All about Blockchain, Cryptocurrency, Digital Transformation

Discussion in 'Off Topic' started by Dr. AMK, Jan 7, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
    Is your computer safe from the cryptojackers? - BBC Click
    (coverage takes a break at 10:05 then restarts at 15:40)

    BBC Click
    Published on Apr 30, 2018
    Click visits a cryptocurrency mine in Iceland and investigates 'cryptojacking', the new crime becoming a craze amongst hackers.
     
    Last edited: Apr 30, 2018
    Dr. AMK likes this.
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
    This cryptocurrency mining malware also disables your security services
    A year on from the vulnerabilities being leaked, attackers are still using leaked NSA tools to power new attacks - this time with the newly uncovered PyRoMine.
    By Danny Palmer | April 24, 2018 -- 10:43 GMT (03:43 PDT)
    https://www.zdnet.com/article/this-...malware-also-disables-your-security-services/

    "A new form of cryptocurrency mining malware uses a leaked NSA-exploit to spread itself to vulnerable Windows machines, while also disabling security software and leaving the infected computer open to future attacks.

    The Python-based malicious Monero miner has been uncovered by researchers at security company Fortinet who've dubbed it PyRoMine. It first appeared this month and spreads using EternalRomance, a leaked NSA-exploit which takes advantage of what until a year ago had been an undisclosed SMB vulnerability to self-propagate through networks.

    EternalRomance helped spread BadRabbit ransomware and is similar in many ways to EternalBlue, a second leaked NSA exploit which helped fuelWannaCry and NotPetya. Both exploits look for public-facing SMB ports, allowing them to deliver malware to networks.

    Researchers discovered the malware was downloadable from a particular web address as a zip file, bundled with Pyinstaller, a program which packages programs written in Python into stand alone executables, meaning there's no need for Python to be installed on the compromised machine.

    The malicious code behind PyRoMine appears to have been directly copied from a publicly shared EternalRomance implementation.

    Once the PyRoMine payload makes its way onto a machine, a malicious VBScript is downloaded which enables Remote Desktop Protocol (RDP) to enable propagation with the aid of adding a firewall rule that allows traffic on RDP port 3389.

    In addition to this, the malware also stops Windows Updates and allows the transfer of unencrypted data.

    Disabling security software allows the attackers to potentially deliver additional malware, should they eventually pivot away from the cryptocurrency miner, which is downloaded following the manipulation of RDP. The miner is registered as a service named "SmbAgentService" by the file "svchost.exe."

    Once running on a system, the malicious miner will use the power of the machine to mine for Monero - specifically selected because it can be mined by ordinary computers and provides additional privacy to users.

    Currently, PyRoMine isn't widely spread and hasn't made its authors very much money, but the sheer number of machines in the wild which still haven't patched against EternalRomance means there are a lot of potential targets out there. Another reason it hasn't spread is that the authors are still in the testing stage.

    "We first started to see this malware in April 2018, and it looks like it is still being improved, which might be the reason why its earnings are not very high at the moment," said Jasper Manuel, security researcher at Fortinet.

    A patch to protect systems against the leaked-NSA hacking tools was released over a year ago, but there are many Windows machines which haven't received the patch and remain vulnerable to attack.

    While PyRoMine isn't the first cryptocurrency malware to spread via the leaked-hacking tools, the additional damage it could do via disabling systems and security software could lead to it becoming much more dangerous in future.

    "This malware is a real threat as it not only uses the machine for cryptocurrency mining, but it also opens the machine for possible future attacks since it starts RDP services and disables security services," said Manuel.

    "Commodity malware will continue to use the NSA exploits to accelerate its ability to target vulnerable systems and to earn more profit," he added.

    Cryptocurrency mining has become a popular way for cyber-crooks to earn money, with attacks successful over a long period of time because the malware is subtle and remains hidden. The technique is said to be so popular with cybercriminals that it is now as lucrative as ransomware."

    "READ MORE ON CYBERCRIME
     
    Dr. AMK likes this.
  3. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
    Balancing The Ledger: How To Invest In The Crypto Economy I Fortune
    Fortune Magazine
    Published on May 4, 2018
    Chris Burniske, co-author of the book 'Cryptoassets,' explains why crypto valuations are more than just hype and headlines.
     
    Dr. AMK likes this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
    The world’s first blockchain toothbrush lets you mine coins by brushing your teeth
    By Masha Borak, Mar 27, 2018
    https://technode.com/2018/03/27/the...h-lets-you-mine-coins-by-brushing-your-teeth/

    "Blockchain is the biggest buzzword of the year. However, we are just now beginning to see what silly creative ways will this technology be applied. The newest example from China is a blockchain-based toothbrush by Shenzhen-based 32Teeth, currently crowdfunding the project through the JD Finance platform.

