FINOM ICO Review and Regrets

This was a very expensive ICO at $2 per token.  It supposedly includes a NOM and FIN coin for each purchase.  So far there haven’t been many real updates about when we’ll receive these tokens.  All I do know at this point is that one of them will be locked for a year.  The cost was very high so I certainly hope this wasn’t a scam designed to collect a large amount of coins (as many ICOs are).  I hope they will go ahead with their projects and that this coin will return well.  Since the price was so high investors now have extremely high expectations over more reasonably priced ICOs.  Can the team deliver or do they even care to?  Time will tell but if my experience with an overpayment is an indication this team may not be honest or trustworthy as is the case with the majority out there unfortunately.

I’m a user of Nanopool and that’s how I found this ICO but I am already having regrets but let’s get into what FINOM claims to be.

They claim they merged the 3 projects into what is called FINOM with Mining (Nanopool), Cryptonit (their own cryptoexchange) and, Tabtrader (Banking).

I know nothing about the other projects but Nanopool works well.  What’s weird and good is that Nanopool seems to be Chinese based since it has an ICP license.

The troubling part is the question is who is really running these projects and company?  It’s not clear, they claim to be from Switzerland yet Nanopool is a Chinese website so there is Chinese ownership.  When looking at who is behind Finom most of them appear to be extremely young people.  The issue for me is why did they register in Switzerland when the entire team seems to have no connection there?  Was it to artificially build trust?  This is concerning because as far as I can tell they all really appear to be based in China and other parts of the world so why try to hide this?

Screenshot-Nanopool - Mozilla Firefox

Why am I upset?

Well first of all I feel silly but frustrated with Ethereum when I was trying to send to this ICO the Ethereum network was “congested” as it often is.  When I was trying to send I kept seeing in the console that the transaction was rejected so I kept trying.  However I didn’t realize the Ethereum wallet doesn’t show pending transactions and may attempt to send more ETH than your account has if you keep sending small amounts that are pending.

I ended up sending more ETH than I intended to them which are of course worth far more now.  I opened a support ticket explaining what had happened only to be ignored after several attempts:

 

FINOM-Scam

After a month of waiting for support I e-mailed the “hello@finom.io” that they encourage you to use on their website but that didn’t work.

Then I started getting SPAM from the owner who appears to be overseas and thought I’d reply directly to the owner.

Finom-KirillSuslov-Support-Scam-Ignoring-Investors

Unfortunately like most crypto projects and companies they are always content to collect your coins, they’ll SPAM you and create an impression that they an honest and community driven project but usually it couldn’t be driven further from the truth.

Experiences like these drive investors like me to not only become frustrated but we become less likely to invest in new projects going forward.

It’s hard to tell skeptics concerned about scams and fraud that it doesn’t happen or to justify that “most ICOs and most crypto players are honest” when in terms of IT, support and communication I haven’t seen anything more arrogant or dishonest than experiences like these.  It’s a world where our IT projects and clients would not tolerate this treatment and it’s only a matter of time before investors vote with their wallets out of both genuine fear and frustration.

 

Mercatox Cryptocurrency Exchange Review

I found Mercatox because they were one of the few that had some coins I wanted to buy but have since given up out of both frustration and lack of trust.  Unfortunately in traditional form these smaller exchanges are usually broken or worse, some are often unreliable or outright scams.

The first notice I saw was a warning of “not to deposit to old BTC addresses due to security issues”.  It is good to warn your users but why couldn’t they secure their own wallet?

So why not send some ETH?  Oops it’s not working.

Mercatox-ETH-Deposit-Not-Available

Dogecoin is “Not Available”

LTC is “Under Maintenance”.

Mercatox-Broken

So basically you have an exchange that isn’t working from the start and can’t accept deposits.

That’s when I clicked the “Logout” button as fast as I could, never to return to Mercatox.  I’d rather not deal with the myriad of other issues that are the symptom of problems at the front end.  This is also because in the cryptoworld 9/10 companies will never help you no matter what (eg. missing coins, deposits, withdrawals) good luck unless you sue them (if you can find them since most are anonymous without real contact information or ownership).

