DDoS – Distributet Denial of Service Attacke - Bitcoin ...

Botnet Distributed Denial of Service Attacks are Mining for Your Bitcoin (x-post from /r/Bitcoin)

submitted by ASICmachine to CryptoCurrencyClassic [link] [comments]

Bitcoin exchange Mt Gox faced massive hacker offensives last month, coming under some 150,000 distributed denial-of-service (DDoS) attacks per second for several days ahead of its spectacular failure.

Bitcoin exchange Mt Gox faced massive hacker offensives last month, coming under some 150,000 distributed denial-of-service (DDoS) attacks per second for several days ahead of its spectacular failure. submitted by madazzahatter to japannews [link] [comments]

New Zealand Stock Exchange Hit Repeatedly by Cybercriminals Demanding Bitcoin

The New Zealand stock exchange has halted trading for the third day in a row as a result of criminal cyberattacks.
According to a report by Bloomberg on Thursday, the NZX exchange has suffered connectivity issues leading to a series of outages that were the result of targeted disruption by bad actors from outside the country.
The criminals are demanding bitcoin in order to cease the distributed denial-of-service (DDoS) attacks, which flood the bandwidth of a particular system with traffic and rendering it slow or unusable.
The exchange suffered outages during the last hour of trading on Tuesday and again for over three hours on Wednesday.
Today’s outage has yet to be resolved, according to Bloomberg.
According to another report by ZDNet, the attacks may be directed by a criminal cyber gang using monikers including Amada Collective and Fancy Bear that belong to more famous hacker groups.
Specifically, the attackers have been targeting the exchange's hosting service Spark, demonstrating a level of sophistication by regularly changing the protocols involved.
Over recent weeks, the group has tried to extort bitcoin from other well-known financial services including PayPal, MoneyGram, YesBank India, Braintree and Venmo.
Originally published by Sebastian Sinclair | August 27, 2020 coindesk
submitted by kjonesatjaagnet to JAAGNet [link] [comments]

IoT Attacks, Hacker Motivations, and Recommended Countermeasures

IoT Attacks, Hacker Motivations, and Recommended Countermeasures


Illustration: © IoT For All
Businesses worldwide spent $1.5 billion on IoT security in 2019. When it comes to connecting devices via cellular IoT, the selling-point is typically the data and derived insights–this is where the customer sees real value, more so than in any security benefits. That said, IoT solution providers not taking security measures into consideration are risking significant revenue and reputation loss in the event of a security breach–both for their own business as well as their customer’s business.
In the worst cases, the harm done from one security breach will far outweigh any previously created customer value. IoT connectivity providers that can explain and demonstrate their security concepts will gain a competitive advantage.

Why Are Hackers Focused on IoT?

IoT attacks increased by 900% in 2019. So, why are hackers increasingly targeting IoT devices? There are several explanations:
  1. Lack of security software on the devices: Opposed to regular computers, IoT devices do not have a firewall or virus scanner.
  2. Less experienced device producers: The businesses usually come from the industry vertical and often are lacking the IT security expertise of servecomputer manufacturers.
  3. Multiple devices with the same security mechanisms: Once an attack works with one device it will work with thousands.
  4. IoT devices are out of reach: device owners deploy their machines remotely. Often an owner won’t realize that the devices have been compromised until it is too late. Once an attacker has control over a device, it could run all day long before being physically shut down by the owner.

Who Are the Attackers and What Motivates Them?

  • Amateur hackers and script kiddies – usually their objective is fame among their peers, either by targeting a high-profile victim or by demonstrating an ability to infect many devices in a single attack.
  • Governments/Intelligence organizations – acting in the safety of their citizens, intelligence agencies attempt to secure access to important information.
  • Political interest groups – they attack organizations that they think are morally corrupt. Examples are groups like anonymous.
  • Criminal businesses – organizations that take advantage of vulnerabilities within the target to generate revenue for themselves.
The criminal businesses mentioned above are typically set up as ordinary businesses and are especially relevant in the IoT domain. Their objective is to gain control over a large number of IoT devices and make money out of them, often in one of the following ways:
  • Selling Distributed Denial of Service attacks – like webstresser.org (more information via Forbes)
  • Using devices for Bitcoin mining (more information via CNBC)
  • Blocking the device operation until the owner pays a ransom (ransomware)

How Do IoT Attacks Work?

Mirai

The most common IoT attack today is the Mirai malware, which originated in 2016. The malware scans the public internet for IoT devices and tries to establish a remote telnet connection using a list of common factory default usernames and passwords. As soon as one device is infected, the malware begins scanning for more victims. All devices become part of the Mirai botnet which is then steered through the attacker’s command and control center. The attackers then execute a DDoS attack, on behalf of their customers, to a target destination in order to take down the servers of the victims.

Stuxnet

The Stuxnet computer worm was first uncovered in 2010. The malware first injects Microsoft Windows machines exploiting zero-day exploit or outdated OS versions; initially it spread over USB flash drives. On the Windows machine it looks for the Siemens Step7 software that controls the Siemens programmable logic controller (PLC). With the Step7 software it then installs itself on the IoT device and takes over control. Stuxnet once targeted Iranian facilities and reportedly severely harmed the Iranian atomic program.

Silex/Brickerbot

While Brickerbot was discovered in 2017 and Silex appeared in 2019, they have a common attack pattern. Like Mirai, the software scans the public internet and tries to log in to the IoT device with default and weak login and password combinations. After infection, the software overwrites all data and deletes the network configuration, which makes the IoT device unusable, unless someone can physically get a hand on the device.

Countermeasures to Guard Against Attacks

As seen in the Stuxnet attack, IoT devices in the same network as other machines can be impacted by the vulnerabilities of those other machines. To avoid this, using a dedicated network infrastructure is recommended, instead of using shared LAN or Wi-Fi networks. Alternatively, using cellular communication that separates the communication of the different machines is also preferred.
The Mirai and Silex / Brickerbot malware show the value of having random and unique log-in credentials for the different devices – this could have prevented the above-mentioned attack. While the devices allowed for remote access by their owners, the access was granted via the unsecured public internet. A more secure way to get remote access to IoT devices is to use IPSec or Intra-Cloud Connect, avoiding the exposure of public Internet.
One way to prevent attempts to steal remote access to IoT devices, as well as completely block attacks, is to use a cellular firewall. With a cellular firewall, devices are only permitted to communicate with a defined subset of IP addresses. The firewall itself is not located on the individual devices, rather on the cellular connection – out of the attacker’s control.

Key Takeaway: Security First

While the excitement surrounding the brimming potential of IoT connectivity is understandable–and warranted–overlooking IoT device security can prove catastrophic. A robustly secured IoT solution is one that can safely scale globally, enable groundbreaking solutions, and last for years to come.
Originally published by EMnify -| August 12, 2020 iot for all
submitted by kjonesatjaagnet to JAAGNet [link] [comments]

The Blackmail Email Scam (part 4)

THIS THREAD IS NOW ARCHIVED, THE LATEST THREAD CAN BE FOUND HERE: https://old.reddit.com/Scams/comments/g8jqnthe_blackmail_email_scam_part_5/

TEXT, PHONE CALL, AND PHYSICAL MAIL VARIANTS ARE COVERED IN THE LATEST THREAD.

IF YOU RECEIVE A BLACKMAIL EMAIL, PLEASE REDACT THE PERSONAL INFORMATION AND POST IT AS A COMMENT ON THIS THREAD SO THAT OTHERS WHO RECEIVE THE SAME EMAIL CAN FIND IT THROUGH GOOGLE.

