Lightning Network – LN Network DDOS’d and Attacked By Organized Group

A group calling itself Bitpico has bragged about attacking the LN (Lightning Network).  The group claims it is stress testing the network and the LN developers responded that they are analyzing and trying to close any attack vectors before the currency is used more.

It is almost a traditional DOS attack where nodes were flooded with false transactions to overwhelm them so no real transactions could get through (similar to a web attack that opens frivolous connections to overwhelm the server).

Inevitably almost all networks go through this and it really is a typical cat and mouse game in any public, permissionless blockchains.  It is really an IT security nightmare where no one is authenticated or vetted whatsoever.  There is little disincentive for organized and well-funded groups not to attack blockchains if they have enough motivation, and clearly many do.

 

Alibaba’s Sesame China’s All-in-One Credit Rating System

Alibaba’s Sesame Credit which launched in 2015 is one of the highest profile Social Credit Systems in China.  In part this is because it gathers a lot of data from Alibaba Cloud services (the same thing as essentially what Facebook, Google and other US companies do).  However, in China the process is more formal and complex as it isn’t just for spying and marketing purposes.

It is a system that essentially rates your associates, activities, lifestyle and not just your financial credit alone.  So it is both a pro and con in some cases that these aspects are used, but it all depends on your lifestyle.

I find it highly controversial and it all really depends on how fair will the system be and is it more fair than the traditional model?

With ICOs like Bloom I wonder how it will fare and compare?

Why Deleting Facebook Is Futile Unless…..

I’ve had this conversion with a lot of people over the years and what I’ve found is that the majority of people are complacent about privacy and security.  In a way it is good that some have woken up to what Facebook is and has been doing but this idea of some floated around that “I will trust Facebook until it gave me reason not to”.  This is a completely flawed idea in my opinion.  Facebook was never trustworthy and its TOS always gave it a right to violate your privacy, harvest your data for both government and marketing purposes etc… In fact Google, Gmail, Hotmail, Telegram, Whatsapp and the list goes on are free for a reason.  One, they make money by spying on you and they also provide a great backdoor to the NSA to spy on you (hopefully everyone now understand the PRISM spying network).

There were times where some would debate about the length and depth of spying by major free services but this is no longer in debate.  If you are using these freebie services and just delete Facebook alone you haven’t done enough.

Here are some steps to secure yourself and your privacy:

Delete Everything!

Seriously stop using these free chat and e-mail services and tell your friends and family that you won’t communicate via those mediums.

Secure Your E-mail

Use your very own, owned e-mail server with encryption including GnuPG to encrypt e-mails in both transit and storage.  There are providers who can get you a VPS or full Dedicated Server for this purpose.  You will probably find that your e-mail stops going missing, is fast and more reliable to boot!

Stop Using US Based Massive Cloud Servers

This could be in the form of an Amazon, Microsoft, Alibaba VPS instance but you can expect that those services will not be keeping your data private and most likely have been obliged to allow backdoor access to your server and data.

Another type of user would again be those who “store data in the Microsoft, Google or Apple Cloud”.  Stop using those services if you value your privacy.

Secure Your Chat

Everyone likes instant chat but did you ever wonder why all the traditional chat services like ICQ and MSN Messenger shutdown?  My belief is that being forced to chat on your phone makes it easier to both identify and track you but also to spy on you.  Once again top offenders are Telegram, Whatsapp and any similar ones.

To secure your chat you should run your own encrypted chat server.

These are just a few common sense things you can do to make it much more difficult to have your rights and privacy violated.  Personal and intimate moments shouldn’t be uploaded to the Cloud for corporate and government agencies to peruse!]

In general try to think in a security minded way perhaps as you would your house.  Would you feel secure at home if you knew your living quarters was shared with multiple people or that it was being spied on constantly.   Think about steps you would take to protect your house or property from intruders and spies.  Your digital house works the same way, so be sure to keep the keys and access in your control and not that of a third party which can’t be trusted.

We Need A Better Coin Now!

