Petro Coin Is Venezuela’s Nicolas Maduro’s Sanction Hot Cryptocurrency Backed by Gold, Oil and Diamonds

The Petro Coin is a very exciting project announced by Venezuelan President, Nicolas Maduro.  What makes this project interesting is a bunch of firsts, this coin would be the first staterun cryptocurrency and is also backed by physical assets, namely 5 Billion Barrels of Crude Oil, Gold and Diamonds.  This is a solid coin and currency in its own respect.

Back in the days when fiat currency was significant, valuable and important, there was the “gold standard” where essentially the amount of currency in circulation and value was a direct reflection of how much gold it was backed by.  If executed as promised, the Petro Coin would achieve exactly this as a first in the crypto world.

Why do I think this coin will succeed if executed and implemented as marketed and planned?

Russia, China and Iran.  2/3 (Russia and Iran) are currently sanctioned and China has been threatened with sanctions.  Since the Petro Coin was founded as a way to restore wealth, prosperity and escape the sanctions guess who, as an ally of Venezuela and also parties with a vested interest would both profit directly and indirectly from the Petro Coin’s success?  I anticipate massive amounts of money would pour in from Russia, China and Iran even if it is discreet and indirect.  If I am right I would expect that this coin could be hugely successful and a top coin.
On top of this President Maduro has recently asked allies in the region to get on board with the Petro project.

What are some downside risks?

Judging from social media some are very averse for various political reasons to this coin.  Another risk would be that this coin would almost certainly have trouble, be outright prevented, or removed from any Western based exchange.  Being listed on major exchanges is a key success because if no one can buy or trade your coin then it’s not going anywhere fast.  However, there are enough overseas exchanges to take care of this issue, and I suspect Venezuela would have enough resources to create their own exchanges to solve this issue.  However, the boycott and difficulty in trading this coin are potential risks, especially if as I anticipate, some governments would simply just make it a crime for their citizens to hold or trade in this coin.  It would be interesting to see where this all heads.

It’s also been reported that Venezuela’s Congress (the opposition) has declared this currency and coin completely illegal.  However, it also appears that this has no legal bearing and will not prevent the project from moving ahead.

Should I invest in this coin?

I can’t answer that because only hindsight can clearly show us.  I am planning to invest in it as long as the project is executed as marketed and planned.  Politics aside I think this could be a win-win for people inside and outside of Venezuela.  If this coin helps Venezuela escape sanctions this would almost certainly lead to an improvement for the people of Venezuela since sanctions mainly end up hurting the people (especially the poor).

Cryptocurrency vs the Current Financial System Which is more evil?

Hello internet friends!

So I’ve had a lot of questions and concerns from friends and family about cryptocurrency with so many scary and dire predictions and proclamations in the MSM.

If you’ve heard the news lately you may think it would be crazy to ever get into cryptcurrency because the news says it’s a dangerous bubble, pyramid scheme, illegal, used to finance criminal activity, used to finance terrorism, is completely anonymous and 200% evil.

While there are definitely some truths to the MSM articles like most issues in life I feel it is with an agenda and not an accurate reflection of the true picture, reality and future of cryptocurrency.

To give you an idea of my perspective to be honest when my wife first told me about Bitcoin I said “there is PayPal”, “it will never be anything”, and there will be “lots of fraud and scams”.  I was right about the third one at least (1/3) :)

The Main Points The Media Makes About Cryptocurrency and How They Fair Against Fiat Currency

  1. Cryptocurrency facilitates illegal transactions, terrorism, money laundering by being anonymous and without regulation.
  2. Cryptocurrency is a bubble and pyramid scheme that won’t last.
  3. Investing in it is too speculative and risky.
  4. There are lots of scams.
  5. Coins are worth nothing because they were created from nothing.
  6. Cryptocurrency can and will be banned.

The reality as I see it in comparison to fiat

  1. While I am sure it is true crypto has been used for illegal purposes the same can be said of fiat cash ever since the beginning of time.  Cash can be used anonymously and is used that way each day.  I think this is a moot point since almost anything in the world with legitimate and good purpose can and will be used for illegal activities.
  2. I do believe crypto will have a serious crash in line with the 1929 Wall Street stock crash or the 2008 financial crisis but that didn’t stop stocks and I believe the same of crypto.
  3. This is a broad term, there are literally thousands of coins which serve completely different purposes.  There is no doubt some have stronger fundamentals and will last while others are truly worthless for various reasons.  There is also massive speculation in our traditional financial system, whether the US housing crisis that put people under water, penny stocks and failed stocks, bonds and mutual funds.
  4. This is absolutely true, there have been a lot of scams in the crypto world, however there are scams with fiat such as fake money, debit/credit card skimming etc.
  5. This is true, just as it was of fiat money but this depends on the time period.  It’s arguable that back when the gold standard existed that fiat had a certain value and was backed by gold, but today the world is freely printing money out of thin air or “nothing”.
  6. I do believe it will be banned in some countries, primarily what we’ve seen is exchanges getting shut down in China and Korea but it hasn’t stopped cryptocurrency from sky rocketing.

