Led 22

Avoid These Exchanges If You Want to Keep Your Bitcoins

Hackers stole over $1.8 billion in 2018 from crypto exchanges. So, if you’re still trusting one with your private keys, you really ought to know better. But if you’re too busy or too lazy to set up a hardware wallet for your funds, at least you should know where exchanges rank when it comes to cybersecurity. According to a report by CER and Hacken, not very well.

Top 100 Crypto Exchanges by Cybersecurity Score

CER and Hacken evaluated the state of the cybersecurity in the top 100 crypto exchanges by volume on CoinMarketCap as of January 1. What they found was a little disturbing.

Without getting overly technical, for the sake of this study, cybersecurity means all the processes and technologies an exchange has in place to deter hackers from entering its system. An effective system, says CER, is one that reduces a hacker’s chances of breaching it.

Since crypto exchanges must be responsible for users’ money and personal data, strong cybersecurity is imperative.

Cyber Security Score (CSS) Methodology

To measure cybersecurity at the top 100 exchanges, the companies checked whether they had sufficient user security in place, server security, and some kind of Ongoing Crowdsource Security Assessment (OCSA).

When it comes to server security, factors cush as SSL/TLS certificates, secure cookies, and open ports come into play. If a hacker uncovers just one vulnerability in a server it is enough to compromise all the components and cause huge monetary losses.

The user security level takes into account all the elements that exchanges can add to make it easier and safer for users entering and transacting on their exchange. These include things like 2FA, captcha, and strict password requirements.

Data Breach Exposes Thousands of Investors in a John McAfee-backed Cryptocurrency

If there is no captcha, for example, hackers can easily uncover a user’s password. 2FA significantly decreases the chances of an account being compromised since a telephone is needed as well as simply entering through one device. And when it comes to passwords they can simply be cracked with “brute force” if they are too weak.

Ongoing Crowdsource Security Assessment (OCSA) refers to whether an exchange has any processes in place to improve and develop their cybersecurity. This could be a Bug Bounty program that looks for white hat hackers to find vulnerabilities with the system, either in-house, or through a special platform like Hacken.

Avoid These Exchanges If You Want to Keep Your Funds

According to the research, the least safe of all the exchanges are:

These three exchanges all scored less than 5 out of a possible 10 points, based on the factors mentioned above. The safest exchanges are:

  • Kraken
  • Coinbase Pro
  • Binance and BitMEX

Only Kraken managed to achieve a score of above 9 out of 10, while Coinbase Pro racked up 8.74, and Binance and BitMEX achieved 8.50 each.

Almost Zero Ongoing Programs Throughout

Only 13 percent of all exchanges have ongoing Bug Bounty programs in place to improve their security. Another major weak point for these top exchanges is their  HTTP Security Headers with some 59 percent of exchanges missing 6-7 of the 7 headers required.

According to Ledger CEO Eric Larcheveque, crypto is the easiest asset in the world to steal. So keeping your funds in an exchange is really not advisable.

And as per the findings of this study, the top exchanges are among the lowest scoring when it comes to CSS, with Bithumb number 1 on CMC, and 98th in the CER top 100 crypto exchanges.

Do you agree with the study’s conclusions? Share your thoughts below!

Images courtesy of Shutterstock

Čvc 08

New EU Cybersecurity Laws to Cover Online Banking, Markets

Source: bitcoin

EU flag

The European Union (EU) parliament has approved a new set of cybersecurity laws, ordering firms in “essential service” industries like banking, health, energy and transport to bolster their defenses against cyber-attacks.

Also read: Industry Report: How China, France, and the FBI Do Bitcoin

The EU network and information security (NIS) directive represents the first EU-wide standards on cybersecurity. According to an EU parliament statement, they are designed to increase cooperation between member states as well as to prevent attacks on EU countries’ interconnected infrastructure.

EU Parliament rapporteur Andreas Schwab said:

“Cybersecurity incidents very often have a cross-border element and therefore concern more than one EU member state. Fragmentary cybersecurity protection makes us all vulnerable and poses a big security risk for Europe as a whole.”

Requirement to Report Breaches

Of note is a provision within the laws covering digital service providers — such as cloud services, search engines and online marketplaces.

As well as taking measures to protect their infrastructure, these companies will also have to report any major breaches or security incidents to national authorities.

Given the law’s specific mention of online financial services, and KYC/AML requirements for bitcoin exchanges falling in line with those covering banks, there’s no doubt digital currency service providers will need to take extra care to protect their clients’ property and personal data.

