Dub 15

Global Banking System Under Threat As Hackers Crack NSA, SWIFT Again

· April 15, 2017 · 2:00 pm

Hacker group Shadow Brokers has allegedly proved the US National Security Agency (NSA) hacked SWIFT international banking network.


NSA ‘Documents And Files’ Show SWIFT Transactions ‘Monitored’

In “documents and files” released Friday, Reuters reports, the group said it had evidence the NSA used SWIFT to “monitor money flows among some Middle Eastern and Latin American banks.”

The news marks the second time Shadow Brokers has laid claim to compromising NSA secrets. In August 2016, the group said it had entered an agency affiliate and taken details of cyberweapons, which it planned to auction for one million bitcoins.

If true, it is also a further blow to SWIFT, which last year recorded several high-level security failures worth hundreds of millions of dollars.

“NSA hacked a bunch of banks, oil and investment companies in Palestine, UAE, Kuwait, Qatar, Yemen, more,” Mustafa Al-Bassam, computer science researcher at University College London, commented on the findings.

Bitcoin Core Dev: Implications Beyond Spying ‘Burning Question’

Reactions from within the cryptocurrency community meanwhile focussed on the broader implications of Shadow Brokers’ latest attack.

Core developer Wladimir van der Laan wrote on Twitter “(finding) indication of tools for manipulation of banks/markets, more than spying” was now the “burning question.”

As the traditional financial system comes under increasing threat from cyber criminals, Bitcoin could emerge as the go-to method for storing wealth thanks to its decentralized blockchain and SHA 256 encryption, especially when compared to the ‘honeypot’ of banks’ centralized databases.

Microsoft Back In Spying Spotlight

The released data does not only focus on SWIFT, but also on Microsoft. Having been outed as involved in NSA spying activities by Wikileaks’ Vault 7 dump in March, the corporation this time is facing stolen code for compromising Windows, “at least some of which still work.”

In a responsorial statement, Microsoft protested ignorance. No official correspondence regarding the threat had been received.

“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” it told Reuters.

Windows 10

Regarding the specifics of the SWIFT hack, it appears Dubai-headquarted service bureau Eastnets could be a major target.

Like Microsoft, the SWIFT intermediary denied any malicious activity had occurred.

The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded,” the BBC quotes a spokesperson as saying. “The EastNets Network Internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities.”

NSA spying activities are claimed to have affected not just companies, but politicians and even everyday consumers.

As part of Vault 7, WikiLeaks suggested end-user electronic devices such as smartphones and smart TVs could have become microphones for intelligence officers to listen in on.

Even Donald Trump and his family may have fallen victim.

What do you think about the Shadow Brokers’ latest claims? Let us know in the comments below!


Images courtesy of Swift, Twitter, Shutterstock

Show comments

Share
Bře 26

7 Ways Criminals Can Steal Your Bitcoins

· March 26, 2017 · 3:00 am

Cybercriminals are becoming more sophisticated. We have compiled a list of  7 ways criminals can steal your Bitcoins and how you can protect yourself from them.


Top 7 Threats to You Bitcoin

One of the defining aspects of Bitcoin is that it puts you in charge of your own finances. No one but you will dictate where you can spend your money or who to send it to. There is no censorship, there is only complete financial freedom. But freedom comes at a cost. If you lose your Bitcoins, send them somewhere by accident or if they’re stolen, there is no entity that will return them to you, they are lost for good.

This is one of the reasons why Bitcoin has become a hub for all types of scams and cons. Cyber criminals are now becoming more sophisticated and finding new ways of stealing your hard-earned bits out from under your nose. Long-time users have seen their fair share of scams and are usually not drawn to them, but new users may be easily fooled by the prospect of making an easy profit.

Bitcoinist_Security Vulnerabilities

This is a huge problem for Bitcoin. Although variations of the same scams also exist with national currencies, these have a certain trust factor that is provided by the government that issues them. No one will stop using a national currency like the US Dollar just because they were scammed out of their dollars. With Bitcoin, however, users may feel like the fault is in the network and distance themselves from it. 

Bitcoinist has compiled a list of the most common methods cybercriminals use to steal your Bitcoins. If you’re getting started with Bitcoin, then this article may save you some money and heartache.

Ransomware

We’re going to start off with what can be considered one of the most profitable practices for cyber criminals, ransomware. Ransomware is not new, but Bitcoin has made it popular among hackers due to its efficiency as a decentralized payment system.

So, what is Ransomware? Ransomware is basically a virus that will encrypt all (or part of) your files. The program will then give you the option of paying a certain amount of money in order for the files to be decrypted. This type of malware has become highly popular due to its effectiveness and could even leave Vegas with you.

hackers-hacking-hacks

Hackers will usually target companies or organizations that cannot afford to be unavailable to their customers, ensuring a high success rate for the cyber criminals. 