 

 

Ethereum High Transaction Fees/Gas, Tokens and Exchanges = Bad Investment

Unlike many other coins with low withdraw fees and low transaction fees, Ethereum based ERC20 tokens are horribly expensive.  If you don’t spend a good amount on them you could actually be unable to purchase any due to the “high gas and transaction fees” of Ethereum, something that has been a huge problem.  Even Bitcoin is not as bad in the sense that at least you can just send a maximum amount and not worry about this ridiculous “gas calculation fee” which make Ethereum transactions more difficult and less predictable, and sometimes impossible due to randomly expensive gas prices.  You shouldn’t have to be a mathematician or programmer to figure out how to send Ethereum.  Unlike more simple, faster and easier to use currencies such as even Litecoin that just work.

Let’s give an example test of what happens if you send .1 Ethereum to an exchange and what it costs you.

I sent about .1 ETH to an exchange (about $100 USD) and the transaction fee was about $2.34.

I’ll show you what I mean and part of this is Binance but not exactly, their ERC20 Tokens have a high fee because they are expensive to send!  Compare this to a small amount of XLM I bought and sold.

Here is a good example of BAT I purchased 31 of them.  When I withdrew I only received 9.969!

Another example is SNT I purchased 69 but only received 36.931!

I already have XLM but to illustrate the difference see how much better it is to buy non ERC20 tokens, you lose so much value in sending ETH and then sending them back to your wallet.

I bought 44 XLM (Stellar Lumens) and was able to withdraw and receive 43.946!  Talk about low withdrawal fees.  It’s not Binance trying to rip us off but it comes down the high gas fees for these ERC20 Ethereum based tokens.  Unless you are buying a minimum of hundreds of thousands of these tokens they are simply not worth it.  This is strong disincentive for many to add to their position vs the low fees of buying other non ERC20 tokens.  I’ll go so far as to say Ethereum is disrupting trade with their high fees, not only this but ERC20 tokens will not grow for long with these kinds of ridiculous fees.  If the token/currency cannot be easily, quickly and affordably traded they will probably not have a strong future once others catch on.

Buying ERC20 tokens on Binance

Binance-Purchase-VS-WithdrawalFees

Withdrawing ERC20 tokens on Binance see how little you actually get because of high Ethereum transaction/gas fees!

BinanceWithDrawalvsBuyAmount

Some tokens get trapped look at what happened to my QSP!

I cannot withdraw it or sell it so it’s stuck in Binance unless the value goes up.

The reason is that Binance’s minimum is 60 QSP due to high transaction fees.

I cannot sell it because the minimum sell on Binance for this coin is 0.02 ETH.

Again this is all down to high transaction fees on these tokens making it impossible.

Binance-QSP-Trapped

How about trying to buy KIN a new ERC20 Coin?  I just want a few thousand of them no problem right?

Me: Good day dear sir! I’d like to buy 5959 KIN the hot new ERC20 token!

Bancor teller: Yes sir that will cost you 0.004 ETH.  Let me directly access your Ethereum wallet (promise not to take any of your coins) and process this transaction.

Screenshot at 2018-01-10 13-44-25

Me: No problem OK I see the transaction request………

Me: Wait……..I am just trying to pay you 0.004 ETH or about $5.15 but the Gas/Transaction Fee is $103.45 or 0.080354 ETH.  Sorry this is ridiculous but I’m not paying it and I won’t buy any ERC20 tokens today.

Screenshot at 2018-01-10 13-48-55

Ethereum and its tokens are conning people out of money and may lead to its own implosion and have a huge impact on ICOs

As we can see above this is just one big problem with Ethereum aside from security, slow transactions and being extremely user unfriendly it’s also unfriendly to your bank account.  I predict in the future this will have a massive and negative impact on the crypto industry.  As more people find that these tokens are essentially wasted money due to high fees they will eventually start investing in and using proper currencies that work and that have fair fees and higher transaction speed.

