Security

Cyberlock Lawyers Threaten Security Researcher Over Vulnerability Disclosure 78

Posted by Soulskill
from the what-year-is-this dept.
qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states: "The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i ... hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results. (sic)" What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity? Related: Bitcoin exchange company Coinbase has been accused of spying on a dark net researcher.
Bitcoin

Bitcoin Is Disrupting the Argentine Economy 251

Posted by timothy
from the when-promises-are-fulfilled dept.
HughPickens.com writes: Nathaniel Popper writes in the NYT that with its volatile currency and dysfunctional banks, Argentina is the perfect place to experiment with a new digital currency. The number of Bitcoin users in Argentina is relatively small; it barely registers on most charts of global Bitcoin usage. But Argentina has been quietly gaining renown in technology circles as the first, and almost only, place where Bitcoins are being regularly used by ordinary people for real commercial transactions. For example, BitPagos is selling bitcoins in over 8,000 Argentine convenience stores and is helping more than 200 hotels, both cheap and boutique, take credit-card payments from foreign tourists. The money brought to Argentina using Bitcoin circumvents the onerous government restrictions on receiving money from abroad

The Rock Hostel is one of hundreds of hotels in the country using BitPagos to collect credit-card payments from foreign customers. If owner Rodriguez Pons accepted credit-card payments from American customers through the usual financial channels, customers would be billed in dollars, and when those dollars came to Pons's Argentine bank account, they would be converted at the official rate, about 30 percent lower than the black-market rate. It would also take 20 days for Pons to get her pesos. BitPagos helped counter these drawbacks by taking the credit-card payment in the United States and then using the dollars to buy Bitcoins, generally from Coinbase, before sending them to Pons immediately.

Bitcoin proponents like to say that the currency first became popular in the places that needed it least, like Europe and the United States, given how smoothly the currencies and financial services work there. It makes sense that a place like Argentina would be fertile ground for a virtual currency. Inflation is constant: At the end of 2014, for example, the peso was worth 25 percent less than it was at the beginning of the year. And that adversity pales in comparison with past bouts of hyperinflation, defaults on national debts and currency revaluations. "In the long run, Bitcoin will be very disruptive to the developed world," says Dan Morehead, a former Goldman Sachs executive who now runs a hedge fund focused on Bitcoin. Things are happening sooner in Argentina, he says, because its financial system creates hassles for the people there. But, he added, "Argentina is just a more extreme example of the situation in every country."
Security

New Javascript Attack Lets Websites Spy On the CPU's Cache 134

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes: Bruce Upbin at Forbes reports on a new and insidious way for a malicious website to spy on a computer. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack. The exploit, which the researchers are calling "the spy in the sandbox," is a form of side-channel attack. Side channel attacks were previously used to break into cars, steal encryption keys and ride the subway for free, but this is the first time they're targeted at innocent web users. The attack requires little in the way of cost or time on the part of the attacker; there's nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker.
Crime

New Dark Web Market Is Selling Zero-Day Exploits 30

Posted by samzenpus
from the finest-crime dept.
Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers' zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal's creators say they're looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.

Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Bitcoin

MIT May Help Lead Bitcoin Standards Effort 67

Posted by Soulskill
from the rename-it-MITcoin dept.
gthuang88 writes: With everyone from PayPal merchants to Rand Paul starting to accept Bitcoins as payment, the race is on to develop technical standards for the virtual currency. Now MIT Media Lab director Joi Ito is getting ready to unveil a plan for MIT to become an independent, neutral home for standards development. Ito is enlisting cryptographer Ron Rivest and economist Simon Johnson to help with the effort, which could provide an academic alternative to the Bitcoin Foundation for conversations about the currency's future. Ito says, "I’m not pushing it, but I’m offering MIT as a neutral academic home for some of the conversations and the technical coordination. Which I think will give a lot more stability to Bitcoin, which right now is a little bit fragile."
Bitcoin

Has the Bitcoin Foundation Run Out of Cash? 71

Posted by timothy
from the why-would-they-use-cash dept.
itwbennett writes The Bitcoin Foundation, an organization that promotes development of bitcoin, is 'effectively bankrupt' and has shed most of its staff, according to Olivier Janssens, a member of the foundation's board of directors. Janssens attributed the foundation's financial straits to two years of 'ridiculous spending and poorly thought out decisions,' adding that the board has tried to remedy the situation by finding a new executive director. Two other board members, however, said the foundation was not bankrupt, though in need of some kind of restructuring.
Bitcoin