The Universal Truth

While the media does make some valid points, they are really blown out of perspective.  Cryptocurrency does have issues, as does fiat but what I suspect this really is about is the fact that our modern banking and financial system is at risk.  Since most cryptocurrencies are decentralized, no one person, organization typically has any control over them.  You cannot freeze an individual, organization or country’s assets anymore.  In times of war, duress or even genocide such as Myanmar it would be possible for the underbanked to use a cryptocurrency such as XLM (Stellar Lumens from the creator of XRP/Ripple) to safe guard your money across borders and against unjust seizure.  With cash or wire there would likely be no time to do such a thing if your city is being razed by the Burmese army.

There is significant risk in the future for cryptocurrency’s which really haven’t seen a seriously long, sustained correction.   Yes there have been flash crashes and drops of 25% in a day but they usually all come back higher than ever.  This is a bull market without question.  On that note I’d like to point out that the financial side of the crypto world functions almost entirely like the current financial system.

Take for example the dominant US dollar, it is still one of the most commonly used settlement currencies in the world which is a way it has artificially held value regardless of how the US economy has performed.

In the crypto world I feel Bitcoin/BTC is on top because it is the main currency used on trading exchanges.  In fact on most exchanges you have to convert your other coins into BTC usually to buy into other coins.  You can place traditional Limit and Stop Market orders as well.  In this sense the crypto world has volatility because it’s a fast changing world with new coins, players and buyers/sellers are coming in and out of the market.  You can see people taking profits when some coins surge, just as you would with traditional stocks.  If the currency or project behind the currency hasn’t changed in a negative way there’s usually no reason to worry or panic.  Instead seasoned investors will wait for the pullback to buy more of their favorite coins.

The Final Word

I think the death of cryptocurrency is highly anticipated and overstated.  I do agree the weak coins and ICOs will die, but the coins with strong fundamentals will not be going away.  Cryptocurrency is here to stay and there’s no way it can be stopped, it can be regulated and this will somewhat shape the future but we’re now in a period where more regular people will not only invest and trade in cryptocurrency but it will be used as commonly as everyday debit and credit, something that obviously banks and government will take issue with.  The answer is truly that you can’t fight the market or will of the people, there are solutions and ways for there to be a win-win but the bankers won’t let their market without a fight.

Why I Didn’t Get In On QASH Coin from Quoine/Liquid ICO

I actually saw this ICO days before but got very frustrated why it was so complicated.  I still struggle to figure out what’s what with so many terms and names behind this project.

To break it down they are the following as I understand it.

  1. Quoine is the name of the company at Quoine.com
  2. QASH Coin is the name of their token
  3. Liquid is the name of their trading platform at https://liquid.plus ….no clue what it is for
  4. Qryptos is actually the name of their trading site (all of this is super confusing and extremely frustrating in my opinion-it would be very easy for a phishing attack to be successful when these companies have several different sites and names associated with a project)

What initially stopped me from even getting in was the fact they force you to signup for their exchange and want your ID so I didn’t complete it.

However with their fantastic marketing of the ICO following I did proceed and one thing I give them is that my ID was approved fast (I believe within a day or less).  However they were advertising an ICO that was over which wasn’t at all clear until after poking around their site.  I couldn’t understand why I couldn’t buy the coins (this is not a normal ICO where you just send coins to a certain address).

The most confusing thing is that there was still an ICO section that made it look like you could buy the tokens which never worked.

Qryptos-QASH-ICO-Fail

I eventually assumed I needed BTC to buy their coin but that didn’t work either.

Then I e-mailed their support (like most Crypto teams/ICOs/Companies they never replied to this day).

Quoine-No-Support

That’s not entirely true though they have been sending me SPAM happily and even an angry e-mail about the issue being ignored before was ignored by the person sending the SPAM.  To me it’s absolute confirmation that this company doesn’t care about its users or investors.