However, anyone can fall victim to ransomware and individual users may be more vulnerable to them as they will often lack the tools or knowledge to try to decrypt their files on their own. Remember to always backup your important files and not to open or download any suspicious file. Having a good antivirus program in place is also advised.

Fake Wallets

This method is much less popular but has successfully scammed unknowing users out of their coins. Fake wallets are basically apps that initially look like a real wallet until it has the chance to steal your coins. These fake wallets are usually endorsed as being another legitimate wallet, often using the real wallet’s logo and name to fool users. They are basically like phishing (which we’ll also talk about) for wallets instead of websites or emails.

Bitcoinist coin wallet

Some fake wallets have even appeared on Apple’s App Store after successfully slipping through its vetting process. These misleading apps give both the real wallet and Bitcoin itself a bad name. Users can avoid this by downloading only from trustworthy sources like the wallet’s website and by confirming the name of the apps closely before downloading them. If you’re unsure, you can always ask the community on Reddit, Bitcointalk, and so forth.

Bitcoin Phishing

Phishing is basically a means of extracting sensitive information from victims. There are variations to the scheme but the most common ones are e-mails and fake websites. Scammers will try to trick the victim into giving them sensitive information regarding their Bitcoins like login details from an exchange or online wallet.

They will often do this by sending an email from an email address that looks official or by buying a domain name that is almost identical to the real website. An example of this would be the fake blocklchain[.]info.

Ponzi Schemes

Yes, Bitcoin and other cryptocurrencies are riddled with popular Ponzi schemes also known as pyramid schemes. These involve getting people to invest money and inviting more people to invest money, thus creating the pyramid effect. The new money is used to repay old investments and “the wheel keeps turning” until it can turn no more.

Pyramid / Ponzi Scheme

At a certain point, the scammers will walk away with everyone’s money. The best time to leave is usually accessed by the amount of money that the cybercriminals are currently holding and by the reputation the website has earned so far.

These schemes come in all shapes and sizes but they all have one thing in common, they want your coins and promise high returns for them. Two of the most popular disguises for these schemes are cloud mining websites that offer unrealistic returns and websites that claim to be employing some sort of automated trading algorithm to earn money on every trade.

To avoid being tricked by these, simply stay away from websites that seem to have unrealistic returns like 1% per day or 100% per month and so on. Avoid any vague business model that doesn’t really explain how the company makes profit and only trust websites after doing intensive research. There are ways of earning interest on your bitcoin like margin or p2p loans, but these will never yield as much as promised by pyramid schemes.

Fake Cryptocurrencies

There are some scams like this out there, the most famous of which is Onecoin. This scheme works by convincing victims that they are buying units of a successful cryptocurrency when they are in fact just paying for numbers to show up on a website. There is no actual Onecoin blockchain or network of miners.

onecoin

Fake cryptocurrency schemes will often sell coins in the form of educational packages or mining spots and they will also offer nonsensical promotions like splitting coins to double them. Although it sounds ridiculous, many users have fallen victim to this scam and some have lost entire life savings to it.

If you’re looking for a cryptocurrency to invest in, choose wisely and don’t be swayed with “developers” that promise the price of the coin will increase x times. A good rule to avoid these scams is to check if the coin exists on comparison websites like CryptoCompare or Coinmarketcap.

Scam ICOs

ICO, short for Initial Coin Offering, is a type of crowdfunding mechanism that is becoming increasingly popular within the blockchain space. The team behind a certain project will launch an ICO to sell tokens related to their project in exchange for Bitcoin, fiat or other cryptocurrencies. These tokens are usually equity based or they act like fuel to the platform, like Ether in the Ethereum platform.

Given the momentum that ICOs currently have, it’s no wonder that some cyber criminals are trying to trick investors with fake projects. Scam ICOs can be hosted by scam artists with no more than a convincing logo, website, fictional team and a few other tricks.

crowdfunding-for-events

Often times, the “company” will be able to gather considerable amounts of BTC without an actual product or nothing more than vaporware. A perfect example would be DeClouds, a scam that managed to steal 300 Bitcoins from unknowing investors who though they were investing in a cryptocurrency backed by precious metals.

Avoiding scam ICOs can be tricky and there are several things to look out for – Check out this guide on how to avoid scam ICOs.

Scammers on P2p Exchanges

These scams take place on peer-to-peer exchanges like LocalBitcoins and Paxful and they basically consist of people trying to rip you off during a currency exchange. These p2p exchanges allow users to trade coins directly between themselves using an external payment system like cash deposit, PayPal, credit cards and others. Unlike Bitcoin, these payment methods usually allow the user to dispute a transaction for various reasons.

Scammers will often use these markets to cash out hacked PayPal accounts or stolen credit cards in these markets. Some users will even use their real accounts but since most payment systems don’t offer seller protection for digital items, there isn’t much you can do in case of a chargeback.

This has created a market, where some users will sell Bitcoin for a considerable premium. However, users that do this have experience with these scams and have methods for verifying the buyer’s identity and so on.