How To Make a Bitcoin Address With a TI-89 Calculator 56

Posted by timothy
from the next-week-how-to-make-a-castle-out-of-toothpicks dept.
sarahnaomi writes: The power of Bitcoin is giving your dusty old TI-89 calculator a second chance of being useful. Matt Whitlock, who helped make one of the world's first Bitcoin ATMs, is at it again. In a video posted on to Vimeo, he showed how using the calculator once only used for high school geometry and a 12-sided die makes a secure address for your Bitcoin account. The video self-explanatory. Load up your calculator with the code, roll it 72 times and enter the number rolled into it. After that, the calculator pumps out a private key and address.
Bitcoin

After Anti-Donation Executive Order, Bitcoin Donations For Snowden Jump 289

Posted by timothy
from the evading-injustice-is-more-like-it dept.
ZDNet reports that after a recent executive order from President Obama "said to have made it illegal to donate to Edward Snowden's fund," anonymous donations to the fund have soared -- at least ones as anonymous as Bitcoin makes possible. From the article: A new executive order signed into law this week by the president has one online community up in arms, after its loose wording effectively ruled out donating to Edward Snowden and others. In a post on Reddit's Bitcoin subreddit, members pledged to donate to the whistleblower's relief fund, despite the wording of the new executive order suggesting that doing so was illegal. In the new executive order, signed into law on Wednesday, US President Barack Obama declared cyber-threats aimed at the US a "national emergency." The order threatens sanctions against those (including US residents) who engage in cyberattacks and espionage activities that threaten US interests at home and abroad. The wording of the order specifically addresses any person whose "property and interests in property are blocked pursuant to this order who might have a constitutional presence in the United States." Redditors were quick to assume (likely correctly) that this includes Edward Snowden, who for more than a year-and-a-half has lived in Russia, evading US justice.
China

Bitcoin In China Still Chugging Along, a Year After Clampdown 31

Posted by timothy
from the government-vs-the-people dept.
angry tapir writes A year after China began tightening regulations around Bitcoin, the virtual currency is still thriving in the country, albeit on the fringes, according to its largest exchange. Bitcoin prices may have declined, but Chinese buyers are still trading the currency in high volumes with the help of BTC China, an exchange that witnessed the boom days back in 2013, only to see the bust following the Chinese government's announcement, in December of that year, that banks would be banned from trading in bitcoin.
Bitcoin

Silk Road Investigators Charged With Stealing Bitcoin 144

Posted by samzenpus
from the was-that-wrong? dept.
itwbennett writes Two former U.S. government agents face charges related to stealing hundreds of thousands of dollars worth of bitcoin while assisting with an investigation of the Silk Road underground online marketplace, with one accused of using a fake online persona to extort money from operators of the site. Facing charges of wire fraud and money laundering are Carl Force, 46, of Baltimore, a former special agent with the U.S. Drug Enforcement Agency, and Shaun Bridges, 32, of Laurel, Maryland, a former special agent with the U.S. Secret Service. Both served on the Baltimore Silk Road Task Force, which investigated illegal activity on the Silk Road website, the Department of Justice said Monday in a press release.
United Kingdom

UK Setting Itself Up To Be More Friendly To Bitcoin Startups 43

Posted by samzenpus
from the anything-goes dept.
An anonymous reader writes While various states in the U.S. (most notably: New York) are trying to regulate every last aspect of Bitcoin, making it very difficult to innovate there, the UK appears to be going in the opposite direction. It's been setting up much more open regulations that would allow for greater freedom for Bitcoin startups to innovate without first having to ask for permission. In fact, the British government decided that what is most appropriate is to work with the digital currency community to develop a set of best practices for consumer protection and create a voluntary, opt-in regime. Hopefully other governments take note.
Bitcoin

Evolution Market's Admins Are Gone, Along With $12M In Bitcoin 254

Posted by Soulskill
from the digital-golden-parachute dept.
tsu doh nimh writes: The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community's bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.
IBM

IBM Reported To Be Developing Blockchain-Based Currency Transaction System 78

Posted by Soulskill
from the mining-your-own-business dept.
An anonymous reader writes: According to a Reuters source, IBM is working with the U.S. Federal Reserve and other central banks to develop a digital currency transaction system using the same blockchain technology that underpins Bitcoin — but which will deal with existing national currencies. The anonymous source says: "These coins will be part of the money supply...It's the same money, just not a dollar bill with a serial number on it, but a token that sits on this blockchain," Despite vocal community protest about the potential "co-opting" of a geographically-neutral cryptocurrency in favor of a centrally-controlled distributed transaction ledger, the IBM project, if true, is only one among hundreds seeking to leverage the blockchain for new transaction systems.
Bitcoin

