Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Nusrat Jahan Momo

Pages: 1 2 [3] 4 5 6
What have we learned this week about the dangers of sharing our lives on Facebook - and can we now take back control?

    Stream or download the latest Tech Tent podcast
    Listen live every Friday at 15:00 GMT on the BBC World Service

This week's Tech Tent explores how the biggest crisis in the social media company's history has unfolded - and asks what might happen next. Will Facebook really change its ways, or will regulators have to step in and make it be more transparent about how it uses our data?

After all, according to one of our guests Emma Mulqueeny, it and other platforms "utilised the easiest business model they could and closed their eyes and crossed their fingers that it would be too annoying, too complicated or too late by the time people started wanting to take control of their own data".

Some people have now decided to take to the courts to assert their rights over their own data. Among them is a US citizen, Prof David Carroll. He is taking Cambridge Analytica to court in the UK to get access to data he says it holds on him.

The company, which acquired the Facebook profiles of 50 million people from an academic researcher, boasted in the past that it had 4,000-5,000 data points on just about every American citizen.

Prof Carroll tells Tech Tent that this boast inspired him to demand his file but what he received from the company was "alarming but not complete", a model of the political beliefs he probably held and his likelihood to vote.

Convinced that there must be far more data, he went to court to seek it - not in the United States but in the UK where the law is more friendly to this kind of case. With Europe's major new data protection law GDPR arriving in May we can expect more cases to cross the Atlantic.

Source:bbc news

The firm that designed the sensors on the Uber self-driving car that killed a woman this week has said its technology was not to blame.

San Jose-based Velodyne told the BBC it was "baffled" by the incident, adding its equipment was capable of seeing in the dark.

Elaine Herzberg, 49, was struck by the car late on Sunday night in Tempe, Arizona. She died in hospital.

The investigation into what caused her death is ongoing.

Video of the incident was published by investigators earlier on Wednesday. It showed Ms Herzberg walking with her bicycle, away from a pedestrian crossing. Neither the car - nor its human driver - reacted.

A spokeswoman for Uber told the BBC it would not comment on Velodyne's view while the inquiry took place.
Source:bbc news

Allegations that research firm Cambridge Analytica misused the data of 50 million Facebook users have reopened the debate about how information on the social network is shared and with whom.

Data is like oil to Facebook - it is what brings advertisers to the platform, who in turn make it money.

And there is no question that Facebook has the ability to build detailed and sophisticated profiles on users' likes, dislikes, lifestyles and political leanings.

The bigger question becomes - what does it share with others and what can users do to regain control of their information?
Source:bbc news

Facebook boss Mark Zuckerberg has been called on by a parliamentary committee to give evidence about the use of personal data by Cambridge Analytica.

The consulting firm is accused of harvesting the data of 50 million Facebook users without permission and failing to delete it when told to.

Damian Collins, the chairman of the Commons inquiry into fake news, accused Facebook of "misleading" the committee.

London-based firm Cambridge Analytica denies any wrongdoing.

Both companies are under scrutiny following claims by a whistleblower, Christopher Wylie, who worked with Cambridge Analytica and alleges it amassed large amounts of data through a personality quiz on Facebook called This is Your Digital Life.

He claims that 270,000 people took the quiz, but the data of some 50 million users, mainly in the US, was harvested without their explicit consent via their friend networks.

Mr Wylie says that data was sold to Cambridge Analytica, which then used it to psychologically profile people and deliver pro-Trump material to them, with a view to influencing the outcome of the 2016 presidential election.

    Cambridge Analytica: The story explained
    Facebook data sharing - time to act?
    US consumer watchdog 'probes Facebook'

In a letter to Mr Zuckerberg, Mr Collins accused Facebook of giving answers "misleading to the Committee" at a previous hearing which asked whether information had been taken without users' consent.

He said it was "now time to hear from a senior Facebook executive with the sufficient authority to give an accurate account of this catastrophic failure of process".

Requesting a response to the letter by 26 March, the MP added: "Given your commitment at the start of the New Year to "fixing" Facebook, I hope that this representative will be you."

His intervention comes after the UK's Information Commissioner Elizabeth Denham said she would be applying to court for a warrant to search the offices of Cambridge Analytica.

The firm insists it followed the correct procedures in obtaining and using data, but it was suspended from Facebook last week.

President Donald Trump welcomed any investigation into Cambridge Analytica as "Americans' privacy should be protected", according to a deputy press secretary at the White House.
Source:bbc news

Latest Technology / Snapchat redesign is a 'flop' with users
« on: January 14, 2018, 10:49:18 AM »
Snapchat's redesign, which was rolled out at the end of last year, has not gone down well with users.

The refreshed look pushed out in the UK, Australia and Canada has proved unpopular, with up to 83% of reviews on the App Store being negative.

Many have complained that feeds are no longer chronological and are confusing.