FIRST THREAD: https://www.reddit.com/Scams/comments/8gsjba/the_blackmail_email_scam/

SECOND THREAD: https://www.reddit.com/Scams/comments/9srjen/the_blackmail_email_scam_part_2/###

THIRD THREAD: https://old.reddit.com/Scams/comments/biv65o/the_blackmail_email_scam_part_3/

There have been many recent posts about the blackmail email scam, so I have written this post and will keep it stickied until the posts about the scam die down. If you are reading this because you have received one of these emails and you are worried, you can stop worrying. The blackmail email scam is a spam campaign that is sent out to thousands of addresses at a time. In al cases, the threats are lies and you do not have anything to worry about. In many cases, the emails will contain information about you such as your name, part or all of your phone number, and your password. The emails may also look like they were sent from your own email address. The data is gathered from data breaches, and if the email looks like it came from your account that is due to email spoofing. You can use the service Have I Been Pwned? to see if you are in any publicly known data breaches. If you receive an email that contains a password that you currently use, you should immediately change that. Current recommended password guidelines say that you should use a different, complex password for every account. You can generate and save passwords using a password manager for convenience. You should also be using two factor authentication using an app like Google Authenticator instead of receiving codes through SMS.
Here are some news articles about this scam. Here is a story from Brian Krebs, and here is a story from the New York Times.
Below are a few examples, but if you receive an email that is similar but not the same as the examples you see, that does not matter and does not mean that the email is real. The spammers constantly switch up their templates in order to bypass spam filters, so it's normal to receive an email that hasn't yet been posted online.
Hey there
So I am the hacker who cracked your email address and device a few weeks back.
You typed in your pwd on one of the sites you visited, and I intercepted that.
Here is your password from (redacted) upon time of compromise: (redacted)
Obviously you can can change it, or even already changed it.
However it won't really matter, my malware modified it every time.
Do not really try to contact me personally or find me.
Via your email, I uploaded harmful code to your Operation System.
I saved your entire contacts together with buddies, fellow workers, loved ones along with a entire history of visits to the World wide web resources.
Also I set up a Virus on your system.
You aren't my only target, I generally lock computers and ask for a ransom.
But I was hit by the web pages of romantic material that you normally stop by.
I am in shock of your own fantasies! I have never ever noticed anything at all like this!
Consequently, when you had enjoyment on piquant web-sites (you know what I am talking about!) I made screenshot with utilizing my program from your camera of yours device.
There after, I put together them to the content of the currently viewed site.
There will certainly be giggling when I send these pics to your connections!
Nevertheless I am certain you do not need this.
Therefore, I expect to have payment from you for my silence.
I feel $859 is an satisfactory price for this!
Pay with Bitcoin.
My Bitcoin wallet is xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If you do not really understand how to do this - submit in to Google 'how to transfer money to the bitcoin wallet'. It is easy.
Immediately after getting the given amount, all your files will be right away destroyed automatically. My computer virus will also get rid of itself through your operating-system.
My Trojan viruses have auto alert, so I know when this specific e mail is read.
I give you 2 days (48 hours) to make a payment.
If this does not occur - just about all your associates will get outrageous pictures from your darkish secret life and your system will be blocked as well after two days.
Do not end up being foolish!
Police or buddies won't support you for sure ...
P.S I can provide you with recommendation for the future. Do not type in your security passwords on risky web pages.
I wish for your wisdom.
Bon voyage.
Your computer device was attacked by the malicious app . Whats the trouble? I placed my malicious agent on a erotica portal, you clicked on this data and promptly adjusted the malware to your computer . The hostile program made your selfie-camera shooting and I enjoy the videotape with you dash your doodle. In next 5 hours this hostile program copied all your contacts. Right now, I receive your all your contact information and video with you masturbating, and now if you wish me to destroy all the data affect payment 350 $USD in BTC digital currency. Other way I want forward that this record to all your contacts . I forward you my Bitcoin wallet - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX You possess 27 hours after reading. In a case if I possess transaction I am going to undo that this record once for all. I beg pardon for my mistakes- I live in China . P.S. this postal address, I have thieved it
Good day,
If you had been more careful while caressing yourself, I wouldn't worry you. I don't think that playing with yourself is very bad, but when all your colleagues, relatives and friends get a video recording of it - it is definitely bad for you.
I placed malicious software on a website for adults (with porn) which was visited by you. When the target taps on a play button, your device starts recording the screen and all cameras on your device begin to work.
Moreover, my program allows a remote desktop connection with keylogger function from the device, so I could collect all contacts from your e-mail, messengers and other social networks. I'm writing on this e-mail cuz it's your working address, so you must check it.
I suppose that three hundred twenty usd is good enough for this little misstep. I made a split screen video (recorded from your screen (u have interesting tastes ) and camera ooooooh... its awful AF)
So it's your choice. If you want me to erase this compromising evidence, use my Bitcoin wallet address: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX You have one day after opening my message; I put a special tracking pixel in it, so when you will open it I will see. If you want me to show you the proofs, reply to this message and I will send my creation to five contacts that I got from your contacts.
P.S. You can try to complain to the police, but I don't think that they can help, the investigation will last for 5 month- I'm from Ukraine - so I dgf lmao
Hey there
So I am the hacker who cracked your email address and device a few weeks back.
You typed in your pwd on one of the sites you visited, and I intercepted that.
Here is your password from (redacted) upon time of compromise: (redacted)
Obviously you can can change it, or even already changed it.
However it won't really matter, my malware modified it every time.
Do not really try to contact me personally or find me.
Via your email, I uploaded harmful code to your Operation System.
I saved your entire contacts together with buddies, fellow workers, loved ones along with a entire history of visits to the World wide web resources.
Also I set up a Virus on your system.
You aren't my only target, I generally lock computers and ask for a ransom.
But I was hit by the web pages of romantic material that you normally stop by.
I am in shock of your own fantasies! I have never ever noticed anything at all like this!
Consequently, when you had enjoyment on piquant web-sites (you know what I am talking about!) I made screenshot with utilizing my program from your camera of yours device.
There after, I put together them to the content of the currently viewed site.
There will certainly be giggling when I send these pics to your connections!
Nevertheless I am certain you do not need this.
Therefore, I expect to have payment from you for my silence.
I feel $859 is an satisfactory price for this!
Pay with Bitcoin.
My Bitcoin wallet is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If you do not really understand how to do this - submit in to Google 'how to transfer money to the bitcoin wallet'. It is easy.
Immediately after getting the given amount, all your files will be right away destroyed automatically. My computer virus will also get rid of itself through your operating-system.
My Trojan viruses have auto alert, so I know when this specific e mail is read.
I give you 2 days (48 hours) to make a payment.
If this does not occur - just about all your associates will get outrageous pictures from your darkish secret life and your system will be blocked as well after two days.
Do not end up being foolish!
Police or buddies won't support you for sure ...
P.S I can provide you with recommendation for the future. Do not type in your security passwords on risky web pages.
I wish for your wisdom.
Bon voyage.
I Have YOUR code. I rule phone xxxx
I SENT this newsletter from YOUR ACCOUNT.
I look your device.
I am in daze of your sex act fantasies!
I made backup your contacts and files. I made screenshots from your digital camera of yours device.
I want 888 $ to my (Bitcoin
My )Bitcoin currency
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If YOU don't transaction )Bitcoin. I share my quake of your golden age of porn fantasies with your contacts!
If you do not know how to do this - enter into Google/
=how to transfer money to a Bitcoin& wallet-
Time 30 hours.