    The company aims to make your teeth really clean by applying not only blockchain technology, but also facial recognition, sensors, and big data. If the company delivers its promise, the toothbrush is likely to become a favorite among OCD sufferers superheroes. The toothbrush app offers precise identification of 16 tooth surface cleanliness levels, analyzes users’ brushing activity data, and offers a powerful intelligent reminder. It even has AR function which gives you an inside look (literally) into how you brush your teeth.

    [​IMG]
    32Teeth blockchain toothbrush app lets you identify where you should be brushing harder (Image credit: 32Teeth)

    The toothbrush also tries to make each of your 32 teeth—the average number of teeth in an adult—a cryptocurrency mine. Brushing your teeth regularly rewards you with AYA tokens (爱牙币, literally “love teeth coins”) which can be exchanged for more toothbrushes, toothpaste, and dental hygiene services.

    Although some have ridiculed the product—one commentator worried that his mother might give it to the dog to chew so she can mine as much free stuff as possible—many consumers seem excited with the idea. The high tech toothbrush has already exceeded the RMB 100,000 crowdfunding goal required for the project. The crowdfunding will continue until May this year.

    China has recently become the birthplace of other odd blockchain ideas. One example is this triangle-shaped cryptocurrency miner made by Acute Angle which—besides the triangular design—promises a “stable blockchain spirit,” according to the video on their website.

    [​IMG]
    Acute Angle PC (Image credit: Acute Angle)

    However, we shouldn’t be too quick to discard futuristic sounding blockchain projects. Blockchain has the potential to play a significant role in the development of IoT devices since it provides a secure way to transact and record information. Companies such as Huawei and Lenovo are already looking into blockchain-based smartphones. Chinese smart devices company Life Sense has also announced a high-end smartwatch based on blockchain technology last week."
     
    Dr. AMK likes this.
  5. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,607
    Messages:
    1,177
    Likes Received:
    2,562
    Trophy Points:
    181
    Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System
    https://thehackernews.com/2018/05/eos-blockchain-smart-contract.html

    [​IMG]
    Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications.

    EOS is an open source smart contract platform, known as 'Blockchain 3.0,' that allows developers to build decentralized applications over blockchain infrastructure, just like Ethereum.

    Discovered by Chinese security researchers at Qihoo 360—Yuki Chen of Vulcan team and Zhiniang Peng of Core security team—the vulnerability is a buffer out-of-bounds write issue which resides in the function used by nodes server to parse contracts.


    To achieve remote code execution on a targeted node, all an attacker needs to do is upload a maliciously crafted WASM file (a smart contract) written in WebAssembly to the server.
    [​IMG]
    As soon as the vulnerable process parser reads the WASM file, the malicious payload gets executed on the node, which could then also be used to take control over the supernode in EOS network—servers that collect transaction information and pack it into blocks.

    "With the out of bound write primitive, we can overwrite the WASM memory buffer of a WASM module instance," the duo explained in their blog post published today. "And with the help of our malicious WASM code, we finally achieve arbitrary memory read/write in the nodeos process and bypass the common exploit mitigation techniques such as DEP/ASLR on 64-bits OS. Once successfully exploited, the exploit starts a reverse shell and connects back to the attacker."Once the attackers gained control over the supernode, they could eventually "pack the malicious contract into the new block and further control all nodes of the EOS network."


    Since the super node system can be controlled, the researchers said the attackers can "do whatever they want," including, controlling the virtual currency transactions, and acquiring other financial and privacy data in the EOS network participating node systems, such as an exchange Digital currency, the user's key stored in the wallet, key user profiles, privacy data, and much more.
    "What's more, the attacker can turn a node in the EOS network into a member of a botnet, launch a cyber attack or become a free 'miner' and dig up other digital currencies," the researchers told THN.Researchers have detailed how to reproduce the vulnerability and also released a proof-of-concept exploit, along with a video demonstration, which you can watch on their blog post.

    The exploit demonstrated by the 360Vulcan researcher can bypass multiple default security mitigation measures to achieve complete control over the super node running the malicious contract.

    The pair responsibly reported the vulnerability to the maintainers of the EOS project, and they have already released a fix for the issue on GitHub.
    "In Blockchain networks and digital currency systems, there are many attack surfaces existing in nodes, digital wallets, mining pools and smart contracts. 360 security team has previously discovered and disclosed multiple relevant high risk vulnerabilities,"The researchers believe the new type of vulnerabilities affect not only EOS alone but also other types of Blockchain platforms and virtual currency applications.
     
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
    The City That Banned Bitcoin Mining
    Motherboard
    Published on Apr 13, 2018
    On March 15th, 2018, the city of Plattsburgh in upstate New York issued an 18-month moratorium on cryptocurrency mining.
    Plattsburgh is part of a long-standing power agreement that gives the city an allotment of some of the cheapest electricity anywhere in the world, but a recent influx of cryptomining companies and their energy-draining rigs have raised power prices at the expense of the general population.
    The ban is meant to be a temporary arrangement, but it could potentially end all cryptomining investment in the city.
     