Some have contacted Snapchat support on Twitter to air frustrations and asking it to return to the previous version of the app.
Source: bbc news

Software Engineering / Wireless recharging while on the move
« on: January 14, 2018, 10:43:33 AM »
Wireless recharging is gaining in popularity, but most of today's solutions require a mat that is itself plugged into the mains.

But one company at the CES trade fair is showing off a solution that can pinpoint a remote device to recharge over-the-air, even when moving in a car.
To know more please visit:

Software Engineering / Passenger drone thwarted by light drizzle
« on: January 09, 2018, 11:16:10 AM »
A light "sprinkling" of rain was enough to force the postponement of a passenger drone's maiden flight.
It was meant to be a bold display of a transportation utopia. Instead, it rained - ever so slightly - and the whole thing was called off.

The SureFly passenger drone, due to make its maiden voyage on Monday, stayed grounded over safety concerns.

The mild drizzle in the cool Nevada air apparently proved too much for the craft touted, by the company at least, as the future of commuting.

The drone was given permission to fly by regulators just last week.

The two-person electric-diesel hybrid is said to have a range of 70 miles (113km) and it is intended that it will one day work autonomously.
Source:bbc news

Internet Risk / Apple Confirms Devices Affected by Meltdown, Spectre
« on: January 09, 2018, 11:01:26 AM »
Apple has confirmed that nearly all of its devices have been affected by the two major chip-level security flaws found earlier this week, Meltdown and Spectre.

Separately, US-CERT has changed its guidance for protection from replacing processor boards to simply applying patches.

And, Shadow Brokers is purportedly offering the first exploits for the issues, which, as we previously reported, can be described as “side channel” attacks which allow attackers to steal passwords, customer data, IP and more stored in the memory of programs running on a victim’s machine. They work across PCs, mobile devices and in the cloud — and in the latter scenario, this could theoretically allow an attacker in a guest VM to steal data from other customers’ VMs on the same public cloud server.

As for Apple, it admitted that all iPhones, iPads and Mac computers worldwide are vulnerable to the processor security flaws, but the Cupertino giant stressed that no customers have been yet targeted by exploits.

"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple said in blog post. "These issues apply to all modern processors and affect nearly all computing devices and operating systems."

That could change soon. Digital Shadows’ teams of security researchers have discovered that Shadow Brokers is offering purported exploits for sale on its Scylla Hacking Store, for $8,900.

“[Exploits] would likely involve users stealing this information to then take over machines and accounts,” said Digital Shadows, in an analysis. “Internet of things (IoT) devices are also susceptible as they run the same type of processors, and people are less likely to update these accordingly the same way they would their personal or work computers. A dedicated attacker could decide to use these vulnerabilities to find flaws and default passwords in IoT devices, which we saw led to the creation of the Mirai botnet.”

As Digital Shadows noted, with a price tag of many thousands of dollars, “Criminals do not need to use Meltdown and Spectre for their attacks if they can profit in other ways.” But the risk of what could happen if a successful exploit does make the rounds is immense.

Thus, Safari patch has been issued for the Meltdown bug, and Apple said that it’s working on a fix for Spectre, which should be available “in the coming days.”

Interestingly, Meltdown does not affect one device: The Apple Watch.

Other OS vendors are also addressing the problem: Google’s Android phones and Chrome are already protected with the latest security updates, and Microsoft has started to release patches—though it said it could adversely affect some devices, including sparking the Blue Screen of Death.

As Alert Logic noted, many vendors were aware and working on the issues before news broke to the public that virtually the entire internet is at risk.

“Apple added protection for Meltdown in the macOS update that was released on December 6,” it said in an overview of the problems. “Google pushed out an update for Chrome OS on December 15. Microsoft rushed out patches for Windows ahead of the standard Patch Tuesday schedule when news of the vulnerabilities became public. There are many variants of Linux out there, and Linux developers are scrambling to develop and test patches as quickly as possible.”

Meanwhile, the issue of whether the cure is worse than the disease has been a running discussion since the flaws were revealed earlier in the week, with some security researchers saying that the mitigations could reduce performance in the cloud by as much as 30%.

“The patch to protect against Meltdown might also affect performance,” Alert Logic said. “Your mileage will vary depending on the age and architecture of the processor you’re using, as well as what types of processing demands you put on it. Just know up front that you might see a noticeable decline in speed and performance once you’ve patched.”

A vulnerability has emerged that allows hackers to automatically download malware to a victim’s computer directly from a Google Drive URL.

Proofpoint uncovered the vulnerability and created a proof-of-concept exploit for the issue, which exists in the Google Apps Script. The development platform is based on JavaScript and allows the creation of both standalone web apps and extensions to various elements of the Google Apps SaaS ecosystem. Unfortunately, the normal document-sharing capabilities built into Google Apps can be manipulated to support automatic malware downloads, the firm said.

It works like this: After uploading malicious files or malware executables on Google Drive, bad actors could create a public link and share an arbitrary Google Doc as a lure in sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded. Proofpoint researchers also confirmed that it was possible to trigger exploits without user interaction.