Petro Coin Is Venezuela’s Nicolas Maduro’s Sanction Hot Cryptocurrency Backed by Gold, Oil and Diamonds

The Petro Coin is a very exciting project announced by Venezuelan President, Nicolas Maduro.  What makes this project interesting is a bunch of firsts, this coin would be the first staterun cryptocurrency and is also backed by physical assets, namely 5 Billion Barrels of Crude Oil, Gold and Diamonds.  This is a solid coin and currency in its own respect.

Back in the days when fiat currency was significant, valuable and important, there was the “gold standard” where essentially the amount of currency in circulation and value was a direct reflection of how much gold it was backed by.  If executed as promised, the Petro Coin would achieve exactly this as a first in the crypto world.

Why do I think this coin will succeed if executed and implemented as marketed and planned?

Russia, China and Iran.  2/3 (Russia and Iran) are currently sanctioned and China has been threatened with sanctions.  Since the Petro Coin was founded as a way to restore wealth, prosperity and escape the sanctions guess who, as an ally of Venezuela and also parties with a vested interest would both profit directly and indirectly from the Petro Coin’s success?  I anticipate massive amounts of money would pour in from Russia, China and Iran even if it is discreet and indirect.  If I am right I would expect that this coin could be hugely successful and a top coin.
On top of this President Maduro has recently asked allies in the region to get on board with the Petro project.

What are some downside risks?

Judging from social media some are very averse for various political reasons to this coin.  Another risk would be that this coin would almost certainly have trouble, be outright prevented, or removed from any Western based exchange.  Being listed on major exchanges is a key success because if no one can buy or trade your coin then it’s not going anywhere fast.  However, there are enough overseas exchanges to take care of this issue, and I suspect Venezuela would have enough resources to create their own exchanges to solve this issue. *Update Petro Coin’s ecosystem will apparently allow you to exchange and trade in physical assets, cash and other coins so the problem appears to be solved from the outset.  However, the boycott and difficulty in trading this coin are potential risks, especially if as I anticipate, some governments would simply just make it a crime for their citizens to hold or trade in this coin.  It would be interesting to see where this all heads.

It’s also been reported that Venezuela’s Congress (the opposition) has declared this currency and coin completely illegal.  However, it also appears that this has no legal bearing and will not prevent the project from moving ahead.

Should I invest in this coin?

I can’t answer that because only hindsight can clearly show us.  I am planning to invest in it as long as the project is executed as marketed and planned.  Politics aside I think this could be a win-win for people inside and outside of Venezuela.  If this coin helps Venezuela escape sanctions this would almost certainly lead to an improvement for the people of Venezuela since sanctions mainly end up hurting the people (especially the poor).

Early Success

Apparently Petro has raised nearly 3/4 of a billion USD in their initial private sale.  I’m again calling this as a positive sign and I highly suspect numerous state Sponsors from around the world contributed the funds even if indirectly.

In that sense Petro could be an incredibly strong and long-lasting cryptocurrency.  The funding behind it is already proof of concept.

On top of that Venezuela seems very serious about making their country a haven for all things crypto.  This coin could stabilize their economy and also make them the new “Singapore” of the cryptoworld if they continue to play this right.  Despite some negative comments and feedback, this point cannot be denied or overlooked in terms of investment.

My feedback

It’s been very difficult to find details about this coin, I’ve read various news articles and only recently found the official website.  They really need to do more marketing and make a proper URL/domain for this coin and not just a government subdomain.  I am certain fraud with this coin has already gone on with so many fake Petro sites that I’ve found which seem to be collecting coins.  They should pay particular attention to this as I imagine a lot of people will be calling Petro a scam because of these fake sites.

It also hasn’t been made clear of their plan but from my reading of the official site it appears initially Petro will be sold as an Ethereum token that will then be converted to their own blockchain and wallet once they have completed it.

Another risk is that people like me may begin to lose interest or even forget about it because I was hoping to get in on the private sale.