The European parliament approved new regulations to cover bitcoin exchanges earlier this year. While not seen as particularly restrictive, the regulations called for “precautionary monitoring” of the industry and the appointment of a watchdog to keep an eye on its development.

Another set of proposed rules are aimed at making trading more transparent and preventing tax evasion. It should be noted, however, that most digital currency exchanges operating in the EU already have customer identification requirements similar to those of banks.

What EU Countries Will Need to Do

For NIS, Union member states will need to identify which companies are operating as “essential services” using set criteria, e.g: is the service critical for society and the economy? Is a security incident at those companies likely to have “significant disruptive effects” on providing their services?

A new EU-wide strategic co-operation group will form to share information and assist EU member states in building their cybersecurity capacity. The existing European Network and Information Security Agency (ENISA) will assist with implementation.

They will be required to form a network of “Computer Security Incident Response Teams” (CSIRTs) to handle incidents, identify risks, and formulate a set of responses.

The NIS directive will come into force 20 days after publication in the EU Official Journal, after which member states will have 21 months to draft individual national laws that comply.

Will the new laws make any difference to the way European bitcoin exchanges handle security and customers’ personal information?

Images courtesy of User Irinawave, Wikimedia Commons.

The post New EU Cybersecurity Laws to Cover Online Banking, Markets appeared first on Bitcoinist.net.

New EU Cybersecurity Laws to Cover Online Banking, Markets

Čvn 02

Federal Reserve Faced Hundreds of Cyber Attacks Since 2011

Source: bitcoin

Bitcoinist_Federal Reserve

According to a report from the Federal Reserve, the financial institution has faced over 300 cyber attacks between 2011 and 2015. This number is quite significant, but it is not surprising in the last, as hackers have taken a liking to attacking financial institutions.

Also read: Spoofed Kraken Email Is A Mt.Gox Victims Phishing Attempt

Although the report is only available in heavily redacted format, Reuters has managed to extract some interesting details. In several dozen occasions, somebody managed to access information that was beyond their level of authorization. Most of these attacks were executed by hackers and spies, though, rather than people working for the Federal Reserve.

Federal Reserve Is A Popular Target

It is important to keep in mind this report only serves as a representation of what has really gone on behind the scenes. Financial institutions such as the Federal Reserve are constantly under threat. However, the report only mentions attacks affecting the Board of Governors, rather than the privately owned branches.

Malicious code, unauthorized access, and information disclosure were the most common threats to the Board of Governors.Interestingly enough, the Federal Reserve’s national cybersecurity team greatly exceed the number of reports by the local cybersecurity team.

In total, 310 reports were filed by the Board of Governors between 2011 and 2014. Nearly half of those attacks were labeled as hacking attempts, although some reports were not classified under a specific banner. Moreover, there have been eight information breaches between 2011 and 2013, all of which occurred through malicious code used by hackers.

Espionage is a factor as well through these incidents, as four incidents were classified under this moniker. Two of these attacks resulted in data being stolen, although the report doesn’t mention specific details. The Federal Reserve report mentioned an additional 51 information disclosure incidents.

What are your thoughts on the Federal Reserve not disclosing the full truth about cyber attacks? Let us know in the comments below!

Source: Reuters

Images courtesy of Federal Reserve, Shutterstock

The post Federal Reserve Faced Hundreds of Cyber Attacks Since 2011 appeared first on Bitcoinist.net.

Federal Reserve Faced Hundreds of Cyber Attacks Since 2011

Úno 15

Manifold Technology CEO Chris Finan: “Blockchain Is Inherently a Security Technology”

Source: bitcoin

Manifold Technology

Manifold Technology is positioning itself to capitalize on the inevitable blockchain database industry. As Bitcoin’s blockchain technology continues to gain mainstream recognition from the very businesses that previously shunned it, large institutions still struggle to decide what to do with the blockchain. All they know is that this new technology is supposedly more secure, and they want to learn more about it. 

Also read: Uber Data Breach Proves Blockchain Model Needed

Manifold Technology was founded by Chris Finan and Rob Seger. Finan was the White House Director for Cybersecurity Legislation and Policy under Obama and helped draft the President’s Cybersecurity Executive Order. The team started Manifold Technology because they were tired of the whack-a-mole life of building security tools. Since 2014, the team has worked to use cryptographic protocols to empower individuals and institutions via decentralization. Finan explained:

“Blockchain is inherently a security technology that allows for really efficient data synchronization and systems of record built on that cryptographic proof.”