This excellent post as Subway & Dairy Queen.
Hello!
I'm a programmer who cracked your email account and device about half year ago. You entered a password on one of the insecure site you visited, and I catched it.
Of course you can will change your password, or already made it. But it doesn't matter, my rat software update it every time.
Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System. I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources. Also I installed a rat software on your device and long tome spying for you.
You are not my only victim, I usually lock devices and ask for a ransom. But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I've never seen anything like this! I did not even know that SUCH content could be so exciting!
So, when you had fun on intime sites (you know what I mean!) I made screenshot with using my program from your camera of yours device. After that, I jointed them to the content of the currently viewed site.
Will be funny when I send these photos to your contacts! And if your relatives see it? BUT I'm sure you don't want it. I definitely would not want to ...
I will not do this if you pay me a little amount. I think $877 is a nice price for it!
I accept only Bitcoins. My BTC wallet: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy. After receiving the above amount, all your data will be immediately removed automatically. My virus will also will be destroy itself from your operating system.
My Trojan have auto alert, after this email is looked, I will be know it!
You have 2 days (48 hours) for make a payment. If this does not happen - all your contacts will get crazy shots with your dirty life! And so that you do not obstruct me, your device will be locked (also after 48 hours)
Do not take this frivolously! This is the last warning! Various security services or antiviruses won't help you for sure (I have already collected all your data).
Here are the recommendations of a professional: Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!
I hope you will be prudent. Bye.
Same as before but they increased the amount
I got an order from someone to kill you and your family
but I am far from your house
if you still love your family, I ask you to transfer 0.1 BTC to me.
If you report this email, I will immediately kill your family.
FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!
We Hacked network. We Caught Communications. We Backuped DATA And DOCUMENTS. We send this mail to you in YOUR account.
After analyzing documents. We found Illegal activity - HIDING TAXES.
That we want?
I want two (2) Bitcoin To wallet Bitcoin. 1Dz7DbQmE7SNm3C5mb9syPcctgZECcCEbL
That we do if you don't pay bitcoin?
We send these Documents and Proofs to your Tax Department.
And in this time Your network will be DDoS. Read that in this link https://en.wikipedia.org/wiki/Denial-of-service\_attack
We are locking your operation system. Our friends, WannaCry, ready start and waiting command. Read that in this link https://en.wikipedia.org/wiki/WannaCry\_ransomware\_attack
This is our guarantee, that you don't clean evidence and building a protection policy.
If you don't pay by in 7 days, attack will start.
Attack including.
1.DDOS 2.Locking operation system 3.Sending all documents in Tax Departament
Yours service going down permanently and price to stop will increase to Four (4) BTC, Price will go up one (1) BTC for every day of the attack.
This is not a joke.
Our attacks are extremely powerful - sometimes over 1 Tbps per second. And we pass CloudFlare and others remote protections! So, no cheap protection will help.
Prevent this problem all with just Two (2) BTC Pay to our wallet Bitcoin. 1Dz7DbQmE7SNm3C5mb9syPcctgZECcCEbL
AND YOU WILL NEVER AGAIN HEAR FROM US!
If you read, hear fake-experts and assure yourself that this is not true. Remember that they are not responsible and your life don't important him. Their business is to speak and make money. Your business to do and make money and stay freedom.
All mistakes in text we do specily.
Bitcoin is anonymous, nobody will ever know you cooperated.
Time started after open this mail. To track the reading of a message and the actions in it, I use the facebook pixel. Read that in this link
Hello!
I am a hacker who has access to your operating system.
I also have full access to your account.
I've been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this,
transfer the amount of $500 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: x
After receiving the payment, I will delete the video and you will never hear me again.
I give you 50 hours (more than 2 days) to pay.
I have a notice reading this letter, and the timer will work when you see this letter.
Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.
If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards.
Hey, I know your password is:
Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".
My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.
I collected all your private data and I was spying on you, I RECORDED (through your webcam) embarrassing moments of you, you know what I mean!
After that I removed my malware to not leave any traces.
I can publish all your private data everywhere and I can send the videos to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are!
Only you can prevent me from doing this and only I can help you out in this situation.
Transfer exactly 1200$ with the current bitcoin (BTC) price to my bitcoin address.
It's a very good offer, compared to all that horrible shit that will happen if I publish everything!
You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger. You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.
My bitcoin address is:
Copy and paste my address, it's (cAsE-sEnSEtiVE)
I give you 3 days time to transfer the bitcoin!
As I got access to this email account, I will know if this email has already been read. If you get this email multiple times, it's to make sure you read it and after payment you can ignore it. After receiving the payment, I will remove everything and you can life your live in peace like before.
Next time update your browser before browsing the web!
НЕLLО!
I’m going to cut to thе chӓsе.I know ӓbout thе sеcrеt you ӓrе kееping from your wifе.Morе importӓntly,I hӓvе еvidеncе of whӓt you hӓvе bееn hiding.I won’t go into thе spеcifics hеrе in cӓsе your wifе intеrcеpts this,but you know whӓt I ӓm tӓlking ӓbout.
You don’t know mе pеrsonӓlly ӓnd nobody hirеd mе to look into you.Nor did I go out looking to burn you.It’s just your bӓd luck thӓt I stumblеd ӓcross your misӓdvеnturеs whilе.I thеn put in morе timе thӓn I probӓbly should hӓvе looking into your lifе.Frӓnkly,I ӓm rеӓdy to forgеt ӓll ӓbout you ӓnd lеt you gеt on with your lifе.And I ӓm going to givе you two options thӓt will ӓccomplish thӓt vеry thing.Thosе two options ӓrе to еithеr ignorе this lеttеr,or simply pӓy mе $822.Lеt’s еxӓminе thosе two options in morе dеtӓil.
Option 1 is to ignorе this lеttеr.Lеt mе tеll you whӓt will hӓppеn if you chosе this pӓth.I will tӓkе this еvidеncе ӓnd sеnd it to your wifе. And ӓs insurӓncе ӓgӓinst you intеrcеpting it bеforе your wifе gеts it,I will ӓlso sеnd copiеs to hеr friеnds ӓnd fӓmily.So,Evеn if you dеcidе to comе clеӓn with your wifе,it won’t protеct hеr from thе humiliӓtion shе will fееl whеn hеr friеnds ӓnd fӓmily find out your sordid dеtӓils from mе.
Option 2 is to pӓy mе $822.Wе’ll cӓll this my ‘confidеntiӓlity fее.’Now lеt mе tеll you whӓt hӓppеns if you choosе this pӓth.Your sеcrеt rеmӓins your sеcrеt.You go on with your lifе ӓs though nonе of this еvеr hӓppеnеd.Though you mӓy wӓnt to do ӓ bеttеr job ӓt kееping your misdееds sеcrеt in thе futurе.
At this point you mӓy bе thinking,‘I’ll just go to thе cops.’Which is why I hӓvе tӓkеn stеps to еnsurе this lеttеr cӓnnot bе trӓcеd bӓck to mе.So thӓt won’t hеlp,ӓnd it won’t stop thе еvidеncе from dеstroying your lifе.I’m not looking to brеӓk your bӓnk.I just wӓnt to bе compеnsӓtеd for thе timе I put into invеstigӓting you. $822 will closе thе books on thӓt.
Lеt’s ӓssumе you hӓvе dеcidеd to mӓkе ӓll this go ӓwӓy ӓnd pӓy mе thе confidеntiӓlity fее.In kееping with my strӓtеgy to not go to jӓil,wе will not mееt in pеrson ӓnd thеrе will bе no physicӓl еxchӓngе of cӓsh.You will pӓy mе ӓnonymously using bitcoin.If you wӓnt to kееp your sеcrеt thеn sеnd $822 in bitcoin to thе Rеcеiving Bitcoin Addrеss listеd bеlow.Pӓymеnt must bе rеcеivеd within 1 dӓys of thе post.
You should mӓkе ӓ trӓnsӓction of using bitcoins (cryptocurrеnsy): x
[Bitcoin dеtӓils]
Tеll no onе whӓt you will bе using thе bitcoin for or thеy mӓy not givе it to you.Thе procеdurе to obtӓin bitcoin cӓn tӓkе ӓ dӓy or two so do not put it off.Agӓin pӓymеnt must bе rеcеivеd within 1 dӓys of this lеttеr’s post mӓrkеd dӓtе.If I don’t rеcеivе thе bitcoin by thе dеӓdlinе,I will go ӓhеӓd ӓnd rеlеӓsе thе еvidеncе to еvеryonе.If you go thӓt routе,thеn thе lеӓst you could do is tеll your wifе so shе cӓn comе up with ӓn еxcusе to prеpӓrе hеr friеnds ӓnd fӓmily bеforе thеy find out.Thе clock is ticking.
And here are some common keywords used in the email so that this thread can be found by people Googling the email:
