Posts


Sep. 27, 2018

Uber to pay $148 million for 2016 data breach and cover-up

Uber to pay $148 million for 2016 data breach and cover-up

The breach, revealed last year, granted hackers access to the personal information of 57 million riders and drivers. Uber paid the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident. Uber has agreed to pay $148 million in connection with a 2016 data breach and subsequent cover-up, according to the California Attorney General’s office.

Sep. 27, 2018

NSA employee who brought hacking tools home sentenced to 66 months in prison

NSA employee who brought hacking tools home sentenced to 66 months in prison

The National Security Operations Center at NSA, photographed in 2012—the nerve center of the NSA’s ‘signals intelligence’ monitoring. A former NSA coder has been sentenced to 66 months in prison for bringing home the code that drove much of the NSA’s signals intelligence operations. Nghia Hoang Pho, a 68-year-old former National Security Agency employee who worked in the NSA’s Tailored Access Operations (TAO) division, was sentenced today to 66 months in prison for willful, unauthorized removal and retention of classified documents and material from his workplace—material that included hacking tools that were likely part of the code dumped by the individual or group known as Shadowbrokers in the summer of 2016.

Sep. 25, 2018

California passes nation’s first IoT security bill

California passes nation’s first IoT security bill

As it has done with the issues of online privacy and restoring net neutrality, California becomes the first state to act to secure the Internet of Things. It’s back to the future time again for California. Having adopted the nation’s toughest online privacy protection measure and restored state-level net neutrality protections that are tougher on ISPs than the FCC regulations, the Golden State’s Legislature has just sent a bill to the governor’s desk for signature that would make California the first state to attempt IoT security governance.

Sep. 23, 2018

Bitcoin Core Developers kept a critical DoS bug, a secret; releases fix

Bitcoin Core Developers kept a critical DoS bug, a secret; releases fix

Earlier this week, a bug was found in the Bitcoin’s core code base. Developers got in the rush, and finally released a fix on Tuesday. The bug turned out to be Denial of Service bug (DoS).

Furthermore, if anyone exploited the vulnerability, this could be used to disconnect nodes, or even crash a whole segment of a network. This was enough to rush the developers into action. The bug could be exploited by any miner, to double spend any transaction.

Sep. 23, 2018

Chrome is a Google Service that happens to include a Browser Engine

Chrome is a Google Service that happens to include a Browser Engine

Starting with Chrome 69, logging into a Google Site is tied to logging into Chrome. This is typically the topic where things are complex enough that tweets or 500 character Mastodon toots don’t do it justice. I’d also mention that I prefer to avoid directly linking people’s posts on this, because I dislike the practice of taking discussions out of their original audience and treating them as official or semi-official communications from a given company.

Sep. 22, 2018

A perspective from the Bitcoin Cash and Bitcoin Unlimited developer who discovered CVE-2018–17144

A perspective from the Bitcoin Cash and Bitcoin Unlimited developer who discovered CVE-2018–17144

Six hundred microseconds. That is about the time that Matt Corallo wanted to shave off of block validation with his pull request in 2016 to Bitcoin Core. 600µs is a lot less than what is saved with more efficient block propagation, like XThin, Compact Blocks, or now Graphene over typical links, especially those that are of similar low-end quality in network speed like Raspberry Pis are in compute speed.

Sep. 21, 2018

NCIX Database Servers Sold at Craigslist Without Being Wiped

NCIX Database Servers Sold at Craigslist Without Being Wiped

Canadian retailer NCIX filed for bankruptcy and closed 10 months ago. They were the premiere PC hardware retail store in Canada and even did a sizable business on the other side of the border. However, as Travis Doering of Privacy Fly found out, the company did not go quietly away without doing some damage to their customer’s security first.

Doering recounts meeting up with a Craigslist seller claiming to have NCIX’ Database servers for only $1500 CAD. This includes a Database Server from NCIX and a Database Reporting Server, allegedly legally obtained via Able Auctions. Prior to NCIX shutting down, their assets were sold off through this company.