To avoid this, only sell Bitcoin to established p2p traders and try to stay clear of chargeback-enabled payment methods like PayPal and Skrill. Remember that only those who control their private keys control their bitcoin. 

For a comprehensive list of fraudulent Bitcoin-related website, you can check out the Bad List here.

Are we missing any methods employed by cyber criminals? If so, let us know in the comment section.


Images courtesy of Shutterstock, AdobeStock

Show comments

Share
Úno 26

Bitcoin Demand Rises as U.S. Corporations are Stocking Up

· February 26, 2017 · 9:00 am

Bitcoin has attracted a great deal of interest over the last couple of years, and mainstream investing has skyrocketed with the ever-growing Bitcoin price. Now, a new market sector is starting to emerge as American corporations are stocking up on digital currency to combat cybercrime.


Corporations Fuel Bitcoin Demand as Ransomware Spreads

Hackers with an eye towards gaining valuable Bitcoins are hitting corporations more and more with dreaded ransomware, and this problem seems to be getting worse and worse. How to handle this growing epidemic is also a matter of some controversy. It seems to put companies in a no win situation.

“The official FBI policy is that you shouldn’t pay the ransom,” said Leo Taddeo, chief security officer for Crypt-zone to Newsfactor. Taddeo ran the cyber division of the FBI’s New York City office.

It’s an option to pay the ransom to get back up and running. Sometimes it’s the only option. But it has downsides. Paying ransom just invites the next attack.

2

A vicious cycle has begun. The more companies pay out in Bitcoin, the more attacks become likely. The more valuable Bitcoins become, the more attacks become likely. Those who do not pay the ransomware demands may lose the trust of their customers or their valuable business data altogether. From the criminal’s side of it, they can rationalize their dastardly deeds by blaming the victims for not expecting this outcome from now on.

“They’ll actually explore your system to see how much money they can squeeze from you,” said Andrei Barysevich, director of advanced collection at Recorded Future. “They actually think they are on the moral high ground. They think the companies should have paid more for security.”

Ransomware Attacks Hit $1 Billion

A corporate cyber-hitman can demand up to $75000 USD in Bitcoin, or about 65 BTC. Individuals can get hit as well, but they can only be taken for a few hundred dollars. Recorded Future, a Somerville, Mass., threat intelligence firm, says ransom payments skyrocketed 4,000 percent last year, reaching $1 billion. Another firm, Kaspersky Lab, estimates that a new business is attacked with ransomware every 40 seconds, becoming a true epidemic.

Bitcoinist_Kaspersky Labs CryptXXX Bitcoin Ransomware

Another problem is just because you have paid a cyber-criminal does not mean they will kindly do as they said and provide you decryption keys to restore your files. Criminals aren’t the most ethical people in the world, so you may have to pay a couple of times. Authorities say backing up all your computer files on a regular basis may be the best way to protect yourself.

This may save file information, but may not restore computer systems that are needed to continue running the business on a daily basis. It depends upon the attack if you will need to pay up or not. About 25% of companies never get restoration after an attack.

Have you been the victim of a ransomware attack? What’s the best way to prevent such an attack besides backing up your files? Share below!


Image provided by Business Insider, Shutterstock

Show comments

Share
Úno 12

Three Easy Ways to Improve Your Bitcoin Privacy & Security

· February 12, 2017 · 6:00 am

As the world of Bitcoin becomes bigger, more lucrative and more mainstream, there are going to be more eyes on the industry. Here are three easy ways to boost your privacy and security.


Spotlight On Your Security

Whether its surveillance from government agencies or hackers looking for bitcoins and information, here are three ways to improve your Bitcoin privacy that you may know, but aren’t exploiting.

Bitcoinist_Security Ransomware Cisco

Using Bitcoin is not anonymous, as most current users already know. The public Bitcoin blockchain will not reveal your identity directly, but your Bitcoin transfers can be tracked with block explorers. Some of the best ways to improve your privacy – at least until the protocol itself is upgraded with more privacy-enhancing applications – is by upgrading how you interact with the internet itself.

1) Tor Browser

Tor takes the proxy concept to your browser, directly. It’s a free option; you just have to download the browser. Tor is originally a government concept, so if you are trying to avoid government surveillance, it may not be right for you, but it is the first layer of protection and can give you peace of mind against the low-level online hacker.

Bitcoinist_Transparency Tor

This is a far better option than using the same IP every day, in your hometown, for your online banking and your Bitcoin usage. If you are just using your local network’s IP, you need to step up your game and step into the 21st century.

