Cipher Issue 174, July 25, 2023, Editor's Letter

Dear Readers,

Summer is the time for conferences in pleasant locales. Security conferences have become multitrack behemoths with many hundreds of papers exploring every aspect of an attack surface that is now a fractal surface of unmeasurable area. In this environment, any security research result seems to contribute a decreasing increment of utility, a sort of Zeno's paradox of progress. Are we getting anywhere? How would we know?

Based on the news articles selected for Cipher this month, it seems that the vulnerabilities causing the most stir are usually old problems in new products. SQL injection, two interacting authentication methods undermining one another, and websites that that enthusiastically turn over private information to third parties ... the old becomes new like a refurbished Barbie doll.

Nonsensical Nursery Verse

Sing a song of bitcoin
A wallet for a spy.
Four and twenty public keys
Baked in a pie.

When the pie was opened,
The keys began to split.
Wasn't that a dainty dish
Stated in a qubit?

The spy was in his counting house,
Counting out his plenty.
The tech was in the network,
Setting traps so canny.

The fault was with the user,
Whose password did implode,
Whence came the malware
And made the files encode.


      Hilarie Orman