"Marlware, international hacker group, No‌ p‌erso‌n has co‌mp‌ensat‌ed, very o‌wn vid‌eo‌ cli‌p, software on the adult, porno sitio, one of your pass word, .br, specific pixel, sexual content web portal, a malware on the adult, a malware on the, double-screen, is a reasonable price tag for our little secret, you have a good taste lmao, I placed a malware on the adult vids, your browser began operating as a RDP, had been abusing yourself in front of computer display, you are one of those people that downloaded the malicious, I made a split-screen video, While you were watching the video, your web browser acted as, malware on the porn website and guess what, an unique pixel, you jerked off while watching an online video, When you pressed the play button the virus begins saving all the things thru, ja.scr, My malicious soft started your front cam, and also send the video link to all of yourfriends, I infected your gadget with a malware and now, AnywaysI downloaded all contacts, my program quickly got into your system, To a time where you jerk off watching","For the present moment I have at my disposal all, When you arouse sexually watching porno, In such a way all needed compromising material and contact, All information to yours SNSs user accounts, You watched sexual content portal and toss","Hello! WannaCry is back! All your, in front of the screen browsing adult stuff, As you flog the dummy watching, U are going to be offered 5 days after checking this notice, RAT 68006, the damnific malware, pastime and entertainment there, not my single victim, beat the dummy, buff the muffin, choke a chicken, front camera capturing video, with you frigging, with you chaturbating, with you masturbating, web digicam, U are going to have 5 dayss, i utilize just hacked wi, pressured this trojan to, glue a pair of videos, glue two videos, the RAT, if you want me to destroy this whole video, downloaded all contacts from your computer, your list of contacts or relatives will, I made a video that shows how you masturbate, hacked you through a virus in an ad on a porn website, my illiteracy, nоt mind on my illiterаcy, I рilfered all рrivy bаckground, videоtaре with yоur masturbаtion, my delеtеrious soft, cаmеra shооt the videоtaрe, you sеlf-аbusing, Differently I will send the video to all your colleagues and friends, your front-camera made the videotape with you self-abusing, RAT 98390 malware, the minute you went to one adult page, information to contact info I discovered on your devices and remember there is a lot of these, not including Double VPN As a result, I forced my malware to hook up to a mic, web camera and catch the video from it, poisoned a number of adult sites, video clip to fit on a single tv screen, This letter has invisible monitoring program inside and i will be aware of when you are going to check, doing ur stuff and a clip u jerked to, the investigation will last, I uploaded our malicious program on your device, furthermore malware saved exactly the video you chose, its a record with your wanking, friends will see u taking proper care of yourself, Your system is controlled by the malicious program, If you were more careful while playing with yourself, that whacking off to adult web-sites is, adult website which was poisoned with my malware, nor i think that jerking off to porn sites is really a gross thing, so I dgf lmao, proof just reply to this email with, if you want me to destroy all this compromising evidence, will send your video to 5 contacts, amount in Usd that can cope with this scenario, You are welcome to contact your local authorities, If you want proof, reply with, i pride myself in being apart of an internet group, so i dgf, I take good care of my being anonymous, information related to the RAT virus, been able get in to all ur units, to all of your contacts including, search engines like goo, case sensitive, so copy,, and at this moment I, It is a non-nego, don't waste my perso, thi s mes, back while visiting, showe ring, what should you do ?, porno webpage, this embarrassing situation, navigated to the page, bare-assed, on well-known websites and publications, I got an order from someone to kill you and your family, immediately kill your family, is an explosive device, My mercenary is, explosive device detonates, triggered your webcam, piquant websites, my exploit downloaded, replenish btc wallet, i‌nstanta‌neo‌usly ‌erase, actua‌l r‌eco‌rded ma‌t‌eri‌al, n‌egl‌ect this ‌ema‌i‌l, my RAT trojan, video you jerked, I used keylogger, your disk dump, malware intercepts, installed a malware, remo‌v‌e yo‌ur vi‌deo‌ fo‌o‌ta‌ge, RAT onto your computer, greasy stimulating actions, excentric preferrables, porn web-page, to your Tax Department, network will be DDoS, friends, WannaCry, building a protection policy, in Tax Departament, Yours service going, we pass CloudFlare, hear fake-experts, backuped phone, -1663, of your joys, digits your phone, (porno), BIG pervert, both files and scale, naughty video clips, Soy un hacker, I installed spyware, n website with teen, malware on the porn website, very own recorded material""Marlware, international hacker group, No‌ p‌erso‌n has co‌mp‌ensat‌ed, very o‌wn vid‌eo‌ cli‌p, software on the adult, porno sitio, one of your pass word, specific pixel, sexual content web portal, a malware on the adult, a malware on the, double-screen, is a reasonable price tag for our little secret, you have a good taste lmao, I placed a malware on the adult vids, your browser began operating as a RDP, had been abusing yourself in front of computer display, you are one of those people that downloaded the malicious, I made a split-screen video, While you were watching the video, your web browser acted as, malware on the porn website and guess what, an unique pixel, you jerked off while watching an online video, When you pressed the play button the virus begins saving all the things thru, ja.scr, My malicious soft started your front cam, and also send the video link to all of yourfriends, I infected your gadget with a malware and now, AnywaysI downloaded all contacts, my program quickly got into your system, To a time where you jerk off watching","For the present moment I have at my disposal all, When you arouse sexually watching porno, In such a way all needed compromising material and contact, All information to yours SNSs user accounts, You watched sexual content portal and toss","Hello! WannaCry is back! All your, in front of the screen browsing adult stuff, As you flog the dummy watching, U are going to be offered 5 days after checking this notice, RAT 68006, the damnific malware, pastime and entertainment there, not my single victim, beat the dummy, buff the muffin, choke a chicken, front camera capturing video, with you frigging, with you chaturbating, with you masturbating, web digicam, U are going to have 5 dayss, i utilize just hacked wi, pressured this trojan to, glue a pair of videos, glue two videos, the RAT, if you want me to destroy this whole video, downloaded all contacts from your computer, your list of contacts or relatives will, I made a video that shows how you masturbate, hacked you through a virus in an ad on a porn website, my illiteracy, nоt mind on my illiterаcy, I рilfered all рrivy bаckground, videоtaре with yоur masturbаtion, my delеtеrious soft, cаmеra shооt the videоtaрe, you sеlf-аbusing, Differently I will send the video to all your colleagues and friends, your front-camera made the videotape with you self-abusing, RAT 98390 malware, the minute you went to one adult page, information to contact info I discovered on your devices and remember there is a lot of these, not including Double VPN As a result, I forced my malware to hook up to a mic, web camera and catch the video from it, poisoned a number of adult sites, video clip to fit on a single tv screen, This letter has invisible monitoring program inside and i will be aware of when you are going to check, doing ur stuff and a clip u jerked to, the investigation will last, I uploaded our malicious program on your device, furthermore malware saved exactly the video you chose, its a record with your wanking, friends will see u taking proper care of yourself, Your system is controlled by the malicious program, If you were more careful while playing with yourself, that whacking off to adult web-sites is, adult website which was poisoned with my malware, nor i think that jerking off to porn sites is really a gross thing, so I dgf lmao, proof just reply to this email with, if you want me to destroy all this compromising evidence, will send your video to 5 contacts, amount in Usd that can cope with this scenario, You are welcome to contact your local authorities, If you want proof, reply with, i pride myself in being apart of an internet group, so i dgf, I take good care of my being anonymous, information related to the RAT virus, been able get in to all ur units, to all of your contacts including, search engines like goo, case sensitive, so copy,, and at this moment I, It is a non-nego, don't waste my perso, thi s mes, back while visiting, showe ring, what should you do ?, porno webpage, this embarrassing situation, navigated to the page, bare-assed, on well-known websites and publications, I got an order from someone to kill you and your family, immediately kill your family, is an explosive device, My mercenary is, explosive device detonates, triggered your webcam, piquant websites, my exploit downloaded, replenish btc wallet, i‌nstanta‌neo‌usly ‌erase, actua‌l r‌eco‌rded ma‌t‌eri‌al, n‌egl‌ect this ‌ema‌i‌l, my RAT trojan, video you jerked, I used keylogger, your disk dump, malware intercepts, installed a malware, remo‌v‌e yo‌ur vi‌deo‌ fo‌o‌ta‌ge, RAT onto your computer, greasy stimulating actions, excentric preferrables, porn web-page, to your Tax Department, network will be DDoS, friends, WannaCry, building a protection policy, in Tax Departament, Yours service going, we pass CloudFlare, hear fake-experts, backuped phone, -1663, of your joys, digits your phone, (porno), BIG pervert, both files and scale, naughty video clips, Soy un hacker, I installed spyware, n website with teen, malware on the porn website, very own recorded material"
submitted by EugeneBYMCMB to Scams [link] [comments]