  8. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,607
    Messages:
    1,177
    Likes Received:
    2,562
    Trophy Points:
    181
    Bitcoin a Shadowy New Realm as U.S. Weighs Security Clearances
    [​IMG]
    Photo: Paul Ratje/For The Washington Post via Getty Images
    By Daniel Flatley
    As the Pentagon struggles to recruit a more tech-savvy workforce, it’s facing the confusion of many an old-timer: What to make of people who invest or trade in Bitcoin.

    The question is whether owning Bitcoins or lesser-known cryptocurrencies such as Ripple and Ethereum is an indicator of risky personal behavior — one that should flag extra scrutiny in security clearances — or just another investment choice.

    “There are a lot of good things about cryptocurrencies, but at the same time there are these security risks,” said Param Vir Singh, director of the PNC Center for Financial Services Innovation at Carnegie Mellon University. “Think about a knife: It could be used for good things and it can be used for bad things as well.”

    The debate is playing out across the government, as the Defense Department and other agencies struggle to define the currencies. Some see them simply as new investments and payment methods, while others worry they provide potential vehicles for illegal activities, from money laundering to drug-dealing.

    It’s a debate that matters for the sprawling U.S. national security apparatus, which has to keep track of more than 4 million people with some form of security clearance. That includes workers who, at least in theory, could sell secrets to America’s enemies with the aid of anonymous transactions facilitated by cryptocurrencies.

    Terrorists, Cybercriminals
    Terrorists and cybercriminals use cryptocurrencies to shield their transactions from investigators and often demand payment in Bitcoins and other digital assets, according to international law-enforcement groups including the Paris-based Financial Action Task Force and Europol’s European Cybercrime Centre.

    At the same time, young investors have decamped from the halls of prominent financial institutions for the evolving world of cryptocurrency investing, and entire states have pegged their futures to its popularity. The instrument is going mainstream as Goldman Sachs Group Inc. moves forward with Bitcoin trading operations.

    Nevertheless, Bitcoin has fallen about 50 percent from its December high to about $8,400 as regulators around the world continue to evaluate how to manage digital assets and some Wall Street pros dismiss the market. Warren Buffett, for example, has likened Bitcoin to “rat poison squared.”

    If the U.S. government were to decide that owning cryptocurrencies is a security risk, it could have a “huge negative impact” on the growing market, according to Singh.

    Any move to more closely investigate job applicants who own cryptocurrencies also could hamper the Pentagon’s efforts to expand its operations in cyberspace, a goal that Secretary of Defense Jim Mattis has made a priority.

    “If we’re going to say that if you’ve got a Bitcoin or another digital currency account that could be a signal or shoot up a red flag for a security clearance, guess what? Those people aren’t going to sit around waiting to try to onboard for a government job,” Greg Touhill, a retired Air Force general who was the first Federal Chief Information Security Officer, said in an interview. “It would grow the backlog considerably, in my view.”

    Conflicting Messages
    The Pentagon has sent conflicting messages about how it’s handling the matter.

    After a Defense Security Service employee suggested in an email that Bitcoin be considered a foreign currency and reported on the lengthy SF-86 security form filled out by clearance applicants, DSS quickly countered by issuing official guidance saying…there is no official Department of Defense guidance, according to ETHNews, an online cryptocurrency news site.

    “There is no current Department of Defense guidance related to the reporting of ownership of cryptocurrencies,” according to a statement posted to the DSS website. “DSS is working with DoD policy offices for further clarification and once such guidance is issued, DSS will ensure the widest dissemination to industry.”

    The equivocation has been cited by law firms and job search sites. ClearanceJobs.com put it bluntly: “Should you report your Bitcoin to your security officer? It depends upon who you ask.”

    Huge Backlog
    The lack of clear direction from the Pentagon only adds to the headaches already faced by government contractors that need to hire workers with security clearances.

    Their top priority is overhauling a clearance system with a backlog of more than 700,000 background investigations and billions of dollars in associated costs.

    Raytheon Co. Vice President Jane Chappell told the Senate Intelligence Committee in March that fixing the clearance system should be a priority for the country and that the backlog was hurting “programs that provide critical warfighter capabilities.”

    For now, it appears the Pentagon needs further information from the country’s financial regulators. Without a clear policy from the Treasury Department, Securities and Exchange Commission or other agencies, it will be very difficult for the Pentagon to issue guidance, according to Singh.

    In the U.S., Bitcoin isn’t treated as a foreign currency for tax purposes, according to a Treasury Department spokeswoman, but Treasury’s Financial Crimes Enforcement Network monitors virtual currency exchanges to counter money laundering and terrorist financing.