Manifold Technology: Blockchain Security Needs Database Functionality

Earlier this year, the company’s Manifold Liquidity Platform joined BitPay, LibraTax, Ripple, and others as Blockchain-as-a-service options available on Microsoft Azure. The cloud offering of the Manifold Liquidity Platform is just a gateway to see what the technology can do for complex account reconciliation challenges. Manifold Technology is also working with the Royal Bank of Canada on their foray into the blockchain technology space.

The immutability provided by the cryptographic proofs used in all blockchain technology provides auditable security and allows for uncensored truth. Even those that think Bitcoin is only used for nefarious purposes must admit that the Bitcoin network’s continued survival is a testament to the security success of the underlying technology. Blockchain advocates believe that every company should be considering using a blockchain instead of a database. Hardcore bitcoinists take it a step further and posit that the only blockchain with any real security is the Bitcoin blockchain. Manifold Technology CEO Chris Finan believes that you shouldn’t have to choose between a blockchain or a database. “It’s a false choice,” he lamented.

Manifold Technology believes that a successful product needs to interface with the legacy database technology. This sort of hybrid blockchain database is the likely future for both of these technologies. Finan emphasized why a willingness to interface with legacy institutions and technologies is necessary:

“You can’t ask these businesses to completely re-architect their systems. You need to be able to plug in and work with all types of existing queries and workflows. The scale that we’re going to be able to reach globally is going to be mind blowing. It’s not about rebranding the legacy databases – You’re creating something new by adding immutability.”

It’s becoming obvious that banks want all the benefits of the blockchain without any of the negative publicity associated with its often misunderstood psuedonymity. Psuedonymous systems are actually quite friendly to compliance measures and Manifold has that also baked into their platform.

What do you think about Manifold Technology? Let us know in the comments below!

The post Manifold Technology CEO Chris Finan: “Blockchain Is Inherently a Security Technology” appeared first on Bitcoinist.net.

Manifold Technology CEO Chris Finan: “Blockchain Is Inherently a Security Technology”

Úno 11

Encryption is Keeping Global Leaders In the ‘Dark’

Source: bitcoin

Encryption is Keeping Global Leaders In the ‘Dark’

February 11, 2016 The use of encryption whether in messaging applications, using Bitcoin and other methods of privacy-centric technology continues to bother global leaders. Some of these technical advances have given authorities the opinion that they are being kept in the “dark.” Now Government officials in the U.S. are proposing to increase their funding to crack today’s encryption methods and enhance security. The Obama administration’s latest proposal the “Cybersecurity National Action Plan” details that the president believes cybersecurity is a difficult challenge for America.

Also Read: Coinbase CEO Brian Armstrong Announces Switch to Bitcoin Classic

The White House is just one group of authority figures who wants to up cybersecurity funding. The FBI according to their recent memo would like to add $38 million more to their budget to help crack encryption. In the report, it mentions how encryption is on the rise and this, in turn, is making data collection harder. In a section called “Going Dark” addressing the issue the paper reads in request for the $38 million in funding:


Going Dark: $38.3 million — The requested funding will counter the threat of Going Dark, which includes the inability to access data because of challenges related to encryption, mobility, anonymization, and more. The FBI will develop and acquire tools for electronic device analysis, cryptanalytic capability, and forensic tools.” — Federal Bureau of Investigation

Since the Paris attacks and other unfortunate events bureaucrats have been promoting the idea that encryption should be breakable by government officials. Many bureaucrats such as the U.K.’s David Cameron, presidential candidate Hillary Clinton, and others have objected against strong encryption. Officials over the past year have pressed technology related businesses to allow authorities access to cracking device encryption. Executives like Apple’s current CEO and many others have been against this approach of handing over inaccessible data over to federal agents. However in its latest press release, the Obama administration’s statement on cybersecurity says they will be partnering with giant tech companies to advance the government’s goals. Firms such as Google, Facebook, DropBox, and Microsoft are mentioned in the White House brief. However, the Obama administration bolsters the use of two-factor authentication to be used by citizens and organizations within the nation and is mentioned multiple times. But due to increased levels of malicious hacking, identity theft and terrorism the White House wants to boost funding to fight against these crimes. The press release reads:

“The Department of Justice, including the Federal Bureau of Investigation, is increasing funding for cybersecurity-related activities by more than 23 percent to improve their capabilities to identify, disrupt, and apprehend malicious cyber actors.” — White House Cybersecurity Action Plan