These attacks come from legitimate sources and the links themselves contain no malware, making them very difficult to detect and mitigate. Thus malicious use of built-in scripting capabilities in SaaS platforms flies under the radar of most users and defensive tools.

After being notified of the issue, Google added specific restrictions on simple triggers to block phishing and malware distribution attempts that are executed opening a doc. However, researchers pointed out that the situation shows that extensible SaaS platforms can be used to deliver malware to unsuspecting victims in even more powerful ways than Microsoft Office macros. As a result, users should always be wary of files automatically downloaded by cloud platforms and be cognizant of the anatomy of a social engineering attack.

“Software-as-a-service (SaaS) applications have become mainstays of modern business and consumer computing,” the firm said in a blog. “However, they are also quickly becoming the latest frontier of innovation for threat actors looking for new opportunities to distribute malware, steal credentials and more.”

It added, “Moreover, the limited number of defensive tools available to organizations and individuals against this type of threat make it likely that threat actors will attempt to abuse and exploit these platforms more often as we become more adept at protecting against macro-based threats.”

October is known as the Cyber Security Awareness Month. It is an annual campaign that tries to make everyone more conscious about the importance of cyber security in the online landscape.

Almost every day we read and find out about a new type of malware threatening our online security. Cyber criminals are getting more skilled and try advanced techniques to get access to users’ valuable data. It’s no surprise that 2017 is mostly shaped by a record number of ransomware attacks.

Unlike other forms of cyber attacks, ransomware remains one the most profitable malware attack for cybercriminals. A new report called “The Ransomware Economy”, mentioned that, from 2016 to 2017, “there has been a 2,502% increase in the sale of ransomware on the dark web.” Most likely, ransomware attacks will continue to grow and maintain their status as a serious global threat.

Our team has recently seen in the wild how online criminals try alternative ways to spread ransomware and compromise high-value targets. The bad guys now target admin passwords through brute force attacks and dictionary attacks.

What’s new in this type of angle attack is that online criminals hack into unprotected remote desktop protocols and manually execute the ransomware. Moreover, the main purpose is to use different pieces of software and remain unnoticed.

Brute-force attacks (also known as brute force cracking) are trial and error methods used by online criminals to guess users’ personal information such as passwords or PINs. Basically, they try every possible passwords or combinations of letters and numbers until they figure out the correct one.

Dictionary attacks refer to the techniques used to breach an authentication mechanism by systematically using each word in a dictionary (no matter the language) as a password or trying to determine the decryption key of an encrypted document or message.   
The differences between these two types of attacks

Both attacks are based on guessing, and not looking for a particular flaw or bypass. It can happen to be either an offline attack or an online attack.

In terms of differences, a brute force attack means cyber criminals are trying the complete keyspace on the algorithm, while a dictionary attack means that attackers try only passwords/keys from a dictionary (which does not contain the complete keyspace).

By using both methods, they increase their chances of success and shorten the time to compromise.
How the infection process occurs

We have seen a few situations in which users’ servers got infected with a new type of ransomware, called Payday. The attack unfolded as follows:

1. An administrator account password (usually it’s the local administrator) is cracked via brute-force. Here’s how it happens.

It’s a matter of a few minutes (approximately 8-9 minutes) until the script ran about one attempt per second to connect via Remote Desktop Protocol  (RDP) on the local admin on the server. This resulted in getting loads of audit failures cascading in the Event Viewer -> Security.

You can use this tool to evaluate the strength of your passwords as well, just like we did for the initial password.

Given how fast the attacker managed to crack the password, the natural conclusion is that it was either a very weak password – no special signs, no figures or a word written in a special way. Using full words made the password vulnerable to a dictionary attack, which led to its compromise.

Once again, we have to emphasize the importance of setting strong passwords and manage them securely, to avoid becoming an easy target for cyber criminals. We recommend reading our easy-to-use password security guide and learn why passwords are still important for your online security.

2. As soon as the password was cracked, the attacker simply downloaded an infected archive in the downloads account of the admin account. This type of malware used is called Payday and belongs to the BTCWare ransomware family.

The infected file created a few entries in the registry which would auto-execute each time the PC was rebooted. So, we think that the attacker just needed to restart the PC or to shut it down in order to trigger the encryption process.

Here’s how the created registry entries are displayed:

payday displayed
What we know about the Payday BTCware Ransomware Variant

This ransomware variant is targeting victims by trying to encrypt the files on the server. It adds the [email]-id-id.payday file extension after their original one. The .payday variant uses a new key generation to encrypt files, and cannot be decrypted.

The Payday infection drops ransom notes named payday.hta and !! RETURN FILES !!.txt. The contact email addresses look like these: & See below an example of a ransom note for this type of ransomware:

An example of a ransom note for brute-force attacks

The malicious files spreading this ransomware variant on servers, may be distributed in different forms such as email attachments and malicious links in spam email messages.