With that said, I’m not investing in any ICOs for the most part but Petro is one I am interested in for many reasons stated earlier in this post.

Where to find the official website

It took a lot of digging but here is the official Petro Coin website: http://elpetro.gob.ve/index-en.html

Cryptocurrency vs the Current Financial System Which is more evil?

Hello internet friends!

So I’ve had a lot of questions and concerns from friends and family about cryptocurrency with so many scary and dire predictions and proclamations in the MSM.

If you’ve heard the news lately you may think it would be crazy to ever get into cryptcurrency because the news says it’s a dangerous bubble, pyramid scheme, illegal, used to finance criminal activity, used to finance terrorism, is completely anonymous and 200% evil.

While there are definitely some truths to the MSM articles like most issues in life I feel it is with an agenda and not an accurate reflection of the true picture, reality and future of cryptocurrency.

To give you an idea of my perspective to be honest when my wife first told me about Bitcoin I said “there is PayPal”, “it will never be anything”, and there will be “lots of fraud and scams”.  I was right about the third one at least (1/3) :)

The Main Points The Media Makes About Cryptocurrency and How They Fair Against Fiat Currency

  1. Cryptocurrency facilitates illegal transactions, terrorism, money laundering by being anonymous and without regulation.
  2. Cryptocurrency is a bubble and pyramid scheme that won’t last.
  3. Investing in it is too speculative and risky.
  4. There are lots of scams.
  5. Coins are worth nothing because they were created from nothing.
  6. Cryptocurrency can and will be banned.

The reality as I see it in comparison to fiat

  1. While I am sure it is true crypto has been used for illegal purposes the same can be said of fiat cash ever since the beginning of time.  Cash can be used anonymously and is used that way each day.  I think this is a moot point since almost anything in the world with legitimate and good purpose can and will be used for illegal activities.
  2. I do believe crypto will have a serious crash in line with the 1929 Wall Street stock crash or the 2008 financial crisis but that didn’t stop stocks and I believe the same of crypto.
  3. This is a broad term, there are literally thousands of coins which serve completely different purposes.  There is no doubt some have stronger fundamentals and will last while others are truly worthless for various reasons.  There is also massive speculation in our traditional financial system, whether the US housing crisis that put people under water, penny stocks and failed stocks, bonds and mutual funds.
  4. This is absolutely true, there have been a lot of scams in the crypto world, however there are scams with fiat such as fake money, debit/credit card skimming etc.
  5. This is true, just as it was of fiat money but this depends on the time period.  It’s arguable that back when the gold standard existed that fiat had a certain value and was backed by gold, but today the world is freely printing money out of thin air or “nothing”.
  6. I do believe it will be banned in some countries, primarily what we’ve seen is exchanges getting shut down in China and Korea but it hasn’t stopped cryptocurrency from sky rocketing.

The Universal Truth

While the media does make some valid points, they are really blown out of perspective.  Cryptocurrency does have issues, as does fiat but what I suspect this really is about is the fact that our modern banking and financial system is at risk.  Since most cryptocurrencies are decentralized, no one person, organization typically has any control over them.  You cannot freeze an individual, organization or country’s assets anymore.  In times of war, duress or even genocide such as Myanmar it would be possible for the underbanked to use a cryptocurrency such as XLM (Stellar Lumens from the creator of XRP/Ripple) to safe guard your money across borders and against unjust seizure.  With cash or wire there would likely be no time to do such a thing if your city is being razed by the Burmese army.

There is significant risk in the future for cryptocurrency’s which really haven’t seen a seriously long, sustained correction.   Yes there have been flash crashes and drops of 25% in a day but they usually all come back higher than ever.  This is a bull market without question.  On that note I’d like to point out that the financial side of the crypto world functions almost entirely like the current financial system.

Take for example the dominant US dollar, it is still one of the most commonly used settlement currencies in the world which is a way it has artificially held value regardless of how the US economy has performed.