Strengthening Data Security Using Blockchain

https://www.cxotoday.com/news-analysis/strengthening-data-security-using-blockchain/
With businesses across the world riding the digital wave, data will be a key competitive differentiator in their successful transformation stories. Besides the massive data deluge, with the advent of hybrid cloud business models today, data goes beyond the perimeter of an organization. While data leaks and hacks can prove to be hazardous for any organization, it would especially be damaging in cases where data is centralized. This leads to a powerful shift in the paradigm for decentralized and distributed ledger technology (DLT) applications.
Security ‘hexad’ using blockchain
Blockchain is a foundational technology that has the potential to revolutionize the world, similar to what the internet did in the past. The information security triad can be enhanced to a ‘hexad’ with blockchain-based decentralized data security for enterprises.
The decentralized immutable distributed-ledger technology on a peer-to-peer (P2P) network based on cryptographic concepts and consensus algorithms uses a cryptographic one-way hash, internally which helps to identify any alteration done to the blockchain data making it more transparent, reliable, trustable and independent also ensuring data integrity.
Asymmetric encryption with public-private key pair is used for making transactions on the ledger providing non-repudiation, and accountability. Since data is distributed on a P2P network (ensuring availability), there’s no single point of failure making it difficult for hackers to tamper data at multiple places. Consensus algorithms, or conditions on which a group agrees to put transactions in blockchain, help in decentralized distribution of power and forms the base of trust.
Permissioned blockchain (example Hyper-ledger Fabric) are kind of hybrid models where networks require participants to have authorization for access thus ensuring privacy. These could be used by multiple organizations participating in the blockchain network forming a consortium in a decentralized way while maintaining confidentiality. Fine-grained access control and data sharing mechanisms ensure that confidential data is shared only among the intended audience. While permission-less blockchain (example Bitcoin) have data publicly available to view, it would have computing intensive or complex powerful consensus algorithms to validate and update ledgers in order to deter DOS (Denial-of-service) attacks.
Data once entered in a blockchain network is immutable, i.e. not changeable until more than one-third of the network is compromised, which would ideally not be the case in a P2P distributed network. This also helps in establishing trust between unknown parties without the need for intermediaries, further reducing transactional and operational costs.
When data goes beyond the perimeter, organizations can be sure that data is unaltered, not accessed by cloud vendors or anyone else ensuring privacy and integrity. Confidential agreements could be on blockchain using smart contracts which execute automatically when consensus conditions are met. Any litigation or disputes raised could be easily settled real-time, thus establishing accountability. The features in the hexad, along with immutable data in blockchain, make auditing easy and reliable.
Reducing cyberattacks and enhancing security
When a request is placed on a browser, it sends it to a network of computers called Domain Naming System (DNS). DNS is like a phonebook for the internet. It resolves the website to an IP address which helps in connecting to the right server on the internet. Typically, DNS servers are centralized by nature. Making DNS decentralized and distributed using blockchain could reduce cyberattacks and enhance security.
Multi-layered security frameworks based on blockchain technology decentralize the risk and reduce sophisticated phishing attacks for organizations. Encrypted data, decentralized storage and publicly visible ledgers (for transparency) can instill a new set of cybersecurity priorities for governments and other public institutions, while private and permissioned blockchain help in transforming the enterprise data operational models.
Identity verification procedures provided by authorized institutions on blockchain network help for secure and reliable validation and sharing of information. Device identity on blockchain for IoT security can reduce device impersonation and spoofing attacks. End users who worry about the security of their digital footprint can be self-sovereign, i.e., own data and share on need basis on a decentralized internet using blockchain. This also makes customers active stakeholders and can change how organizations handle information from everybody who interacts with their network, transforming the business models.
Blockchain- now and the future
Hyper-ledger umbrella is a global open source collaborative effort hosted by the Linux Foundation for multiple blockchain projects, libraries and tools for various enterprise and industrial deployments. Blockstack is an open source blockchain-based decentralized computing platform which provides a full- stack alternative to traditional cloud computing for building secure decentralized applications.
US space-agency NASA utilizes blockchain technology open source permissioned network for tracking air-traffic to curb cyberattacks on aerospace agents. This is to enhance privacy and security of aircraft data for corporate and military flight operations, helping in preventing unwarranted public access to confidential data. NASA has also signed up for an autonomous spacecraft project based on blockchain along with AI, networking and sensor-based technologies.
Certain quantum computing techniques have the potential to break the cryptography algorithms used in blockchain but less likely in permission blockchain since the participants are verified and authorized. The solution is to build quantum-resistant ledgers. Enterprises adopting this technology need to pick appropriate use cases to get maximum benefit.
In the future, world trade, tokenization of valuable assets, self-sovereign digital identity, public sector facilities and benefits, health-care data, strengthening security, congruence of IoT, AI and blockchain for autonomous decentralized products and services are likely to have wide adoption in real-time based on blockchain technology.
Enterprises with hybrid cloud models adopting blockchain for data security can be confident about their data security even beyond the perimeter, and ensure required audit and compliances with reduced costs. The disruptive and transformative potential of blockchain technology in enhancing data security will enable the emergence of new models, helping in digitally transforming the ecosystem for the better of the world.
submitted by BlockDotCo to u/BlockDotCo [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to BitcoinMarkets [link] [comments]