Here’s an example of an email containing a malicious file attached:

Source: Sensors TechForum
Why manual malware delivery still works

The core issue with this infection method is directly tied to the lack of adequate password security. Both organizations and end users continue to set weak passwords for their accounts and often reuse them. This makes them vulnerable and easy to be cracked by cybercriminals.

The recent example of the Australian Defence Force shows how a simple password fail gave attackers access to sensitive information. An Australian defense contractor managed to enter the company’s network and steal 30 GB of secret military information for a simple reason: default passwords were used. The Australian military was using default passwords on its internet-facing services.

The investigation found that “the admin password, to enter the company’s web portal, was ‘admin’ and the guest password was ‘guest”.
How to protect your system against Payday ransomware and manual ransomware infections

The best way to keep your valuable data safe from ransomware and survive in the malware economy is to think and act proactively.

Business wise, ransomware attacks can have negative effects and generate business disruption. This is why, preventing and avoiding infection spread should be a top priority for every business interested in securing their sensitive information.

To minimize both the risk and the impact of online threats, we recommend businesses to use this useful ransomware prevention guide:

    Use a multi-layered proactive security system that will keep up to date all the business endpoints and monitor your daily online activity;
    Always backup all your data and use external sources such as a hard drive or in the cloud (Google Drive, Dropbox, etc.) to store it. Our guide will show you how to do it;
    Use and apply security awareness programs within your business to avoid clicking on unknown links and email attachments that could redirect to malicious websites;
    Don’t use public Wi-Fi connections unless you have a virtual private network or using encryption software;
    Apply a patch management system and make sure the exploited third party software such as Java, Flash, and Adobe are fully patched;
    Another important security tip is to keep separate users and passwords for the admin’s laptop and the servers;
    Running an antivirus program on your server is a security-savvy decision, as well as on your endpoints. Read this short checklist of security measures that will help you protect your business network, including servers and endpoints;
    Given the rise of new types of malware and (such as Payday ransomware), we remind you that security is not just about using a solution or another, it’s also about improving your online habits and being proactive.
    Being proactive about the EU GDPR can help any organization save a lot of time and money. Starting with May 2018, the new EU General Data Protection Regulation (GDPR) comes into effects, and there will be significant changes in the way data is collected and managed in an organization. This is why, every company needs to be prepared and meet the requirements for GDPR compliance.
    It is also important for organizations to start training employees in matters of cyber security, because it can prove to be one of the best investments for a company. Here are a list of free educational resources to use such as the Cyber Security for Beginners course, The Daily Security Tip or even the Heimdal Security blog, which offer useful information to help them better understand the security landscape.

How to prevent and block brute force attacks

Brute-force attacks take advantage of weak passwords system and cybercriminals easily gain unauthorized access to an organization’s network and systems.

Businesses need to use a number of techniques and security measures to provide a strong defense against such attacks, so we recommend following this protection guide:

    Always remember to enforce password security best practices in your organization for maximum protection;
    Use two-factor authentication system to add more security and include a better protection against brute-force attacks;
    Another security measure is to simply block multiple failed login attempts coming from the same IP address or the same account. To do that, we recommend you combine the account lockout threshold policy with the account lockout duration. One will determine the number of failed sign-in attempts that will cause a user account to be locked, and the other will establish “the number of minutes that a locked-out account remains locked out before automatically becoming unlocked”.
    Keep separate users and passwords for the admin’s laptop and the servers, and configure an alert system to warn you when an outsider is trying to access your system;
    Try free online solutions like IPBan or EvlWatcher for keeping the Remote Desktop Protocol (RDP) secure on your Windows servers and blocking RDP attacks.
    Use free tools like CAPTCHA or reCAPTCHA to prevent automated submissions of the login page;
    Set unique login URLs , so unauthorized users can’t access the site from the same URL;
    Running an antivirus program on your server is a security-savvy decision, as well as on your endpoints. Read this short checklist of security measures that will help you protect your business network, including servers and endpoints;
    Restrict the access to your employees to only that data to which they need and use, and also limit the authority to install software programs and encourage them to report back to you when they notice/receive suspicious emails from untrusted sources.
    Change your default RDP (Remote Desktop Protocol) port. This is a very easy procedure that will save you a lot of trouble in the future. Windows uses the default RDP port 3389. If you have this port open to the Internet, you are VERY vulnerable to port scanning, which a multitude of hacking tools can do. Once they determine that your default RDP port is open, attackers WILL run scripts to brute force their way in. The solution here is to change your default RDP port to something unused and not common knowledge. If you’re new at this, you can use this full guide provided by Microsoft to get it done.

When it comes to smartphone security and privacy, people are usually divided into two major camps.

Camp A – your phone is you and everything you care deeply about

Camp B – you don’t know yet that “your phone is you” and are exposed to having your valuable data stolen.
If you’re in camp A, this article will show the easiest way to keep your phone data safe, because you know how important your personal details like photos, emails and location data are.