In the crypto world I feel Bitcoin/BTC is on top because it is the main currency used on trading exchanges.  In fact on most exchanges you have to convert your other coins into BTC usually to buy into other coins.  You can place traditional Limit and Stop Market orders as well.  In this sense the crypto world has volatility because it’s a fast changing world with new coins, players and buyers/sellers are coming in and out of the market.  You can see people taking profits when some coins surge, just as you would with traditional stocks.  If the currency or project behind the currency hasn’t changed in a negative way there’s usually no reason to worry or panic.  Instead seasoned investors will wait for the pullback to buy more of their favorite coins.

The Final Word

I think the death of cryptocurrency is highly anticipated and overstated.  I do agree the weak coins and ICOs will die, but the coins with strong fundamentals will not be going away.  Cryptocurrency is here to stay and there’s no way it can be stopped, it can be regulated and this will somewhat shape the future but we’re now in a period where more regular people will not only invest and trade in cryptocurrency but it will be used as commonly as everyday debit and credit, something that obviously banks and government will take issue with.  The answer is truly that you can’t fight the market or will of the people, there are solutions and ways for there to be a win-win but the bankers won’t let their market without a fight.

Why I Didn’t Get In On QASH Coin from Quoine/Liquid ICO

I actually saw this ICO days before but got very frustrated why it was so complicated.  I still struggle to figure out what’s what with so many terms and names behind this project.

To break it down they are the following as I understand it.

  1. Quoine is the name of the company at Quoine.com
  2. QASH Coin is the name of their token
  3. Liquid is the name of their trading platform at https://liquid.plus ….no clue what it is for
  4. Qryptos is actually the name of their trading site (all of this is super confusing and extremely frustrating in my opinion-it would be very easy for a phishing attack to be successful when these companies have several different sites and names associated with a project)

What initially stopped me from even getting in was the fact they force you to signup for their exchange and want your ID so I didn’t complete it.

However with their fantastic marketing of the ICO following I did proceed and one thing I give them is that my ID was approved fast (I believe within a day or less).  However they were advertising an ICO that was over which wasn’t at all clear until after poking around their site.  I couldn’t understand why I couldn’t buy the coins (this is not a normal ICO where you just send coins to a certain address).

The most confusing thing is that there was still an ICO section that made it look like you could buy the tokens which never worked.

Qryptos-QASH-ICO-Fail

I eventually assumed I needed BTC to buy their coin but that didn’t work either.

Then I e-mailed their support (like most Crypto teams/ICOs/Companies they never replied to this day).

Quoine-No-Support

That’s not entirely true though they have been sending me SPAM happily and even an angry e-mail about the issue being ignored before was ignored by the person sending the SPAM.  To me it’s absolute confirmation that this company doesn’t care about its users or investors.

Quoine-No-Support1

Their system

In all honesty their exchange worked fairly well outside of the ICO fail.  When I went to withdraw my BTC I was a bit miffed at how there was some delay for security reasons they said which seemed to imply human intervention was required to release my funds.  This makes me worry that you could run into a situation where your funds could be held.   With this company being from Japan I don’t trust it because I was thinking Mt. Gox bad (the famous Bitcoin scam/heist of a large Japanese trading site).  It is also weird that their address is in Singapore but it is a Japanese company.

I think this is the “typical ICO” which I will definitely avoid.  I’m certain I am not the only upset and frustrated investor with how these companies treat their investors.  To me it screams of arrogance and simply not caring/poor customer service that you could send large amounts of money and they won’t even give you an answer or any help at all.

And for that reason I don’t really trust their system or their company if they can just ignore you like that.  What if you are using their exchange and something else goes wrong such as your coins going missing or a withdrawal that doesn’t work? I’d expect there would be no response just like the issue I had with their ICO.

In terms of performance their coin has done quite well, it would have been a good investment if I could have only purchased their coins but it wasn’t meant to be.

The future of this company is unclear like many in this industry and it will depend on their service (or lack of it) which I suspect will do many exchanges and crypto companies in the coming years.