Let's talk DDOSing

Hi guys,
I want to open this thread to talk about the biggest problem we are all facing right now in Rainbow Six Siege. DDOS was always in some way a part of R6s, 3-4 seasons back it was quite rare to run across a booter on the enemy team. Now it has gotten so bad that you almost cannot play ranked on console anymore, atleast on high ranks like Platinum to Diamond.
For me personally i'm not even that mad because of booting the servers, on higher ranks you get to know enemy players by name and meeting them over and over across the years, and that just proves that the enemies are bad to the point of hitting the server down, which is satisfying because you know that you won that game.
But nonetheless it's game breaking, and im not trying to defend booting in any way, just my opinion.
Now some big youtubers are responding to the community by making videos to get the devs attention. This has been done over the last year or more, they never really gave their statement to ddosing as far as i know (correct me if im wrong) but they have always been working on stabilising their servers to reduce lag (and probably prevent booting). I'm certainly not a pro in terms of computers and IT, but i know things.
99% of the community says ddossing cannot be stopped. Okay, so Ubisoft does NOT own any server, these are microsoft Azure servers that ubisoft rents to run Rainbow Six (PC, XB & PS4). These servers have a Public IP Adress that can be tracked pretty easily if you have some basic computer knowledge and the right tool. Microsoft servers have securities to prevent attacks, and they have been optimizing security a number of times, but people kept finding new ways to perform attacks, since there are plenty.
*IF you already know and understand what ddos is, please skip this part, but since there are constantly new players on rainbow that report ddosing as server problems because they don't know what it is, i will explain it in easy terms.
So DDOS means Distributed Denial of Service, if i browse a website, my computer constantly exchanges packages with the IP adress of that site, so the site keeps track of what i'm doing and i can browse where i need to be. Now if i had 5000 computers in my room, every computer performing 100 demands on that website, all at the same time, you could imagine what happens. This is what DDOSers do on rainbow Six, via Botnets. Botnets are a large group of "infected" computers, that belong to this Botnet, without knowing so. So the DDOSer on Rainbow buys or gets a suscription for a botnet service which he then gets his acces to, either by a website or a programm like an SSH Telnet client (example: putty). By entering the IP Adress of that game server, he commands every bot that is part of the network to send a huge amount of fake data to that server, completety flooding him with demands, which ends up in crashing the server. In case of "game freezing", the botnet sends a calculated amount of data to barely keep the server going but too much for the server to actually handle other things, like player movement commands ect, that's why the game does not crash but nobody is able to move around.
The most popular Botnets for R6 can have between 50 - 10'000 bots connected, that's why booters feel safe when performing these attacks on MS servers, it can be very hard to define where the source of the attack is located, when 10'000 Computers all across the globe attack your server at once.
As i said earlier, many youtubers are starting to react to the community by making videos explaining the possible consequences to booting servers, talking about federal crimes, 10 years of imprisonnement ect.. What do you guys think, is it to scare the 12 year olds from trying to do these things or could it happen that Ubisoft takes people to court for this.
I mean technically the booter is not damaging anything, he doesn't steal or publish company data, and most of the servers are up and working again 10 minutes after the ddos. If you're a bit clever you will use a anonymous Email Adress for the service, possibly darknet mail, most booters accept bitcoin payments and suggest VPN usage, so i think the amount of work behind tracking down some 12 year old trying to get an advantage in Ranked is going to cost the company a lot of money and time...
I think all they can do is improve the security against these attacks and hope that hackers cannot figure out other efficient ways of stressing the servers.
People are saying why does ubisoft not just have own servers, that will likely never happen, because the costs of running such an infrastructure, with security, server rooms, cooling and Power costs, would never be an option for Ubi.
Feel free to share your knowledge and ideas or questions in this thread.
submitted by Sxzen to Rainbow6 [link] [comments]

Weekly news review (June 8-14)

Weekly news review (June 8-14)
Hello, fellow crypto enthusiasts! Let's dive right into last week's news.
https://preview.redd.it/ojx1zsdt2w431.png?width=1200&format=png&auto=webp&s=7d1bb4f351a34977763ef285b40caf48d31761ae

The carbon emissions generated by bitcoin (BTC) are comparable to the whole of Kansas City, and even a small country, according to a study published in the Joule journal on June 12.
Researchers used data from IPO filings and IP addresses in order to generate their findings. With annual emissions of CO2 estimated at between 22 and 22.9 megatons, bitcoin is placed somewhere between Jordan and Sri Lanka in international terms. The study suggests that this level would double if every other cryptocurrency was also taken into account.

Telegram, one of the most popular encrypted messaging app, briefly went offline for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers.
Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage Hong Kong protesters.
Many people in Hong Kong are currently using Telegram's encrypted messaging service to communicate without being spied on, organize the protest, and alert each other about activities on the ground.

Europol has revealed it’s developing a game aimed to teach law enforcement officers how to tackle crypto crime.
The game “will be the first law enforcement training opportunity on cryptocurrency and investigation using gamification,” said Europol.
The final product is planned for launch in October at the Europol-INTERPOL Cybercrime Conference.

Wednesday, June 12 — Top cryptocurrencies bitcoin (BTC), ether (ETH), and ripple (XRP) are all in the green.
After peaking around $9,000 in May, BTC crashed down to under $8,000 but seems to be slowly recovering. BTC was trading just shy of $8,000 earlier on Wednesday and was trading at $8,130 at press time. Overall, the top cryptocurrency is up by approximately 2.72% over the past 24 hours at press time.

Indian lawmakers have reportedly proposed to enforce a 10-year jail term for citizens who deal with cryptocurrencies, local financial news agency BloombergQuint reports on June 6.
The new tough crypto regulation is a part of a recently proposed draft bill called “Banning Cryptocurrencies and Regulation of Official Digital Currency Bill 2019.”
The regulation will reportedly relate to those who mine, hold, buy and sell cryptocurrencies, as well as those who deal with cryptocurrencies directly or indirectly in the country.
If passed, India’s bill will order cryptocurrency holders to declare their crypto assets within 90 days and to dispose the assets “in accordance with the prescription of central government,” the report notes. The bill includes a penalty system that reportedly envisions fines worth a three-fold amount from the “loss caused to the system” or from the gains of crypto holders, according to The Block.
Considered as “cognizable and non-bailable,” the offense can also lead to a 10-year jail sentence for those who break the new rules.

Let us know what you think in the comments section below!
submitted by rokkex to Rokkex [link] [comments]

IoT Testing !!!

IoT is a whole ecosystem that contains intelligent devices equipped with sensors (sensors) that provide remote control, storage, transmission and security of data. The Internet of Things (IoT) is an innovative solution in various areas such as healthcare, insurance, labor protection, logistics, ecology, etc. To unleash the full potential of using IoT devices, it is necessary to solve many problems related to standards, security, architecture, ecosystem construction, channels and device connection protocols. Today in the world, large organizations such as NIST, IEEE, ISO / IEC, and others make enormous efforts in addressing the issues of standardization, security, and the architecture of developed devices. Analysis of recent scientific research in the field of solving information security issues and data privacy of IoT devices showed positive results, but these methods and approaches are based on traditional methods of network security. The development and application of security mechanisms for IoT devices is a complex and heterogeneous task. In this regard, ensuring information security and the protection of sensitive data, as well as the availability of IoT devices, is the main purpose of writing this article. Given the above, many questions arise related to the security status of IoT devices, namely: What are the current standards and protocols for IoT? What are the requirements for ensuring information security of IoT devices? What security mechanisms do IoT devices have? What methods of testing IoT devices exist? Manufacturers and developers of IoT devices do not pay enough attention to security issues. With the development of cyber-attacks, attack vectors are becoming more sophisticated and aimed at several infrastructure elements at the same time. IoT infrastructure typically includes millions of connected objects and devices that store and share confidential information. Scenarios of theft and fraud, such as hacking and falsifying personal data, pose a serious threat to such IoT devices. Most IoT devices use the public Internet to exchange data, which makes them vulnerable to cyber-attacks. Modern approaches to information security often offer solutions to individual problems, when multi-level approaches offer increased resistance to cyber-attacks.
Challenges of testing IoT devices
To a request to name essential items, many would answer: food, a roof over your head, clothes … With one caveat: this was the case in the last century.
Since then, the species Homo Sapiens has accumulated needs. We need automatic sensors to control the lighting, not just switches, for smart systems to monitor health and car traffic. The list goes on … In general, we can make life easier and better.
Let’s try to figure out how all this Internet of things works before moving on to testing.
IoT testing
Content
What is the Internet of Things (IoT)? Examples of IoT devices # 1) Wearable technology: # 2) Infrastructure and development # 3) Health Technologies that are present in IoT IoT Testing # 1) Usability: # 2) IoT Security: # 3) Network features: # 4) Efficiency: # 5) Compatibility testing: # 6) Pilot testing: # 7) Check for compliance: # 8) Testing updates: IoT testing challenges # 1) Hard / soft # 2) Device Interaction Model # 3) Testing data coming in real time # 4) UI # 5) Network Availability IoT Testing Tools # 1) Software: # 2) Hard: Total What is the Internet of Things (IoT)? The Internet of things (or IoT) is a network that combines many objects: vehicles, home automation, medical equipment, microchips, etc. All these constituent elements accumulate and transmit data. Through this technology, the user controls the devices remotely.