2) Using a VPN (Virtual Private Network)

This is something I have used for years that most people online, or who use Bitcoin, do not use. A VPN is a great way to use the internet more freely, and Bitcoin as well. The main benefit is these networks provide you with an encrypted service, just like Bitcoin does. Think of it as the most advanced proxy service you can buy.

circumventing the ban is easy with virtual private networks (VPNs) and proxies

A VPN gives you a choice of servers and IP addresses to choose from. The number of choices will depend upon your choice of VPN network, but the best provide hundreds of thousands of IPs that you can switch between on demand, or at any interval you choose. I set mine to switch every hour, automatically. Try to shop for a no-log VPN provider, so the VPNs themselves cannot track you. You may want to look into providers like Firetrust and Pritunl

And a VPN can give you better internet access. Maybe the servers in your area are not the fastest, or you live in an area where you have restricted access. With a VPN, you can test all the servers on their network, see which ones are the fastest, or in a less surveilled area, and you are getting more security and faster downloads. A win-win. It’s a great investment in your online peace of mind for $60 a year or so, and many of these services even accept Bitcoin for payment, too.

3) Take Your Bitcoins Offline

If you have all your Bitcoins in a common online wallet like Coinbase, it’s hard to say you are really taking Bitcoin privacy and security seriously. No offense to Coinbase or Blockchain, but no one should keep all their bitcoins in one basket.

It is hard to find an online wallet provider that hasn’t been hacked, or isn’t under attack every day for the next decade. Maybe they have outstanding security, but the criminals are coming up with new ways to steal every day, so why take the chance?

KeepKey

Only store Bitcoin in online wallets that you are comfortable losing to theft. A wise Bitcoin user with any real cache of bitcoins would keep 80-90% offline in a paper wallet or hardware wallet, such as Case wallet, Ledger, Trezor or KeepKey.

You only access these bitcoins when you choose to, and can take your wallet on the road with you, or keep it in a safe, offline. Take your Bitcoin wealth on the plane and not get harassed by customs. A $60-$99 investment that should give you peace of mind no matter where you roam.

What do you think is the best way to maintain your privacy and Bitcoin security? Let us know in the comments below!


Image provided by Abine, Shutterstock

Show comments

Share
Srp 20

New Malware Sneaking Onto Mac Computers, Bitcoinists Be Warned

Source: bitcoin

Mac Malware

Some tricky new malware is infecting Mac users by imitating legitimate software. The “Advanced Mac Cleaner,” professes to be an anti-malware tool in order to sneak onto Mac computers.

Also read: Mycelium May Roll out P2P Tumbling Soon

New Malware Targeting Mac Users

Bitcoinists who use Macs ought to be especially concerned, as the malware specifically targets Mac users by mimicking an anti-malware tool designed for Macs. Malware can be used to steal private keys and wallet passwords, allowing malicious actors to gain access to your funds.

The malware was discovered first by Thomas Reed, lead researcher at anti-malware firm, MalwareBytes. Its method of infection is very simple: it tricks people into visiting its website and downloading the program. This sounds like your normal phishing tactic, but the program itself does not act like normal malware once installed.

In fact, once the malware is installed, the user wouldn’t even know that anything was wrong at first. However, if one were to look deeper, they would discover a file within the software claiming ownership of different kinds of file types. Additionally, If you were to open these files, they would display that you needed new, specialized software in order to view them.

This is troubling because it looks like a normal technical problem, as the error message that appears is the same as the one that would regularly appear when trying to open an unknown file type — making it difficult for users to even realize there is something suspicious happening.

If users fall for that, then they will be led to a site that begins downloading a bunch of other useless software, like Mac Adware Remover and Mac Space Reviver. This software is unlikely to benefit the system in any way, and will pass through undetected with a Mac certificate of approval.

Considering that security breaches are the number 1 cause of bitcoin theft, this news could be significant for some. If the malware were to gain access to a Bitcoinist’s system, they could be left helpless, unable to access their wallet, or end up with their funds stolen.

The insidious nature of the malware is its ability to elude detection, thus bitcoin using Mac fans need to exercise extreme caution and avoid downloading apps that are not available on the official App Store.

What do you think of this new malware infecting Mac users? Let us know in the comments below!


Source: DigitalTrends.com

Images Courtesy of gadgets.ndtv.com, Malwarebytes

The post New Malware Sneaking Onto Mac Computers, Bitcoinists Be Warned appeared first on Bitcoinist.net.

New Malware Sneaking Onto Mac Computers, Bitcoinists Be Warned

Share
Srp 02

Bitfinex Hacked, Bitcoin Confirmed Stolen

Source: bitcoin

bitfinex

On August 2, 2016, it has been reported that the major cryptocurrency exchange, Bitfinex, was hacked with some customers losing Bitcoin as a result. Additionally, BitGo has commented on the event.

Also read: Indacoin: Buying Bitcoin, Litecoin with a Credit Card

The Breach of Bitfinex

Bitfinex itself confirmed the hack in a press release earlier today, saying they have halted all trading on the platform. Additionally, all deposits to and withdrawals from Bitfinex have been temporarily stopped.

The exchange does not have much information about the hack, but the press release confirmed that customers of the exchange have lost Bitcoin following the breach.