Meltdown and Spectre Analysis and Current Status

There seems to be a lot of complacent or feel-good news that Meltdown and Spectre will solve themselves or that no worry or care should be taken from users but this couldn’t be further from the truth.  In reality while CPU makers say “there are no known cases of exploits” doesn’t do much to allay fears of those in the know.  This is because Spectre and Meltdown will not leave any trace or evidence that you’ve been hacked.  Although it can be argued that there may be some signs of unauthorized access if that was how access was gained.

However, the nature of Spectre and Meltdown allow for normal authorized users, programs and even scripts on websites to exploit you.  This is why it is so scary as there’s really no way to be certain you haven’t been breached.

It’s an issue for everyone because these exploits could impact anything from your bank, transportation/transit, airplanes, nuclear power plants, and basically anything else that relies on computing security since Meltdown and Spectre are a complete breakdown of those barriers.  I won’t go into more of the basic details but I did make a quick “take on the issue here“.

The good news

There were patches quickly released for a lot of Linux, Windows and Mac devices.  However this doesn’t mean that the users installed the patches or that all users have the ability or access to do so.  Take for example physically remote computers, devices and perhaps some that are running headless that may not be easily accessible or that for some reason have patches disabled (this is more common than you’d think in production or mission critical environments).

Then what about old and unsupported versions of operating systems or that old security system, phone, or TV box, or even ATM whose manufacturer may not be around anymore or is just simply not offering support?

It’s the same issue with many common worms and viruses, patches, and fixes may be issued but millions or more are often still affected long after for various reasons.

The bad news

Even if we assume that Google discovered these flaws first, and if we assume they weren’t mandated to be put there via ARM, AMD and Intel what about insiders who know about this back in June or even earlier on?   From that point a number of individuals and groups could have compromised or damaged sensitive data and computer systems.  There’s still time since a lot of devices and people will not be patched yet.

And to make things worse, the only true way to solve this issue is with a CPU microcode update, which is not simple to deploy especially on embedded devices and any mistake can lead to a bricked device.

These OS patches are just that “patch work”, a hack or work around to mitigate the issue.

Then there’s the question of “we know there are 3 variants or vectors of attack”.  What if there are others that are not yet discovered?  You can be well equipped and funded organizations/hacking groups are working on this as we speak and they certainly won’t be disclosing it.  Until all devices have microcode updates there’s no way to certain we are safe from unknown vectors related to Spector and Meltdown.

What can you do?

Simply look out for the latest updates for your devices/phones/computers and install the update but don’t falsely assume a new update means you are protected unless you’ve read so that “this update fixes the Spectre and Meltdown” issue.

My Take On Meltdown and Spectre Computer Security Flaws

Spectre and Meltdown allow a non-privileged user (non-root/non-Admin)  to access memory they aren’t supposed to essentially dissolving the majority of computing security and privacy barriers.  This could be a guest user collecting sensitive information/passwords for an entire database, group of users, network etc..

If you are using any computing device whether it be an ARM based device, Intel CPU (although Intel is the worst offender at this point), AMD CPU this issue affects you and billions of other devices and users around the world.  Whether you are on Linux, Unix, Windows, Mac this applies to you.  It is really an unmitigated scandal and disaster for both privacy, security and even safety with long lasting and wide ranging ramifications that will continue to playout for years.

I’ve made a comment in the past about security, IOT and how there are many devices that are now unsupported or can’t be updated leading to huge security issues.  We are now unfortunately there and have been since 1995.

This issue was first reported by Google Project Zero and they are known as the Meltdown and Spectre Vulnerabilities that affect all microprocessors made since 1995 (the modern computing era).

To make it worse there are 3 known “variants” or attack vectors known (I suggest there may be more that are undisclosed or not yet known to the public).  With variants 1,2 being very similar (known as Spectre) and variant 3 known as Meltdown.