Quoine-No-Support1

Their system

In all honesty their exchange worked fairly well outside of the ICO fail.  When I went to withdraw my BTC I was a bit miffed at how there was some delay for security reasons they said which seemed to imply human intervention was required to release my funds.  This makes me worry that you could run into a situation where your funds could be held.   With this company being from Japan I don’t trust it because I was thinking Mt. Gox bad (the famous Bitcoin scam/heist of a large Japanese trading site).  It is also weird that their address is in Singapore but it is a Japanese company.

I think this is the “typical ICO” which I will definitely avoid.  I’m certain I am not the only upset and frustrated investor with how these companies treat their investors.  To me it screams of arrogance and simply not caring/poor customer service that you could send large amounts of money and they won’t even give you an answer or any help at all.

And for that reason I don’t really trust their system or their company if they can just ignore you like that.  What if you are using their exchange and something else goes wrong such as your coins going missing or a withdrawal that doesn’t work? I’d expect there would be no response just like the issue I had with their ICO.

In terms of performance their coin has done quite well, it would have been a good investment if I could have only purchased their coins but it wasn’t meant to be.

The future of this company is unclear like many in this industry and it will depend on their service (or lack of it) which I suspect will do many exchanges and crypto companies in the coming years.

Meltdown and Spectre Analysis and Current Status

There seems to be a lot of complacent or feel-good news that Meltdown and Spectre will solve themselves or that no worry or care should be taken from users but this couldn’t be further from the truth.  In reality while CPU makers say “there are no known cases of exploits” doesn’t do much to allay fears of those in the know.  This is because Spectre and Meltdown will not leave any trace or evidence that you’ve been hacked.  Although it can be argued that there may be some signs of unauthorized access if that was how access was gained.

However, the nature of Spectre and Meltdown allow for normal authorized users, programs and even scripts on websites to exploit you.  This is why it is so scary as there’s really no way to be certain you haven’t been breached.

It’s an issue for everyone because these exploits could impact anything from your bank, transportation/transit, airplanes, nuclear power plants, and basically anything else that relies on computing security since Meltdown and Spectre are a complete breakdown of those barriers.  I won’t go into more of the basic details but I did make a quick “take on the issue here“.

The good news

There were patches quickly released for a lot of Linux, Windows and Mac devices.  However this doesn’t mean that the users installed the patches or that all users have the ability or access to do so.  Take for example physically remote computers, devices and perhaps some that are running headless that may not be easily accessible or that for some reason have patches disabled (this is more common than you’d think in production or mission critical environments).

Then what about old and unsupported versions of operating systems or that old security system, phone, or TV box, or even ATM whose manufacturer may not be around anymore or is just simply not offering support?

It’s the same issue with many common worms and viruses, patches, and fixes may be issued but millions or more are often still affected long after for various reasons.

The bad news

Even if we assume that Google discovered these flaws first, and if we assume they weren’t mandated to be put there via ARM, AMD and Intel what about insiders who know about this back in June or even earlier on?   From that point a number of individuals and groups could have compromised or damaged sensitive data and computer systems.  There’s still time since a lot of devices and people will not be patched yet.

And to make things worse, the only true way to solve this issue is with a CPU microcode update, which is not simple to deploy especially on embedded devices and any mistake can lead to a bricked device.

These OS patches are just that “patch work”, a hack or work around to mitigate the issue.

Then there’s the question of “we know there are 3 variants or vectors of attack”.  What if there are others that are not yet discovered?  You can be well equipped and funded organizations/hacking groups are working on this as we speak and they certainly won’t be disclosing it.  Until all devices have microcode updates there’s no way to certain we are safe from unknown vectors related to Spector and Meltdown.

What can you do?

Simply look out for the latest updates for your devices/phones/computers and install the update but don’t falsely assume a new update means you are protected unless you’ve read so that “this update fixes the Spectre and Meltdown” issue.

My Take On Meltdown and Spectre Computer Security Flaws

Spectre and Meltdown allow a non-privileged user (non-root/non-Admin)  to access memory they aren’t supposed to essentially dissolving the majority of computing security and privacy barriers.  This could be a guest user collecting sensitive information/passwords for an entire database, group of users, network etc..

If you are using any computing device whether it be an ARM based device, Intel CPU (although Intel is the worst offender at this point), AMD CPU this issue affects you and billions of other devices and users around the world.  Whether you are on Linux, Unix, Windows, Mac this applies to you.  It is really an unmitigated scandal and disaster for both privacy, security and even safety with long lasting and wide ranging ramifications that will continue to playout for years.

I’ve made a comment in the past about security, IOT and how there are many devices that are now unsupported or can’t be updated leading to huge security issues.  We are now unfortunately there and have been since 1995.