Examples of IoT devices

# 1) Wearable technology: Fitbit Fitness Bracelets and Apple Watch smart watches sync seamlessly with other mobile devices.

IoT – watches and bracelets

Itís easier to collect health information: heart rate, body activity during sleep, etc.
# 2) Infrastructure and development The CitySense app analyzes lighting data online and turns lights on and off automatically. There are applications that control traffic lights or report on the availability of parking lots.
# 3) Health Some health monitoring systems are used in hospitals. The basis of their work is indicative data. These services control the dosage of drugs at different times of the day. For example, the UroSense application monitors the level of fluid in the body and, if necessary, increases this level. And doctors will learn about patient information wirelessly.
Technologies that are present in IoT RFID (Radio Frequency Identification), EPC (Electronic Product Code) NFC (ìNear Field Communicationî) provides two-way communication between devices. This technology is present in smartphones and is used for contactless transactions.
Bluetooth It is widely used in situations where near-field communication is sufficient. Most often present in wearable devices. Z-Wave. Low frequency RF technology. Most often used for home automation, lighting control, etc. WiFi. The most popular network for IoT (file, data and message transfer). IoT Testing Consider an example : a medical system that monitors health status, heart rate, fluid content, and sends reports to healthcare providers. Data is displayed in the system; archives available. And doctors are already deciding whether to take medication for the patient remotely.
IoT architecture
There are several approaches for testing the IoT architecture.
# 1) Usability: It is necessary to provide usability testing of each device. A medical device that monitors your health should be portable.
Sufficiently thought out equipment is needed that would send not only notifications, but also error messages, warnings, etc. The system must have an option that captures events, so that the end user understands. If this is not possible, event information is stored in the database. The ability to process data and exchange tasks between devices is carefully checked. # 2) IoT Security: Data is at the heart of all connected devices. Therefore, unauthorized access during data transfer is not ruled out. From the point of view of software testing, it is necessary to check how secure / encrypted the data is. If there is a UI, you need to check if it is password protected. # 3) Network features: Network connectivity and IoT functionality are critical. After all, we are talking about a system that is used for health purposes. Two main aspects are tested: The presence of a network , the possibility of data transfer (whether jobs are transferred from one device to another without any hitch). The scenario when there is no connection . Regardless of the level of reliability of the system, it is likely that the status of the system will be ìofflineî. If the network is unavailable, employees of the hospital or other organization need to know about it (notifications). Thus, they will be able to monitor the condition of the patient themselves, and not wait for the system to work. On the other hand, in such systems there is usually a mechanism that saves data if the system is offline. That is, data loss is eliminated. # 4) Efficiency: It is necessary to take into account the extent to which the healthcare solution is applicable in specific conditions. In testing, from 2 to 10 patients participate, data is transmitted to 10-20 devices. If the entire hospital is connected to the network, this is already 180-200 patients. That is, there will be more actual data than test data. In addition, it is necessary to test the utility for monitoring the system: current load, power consumption, temperature, etc. # 5) Compatibility testing: This item is always present in the plan for testing the IoT system. The compatibility of different versions of operating systems, browser types and their respective versions, devices of different generations, communication modes [for example, Bluetooth 2.0, 3.0] is extremely important for IoT. # 6) Pilot testing: Pilot testing is a mandatory point of the test plan. Only tests in the laboratory will allow us to conclude that the system is functional. In pilot testing, the number of users is limited. They make manipulations with the application and express their opinion. These comments turn out to be very helpful, they make a reliable application. # 7) Check for compliance: The system, which monitors the state of health, undergoes many compliance checks. It also happens that a software product passes all stages of testing, but fails the final test for compliance [testing is carried out by the regulatory body]. It is more advisable to check for compliance with norms and standards before starting the development cycle. # 8) Testing updates: IoT is a combination of many protocols, devices, operating systems, firmware, hardware, network layers, etc. When an update occurs – be it a system or something else of the above – rigorous regression testing is required. The overall strategy is being amended to avoid the difficulties associated with the upgrade.

IoT testing challengesIoT testing

# 1) Hard / soft IoT is an architecture in which software and hardware components are closely intertwined. Not only software is important, but also hard: sensors, gateways, etc.
Functional testing alone will not be enough to certify the system. All components are interdependent. IoT is much more complicated than simpler systems [only software or only hard].
# 2) Device Interaction Model Components of the network must interact in real time or close to real. All this becomes a single whole – hence the additional difficulties associated with IoT (security, backward compatibility and updates).
# 3) Testing data coming in real time Obtaining this data is extremely difficult. The matter is complicated by the fact that the system, as in the described case, may relate to the health sector.
# 4) UI An IoT network usually consists of different devices that are controlled by different platforms [iOS, Android, Windows, linux]. Testing is possible only on some devices, since testing on all possible devices is almost impossible.
# 5) Network Availability Network connectivity plays an important role in IoT. The data rate is increasing. IoT architecture should be tested under various connection conditions, at different speeds. Virtual network emulators in most cases are used to diversify network load, connectivity, stability, and other elements of load testing . But the evidence is always new scenarios, and the testing team does not know where the difficulties will arise in the future.