Now, Bitfinex has launched an investigation into the matter and will “secure the environment,” as the bitfinex.com domain will be taken down with the maintenance page left up. They will also be conducting a review to determine who has actually been affected by the hack.

Furthermore, Bitfinex has also reported the theft to law enforcement and is now working with them to presumably help with the investigation.

According to the press release, Bitfnex says they will have to settle open margin positions in the wake of the hack as they attempt to account for individualized customer losses. Also, it has also been stated that all settlements will be at market prices as of 18:00 UTC. This action has been taken with the intention of normalizing account balances and resuming operations.

The blockchain security company, BitGo, recently released a statement regarding the hack at Bitfinex, saying:

Dear BitGo customer:

You may have read that Bitfinex announced a security breach today. We are working with Bitfinex to determine what happened.
To date, our investigation has found no evidence of any compromise of BitGo servers or services.  We believe the compromise is isolated to Bitfinex.
The security of your transactions is our highest priority.  We will keep you up to date as the situation evolves.
BitGo Team
The Bitfinex team will be posting status updates on the event when appropriate at their status page, bitfinex.statuspage.io.

What do you think of Bitfinex’s confirmed hack? Let us know in the comments below!


Images courtesy of Bitfinex, BitGo

The post Bitfinex Hacked, Bitcoin Confirmed Stolen appeared first on Bitcoinist.net.

Bitfinex Hacked, Bitcoin Confirmed Stolen

Share
Čvc 31

Floridian Thieves use Local Bitcoin Exchange to Rob Customers

Source: bitcoin

Floridian Thieves use Local Bitcoin Exchange to Rob Customers

With all the coverage surrounding massive Crypto Theft and Scams recently, whether it’s The DAO, OneCoin, or questionable ETC ownership policies on major exchanges, it’s easy to ignore the more mundane events in this arena. Luckily, Steve Manos, A man in Lake Worth Florida, was brave enough to ignore best practices and common sense to bring us this gem of an example of how not to buy Bitcoin.

Read Also: New Polaris GPUs Shake Up GPU Mining

 

Thieves Ill-Informed as Their Victim

 

Manos apparently needed several thousand dollars in Bitcoin, and quickly. Instead of waiting a few days on the verification process integral to services like Circle or CoinBase, he tried to source his Crypto locally, and all in one place. This unfolded with disastrous results according to the original article at the Sun Sentinel:

Andre Allen, Arrested for Theft of Manos’ 28K

“The exchange took place outside the restaurant at 2024 Military Trail. One of the men got into the front passenger seat of Manos’ car, while the second man sat behind Manos, according to the report.

Manos handed over 28 bundles of $1,000 in a gift bag. The front seat passenger took out a laptop to finish the exchange, but he also pulled out a knife. He pressed it to Manos’ chest; Manos told deputies.

Manos told the men to just take the money and leave. But a struggle ensued as the backseat passenger tried to grab Manos’ gun out of the driver’s door pocket.

The two robbers ran with the money. Manos chased them, but couldn’t keep up, the report said. The suspects got into an Acura, and sped off.”

Luckily, Manos was able to provide Law Enforcement with the would be Thieves’ Contact info, Resulting in their arrest when he later picked them from a lineup. Had he not had the presence of mind to do so, they would have got away with 28,000 dollars of Manos’ Cash.

So what can we learn from this misadventure, brought to us by a woefully ill-informed Cryptocurrency enthusiast? Surely local and decentralized bitcoin exchanges aren’t to blame! Well, of course they aren’t. By that logic, Pokemon Go is responsible for human stupidity, and Harambe was accountable Zoo Safety Oversight. Your main takeaway should be to go with reputable sellers, use multiple sources to limit your risk, and use multisig/escrow where possible. Had Manos done any of this, he likely wouldn’t be a contributor to the “Florida Man” Twitter account.

Thoughts on the risk thieves present to decentralized exchanges or Bad security? Leave them in the comments!


 

Images courtesy of Palm Beach County Sheriff’s Office

The post Floridian Thieves use Local Bitcoin Exchange to Rob Customers appeared first on Bitcoinist.net.

Floridian Thieves use Local Bitcoin Exchange to Rob Customers

Share
Čvc 08

Google Experimenting with Crypto for the ‘Post-Quantum Era’

Source: bitcoin

Google Experimenting with Crypto for the ‘Post-Quantum Era’

What happens to cryptography once quantum computers are everywhere? Will it still be possible to keep encrypted systems — like the Bitcoin network — secure?

Also read: The Halving Month Is Here; What Will Happen to the Bitcoin Price?

This week, Google addressed the question with a blog post titled, “Experimenting with Post-Quantum Cryptography,” which looks at how possible computing speeds in the future could compromise encryption, even today.

Quantum computing, long a computer science holy grail, promises to increase processing speeds on data operations exponentially. Rather than coding data into binary bits that must be either “1” or “0,” a quantum computer would theoretically use quantum bits (“qubits”) capable of existing in multiple states at the same time.