    If the U.S. government were to assess that BitCoin is a form of foreign currency, “such activities could have an impact on a security clearance determination,” Major Audricia Harris, a Pentagon spokeswoman, said in a statement.

    Bad Intent
    The government should keep in mind that owning cryptocurrencies may not indicate bad intent, said Steve Aftergood of the Federation of American Scientists.

    “I don’t know if the government has a clear understanding of what makes a person actually a security risk,” Aftergood said. “Instead they look at proxy factors like excessive debt, drug use and contact with the criminal justice system, which don’t necessarily translate to risk.”

    But Nicholas Weaver, a researcher at the International Computer Science Institute at the University of California, Berkeley, said the Pentagon is right to scrutinize clearance applicants who own cryptocurrencies, even those who are buying and holding them as investments, known as “HODL’ers.”

    “Since Bitcoin’s only real use is to buy drugs, etc., it deserves suspicion,” he said. “As for the HODL’ers, eh, they will pass through the clearance process OK because its clear they are just little speculators. Or outright delusional speculators, in which case, do you really want that type in government?”
     
    hmscott likes this.
  9. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,607
    Messages:
    1,177
    Likes Received:
    2,562
    Trophy Points:
    181
    9.jpeg
     
    hmscott likes this.
  10. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,789
    Messages:
    16,624
    Likes Received:
    20,436
    Trophy Points:
    931
    Google searches for 'bitcoin' nosedive 75% this year as interest in struggling cryptocurrency wanes
    • Searches for the term "bitcoin" have dropped more than 75 percent since the beginning of this year, according to research from Google Trends.
    • "Bitcoin needs a new narrative in order to reestablish global attention," says Nicholas Colas, co-founder of DataTrek Research.
    • The digital currency's price has dropped by roughly 50 percent this year, trading near $7,500 Monday.
    Kate Rooney | @Kr00ney
    Published 3 Hours Ago
    https://www.cnbc.com/2018/06/04/google-searches-for-bitcoin-nosedive-75-percent-this-year.html

    "Bitcoin prices have struggled this year, along with the cryptocurrency's ability to capture interest on the internet.

    Searches for the term "bitcoin" have dropped more than 75 percent since the beginning of this year and roughly halved over three months, according to research from Google Trends.

    Nicholas Colas, co-founder of DataTrek Research, pegged waning searches as a bad sign for prices.

    "We use Google Trends to track search queries for 'bitcoin' as a proxy for potential new buyers," Colas said in an email to clients Monday. "Bitcoin needs a new narrative in order to reestablish global attention."

    Google Trends uses numbers to represent search interest relative to the highest point on the chart for the given region and time. A value of 100 is the peak popularity for the term. As of January 1, bitcoin's popularity was 37 and fell to a 9 as of June 2.

    Colas also uses wallet growth as a proxy for interest, and said even small demand is a determinant for bitcoin prices. Wallets store the public and private keys which can be used to trade, or receive cryptocurrencies.

    Growth in new wallets was roughly 2 percent in both April and May, and first-quarter compounded monthly wallet growth was 3.7 percent this year, Colas said. But for the last quarter of 2017 when bitcoin prices were nearing $20,000, wallet growth compounded monthly was 7.6 percent.

    "The comparisons between the 2017 back half comps (excellent) and 2018-to-date (poor) are stark and explain essentially all of bitcoin's fall from grace this year," Colas said. "Simply put, history shows bitcoin wallet growth needs to be +5%/month to see meaningful price appreciation."

    Bitcoin prices have dropped by roughly 50 percent this year, trading just below $7,500 Monday, according to CoinDesk. The world's first and largest cryptocurrency surged more than 1,300 percent last year, nearing $20,000 in December.

    "This dog will have its day, but today isn't it," Colas said. "While we love the idea of bitcoin (and own a little ourselves), we are not fans of buying it at current levels."

    Google searches for most other top cryptocurrencies has also cratered. For ethereum, the world's second largest cryptocurrency, searches are down 70 percent this year. XRP searches have fallen even more sharply, down 87 percent since January 1. Searches for the fourth largest digital currency, bitcoin cash are down 82 percent.

    But for EOS, the fifth largest cryptocurrency by market cap, searches gone in the opposite direction. Google searches for that term have jumped 97 percent this year.

    Much of that could be due to the company's recent fundraising efforts through what's known as an initial coin offering, or ICO. Start-up Block.one raised more than $4 billion through the cryptocurrency in a yearlong ICO that closed Friday.

    Unlike an IPO, which gives investors stock ownership in a company, an ICO gives out tokens whose use case is based on a promise the platform will be useful in a digital network once it gets built."
     
    Dr. AMK likes this.
Loading...
Similar Threads - Blockchain Cryptocurrency Digital
  1. Dr. AMK
    Replies:
    1
    Views:
    162

Share This Page