Nadim taught computer security at NYU Paris. Nadim obtained his Ph.D. in December 2018 after doing research at Inria Paris while being accredited by ENS Paris. Relevant links: Personal website: www.nadim.computer An Investigation Into PEPP-PT: https://nadim.computer/posts/2020-04-17-pepppt.html Twitter: https://twitter.com/kaepora 2020-04-201h 53

Coding Freedom - The Safing Podcast#015 - Code Audit by Cure53Disclaimer: I'm not at my best today since been feeling a bit sick. I focused on bringing the episode out, so sorry for this weeks poor quality. This week Daniel and David talk about the code review of the SPN cryptography module. The auditor is Cure53 who already has reviewed big players in the scene, such as Bitwarden, Mullvad or OpenPGP. First hints of the result are also included. Enjoy the listen. Links - Auditor: Cure53 - https://cure53.de/ - Nadim Kobeissi - https://twitter.com/kaepora - Formal verification software...2020-01-1733 min

Quillette PodcastProfessor Nadim Kobeissi talks to Quillette's Jonathan Kay about the dangers posed by Facebook's new cryptocurrencyNadim Kobeissi, a professor at NYU and director of a cryptography consulting firm, tells Jonathan Kay about the risks posed by Libra, Facebook's new cryptocurrency. Learn more about your ad choices. Visit megaphone.fm/adchoices 2019-08-2329 min

Sub StancesWhat is the Chinese Firewall?This week, Gabriella Gricius reached out to two experts, James Gong and Nadim Kobeissi, to get their insights on what the Chinese Firewall is. We answer your questions on how it affects you, the population of China and what that means for the Internet of Things. If you enjoyed our podcast, please subscribe via Apple Podcasts, Stitcher, or Soundcloud and leave us reviews and comments at dosageofrepartee@gmail.com or on our website at www.sub-stances.com 2017-11-2219 min

Music For ProgrammingEpisode 35: Nadim KobeissiDatassette presents a series of mixes intended for listening while programming to focus the brain and inspire the mind (also compatible with other activities).2015-10-1457 min

At The NexusAt The Nexus #39: Chew ChewMatthew Petschl and Ryan Rampersad along with guest Sam Ebertz discuss the latest BestBuy remodel, the official iPhone 5 promotional video, a secret Windows 8 privacy problem, another MVNO's springing up, a rare Google car sighting and so much more! Links The Universe #15: Gravitational Slingshotting » The-Nexus | The-Nexus Ryan Rampersad – Google+ – Google car guys. Ryan Rampersad – Google+ – BestBuy signs. Synaptics ForcePad: The Laptop Trackpad Is About to Change Forever Windows 8 Pro to be priced at $199 following $69.99 promotional pricing | The Verge RadioShack No Contract Wireless may be getting ready to launch September 5th — Engadget T-Mobile to launch new unlimited data plan Amazon...2012-08-251h 03