While this would have obvious benefits for almost every computer application in existence today — and even future applications — it presents a threat to any program that relies on cryptographic algorithms for protection, such as encrypted messages and bitcoin wallets.

Remember how it used to be OK to have a 5-letter password? Now, it’s advisable to have 20 or more characters, varying between numbers, symbols, and both upper and lowercase letters. This change in the need for password strength happened over time due to the progression of technology at its normal rate. Quantum computing would make simple password security obsolete, its processing power allowing it to crack even the toughest encryption with ease.

Such computers do have their limits, though. A more detailed research paper into the topic is available here.

What Would Quantum Computing do to Bitcoin?

The threat quantum computing poses to Bitcoin has been known and discussed in the community for a long time, to the extent that some old-timers have grown weary of the topic.

Common belief is that Bitcoin’s hashing functions (used in mining) are safe from large advancements in quantum computing, but that the elliptic curve digital signature algorithm (ECDSA) used to secure private keys could be compromised.

This would present a danger to any address containing large amounts of bitcoin, or one that is re-used often and well-known. If disposable addresses are used instead — as most modern wallet software does automatically — quantum computing would be less of a threat, though not a solution to the problem.

However, the arrival of quantum computers won’t constitute the first time Bitcoin has been affected by advancements technology. In his original white paper, Satoshi Nakamoto appeared to envisage mining on desktop CPUs, but users very quickly developed ASIC chips designed to do nothing other than solve Bitcoin’s hashing algorithm.

The Bitcoin protocol has adjusted difficulty accordingly, keeping blocks coming at roughly ten-minute intervals despite the hashing power added by ASICs. The possibility of adapting the Bitcoin network to quantum computing is not as certain, though.

Google’s Take

As Google’s post points out, this is not a threat yet — the experimental quantum computers that exist today contain only a handful of qubits and could not break current cryptographic algorithms. In fact, it is not known whether a larger-scale quantum computer is even possible, despite all the private and public sector research going into the field.

If it does become possible, though, a future quantum computer would be able to retroactively decrypt all of today’s encrypted communications — which is definitely something to think about.

Google is now experimenting with a “post-quantum key-exchange algorithm,” using it to encrypt small amounts of traffic between “bleeding edge” Chrome Canary browsers and Google’s servers. This will be on top of already-existing encryption, since the security of the post-quantum algorithm has not yet been thoroughly tested.

Don’t be Concerned Just Yet

Google’s post-quantum algorithm is called “New Hope,” but it’s just one of many possible solutions to the problem. Google wants to run its experiment with New Hope for under two years, “hopefully [replacing] it with something better” in the future.

In any case, for quantum technology to advance to the level required to break cryptographic algorithms, and for that technology to find its way to the consumer market, is expected to take decades, and that’s even if it proves to be possible.

Think about it — but don’t lose sleep over it. Yet.

Do you worry about advancements in computing technology affecting Bitcoin?


Images courtesy of D-Wave Systems via Wikimedia Commons.

The post Google Experimenting with Crypto for the ‘Post-Quantum Era’ appeared first on Bitcoinist.net.

Google Experimenting with Crypto for the ‘Post-Quantum Era’

Share
Čvn 01

Allwinner Leaves Root Exploit in Linux Kernel, Putting ARM Devices at Risk

Source: bitcoin

Allwinner

Running a Bitcoin node on your ARM single board computer? Fan of cheap Chinese tablets and smartphones? Maybe you contributed to the recent CHIP computer Kickstarter, or host a wallet on one of these devices. Well, if any of these applies to you, and your device is powered by an Allwinner SoC, you should probably wipe it and put an OS on it with the most recent kernel release. Why? Allwinner left a development “tool” on their ARM Linux kernel that allows anyone to root their devices with a single command. This oversight has serious security implications for any Allwinner powered device, especially so for those of us hosting sensitive data on them.

Read also: Cerber Ransomware Offered As-a-service By Internet Criminals

 

Security Oversight Puts Allwinner Users at Risk

Thankfully, this massive security flaw in their kernel has been fixed as of Allwinner’s most recent mainline release, although not all of the manufacturers using their processors are pushing the update, leaving those people without sufficient knowledge to do a manual update high and dry, for the most part. This development is of particular concern in the Bitcoin ecosystem, where hosting nodes on single board computers and installing wallets on mobile devices has become increasingly popular. While the cryptographic system used on the better mobile wallets is arguably more secure than comparable mobile payment processing apps, single command root access is one of the nastier exploits available to the less honest elements on the web. Having an Internet-connected Linux device that’s that easy to root is just asking for trouble, even if your private keys are not easily available to the intruder.