If you’re in camp B, definitely read on! Maybe you aren’t aware of the potential vulnerabilities you expose yourself to, but you have to be. You can’t imagine why anyone would want to breach into your smartphone and steal your data? How about if someone stole your emails and leaked them to your business competitors? Or what if they encrypted all your files and you lost hundreds of beautiful photos that you haven’t backed up? If you use a banking app without a 2-step authentication, hackers can gain access to your bank account,

Here are some scary numbers that might make you rethink the way you use your phone:
For more details visit:


If you wish to make an apple pie from scratch invest in bitcoin, you must first invent the universe read this.

These are the true stories that teach you how to get cryptocurrency security so your endeavors into digital currency can have a happy ending.

Use the links below to jump to the one that best applies to you.

John heard about bitcoin and got curious

Sam just wanted more money

Luis was afraid of his government

The reason we’re offering advice about cryptocurrency security is this:

Cryptocurrency security should start with basic cybersecurity

Because Tyler Durden goes toe to toe with Tyler Durden

Remember when you first read about Bitcoin and heard the term “cryptocurrency”? You probably skipped past it. Or maybe you thought about buying a Bitcoin but you got a games console instead.

cryptocurrency security bitcoin is

After all, you’d have to be crazy to spend $10 on a single, invisible, intangible coin hawked by a few tech people. They always get excited about something and that excitement reaches a paroxysm which can end in tragedy like the boom or the acquisition of Instagram for more $$$ than a national GDP.

However, the years passed and cryptocurrency is here to stay, a movement spearheaded by bitcoin and its turbulent history. It’s a name now almost synonymous with blockchain technology.

Created in 2008 by the mysterious Satoshi Nakamoto, bitcoin is essentially digital money. It also cemented the “blockchain” concept in popular consciousness.

bitcoin comic new yorker



This means it’s tracked by all those who own this money in a public ledger, promising unparalleled accountability and transparency. It appeals not just to anarchists, but to people like you and me. Its peer-to-peer concept defies central banks, corporations and, ideally manipulation, but it’s not invulnerable, something which we’ll explore further on.

The first story belongs to a friend of mine, let’s call him John.
John heard about bitcoin and got curious

Around six or so years ago, John got around 3 bitcoins just by being around Reddit. It was back when users used to tip each other with this cryptocurrency. One evening he was bored so he set-up a wallet. Reddit users found him cool, so they tipped him for insightful comments using Bitcoin.

It was a long time ago when he shared the story so my memory’s foggy about the exact circumstances in which he lost those coins.

I remember he forgot one password and it spiraled out of control from there.

brett hunter bitcoin art


The way he told me, his Reddit account was connected to his Yahoo email. It was also there where he kept his wallet. He got another account on Reddit, as a lot of users do (alt-accounts are very popular), forgot about the coins for a few years, then woke up to the reality.

Bitcoin was huge. 3 bitcoins could secure him the trip of a lifetime or even a sizeable down payment on a car. His modest savings from working a 9-5 job were nothing compared to the value of bitcoin. He just needed to find his wallet and trade them for “real money”.

You see where this is going?

Yes, he first tried logging in to Reddit. Nada.

He went on Yahoo. Nada.

He tried to get info online on how to recover his accounts and his lost funds. Big, fat NADA.

He forgot his password for one website and it triggered a chain reaction resulting in losing A LOT of money.

Fortunately, he doesn’t really regret the experience, because he never got to hold those Bitcoins in his hand. They never jingled in his pocket or took a trip to the washing machine, forgotten in a jean pocket.

That money didn’t feel really real to him, so the loss hurt, but not that bad. Mark Fraunfelder from Wired felt differently when he forgot his Trezor password and lost $30,000 in Bitcoin.

My friend John thinks that most everyone who invested in cryptocurrency came out ahead, even though some experts have warned that this is a bubble or a multi-level marketing scheme.

He also watches the cryptocurrency news like a hawk, hoping for a second chance at buying Bitcoin at a low. And setting aside some money to buy Ether, just in case this cryptocurrency gains more ground. Hedging his bets, essentially.

Does he sound like you?

I know you’re here because you’re itching to invest in Bitcoin, Litecoin, Ether or Monero. I’m here to hopefully help you do so safely. I’m going to go more cryptocurrency stories like my friend John’s, as retold by incredible journalists at top tech publications. You will find insights into the wonderfully complicated and yet alluring world of cryptocurrency. You will also hopefully learn to take cybersecurity seriously because it’s not just important for your general data, but essential if you plan to invest in any type of cryptocurrency.

If you’re already intimately familiar with blockchain, the stories won’t reveal any more expert details about blockchain and cryptocurrency. What I hope they will do is teach you the importance of cryptocurrency security, of making sure you’re bulletproof against malicious hackers. Even my friend John could have avoided a lot of heartaches if he simply had good password practices.

You can follow this step-by-step password security 101 guide to not fall into the same trap as John.