In a recent article from the publication, Motherboard Vice an FBI official explains that the increased funding will be used for hacking tools. In an encrypted chat Christopher Soghoian, a technologist from the American Civil Liberties Union told the online magazine, “The days of reliable wiretaps are vanishing. [Hacking] is the next best thing for the FBI.” Officials are finding that they have to compete with the level of technology to apprehend these types of criminals. The FBI believes their request for increased funding is valid and empowers their services to keep up with the technological times. The FBI states:

“This combination of authorities gives the FBI the unique ability to address national security and criminal threats that are increasingly intertwined and to shift between the use of intelligence tools, such as surveillance or recruiting sources, and law enforcement tools of arrest and prosecution. The FBI can shift seamlessly between intelligence collection and action allowing the agency to continue gathering intelligence on a subject to learn more about his social and financial network, and shift gears quickly to make an arrest if harm to an innocent person appears imminent.” — Federal Bureau of Investigation

Encryption is growing popular and governments all across the globe are feeling kept in the dark. These new proposals and policy regulations may affect technology like cryptocurrency, private messaging, and anything with a level of encryption. Many people believe that cryptography has protected our private affairs and civil liberties, so this war against the use of it will not happen without a fight.

What do you think about the federal government’s increased measures to stay ahead of encryption? Let us know in the comments below.   

Images courtesy of Pixbay, Shutterstock and Wiki Commons


The post Encryption is Keeping Global Leaders In the ‘Dark’ appeared first on Bitcoinist.net.

Encryption is Keeping Global Leaders In the ‘Dark’

Led 07

Cybersecurity Regulators Feel Companies Need To Step Up To Protect Consumer Privacy

Source: bitcoin

Cybersecurity Regulators Feel Companies Need To Step Up To Protect Consumer Privacy

In the world of technology, there has always been a huge debate going on regarding consumer privacy policies. Ever since the Internet came around, regulators have been struggling to keep up with privacy policy adoption, and that gap is going only growing larger now that technology is evolving at an accelerated pace. During the CES 2016 interview, heads of two cybersecurity regulation agencies stated how tech companies need to be more vigilant regarding personal information protection.

Also read: New BTCC Bitcoin Nodes Are Hosted on Amazon Web Services

The Game of Consumer Privacy Responsibilities Continues

There is no denying something has to change if companies and governments want to properly protect consumer privacy and data. Solutions used today are not adequate from a technology point of view, and privacy policies drafted by regulators are raising a fair amount of questions as well.

The biggest culprits addressed during the CES 2016 panel were internet service providers, as they have a responsibility to ensure collected information is transmitted and stored in a secure manner. Just a few months ago, British ISP TalkTalk fell victim to a major database breach, and customer records of a lot of people were stolen by unknown assailants.

It was only a matter of time until the topic regarding personal device security became a subject of conversation, as all types of devices are gathering sensitive user information. No one knows exactly how all of that information is shared or used, and what the repercussions of doing so might be in the long run.

Edith Ramirez, the chairwoman of the FTC, stated how she is worried about her health care data being used by third-parties. In fact, it has become such a big worry that she decided to revert to a pedometer, rather than using a fitness armband or other wearable device syncing with a mobile or desktop application.

Various companies around the world are collecting user data, without giving any hint as to why they are collecting these details. More importantly, it is impossible to tell who is recorded what type o f data to begin with. More transparency would be a good start, however, that responsibility does not lie solely with manufacturers and service providers.

Regulation Agencies Need To Step Up

To a lot of people, hearing regulation agencies talking about how companies need to be more transparent, is a joke. Governments are notorious for harvesting user data without shedding any light on what type of information they acquire, let alone how they are using it. If there is one area where more transparency is needed, it would be at the very top of the information harvesting chain.

That being said, there is a lot of work to be done before consumer privacy, and data are being treated with the respect it deserves. The time for talk is coming to an end, and it is time to see some actions being taken by either or both parties in this regard. Disrespecting consumer privacy has gone on for far too long, and these shenanigans have to come to an end.

What are your thoughts on consumer privacy and data harvesting? How can we make sure this information does not fall into the wrong hands? Let us know in the comments below!

Source: CNET

Images courtesy of CES 2016, Shutterstock

The post Cybersecurity Regulators Feel Companies Need To Step Up To Protect Consumer Privacy appeared first on Bitcoinist.net.

Cybersecurity Regulators Feel Companies Need To Step Up To Protect Consumer Privacy