While no one should condone security flaws of this scale in their devices, there’s a lot of crying wolf going on at the moment, and before you throw out all of your Allwinner devices and convert all of your cryptos to paper cold storage, it’s important to understand that this type of “single command root” is not uncommon in ARM Linux kernels, as it makes developing for Android much more expedient. While Allwinner is certainly at fault for shipping a kernel with a single command root, it is unlikely that there was any malicious intent here. Someone just forgot to remove their development crutch before shipping the product. Security regressions like this are to be expected if you can’t easily build a kernel yourself for the device (or let the community do the same for you.)

Note that this single command root is limited to Allwinner ARM Devices without their most recent kernel, and SoC devices like the Raspberry Pi, or your Samsung smartphone are likely not affected, as they use other ARM SoCs. Although, if you can’t build a custom kernel for your device without pulling firmware or other trickery, this same exploit could just as easily happen to your system, as you’re putting your trust in the manufacturer to keep their development hacks out of their retail products. Something to consider when choosing the device and operating system for your next cryptocurrency node or wallet.

Thoughts on the state of Security on ARM devices? Be sure to leave them in the comments!


Images couurtesy of: Allwinner Technology, Wikimedia Commons

The post Allwinner Leaves Root Exploit in Linux Kernel, Putting ARM Devices at Risk appeared first on Bitcoinist.net.

Allwinner Leaves Root Exploit in Linux Kernel, Putting ARM Devices at Risk

Share
Kvě 05

Interview With BitLox Bitcoin Wallet Creator Dana Coe

Source: bitcoin

BitLox

BitLox is a new entrant into the physical Bitcoin wallet market. BitLox Creator Dana Coe sent us a wallet to test and review, and also answered some questions about BitLox, its development, and more. One of the first things you will notice about BitLox is it uses an e-ink screen which both saves power and makes reading it easier in many different lighting situations. The screen is one of many features which make it a unique entrant into the market.

Also Read: BitLox: ‘Indestructible’ Hardware Bitcoin Wallet

Dana Coe gave us the background on the company and further information on the wallet.


 

Could you give some background on BitLox, how it was started?

About 18 months ago (Spring ’14), I had the chance to use a hardware wallet. After playing around with that for a bit, I decided we could make one on our own. I wanted to have one with all the features _I_ wanted!

What got you into Bitcoin?
I had heard something here and there about Bitcoin for a while, can’t say exactly when I heard about it first.
In the fall of ’12 I downloaded some pool mining software and loaded it onto all of my employee computers in the office. That was my first real “playing around” with it. I did not get into the nuts and bolts of programming for it until the idea for the BitLox came along. Once one starts working directly with the data, building and parsing transactions yourself…it’s a completely different world. You can’t rely on someone else’s API or such, you have to get down in the source code and truly understand how it works, and the more I understood how it works, the more fascinated I became.

What do you feel sets BitLox apart from other hardware wallets?

I think it’s our comprehensive outlook on the situations that could cause you to have your coins in danger. We don’t just think on the technical side, we do a lot of “war gaming” thinking of danger scenarios and how to defend against them. Such as:
You are sitting in a public library, you want to transfer bitcoins from a wallet that contains a large amount of coins. You do a transfer, and are suddenly tackled. Now your wallet is open and they can see all the coins! BUT, since you set up a transaction password, the “Bad Guys” can’t steal your funds. They would have to know that to send anything more out of the wallet. Meanwhile, you could use your backup mnemonic to move the funds as the Bad Guys can do nothing.
– Just one of the multiple scenarios we’ve thought out.
Hidden wallets are another. I actually know someone who was robbed at gunpoint when doing a LocalBitcoin transaction. Not, “Give me the cash”, but “transfer all coins NOW”. Hidden wallets are exactly the kind of safety that you need in the case of such situations.

Will the BitLox wallet also support any alt-coins in the future?

Yes! We are working on this, it should be rolled into the next few firmware updates. We’ve already had specific requests for DASH and Ether support. The main question with alt-coins is the availability of a reliable blockchain datasource/explorer that is compatible to our parsing engines. We run our own full Bitcoin nodes, so with sufficient use we can bring nodes for alt-coins online too.

What are some of the key features that makes BitLox unique?

First and foremost, by design the BitLox NEVER makes you enter a PIN or anything sensitive on a computer or mobile.
ALL PINs are entered directly on the device keypad. PINs may be up to 20 characters long, 0-9a-zA-Z, so you could have a PIN such as the43346LIzaRD Expanding the keyspace like this is one way to make sure your funds are ALWAYS safe.
Speaking of PINs, we have a nested level of PINs for ultimate security.
A DEVICE PIN, without which you cannot communicate via Bluetooth or USB. Nothing; the device is inert without this PIN. Security lockouts are exponential.
WALLET PINs, for each wallet on the device, of which you may have a total of 100 with 50 hidden.
TRANSACTION PIN if in expert setup, where a specific PIN is needed to approve transactions. Any failure on this PIN causes an immediate reset of the device for up to 45 minutes (plus any other delays)
NONE of these PINs are entered on the computer or phone, they are entered directly on the BitLox.
When doing a wallet recovery from mnemonics, the same logic applies. You enter the mnemonic directly on the BitLox, not on any computer or phone, so your mnemonic is never in danger of being recorded.