After all, after risking your hard-earned money on a novel, complicated idea like blockchain, and hopefully after profiting from it, the last thing you want is to be hacked or lose your credentials in a stupid accident.
Sam just wanted more money

Perhaps every cryptocurrency adopter, you and I included, has a very simple reason for buying the digital coins. We’re all Sams wanting more money, because… capitalism. Malicious hackers want more money, too.

Here’s how they get it.

last supper bitcoin project


Virtual currencies are a favorite target for malicious hackers because they hold value and have relatively weak security.

Furthermore, they’re unregulated.

The same draw cryptocurrencies pose to Tyler Durdens around the world is their downfall.

There is no higher authority to regulate the coin, so there is no higher authority to reverse fraudulent transactions. If you live in a country without any policies regarding cryptocurrency, where are you going to report a theft?

In one example of a bitcoin hack, bitcoin wallets got compromised by intercepting text messages, as detailed in this demonstration.

These SS7 attacks can affect large numbers of users, even those who had two-factor authentication. However, if you followed this guide and used an app like Google Authenticator, who generates one-time codes, you would be safe from this exploit.

A bitcoin hacking can happen to even the most tech-savvy of us. Take for example Chris Pool, aka moot, the founder of popular and controversial forum 4chan. He got hacked twice in a day, the attacker gaining access to his forum and Amazon cloud account, where he started mining Bitcoin.

bitcoin art cryptocurrency security

In one report, a Trojan made away with $140.000. In another, hackers got into one of the largest bitcoin exchanges in the world, gained access to the personal information of 31.800 users and stole over 1.2 billion won, just over $1mil.

One victim said that the attacker posed as an executive at Bithumb and phoned to say that he was “suspicious of a foreign hacking transaction,” asking the victim to provide further information. If that victim was more aware of social engineering, one favorite tactic from malicious hackers, this story could have had a happier ending. So, if you’re a Sam wanting to make a quick buck or a John investigating a new piece of tech, it’s still up to you to protect yourself from cyber attacks. If you’re a Luis, this is even more important. Here’s what to do:

cryptocurrency security guide how to protect phone identity surveillance


    Learn all about password security and make sure yours are uncrackable by using a comprehensive guide
    For chat, use a chat app like Signal and an open-source or peer-verified tool that offers end-to-end encryption like OTR Messaging. Don’t rely on tools like Google’s “Go off the record”.
    Access the internet using a secure web browser like Tor
    If you can’t use Tor, choose an extension like HTTPS Everywhere from the Electronic Frontier Foundation and follow this guide to ensure browser security for all major browsers
    Always use VPN when connecting to other networks (eg: coffee shops)
    Keep the most sensitive data on a separate, encrypted hard drive or on an encrypted flash drive.
    For the flash drive, you can use BitLocker for Windows. If you want an open source solution, VeraCrypt is the way to go.
    For maximum security, use an air-gapped computer. This is a computer or a laptop never connected to the internet, where you can keep and work on your most sensitive data. Then encrypt that data, put it on a secure flash drive, then use it on your computer connected PC.
    If you’re part of a political or revolutionary movement who needs to use social media to spread awareness about the cause, another tactic to hide your presence is obfuscation.

More on that below, in Luis’ story.

As with all other cybersecurity measures, make sure you keep software updated and use anti-virus software to protect yourself from malware and other threats.
Luis was afraid of his government

According to this website, Luis is a name shared by 2.5% of Venezuelans, so it’s Luis we’ll be following in this tale on how Bitcoin and other cryptocurrencies can save people from another Great Depression.

Venezuela is currently going through the worst hyperinflation crisis since the Weimar Republic, and the situation is just as dire in Zimbabwe. Both countries have huge numbers of citizens buying and trading bitcoin in the hopes of riding out their country’s currency depreciation.

bitcoin art bitcoin miners cezanne inspiration youldesign


Luis is living in Venezuela. Unbeknownst to him, the fact that he chose to save his money in Bitcoin has turned his country into the first bitcoinization of a sovereign state. In other words, at this pace, Venezuela could become a cashless society. Over 100.000 of its citizens are mining bitcoin, litecoin and other currencies as a way to survive the hyperinflation.

An average salary in Venezuela is around $40 per month. An average machine dedicated to mining cryptocurrency can produce 20-25 Litecoins per month, which is $920 in “real” money. Electricity is cheap.

This is how Venezuelans can survive in an economic climate where a Big Mac costs about half of a month’s paycheck, according to a troubling Atlantic story. However, the authorities do not like that. Socialist President Nicolás Maduro has said that those who profit off inflation are “capitalist parasites” and started cracking down on cryptocurrency mining.

    However, the country does not have laws on this, so the authorities find different ways of punishing people like Luis.

“If they find machines, they arrest the owners or they try to extort money. In electricity, we spend barely 15,000 bolivars a month (less than 50 cents at the black market rate),” said Veronica, a bitcoin miner just like Luis.