Cryptocurrency today as of the time of this writing is in a bit of a flux and identity crisis.  Part of this is due to a well directed campaign in the news via government and banking entities.  However, I will always give credit where it is due and many of the flaws that have been pointed out by these entities are completely true.  In fact, from a business, security and IT standpoint I find that most cryptocurrencies are almost impossible to use.  There are coins that individually address “some of the issues” but I have never seen a coin or team that “just seems to get it”.

Whether it’s how an ICO is run, basic functionality, security, privacy, getting out information it seems apparent to me that the vast majority of teams and coins do not sufficient combined IT and Business Knowledge to make things work.

There are just so many issues with a lot of the top coins that could kill them, let me name a few in no particular order.

Speed – 99% of cryptocurrencies are extremely slow taking minutes, hours or several days to complete a transaction!

Expensive – A lot of times you can spend a small fortune just sending a small amount of coin to someone (you could spend $100 to send $5 of coins with some Ethereum tokens for example)!

Security – Most coins are by default completely insecure.  Any coin that has a public ledger is insecure and has 0 privacy.  This allows for replay attacks and all kinds of nasty things.  It also means your activities are easily tracked and traced.  Imagine if your competitors can see exactly who is paying and who you are paying including the full amounts?  It would put your business at a huge disadvantage.  Having “public, permissionless blockchain” such as Bitcoin, Ethereum, Litecoin etc..  will mean the coins can never be secure when the whole public is involved.

Hardforks – Most coins are easily counterfeited, hard or softforked where basically anyone can copy an entire coin and just rename it and call it their own, while confusing and devaluing the original coin holders.  This should never be able to happen just for the reason of sanity, continuity and integrity.  There have already been scams like the BTG Scam and replay attacks.

PoW/Mining – It is absolutely crazy that mining still exists, as cool as it originally was, mining is now a hindrance in many ways to the cryptocurrency community.  Not only is it wasteful in terms of energy resources, it is unsustainable in both environmental, monetary and functional terms.  Returns are so slow with most major coins that it is almost not worth it unless your power is cheap or free.

To top it off why on earth should we let transactions be controlled by “miners finding the next block”.  It doesn’t secure the network anymore and that is because coins like Bitcoin were created before ASICs and assumed “no one would party would hold more than 10% hashing power”.  Of course single pools in China have way more than 10% power and so do some mining farms possibly.  This means that pools and large farms could work together to defraud people by sending false transactions and confirming it among themselves.  By the time the scam is realized the parties who initiated the scam would already have escaped with the money.

Mining also leads to centralization, the very thing that cryptocurrency was meant to avoid.  This inevitable because as difficulty increases, only large corporate or government players with deep pockets can continue.

The same applies with running full nodes, large organizations will be the one running them.

Usability – Most coins are unusable because they are slow and insecure but to make it worse there’s more.  The current coins are not easily integrated in a secure way.  You shouldn’t have to run a full Litecoin, Bitcoin or Ethereum node on a huge mega server with tons of RAM and HDD just to create receiving addresses and receive payments.  This not only inefficient, it is insecure because the same computer that generates the receiving addresses is usually the one that holds the wallet/funds.

To top it off you can send to a wrong or non-existent address and lose your money forever with virtually all currencies.  Blockchain is just a big database, couldn’t some query be done to make sure the address actually exists?!  On top of that there is no feedback, send by e-mail or notifications by e-mail you always need to keep your wallet open to notice.  It would be much easier if these different functions are kept separate.  However this is a problem too because most cryptocurrencies are admittedly not secure if you don’t sync the entire chain.  And that’s another issue, syncing is a huge issue with coins like Ethereum it is extremely slow and takes a ridiculous amount of CPU cycles.  Imagine paying someone from Craigslist in person  and one of you says “hold on mate sorry I have to wait for my wallet to sync for hours or days!”.

 

Facebook’s Mark Zuckerberg finally apologies for the 3rd party data breach

Mark Zuckerberg has been noticeably absent since the scandal broke.  It personally doesn’t surprise me because Facebook has never been safe, secure or private regardless of your privacy settings.  Your data is legally there to be traversed by third parties for marketing purposes and for governmental agencies to surveil and analyze you.  This is essentially all in the TOS and for a company based in the US they are legally obligated to co-operate with entities such as the NSA, FBI, CIA for whatever they need, even if it would normally be a violation of the law.

