Wednesday, November 28, 2018

How secure are cryptocurrency software wallets against cyber criminals injecting malicious code?

Colleagues, the on-going debate regarding which type of crypto wallet is more secure continues with no clear consensus – hardware, software, clod-based and paper wallets. This debate has returned to the spotlight given the recent security breach of BitPay’s Copay (software) Wallet. Copay claims its mobile The Copay app securely stores multiple, distinct bitcoin wallets, allowing both business and privacy-conscious users to keep funds carefully separated. GitHub issued a memo to users reporting an  ‘event-stream` dependency attack steals wallets from users of copay. For details take a look at the YCombinator news feed on this attack. The bottom line: For individual digital asset traders software wallets are immensely more convenient than hardware and paper wallets, however, they are far more prone to cyber-attacks – quantum password processing, malware and adware … just to name a few. If you do use a software wallet we highly recommend using any and all security features at both the application and OS levels. The Copay breach reminds us that the cryptocurrencies are no more secure than the weakest link in the crypto ecosystem. Share a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)

Friday, November 16, 2018

Will the enforcement of economic sanctions force crypto exchanges to purge Iranian traders?

Colleagues, Bittrex, BitMex and now Binance have banned Iranian cryptocurrency traders in an effort to avoid penalties in the wake of US economic sanctions. The exchanges issue a warning to users based in Iran to withdraw their funds or face the confiscation of their assets. There are surely legitimate crypto traders in the Persian state, however, the goal is to place an embargo on any state-sponsored entities from circumventing US trade sanctions. Binance has moved from China to Japan, while BitMex HQ is in Hong Kong and Bittrex is located in the US. Exchanges, whether with large or modest trading volumes, face penalties for aiding and abetting Iranian actors from participating – even on the margins – in the global economy. Will other crypto exchanges follow their lead? We believe the strategies of other crypto platforms will depend on the rigor of direct or indirect US penalties. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)

Thursday, November 15, 2018

Cryptocurrency Triple Play - How common are pyramid schemes similar to those in China, South Korea and Japan?

Colleagues, East Asia has become a hotbed for multi-level marketing schemes which exploit the allure of and poor transparency of cryptocurrencies, namely Bitcoin. Whether this past May in China ($47m) or more recently in South Korea ($20m) and Japan ($68m), crypto fraud schemes are running rampant across the region. Bottom line: Despite many efforts by credible members of the global crypto ecosystem, digital such as Bitcoin, Ethereum, Ripple and others, are wrought with the potential for scams and related cybercrimes. Government enforcement entities such as China’s Ministry of Public Security or the US SEC only have the bandwidth to track and prosecute a small minority of crypto fraud cases. We do not foresee a significant reduction in crypto cybercrimes until government agencies have both the cyber tools and manpower to launch a counter-offensive which is likely to be 2-3+ years in the future. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)

Thursday, November 8, 2018

What is the impact of the malicious JavaScript code injection into StatCounter’s URI among cryptocurrency exchanges?

Colleagues, the world’s thirty-eight largest crypto exchange Gate.io was successfully hacked via the injection of code into StatCounter’s URI “myaccount/withdraw/BTC”. Reported by security firm ESET WeLiveSecurity indicated that although Gate.io is the only known crypto exchange effected, all of StatCounter’s some 2 million customer sites are at risk. For readers with a programming background the code was injected via the Dean Edwards JS packer in the middle of the script. We assume that economic gain is the chief motive although the ESET report did not provide corroborating details. This cyber-attack raises two questions. First, how susceptible are URIs (uniform resource identifiers) to injections via the Dean Edwards packer? And second, how many more web sites which use StatCounter – a competitor to Google Analytics – are effected? We will continue to research answers to both questions. Post a comment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)