This issue was first reported by Google Project Zero and they are known as the Meltdown and Spectre Vulnerabilities that affect all microprocessors made since 1995 (the modern computing era).

To make it worse there are 3 known “variants” or attack vectors known (I suggest there may be more that are undisclosed or not yet known to the public).  With variants 1,2 being very similar (known as Spectre) and variant 3 known as Meltdown.

  • Variant 1: bounds check bypass (CVE-2017-5753)
  • Variant 2: branch target injection (CVE-2017-5715)
  • Variant 3: rogue data cache load (CVE-2017-5754)

The attack is possible due to “speculative execution” where CPUs (computer chips) essentially try to predict future work needed and will actually do sometimes unneeded work as the performance hit for doing this is less than waiting to execute the instructions later.   This means the computer sometimes performs work that isn’t needed and not used to increase performance, where things have gotten bad is through this feature, it’s possible for a normal user/process to gain unrestricted access to memory that you shouldn’t have access to.

What is Spectre?

The primary variants (1,2) that make up Spectre  rely on the user exploiting the speculative feature of the CPU to write to memory under their control.  This allows a normal user to read basically all memory processes allowing keys, passwords and confidential data to be intercepted.  AMD Claims that Variant #2 does not impact them as well.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

What is Meltdown?

Meltdown is the third and more serious and nasty variant that still relies on the speculative execution exploit/flaw but actually allows the attacker to read arbitrary memory (so basically anywhere at will).  The key feature of Meltdown is that it is the easiest attack to perform and it has been demonstrated on the Intel platform already.

The only good news is that apparently this Meltdown attack only affects Intel and not AMD.

https://access.redhat.com/security/vulnerabilities/speculativeexecution

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

Redhat has also done an excellent writeup about the issue here:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

How To Protect Yourself

First and foremost you should update your devices as soon as patches become available.  In Linux enabling KPTI can protect you.   However for some major distributions of Linux users are still waiting for a patch.

If you are vulnerable and performing critical operations it’s time to make tough choices including possibly turning off your machines or denying all non-admin users access to a server/services if possible.

Ensuring rotation of keys and passwords can also mitigate your risks even if passwords have been compromised.

It comes down to good security practices all around such as segregating services to different physical machines, restricting physical and virtual user access.

If possible remove all non-essential or untrusted applications from your device/computer/server.

Dedicated Servers Will Become More Popular

There has been a huge trend to put everything into the Cloud, one that I have reservations with despite owning companies that offer our own private Cloud.

Fortunately we haven’t been impacted by Spectre and Meltdown and are not vulnerable but it does raise questions from our clients that we’ve mentioned before.

I’ve always advocated for physical segregation, which means that if possible you should have your own physical dedicated server that is encrypted and running a minimum set of services with as a few users as possible.  By doing this you significantly reduce your risk in a scenario like this by putting your company database, e-mail, VPN, websites, file server on physically different servers.

Serious Questions and Concerns Raised

I would raise the question that is it really possible that such a wide-ranging exploit was completely unknown for this long until a team from Google discovered it?  Considering the budgets of major intelligence agencies around the world who are constantly looking to find exploits of their own it is conceivable that this vulnerability may have been exploited for far longer than it was publicly known by specific groups.

Another one is Intel’s response to it by apparently being accused of singling out AMD when as of now, Intel is far more vulnerable.

Since these chip makers are all US based is it possible they were mandated by law to introduce speculative execution in such a similar way that this vulnerability would be possible?  Considering recent revelations I don’t think it would be inconceivable.

Are there more than 3 variants and if we assume that no one else really knew about Variants 1-3 is it not possible that a well-armed team could find new ways to exploit them?

Long-term Value for Intel, AMD and ARM

At the time of writing Intel’s stock was down about 3% but this could get worse for either of these companies if one’s vulnerabilities keep increasing and/or one of them is hit with a larger exploit.

Conclusion

It’s hard to give an honest conclusion as we’re just getting started and this is all we know about the Variants 1,2 (Spectre) and Meltdown.  So far it looks like we were lucky to choose AMD.  The key issue that will come out of this is how many devices and users will remain vulnerable by being unable to patch or if they have a device that cannot be easily patched or there is no longer any support from the vendor?  This would increase the amount of zombies and data security breaches several fold.

This is also a good time and a wakeup call for all companies to do a security audit and if they don’t have dedicated security staff, to bring in some good IT and security auditors to assess and mitigate these risks before they become costly losses.