Are there some upcoming features or devices we can look forward to?

As soon as true full-color e-paper displays are out on the market, we are absolutely going to introduce these into our high-end models. They won’t be cheap, but they will be very very cool!

Is there anything you would like to discuss that we have not touched on yet?

In the next weeks, we will be open-sourcing our app software and API. Think you can write a better BitLox client? Give it a try!
In writing our apps, we stay away from wallet “APIs” that are provided by various data services. We prefer to use “raw” data pulled from various providers. That way we can change these providers more easily, and be more resilient.

What are some of the design elements that have went into the BitLox wallet making it just a bit bigger than a credit card?

Good grief, it’s MUCH harder than you would ever believe to get things crammed into a small space. The chips have a physical height of ~1 mm, the case can be no thinner than 0.1 mm (even Titanium, though in one spot we get away with 0.08 mm), the screen is 0.9 mm, the board is 4 layers… and and and. It’s a complex 3D jigsaw puzzle, where everything has got to line up correctly. The case is computer-controlled machined out of a solid block of alloy, the internal electronic components are sometimes actually “embedded” into the printed circuit board itself. The faceplate is stamped and then laser cut/engraved for precision. All this has to then be put together with a tolerance of 0.02 mm. It’s crazy. Even so, after all this trimming and pushing, the BitLox is incredibly durable. You can throw it in a pocket and never worry you’ll bend it or damage it in any way.

BitLox Bitcoin Wallet Hands On

BitLox Bitcoin Wallet

Dana provided a BitLox wallet for us to try out. One of the first things that you notice is how sturdy it is. Being credit card-sized, and only as thick as three credit cards, it was still very solid. The wallet keys are flat but do have edges that might catch if you’re when moving it in and out of your wallet. That being said, the wallet comes with a nice leather case, which is durable and allows you to just throw the wallet in your pocket or backpack.

Setup of the wallet was fast and simple. The BitLox uses an e-ink display that is easy to see in different lighting conditions. Once you turn it on, it walks you through the setup. First you choose your language;  it has several options, which makes it useful for most people. The next step gives you the choice of three setups: Standard, Advanced and Expert. Each one gives you different levels of control and options. For this test we went with Standard as most people will use it. First you get to choose the length of your device pin. Once you choose 4 or any of the choices it will format the device. Now you generate the wallet pin again with various choices of length up to 8. Now your 12 word seed is generated write this down. It is how you restore your wallet if there is a problem or you can import it into any HD wallet to recover if you like. Now you can pair your wallet with the app.

The BitLox app for Android that we tested with is simple as well. Simply choose wired or Bluetooth connection on the BitLox, click scan on your device. Once it sees the wallet you simply click on the wallet in the app, type in your wallet pin on the BitLox. Now you see the specifics of your wallet. Transactions, options to sign a transaction, send or receive bitcoin. Simple and fast total setup time is 5 minutes or so. Your wallet qr code is shown on the BitLox for easy receiving of bitcoin.

We used the wallet for a couple weeks. In that time I had no failures or issues. I carried it around in my pocket just in its case and made several transactions.

Another great feature is that you can do several things with the wallet. If you think it is compromised, you can simply type in 911 as a pin. This will wipe the wallet. You can either restore from your seed or let it create a brand new wallet, addresses, and a new seed. I tried this twice; once from seed with no errors, and the second to do a completly new wallet and seed, which also worked fine.

Wallet Creation Process Formatting

BitLox also puts out firmware updates with a simple installer. One was issued during our review period; we updated and restored from the seed wit no issues. Overall, it is another excellent entry into the growing hardware wallet industry.

There are some concerns for some people, though. At this time, the source code is closed, which will turn off some people from the wallet. BitLox is releasing the app source code first and in the near future should probably release the wallet software as well. Once that is done, there is not much to worry about. Some will not like the Bluetooth connectivity as it can be seen as a weak link. Requiring the correct pin, though, makes hacking through Bluetooth nearly impossible. As always, use caution. You are your own bank with Bitcoin.

We liked the wallet and its easy to use functionality and durability. Only the possibly of a key getting hooked and pulled up seems to be the physical concern. Dana and his team have been quick to answer questions and help if needed. Both the wallet firmware and the app receive regular attention. Dana has also given out wallets to key Bitcoin developers to get their input which will help with future updates and compatibility.

Thanks, Dana, for taking the time to speak with us and the wallet to test out. We will keep you up to date on any new developments with BitLox.

What are your thoughts on the BitLox Bitcoin Wallet? 


Images courtesy of BitLox.

The post Interview With BitLox Bitcoin Wallet Creator Dana Coe appeared first on Bitcoinist.net.

Interview With BitLox Bitcoin Wallet Creator Dana Coe

Share