To add insult to injury, Mark Zuckerberg actually didn’t apologize in his initial response to the privacy issues.

Deeper issues have recently revealed right to the top of the British Government and the Royal Family, including MoD ties to SCL (the company which is regarded as one and the same as CA).  They had contracts with NATO, UK Tory Party, and even the US State Department.  There is a General Tolhurst who is an aide to the Queen who is also on the board of SCL.  Even closer is a third cousin of Queen Elizabeth the II, Ivar Mountbatten.

The reason I mention all of this is because it sounds more like a co-operation between elite business and government than an accidental data breach or hacking done on behalf of a private company.

This could be why Mark Zuckerberg has been so quiet about it, after all those who are familiar with IT security and espionage cannot believe this is just a group of hackers.  With the breach being so significant and wide scale, why didn’t Facebook notice this sooner?  It seems like they either noticed it or were fully aware, but only took action after someone revealed it to the public.

I am certain more revelations will come out and they will probably be no less shocking than what we know.

Edward Snowden Says Bitcoin’s Downfall Is Public Ledger

I couldn’t have said it better myself although I have said as much about all cryptocurrencies which have a public ledger.   Edward Snowden made the comment at the Blockstack event in Berlin, Germany.   They are completely insecure and unsuitable for personal or business use in the long-term due to a lack of privacy.   There are other issues that Edward touched on such as extremely slow transaction times and many more I’ve talked about in other posts.

Snowden also predicted that a coin which fixes these various issues could be the one to replace Bitcoin.  While I fully agree privacy and security in Bitcoin and most other coins are an issue, aside from that most currencies are slow, inefficient, difficult to use and simply don’t work properly to send or receive payments.  This will all eventually be fixed but so far what I find is that some currencies fix one problem while ignoring the rest.

Ledger Nano S Bitcoin Altcoin Hardware Wallet Hacked By Teenager

I have warned for awhile about these hardware wallets.  I’ve never trusted them as you truly don’t know what is in the hardware or firmware and if it could be extremely vulnerable.  As bad as it sounds a traditional, secure PC is still the safer way to handle your cryptocurrency.

A teenager stumbled upon a vulnerability by noting the CPU that controls the private keys cannot differentiate between authentic or user made firmware.  This CPU is used to transmit data including keys.  Without much effort he was able to compromise this supposedly secure hardware wallet.

On top of that it looks like Ledger tried to downplay the issue and brush off the teenager who warned them of the vulnerability.  In all fairness physical is required but that’s not good, you shouldn’t worry that if your hardware wallet is found that someone could easily extract your private keys and coins from it!

They’ve also recently admitted another vulnerability exists where attackers could trick users to send out their funds to hackers.

For this reason I still don’t recommend hardware wallets, you are much safer on a secure computer.

The NSA is spying on cryptocurrency including Bitcoin – Edward Snowden

Unsurprisingly Edward Snowden recently revealed to the world that the NSA is tracking cryptocurrency users including Bitcoin.  What makes it worse, but also not surprising is that they tricked users to install security software they wrote that actually feeds all of their private data, cryptokeys, back to the NSA directly.  It is soon going to be an absolutely necessity to increase your own security and to start using better, more secure coins that cannot be so easily tracked.  This is the equivalent of the government following you around and poking around your wallet and watching each transaction you do even with cash.  There’s no privacy anymore and ironically cryptocurrency is part of this reason, or shall we say at least, the majority of insecure, public, permissionless blockchain based currencies.    This could send the value of currencies like XMR/Monero skyrocketing as a Bitcoin alternative.  While Monero is in my opinion better in almost everyway to Bitcoin, it is still not the perfect coin as it does have some issues including the use of PoW and of course the whole public, permissionless issue, speed issues etc..

Ripple’s First Central Bank Contract with Saudi Arabia!

This is huge news for Ripple but apparently at the time of writing Ripple has tumbled more than 5% to .957 USD (under a dollar now).  To be honest I do hold Ripple but I believe my analysis to be unbiased.

