CyberSecurity Pulse 2016-03-24

CyberSecurity Pulse 2016-03-24

"They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety"
Benjamin Franklin (1703 – 1790) – Founding Father of the USA

Analyst Insight

The Other Uses of Bitcoin

The implementation of Bitcoin as a tangible project has already been demonstrated to the point that financial institutions have seen in this alternative payment method a serious contender for currency exchange and e-commerce. However, not many people is aware yet about the true potential of its technology.

Cybersecutiy PulseBlockchain is a distributed database designed to keep a list of records constantly growing. In the case of Bitcoin, this technology aims to store all information concerning transactions made by users of the system in chronological order, leading to ensure the integrity of the state of the accounts of network users. In addition, the code is open, something that has not only allowed the creation of different types of cryptocurrencies, but also makes possible the modification of the protocol for other use cases.

Nowadays, companies are extending the use of the blockchain. They are offering products targeted to, for example, enhance the accuracy of the contracts to be arranged by phone which have high rates of cancellation or even the analysis of the actual state of migration flows in order to foresee possible peaks in the volume of persons in the borders developing applications that provide further support in the processes of decision making. The key point is that this architecture does not have a single point of information storage, as it is replicated in each and every node to avoid any undesired changes to the information stored. This makes the size of the network an important factor to consider when designing a new use case in which the concept of the blockchain can be used.

Top Stories

Obama Is in Favor of FBI in the War on Encryption

Cybersecutiy PulsePresident Obama sided with law enforcement on Friday in the policy debate over encryption, saying at the South by Southwest Festival that an "absolutist perspective" of privacy on smartphones doesn't account for the danger of letting digital security stand as an obstacle for criminal investigators. His comments come as the Justice Department tried to force Apple to help the authorities unlock an iPhone used by one of the San Bernardino shooters. The New York Times reported that the Justice Department is also weighing how to approach a case where encryption used by messaging app WhatsApp stymied a wiretap order.

» More information at The Washington Post

How to Make Money? Hack Google, Microsoft and Facebook

Cybersecutiy PulseSeveral bug bounty programs have been published this week, such as those of Google, Microsoft and Facebook. Google offers $ 100,000 to anyone who can find security flaws on the Chromebook or Chromebox products. Instead, Microsoft said it will add cloud-based storage service OneDrive to the list of services included in its Bug Bounty Programme and security researchers could earn rewards of up to $15,000. In this sense, Facebook pays since 2011 millions of dollars every year to researchers and the social media giant has revealed that India is on top of all countries to report the maximum number of vulnerabilities.

» More information at Google, Microsoft and Facebook

Rest of the Week´s News

US Team Find 0-day to Hack Apple iCloud Photo

Researchers at John Hopkins University, in United States, have discovered a 0-day bug in Apple's encryption that allowed them to hack an iCloud photo being sent via the secure iMessage system. The revelation comes as British singers Adele and One Direction's Harry Styles reportedly became the latest celebrities to have private photos leaked online.

» More information at SC Magazine UK

275 Million Android Phones Imperiled by New Exploit

Almost 300 million phones running Google's Android operating system are vulnerable, according to the Israeli security firm NorthBit. The exploit dubbed Metaphor attacks the same Stagefright media library that made an estimated 950 million Android phones susceptible to similar code-execution attacks last year.

» More information at Ars Technica UK

Suckfly, a Group Based in China, Steals Code Signing Certificates

An advanced persistent threat (APT) group based in China, code-named Suckfly, stole the certificates from legitimate businesses in Seoul, Korea and used them to hide attacks against worldwide government and commercial entities beginning in early 2014. Symantec became aware of this plot in 2015 after discovering a hacking tool used against one of its clients was signed with one of these certificates.

» More information at Symantec

Further Reading

American Express Warned Customers of a Breach

» More information at SC Magazine UK

Ransomware Uses Backdoored Encryption

» More information at The Register

Department of Justice Charges Apple iCloud Hacker

» More information at Department of Justice