  • Variant 1: bounds check bypass (CVE-2017-5753)
  • Variant 2: branch target injection (CVE-2017-5715)
  • Variant 3: rogue data cache load (CVE-2017-5754)

The attack is possible due to “speculative execution” where CPUs (computer chips) essentially try to predict future work needed and will actually do sometimes unneeded work as the performance hit for doing this is less than waiting to execute the instructions later.   This means the computer sometimes performs work that isn’t needed and not used to increase performance, where things have gotten bad is through this feature, it’s possible for a normal user/process to gain unrestricted access to memory that you shouldn’t have access to.

What is Spectre?

The primary variants (1,2) that make up Spectre  rely on the user exploiting the speculative feature of the CPU to write to memory under their control.  This allows a normal user to read basically all memory processes allowing keys, passwords and confidential data to be intercepted.  AMD Claims that Variant #2 does not impact them as well.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

What is Meltdown?

Meltdown is the third and more serious and nasty variant that still relies on the speculative execution exploit/flaw but actually allows the attacker to read arbitrary memory (so basically anywhere at will).  The key feature of Meltdown is that it is the easiest attack to perform and it has been demonstrated on the Intel platform already.

The only good news is that apparently this Meltdown attack only affects Intel and not AMD.

https://access.redhat.com/security/vulnerabilities/speculativeexecution

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

Redhat has also done an excellent writeup about the issue here:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

How To Protect Yourself

First and foremost you should update your devices as soon as patches become available.  In Linux enabling KPTI can protect you.   However for some major distributions of Linux users are still waiting for a patch.

If you are vulnerable and performing critical operations it’s time to make tough choices including possibly turning off your machines or denying all non-admin users access to a server/services if possible.

Ensuring rotation of keys and passwords can also mitigate your risks even if passwords have been compromised.

It comes down to good security practices all around such as segregating services to different physical machines, restricting physical and virtual user access.

If possible remove all non-essential or untrusted applications from your device/computer/server.

Dedicated Servers Will Become More Popular

There has been a huge trend to put everything into the Cloud, one that I have reservations with despite owning companies that offer our own private Cloud.

Fortunately we haven’t been impacted by Spectre and Meltdown and are not vulnerable but it does raise questions from our clients that we’ve mentioned before.

I’ve always advocated for physical segregation, which means that if possible you should have your own physical dedicated server that is encrypted and running a minimum set of services with as a few users as possible.  By doing this you significantly reduce your risk in a scenario like this by putting your company database, e-mail, VPN, websites, file server on physically different servers.

Serious Questions and Concerns Raised

I would raise the question that is it really possible that such a wide-ranging exploit was completely unknown for this long until a team from Google discovered it?  Considering the budgets of major intelligence agencies around the world who are constantly looking to find exploits of their own it is conceivable that this vulnerability may have been exploited for far longer than it was publicly known by specific groups.

Another one is Intel’s response to it by apparently being accused of singling out AMD when as of now, Intel is far more vulnerable.

Since these chip makers are all US based is it possible they were mandated by law to introduce speculative execution in such a similar way that this vulnerability would be possible?  Considering recent revelations I don’t think it would be inconceivable.

Are there more than 3 variants and if we assume that no one else really knew about Variants 1-3 is it not possible that a well-armed team could find new ways to exploit them?

Long-term Value for Intel, AMD and ARM

At the time of writing Intel’s stock was down about 3% but this could get worse for either of these companies if one’s vulnerabilities keep increasing and/or one of them is hit with a larger exploit.

Conclusion

It’s hard to give an honest conclusion as we’re just getting started and this is all we know about the Variants 1,2 (Spectre) and Meltdown.  So far it looks like we were lucky to choose AMD.  The key issue that will come out of this is how many devices and users will remain vulnerable by being unable to patch or if they have a device that cannot be easily patched or there is no longer any support from the vendor?  This would increase the amount of zombies and data security breaches several fold.

This is also a good time and a wakeup call for all companies to do a security audit and if they don’t have dedicated security staff, to bring in some good IT and security auditors to assess and mitigate these risks before they become costly losses.