In this amazing article on the secret, dangerous world of Venezuelan bitcoin mining, reporter Jim Epstein relays how regular Venezuelans mining bitcoin have been targeted by the government.

“On March 14, two SEBIN officers showed up unannounced, according to Padrón, claiming that workers with the power company had detected high levels of electricity use at that address and demanding to search the premises. That afternoon he was taken into custody. Padrón would spend the next three and a half months in a SEBIN detention center, sharing a 230-square-foot cell with 12 other men.“

Authorities are arresting or blackmailing bitcoin miners using charges like contraband (for purchasing computer parts made in China without paying import tax), electricity theft or causing power outages.

As Tim Worstall highlights, this is hypocrisy at its finest. The government makes electricity cheap, almost free, to “help” citizens, citizens use that energy to earn money. The same government then arrests those citizens for stealing energy.

Luis from Venezuela and his compatriots are just one example of what bitcoin and cryptocurrency can do to a society. The good part is that it allows people to prosper even in harsh circumstances. They can isolate themselves from the effects of an economic crisis so dire that compatriots have been forced to kill flamingos and anteaters for subsistence.

The bad part is that it’s unregulated in most parts, unlawful in others. This can land cryptocurrency miners in really hot waters, if not directly in jail.
Cryptocurrency security should start with basic cybersecurity

Cryptocurrency security should start with basic cybersecurity, then advanced tools.

Living in fear of your own government brings about thousands of ways of avoiding that government. We can’t tell you how to evade the authorities by hiding in poor communities and hiring bodyguards like some Venezuelans are doing right now.

Our area of expertise is cybersecurity, so we will stress the importance of securing yourself against attacks from malicious hackers and spying from third-parties.

This cyber-security mega guide contains everything you need to know to stay safe online. It offers essential tools you need to encrypt your data, find the best VPN and secure messaging. It also includes the most valuable advice in protecting your income against malicious hackers just wanting a quick profit. Yes, you can be safe from prying eyes and organizations

Supplement the cybersecurity measures we outlined in Sam’s story and the guide above with a tactic called obfuscation.

liu bolin art


If you are part of a “rebel” faction and need to spread awareness via social media, use Cory Doctorow’s book Little Brother as inspiration. Rely on obfuscation to protect yourself from scrutiny. In that book, the hero puts gravel in his shoes so he can walk differently and fool gait recognition systems.

In other methods, obfuscation simply means flooding surveillance technologies with a lot of meaningless or ambiguous information. A simple way would be to post ambivalent, random updates on social media with no connection to you, in the hope of confusing the algorithms behind those platforms.

Take advantage of the insights in Helen Nissenbaum and Finn Brunton’s book, which covers methods used by all sides of the conflict. The Obfuscation Workshop also offers some great resources. Here’s a wonderful idea from the Digital Society Forum: use a plugin like TrackMeNot. It hides Google searches by burying them in other random searches sent from the user’s IP address.

With these cybersecurity measures put in place and a good dose of obfuscation, you can protect yourself and your cryptocurrency investments from malicious parties.
Tyler Durden goes toe to toe with Tyler Durden

Bitcoin, hacking and indeed, most great stories contain essentially two sides of the same coin.

The same technology, the same promise, can still create a divide. And allow malicious hackers to gain another income stream: stealing bitcoin and other cryptocurrencies.



First, let’s hear Tyler Durden’s explanation of the popularity of cryptocurrencies.

No, not the Ikea-hating, soap-making, revolutionary-thinking hero from Fight Club, but the anonymous bloggers behind the respected finance blog Zero Hedge. Sure, they were obviously influenced by Palahniuk’s masterpiece.

“Given that bitcoin is better than gold in the short term and much better than the dollar in the long term across the dimensions we have described, it’s not surprising that people chose to diversify their money holdings into this independent currency due to frustration with the mismanagement of fiat money and manipulation of gold prices”, wrote one Tyler Durden in this article called “Is Bitcoin Money?”.

It highlights a big part of the mistrust people have in banks and governments. Bitcoin’s history, as highlighted in this infographic, is intrinsically tied to the 2008 global meltdown.

history of bitcoin 2008 meltdown

The government bailout of US banks and other incidents since have given birth to more and more opinions like these:

    “I believe in the hacker ethic. Empower the small guy, privacy, and anonymity, mistrust authority, promote decentralized alternatives, freedom of information,” said Amir Taaki, self-proclaimed anarchist and creator of DarkMarket.

It was a prototype for a decentralized online marketplace that was designed to resist take-down attempts by authorities.

DarkMarket never materialized because, as Wired reports again, Taaki took up the Rojavan Kurds’ cause, went to Syria and started fighting ISIS. The Rojavan Kurds charmed him with their progressive society based on direct democracy, collectivist anarchy, and equality for women. Motherboard paints a different picture, highlighting how Taaki took the fall for the largest Bitcoin hack so far.