Sep. 20, 2018

Japanese crypto exchange Zaif hacked, losses in the range of $60 million reported

Japanese crypto exchange Zaif hacked, losses in the range of $60 million reported

In a major development, Japanese crypto exchange Zaif has been on the receiving end of a hacking incident last week, local media has reported. The hack, which occurred on Sept. 14 but was not discovered until Sept. 17, saw the hacker steal 4.5 billion yen from users hot wallets, as well as 2.2 billion yen from the assets of the company, with total losses amounting to 6.7 billion yen or around $59.7 million. Tech Bureau Inc. which operates the digital currency exchange Zaif said in a press release that the company noticed certain abnormalities on September 17, and the hacking damage was confirmed on September 18.

Sep. 20, 2018

Another Victim of the Magecart Assault Emerges: Newegg

Another Victim of the Magecart Assault Emerges: Newegg

While the dust is settling on the British Airways compromise, the Magecart actor behind it has not stopped their work, hitting yet another large merchant: Newegg. Last week we published details on the British Airways compromise immediately after the company made its first advisory public linking the breach of customer credit card information to Magecart. We were able to disclose these details based on our years of tracking the activities and infrastructure of the umbrella of Magecart groups performing digital credit card skimming campaigns.

Sep. 19, 2018

Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument

Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument

Over the last 24 hours, the cryptocurrency community has been discussing a critical vulnerability that was found in the Bitcoin Core (BTC) reference client. A bug introduced in Bitcoin Core version 0.14, that also affects all subsequent versions, could have caused a great majority of current Core nodes to crash. According to the developer’s Optech newsletter, Core contributors released a patch that fixes Core version 0.16.2 and the latest 0.16.3 fix requires an immediate upgrade.

Sep. 17, 2018

EOS dApp Used Blockchain Backdoor To Remove Tokens From User’s Wallets Without Their Consent

EOS dApp Used Blockchain Backdoor To Remove Tokens From User’s Wallets Without Their Consent

EOS has recently been in the news following the revelation that an EOS decentralized application (dApp) could access users’ token wallets without their consent through the use of a backdoor technique. More specifically, this EOS dApp is called Trybe, and describes itself as a ”tokenized knowledge sharing network for the crypto and blockchain community”. Issues first arose when Trybe were set to distribute tokens to user accounts through a token airdrop.

Sep. 17, 2018

An Overview of the Different Blockchain Consensus Algorithms

An Overview of the Different Blockchain Consensus Algorithms

Although more casual, less-technical crypto-enthusiasts might not know much on this topic, an essential aspect of any cryptocurrency project is the consensus algorithm that it utilizes. These algorithms accomplish two major objectives. Firstly, it ensures that the next block in a blockchain is the true, master-version of the details.

Secondly, it makes sure that those looking to take advantage of the system and fork the chain are stopped. Either way, the point is that consensus algorithms are the way that cryptocurrencies ensure that their digital tokens aren’t victim to double spending. While essential, there have emerged a wide variety of consensus algorithms amongst the various cryptocurrencies, each with their own pros and cons.

Sep. 17, 2018

Open Heart Surgery: Inside Ethereum’s Crucial Replacement of the EVM

Open Heart Surgery: Inside Ethereum’s Crucial Replacement of the EVM

The virtual machine that allows ethereum to compute everything in a decentralized way is getting a massive overhaul. At the heart of ethereum lies a virtual computer. Stored across tens of thousands of nodes that make up the platform, the ethereum virtual machine, or EVM, is responsible for executing the countless tokens,dapps, DAOs and digital kittens of which the blockchain is comprised of.