California Looking To Make All Bitcoin Businesses Illegal 224

Posted by samzenpus
from the your-money-is-no-good-here dept.
An anonymous reader writes A new law has been proposed in California that would effectively outlaw all Bitcoin-related businesses that don't first get "permission." The details are vague within the bill itself, which is part of what makes it dangerous. If you're doing anything with virtual currency, you may have to go line up in Sacramento to get permission first.
Software

uTorrent Quietly Installs Cryptocurrency Miner 275

Posted by Soulskill
from the your-cpu-is-our-cpu dept.
New submitter Eloking sends news that uTorrent, a popular BitTorrent client, is silently installing cryptocurrency mining software for many users. [uTorrent] brings in revenue through in-app advertising and also presents users with “offers” to try out third-party software when installed or updated. These offers are usually not placed on users’ machines without consent, but this week many users began complaining about a “rogue” offer being silently installed. The complaints mention the Epic Scale tool, a piece of software that generates revenue through cryptocurrency mining. To do so, it uses the host computer’s CPU cycles. ... The sudden increase in complaints over the past two days suggests that something went wrong with the install and update process. Several users specifically say that they were vigilant, but instead of a popup asking for permission the Epic Scale offer was added silently.
Bitcoin

One Year Later, We're No Closer To Finding MtGox's Missing Millions 178

Posted by Soulskill
from the crime-pays dept.
itwbennett writes: When Mt. Gox collapsed on Feb. 28, 2014, with liabilities of some ¥6.5 billion ($63.6 million), it said it was unable to account for some 850,000 bitcoins. Some 200,000 of them turned up in an old-format bitcoin wallet last March, bringing the tally of missing bitcoins to 650,000 (now worth about $180 million). In January, Japan's Yomiuri Shimbun newspaper, citing sources close to a Tokyo police probe of the MtGox collapse, reported that only 7,000 of the coins appear to have been taken by hackers, with the remainder stolen through a series of fraudulent transactions. But there's still no explanation of what happened to them, and no clear record of what happened on the exchange.
United States

US Govt and Private Sector Developing "Precrime" System Against Cyber-Attacks 55

Posted by samzenpus
from the knowing-is-half-the-battle dept.
An anonymous reader writes A division of the U.S. government's Intelligence Advanced Research Projects Activity (IARPA) unit, is inviting proposals from cybersecurity professionals and academics with a five-year view to creating a computer system capable of anticipating cyber-terrorist acts, based on publicly-available Big Data analysis. IBM is tentatively involved in the project, named CAUSE (Cyber-attack Automated Unconventional Sensor Environment), but many of its technologies are already part of the offerings from other interested organizations. Participants will not have access to NSA-intercepted data, but most of the bidding companies are already involved in analyses of public sources such as data on social networks. One company, Battelle, has included the offer to develop a technique for de-anonymizing BItcoin transactions (pdf) as part of CAUSE's security-gathering activities.
The Almighty Buck

Will Greek Finance Minister Varoufakis Support Cryptocurrency In Greece? 253

Posted by timothy
from the for-health-points dept.
giulioprisco writes New Greek Finance Minister Yanis Varoufakis, former Economist-in-Residence at game developer Valve Corporation, sees something like Bitcoin — or, more likely, a state-controlled "Fedcoin" — possibly playing a role in the (necessarily creative) rescue of the Greek economy. "The technology of Bitcoin, if suitably adapted, can be employed profitably in the Eurozone," he said.
Government

Fedcoin Rising? 127

Posted by timothy
from the insert-quarter dept.
giulioprisco writes US economists are considering a government-sponsored digital currency. On February 3, David Andolfatto, Vice President of the Federal Reserve Bank of St. Louis, wrote a blog post based on a presentation he gave at the International Workshop on P2P Financial Systems 2015 [YouTube video]. The title of the blog post is "Fedcoin: On the Desirability of a Government Cryptocurrency."
Encryption

Darkleaks: an Online Black Market For Selling Secrets 44

Posted by timothy
from the hey-bub-psssst dept.
An anonymous reader writes Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet. The Darkleaks project is built on top of the Bitcoin blockchain, and can be used by downloading this software package (source code is open).