Taaki is just one of thousands of people drawn to bitcoin because of its inherent anarchist ideals. We could call him a Tyler Durden, another person who internalized a few lessons from Fight Club.

eye of god bitcoin painting


As The Guardian explained in an article, crypto-anarchists are mostly computer-hacking, anti-state libertarians who have been kicking around the political fringes for two decades, trying to warn a mostly uninterested public about the dangers of a world where everything is connected and online.

They’re also hardcore fans of the blockchain, celebrating cryptocurrencies like bitcoin. Opposite of them are companies like IBM, who attempt to regulate pot in Canada using blockchain. Enemies of all of them are malicious hackers testing the limits of cryptocurrency security.

Good hackers might pull Robin Hood moves to steal Bitcoin in order to finance the war against ISIS.

Bad hackers are targeting people like you and me using all the tools of the trade, relying on browser security flaws, smartphone exploits, and even good old spam mail campaigns that spread malware.

Malicious hackers targeting governments, corporations and small businesses alike with ransomware like Wannacry or NotPetya demand payment in bitcoin. Out of fear, those victims usually pay the ransom.

ransomware damage cyptocurrency security

And this is just the tip of the iceberg. When it comes to cybercriminals, it turtles all the way down. The same goes for malicious hacks and other illegal acts.

Just look at Theodore Price. He stole around $40-$50 million USD worth of bitcoins by replacing wallet addresses through malware. In a twist that boggles the mind, he got caught for stealing two laptops from his parents’ girlfriend.

Another face-palming bit of news: malicious hackers hacked the NSA hacking group, demanding $1 million in bitcoin ransom.
If you wish to make an apple pie from scratch invest in bitcoin, you must first invent the universe learn the basics.

The famous Carl Sagan quote applies in most kitchens. In this case, the universe is cybersecurity.

As you saw in the previous examples, blockchain, Ether, and other cryptocurrencies are here to stay. So are malicious hackers and other parties who will try to take advantage of your lack of awareness to rob you of your hard-earned (mined?) currency. They’re targeting you, your bank, your government and any area where they can find a cybersecurity flaw.

So spend a few hours securing your PC, your smartphone, and your IoT devices. It seems like a daunting task, but there are free, comprehensive courses that will teach you how to protect yourself from hackers in no time.

Social media Syndrome.  Everyone has it, there’s no doubt about that!

Each time you have a desire to share your thoughts or photos, promote your products/services or simply ask for something, you go on your favorite social network: Facebook, Twitter, Instagram, LinkedIn or Google Plus. Oh, wait! No one is on G+ anymore 🙂

Findings from a recent study found that 79% of those surveyed said they share life milestones on social media first.
For details visit this link

Security / How to Easily Remove Malware from Your PC
« on: January 03, 2018, 10:29:27 AM »
Malware infection. Nobody wants that on their computer and almost everyone might think: “this can happen to me”. Until it does and you don’t know exactly what’s the first thing you should do.

Maybe you’ll call the IT guy, ask help from a friend or maybe try to disinfect the computer by yourself. Or maybe you want to address this issue on a security forum where other people encountered the same problems as yours and find a solution.

Warning symptoms: You noticed for a while that your PC started to slow down, crashes often, pop-ups appear randomly in your browser,  or you noticed unusual messages or programs that start automatically. These signs can tell that your computer might be infected with malware.

So, a malware infection has taken your computer prisoner: What do you do now?

For details go to this link

Here’s a scenario you may not like, but could happen every day, because it’s always viruses season for computers. You’re working on an important project and suddenly start noticing annoying pop-ups displayed on your computer. Also, it takes too long for your files or computer apps to load. You wait and wait until you start asking yourself:

 “Does my computer have a virus?”

Unfortunately, the answer might be “yes” and your computer could be already compromised with viruses or advanced malware that are slowing down its activity and performance.

This is one of the signs that show your PC might suffer from a malware infection. There are more of them you need to be aware of and understand, so you can quickly take action.

In this article, we’ll show you the most frequent warning signs of malware infection and what can you do about it.

Quick links with what you’ll find out:

1. My computer applications run slow lately and it takes longer than usual to start
2. I keep getting annoying ads that are opening randomly or strange messages on my computer’s screen
3. My laptop keeps crashing when I watch Youtube videos or play games. It simply freezes, then a blue screen shows up
4. I started getting this popup message <you’re running out of disk space on Windows (C:)
5. For quite some time, every time I start my PC, I notice that the Internet traffic suspiciously increases
6. My homepage has changed and I don’t remember doing it myself
7. My PC is acting weird because I get unusual messages that appear unexpectedly.
8. I use an antivirus product and keep getting the message that
9. My friends tell me they’re getting strange random messages from me on Facebook, which I didn’t send
10. There are these new, yet unfamiliar icons on my desktop that I don’t recognize
11. Sometimes I see unusual error messages displayed on my computer
12. It seems that I can’t access my Control Panel by clicking on the button
13. Everything seems to work perfectly on my PC. Are any chances to be paranoid and still check for malware?

Pages: 1 2 [3] 4 5 6