Sep. 16, 2018

Robinhood Is Making Millions Selling Out Customers to High-Frequency Traders

Robinhood Is Making Millions Selling Out Customers to High-Frequency Traders

Robinhood is marketed as a commission-free stock trading product but makes a surprising percentage of their revenue directly from high-frequency trading firms. It appears from recent SEC filings that high-frequency trading firms are paying Robinhood over 10 times as much as they pay to other discount brokerages for the same volume. Robinhood needs to be more transparent about their business model.

Sep. 16, 2018

A new CSS-based web attack will crash and restart your iPhone

A new CSS-based web attack will crash and restart your iPhone

Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link. The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use,Haddouche told TechCrunch.

He explained that nesting a ton of elements — such astags — inside a backdrop filter property in CSS, you can use up all of the device’s resources and cause a kernel panic, which shuts down and restarts the operating system to prevent damage. TechCrunch tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone. Thomas Reed, director of Mac & Mobile at security firm Malwarebytes confirmed that the most recent iOS 12 beta also froze when tapping the link.

Sep. 15, 2018

Google’s prototype Chinese search engine reportedly links searches to phone numbers

Google’s prototype Chinese search engine reportedly links searches to phone numbers

Google is reportedly building a prototype system that would tie Chinese users’ Google searches to their personal phone numbers, as part of a new search service that would comply with the Chinese government’s censorship requirements. The Intercept writes that the “Dragonfly” Android app, a secret project revealed by a whistleblower last month, could be linked to a user’s phone number — making it simple to track individual users’ searches. This tracking would be in addition to Dragonfly’s blacklisting of terms like “human rights,” “student protest,” and “Nobel Prize,” which might normally pull up news about Chinese activist and Nobel laureate Liu Xiaobo.

Sep. 15, 2018

Tesla Model 3 Stolen From Mall of America Using Only a Smartphone

Tesla Model 3 Stolen From Mall of America Using Only a Smartphone

A little bit of social engineering can go a long way. With cars becoming more connected than ever, cybersecurity is a hot-button topic that extends past your computer screen and into your car. Using a bit of technology, an alleged car thief was able to get his hands on a Model 3 at the Mall of America and drive away without needing a key.

Sep. 15, 2018

Almost half of US cellphone calls will be scams by next year, says report

Almost half of US cellphone calls will be scams by next year, says report

Many of us are already conditioned to ignore phone calls from unknown numbers. A new study seems to validate that M.O. By next year, nearly half of the mobile phone calls we get will be scams, according to a new report from First Orion, a company that provides calls management and protection forT-Mobile,MetroPCs,Virgin Mobileand others.

The percentage of scam calls in US mobile traffic increased from 3.7 percent last year to 29.2 percent this year, and it’s predicted to rise to 44.6 percent in 2019, First Orion said in a press release Wednesday. The most popular method scammers use to try to get people to pick up the phone is called ‘neighborhood spoofing,’ where they disguise their numbers with a local prefix so people presume the calls are safe to pick up, First Onion said. Third-party call blocking apps may help protect consumers from known scam numbers, but they can’t tell if a scammer hijacks someone’s number and uses it for scam calls.

Sep. 12, 2018

Bitmex Accused of Manipulating Ethereum’s Price

Bitmex Accused of Manipulating Ethereum’s Price

A crypto trading exchange with eye-watering margins of 100x has angered ethereans after Bitmex’s CEO, Arthur Hayes, appeared to tell his customers, under an official Bitmex account, to short eth. Hayes then goes on to use some very colorful and highly professional language in contrast to his public tweet which said: No punting here, but to all the Bitmex customers, which are automatically subscribed to a “newsletter,” he told them eth is “a double digit” colorful coin. In other words, Bitmex hates ethereum and as of today Bitmex is apparently handling $3 billion in trading volumes for the eth/usd perpetual swap.

Sep. 12, 2018

In a Few Days, Credit Freezes Will Be Fee

In a Few Days, Credit Freezes Will Be Fee

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle. If that accurately describes your views on the matter, this post may well change your mind.