The news is huge that Ripple will help Saudi Arabia settle foreign currency transactions and shows Ripple has proven itself in the large scale banking and even central banking industry.  It looks like other gulf countries including the UAE (United Arab Emirates) are going to be involved as well which could be really huge for Ripple.  One thing that many have said though is that none of these banking organizations involved are really interested in XRP.  They are using Ripple’s network but these transactions are not being funded or traded in XRP itself.

Some industry analysts have speculated that Ripple’s relationship with big banks is so strong that it may have strong incentive in the future to literally kill/dissolve XRP.

Despite this my outlook on Ripple is strong with the reservations about it mainly being a tool for large banks.  Don’t get me wrong, the technology works well for transactions in terms of being low-fee, fast not having to sync the blockchain, very secure (aside from no first party wallets….) but can we trust this company to protect our interests and those of its large banking clients?

I think this is why Ripple has been volatile itself, from an investment standpoint it sounds great but also bad because Ripple is kind of a crypto-rebel by essentially being the tool that cryptocurrency was meant to fight or free us from (the tool of big banks and now Saudi Arabia’s central bank.).

To look at it from the other perspective though this could mean a huge rise for Ripple in valuation but it could also mean the opposite.  Ripple has carved out an incredible niche but at the same time risks alienating its main users and investors.  The question is what will Ripple as a private and centralized blockchain do?

I do agree the author of the quoted article above could very well have it right for the end game.   It’s a shame because Ripple solves a number of key issues while also introducing security and trust issues at the same time.  Ripple works well but will it literally sell us users and investors out to central banks in the future?

I’ve attempted to play the lotto and will seek Ripple’s comment on these concerns but regardless of assurances only time will tell where things head.

Meltdown and Spectre Analysis and Current Status

There seems to be a lot of complacent or feel-good news that Meltdown and Spectre will solve themselves or that no worry or care should be taken from users but this couldn’t be further from the truth.  In reality while CPU makers say “there are no known cases of exploits” doesn’t do much to allay fears of those in the know.  This is because Spectre and Meltdown will not leave any trace or evidence that you’ve been hacked.  Although it can be argued that there may be some signs of unauthorized access if that was how access was gained.

However, the nature of Spectre and Meltdown allow for normal authorized users, programs and even scripts on websites to exploit you.  This is why it is so scary as there’s really no way to be certain you haven’t been breached.

It’s an issue for everyone because these exploits could impact anything from your bank, transportation/transit, airplanes, nuclear power plants, and basically anything else that relies on computing security since Meltdown and Spectre are a complete breakdown of those barriers.  I won’t go into more of the basic details but I did make a quick “take on the issue here“.

The good news

There were patches quickly released for a lot of Linux, Windows and Mac devices.  However this doesn’t mean that the users installed the patches or that all users have the ability or access to do so.  Take for example physically remote computers, devices and perhaps some that are running headless that may not be easily accessible or that for some reason have patches disabled (this is more common than you’d think in production or mission critical environments).

Then what about old and unsupported versions of operating systems or that old security system, phone, or TV box, or even ATM whose manufacturer may not be around anymore or is just simply not offering support?

It’s the same issue with many common worms and viruses, patches, and fixes may be issued but millions or more are often still affected long after for various reasons.

The bad news

Even if we assume that Google discovered these flaws first, and if we assume they weren’t mandated to be put there via ARM, AMD and Intel what about insiders who know about this back in June or even earlier on?   From that point a number of individuals and groups could have compromised or damaged sensitive data and computer systems.  There’s still time since a lot of devices and people will not be patched yet.

And to make things worse, the only true way to solve this issue is with a CPU microcode update, which is not simple to deploy especially on embedded devices and any mistake can lead to a bricked device.

These OS patches are just that “patch work”, a hack or work around to mitigate the issue.

Then there’s the question of “we know there are 3 variants or vectors of attack”.  What if there are others that are not yet discovered?  You can be well equipped and funded organizations/hacking groups are working on this as we speak and they certainly won’t be disclosing it.  Until all devices have microcode updates there’s no way to certain we are safe from unknown vectors related to Spector and Meltdown.

What can you do?

Simply look out for the latest updates for your devices/phones/computers and install the update but don’t falsely assume a new update means you are protected unless you’ve read so that “this update fixes the Spectre and Meltdown” issue.