IoT Testing ToolsIoT and software

There are many tools that are used in testing IoT systems.
They are classified depending on the purpose:
# 1) Software: Wireshark : An open source tool. Used to monitor traffic in the interface, source / given host address, etc. Tcpdump : This tool does a similar job. The utility does not have a GUI, its interface is the command line. It enables the user to flash TCP / IP and other packets that are transmitted over the network. # 2) Hard: JTAG Dongle: A tool similar to debuggers in PC applications. Allows you to find defects in the code of the target platform and shows the changes step by step. Digital Storage Oscilloscope : checks various events using time stamps, power outages, signal integrity. Software Defined Radio : emulates a transmitter and receiver for various wireless gateways. IoT is an emerging market and many opportunities. In the foreseeable future, the Internet of things will become one of the main areas of work for tester teams. Network devices, smart gadget applications, communication modules – all this plays an important role in the study and evaluation of various services.
Total The approach to testing IoT may vary depending on the specific system / architecture.
Itís difficult to test IoT, but at the same time itís an interesting job, since testers have a good place to swing – there are many devices, protocols and operating systems.
PS You should try out the TAAS format (“tests from the user’s point of view”), and not just fulfill the formal requirements.
—————
Smart watches, baby-sitters, wireless gadgets and devices such as, for example, a portable radio station have long been part of everyday life.
Hackers have already proven that many of these attacks on IoT are possible.
Many people in general first learned about IoT security threats when they heard about the Mirai botnet in September 2016.
According to some estimates, Mirai infected about 2.5 million IoT devices, including printers, routers and cameras connected to the Internet.
The botnetís creators used it to launch distributed denial of service (DDoS) attacks, including an attack on the KrebsonSecurity cybersecurity blog.
In fact, the attackers used all devices infected with Mirai to try to connect to the target site at the same time, in the hope of suppressing the servers and preventing access to the site.
Since Mirai was first published on the news, attackers launched other botnet attacks on IoT, including Reaper and Hajime.
Experts say that such attacks are most likely in the future.
The Internet of Things (IoT) can bring many advantages to modern life, but it also has one huge drawback: security threats.
In its 2018 IOT forecasts, Forroter Research notes: ìSecurity threats are a major concern for companies deploying IoT solutions – in fact, this is the main task of organizations looking to deploy IoT solutions.
However, most firms do not regularly prevent IoT-specific security threats, and business pressure suppresses technical security issues. î
IoT security risks can be even more significant on the consumer side, where people are often unaware of potential threats and what they should do to avoid threats.
A 2017 IoT security survey sponsored by Gemalto Security Provider found that only 14 percent of consumers surveyed consider themselves IoT-aware.
This number is particularly noteworthy because 54 percent of the respondents owned an average of four IoT devices.
And these IoT security threats are not just theoretical.
Hackers and cybercriminals have already found ways to compromise many IoT devices and networks, and experts say that successful attacks are likely to increase.
Forrester predicted: “In 2018, we will see more attacks related to IoT … except that they will increase in scale and loss.”
What types of IoT security threats will enterprises and consumers face in 2018?
Based on historical precedent, here are ten of the most likely types of attacks.
  1. Botnets and DDoS attacks
  2. Remote recording The possibility that attackers can hack IoT devices and record owners without their knowledge is not revealed as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA).
Documents released by WikiLeaks implied that the spy agency knew about dozens of zero-day exploits for IoT devices, but did not disclose errors, because they hoped to use vulnerabilities to secretly record conversations that would reveal the actions of alleged opponents of America.
Documents pointed to vulnerabilities in smart TVs, as well as on Android and iOS smartphones.
The obvious consequence is that criminals can also exploit these vulnerabilities for their vile purposes.
  1. Spam In January 2014, one of the first known attacks using IoT devices used more than 100,000 Internet-connected devices, including televisions, routers, and at least one smart refrigerator to send 300,000 spam emails per day.
The attackers sent no more than 10 messages from each device, which makes it very difficult to block or determine the location of the incident.
This first attack was not far from the last.
IoT spam attacks continued in the fall with the Linux.ProxyM IoT botnet.
  1. APTs In recent years, advanced persistent threats (APTs) have become a serious concern for security professionals.
APTs are carried out by funded and widespread attackers such as nation states or corporations that launch complex cyberattacks that are difficult to prevent or mitigate.
For example, the Stuxnet worm, which destroyed Iranian nuclear centrifuges and hacking Sony Pictures 2014, was attributed to nation states.
Because the critical infrastructure is connected to the Internet, many experts warn that APTs may launch a power-oriented IoT attack, industrial control systems, or other systems connected to the Internet.
Some even warn that terrorists could launch an attack on iOT, which could harm the global economy.
  1. Ransomware Ransomware has become too common on home PCs and corporate networks. Now experts say that it is only a matter of time before the attackers begin to block smart devices. Security researchers have already demonstrated the ability to install ransomware on smart thermostats. For example, they can raise the temperature to 95 degrees and refuse to return it to its normal state until the owner agrees to pay a ransom in Bitcoins. They can also launch similar attacks on garage doors, vehicles, or even appliances. How much would you pay to unlock your smart coffee pot first thing in the morning?
  2. Data theft Obtaining important data, such as customer names, credit card numbers, social security numbers, and other personal information, is still one of the main goals of cyber attacks.
IoT devices represent a whole new vector of attack for criminals looking for ways to invade corporate or home networks.
For example, if an improperly configured device or IoT sensor is connected to corporate networks, this can give attackers a new way to enter the network and potentially find the valuable data that they need.
  1. Home theft As smart locks and smart garage doors become more commonplace, it is also more likely that cybercriminals can become real thieves.
Home systems that are not properly protected can be vulnerable to criminals with sophisticated tools and software.
Security researchers are unlikely to have shown that itís quite easy to break into a house through smart locks from several different manufacturers, and smart garage doors do not seem to be much safer.
  1. Communication with children One of the most disturbing IoT security stories came from children.
One couple discovered that the stranger not only used his monitor for children to spy on their three-year-old son, this stranger also spoke with his child through the device.
Mother heard an unknown voice: ìWake up, boy, dad is looking for you,î and the child said that he was scared because at night someone was talking to him on an electronic device.
As more and more children’s gadgets and toys connect to the Internet, it seems likely that these frightening scenarios may become more common.
  1. Remote control of a vehicle As vehicles become smarter and more accessible on the Internet, they also become vulnerable to attack.
Hackers have shown that they can take control of a jeep, maximize air conditioning, change the radio station, start the wipers, and ultimately slow down the car.
The news led to the recall of 1.4 million cars, but whitehat researchers, following the original exploit, said they discovered additional vulnerabilities that were not fixed by the Chrysler patch applied to the recalled cars.
Although experts say the automotive industry is doing a great job of ensuring vehicle safety, it is almost certain that attackers will find new vulnerabilities in such smart cars.
  1. Personal attacks Sometimes IoT covers more than just devices – it can also include people who have connected medical devices implanted in their bodies.
An episode of the television series Homeland attempted a murder aimed at an implanted medical device, and former vice president Dick Cheney was so worried about this scenario that he turned off the wireless capabilities on his implanted defibrillator.
This kind of attack has not yet happened in real life, but it remains possible, as many medical devices become part of the IoT.
submitted by farabijfa to u/farabijfa [link] [comments]

Investigation of (Dis-)Favor 1\3 questioning freedom of will (in Macro-society)

This item began as a simple idea to investigate "social construct" theory, a trendy theme in academia and identity politics. It turned into a staggeringly complex constellation of ideas, with surprises galore.
The idea occurs to me: validate (or not) 'social construction' of beauty. If not, then sense of beauty is innate (source is not one's society, but genetic or other episocial influences).
Natural Tendency towards Beauty in Humans: Evidence from Binocular Rivalry 2016 | plos (technical study)
Reading in Contemporary Aesthetics "Why Beauty Still Cannot Be Measured", by Ossi Naukkarinen, because beauty is a personal determination, and a metaphor of favor, but how is it determined? Example: which of these women looks beautiful to you? note: only descriptor for the AI search is "beautiful woman", AI learns about beauty by sifting mega-data; how effective is it? (achieves given goal?) AI results are socially constructed in the most explicit way possible! Beauty may not be measurable, but it can be selected (parsed) from non-beauty. Measurement is a comparison of some phenomenon to an abstract dimension. Selection is a go, no-go choice.
What is Nudge theory? This item straddles the fence between Macro and Micro societies, paradigmatic Nudges come from Macro sources, but include an option to choose without pressure to conform. Micro sources are always more direct; which side of the fence are you on, friend?. (Greener side, of course.)
What about searching for "good", images? note how often the WORD good is pictured. Good is a language construct that must be interpreted from the individual's perspective.
Ok, now search for "favor" images note that AI mostly interprets favor as a small gift, not as a preference (which is difficult to represent by image)
Well then, search for "preference", images note that the word preference happens to be used by a line of hair care products from L'Oreal, which dominates the returns... commerce rules!
social construct (def, search result)
validate (or not) 'social construction' of beauty
Is Socialism a social construct? (LoL) Socialism Defined (EVERY Country is Socialist!) 2.2k views Sep 29, 2019 Rokn'MrE
To (social) Construct, or Not to (social) Construct, is there a choice? (note most results are about gender)
Parsing gender
Discussion of gender is not my direction of choice in this part 1 investigation. I want to seek how an actor (esp. me) makes a choice, in a quest for freedom of will. Perhaps come back to gender in a future item.
person makes a choice, in a quest for freedom of will (selections available)
Exemplar Hyp (Harry) Frankfurt’s compatibilist theory of free will 2009 5pg.pdf
I notice my choice of article was partly determined, partly free, but parsing out those factors would be too much divergence from the goal here. But Truth (a two side coin) is my story, and I'm stickin' to it.
(previous link, compatibilism):
3 It explains our intuition that human beings, but not lower animals, have free will. Lower animals lack free will because they lack the second-order volitions which are constitutive of free will. (This item is unnecessary and probably not true; how do we know animals have no "second-order volitions"? Having no other language than "body", we can only surmise (guess) what their volitions are. Volitions come before actions, we cannot see them or interpret them in any way. Brain conditions might be interpreted with MRI scanning, but to put a subject in a scanning device is to prevent any other actions. Such measuring ruins the connection between mental state and volition being measured, except we can safely assume that every measurement of animals must default to the volition to escape the measuring device.)
That's the first-order, highlighted deviation from compatibility theory. Clarification of "second-order volition": a path from choice to action has an intermediate "middle-way" tunneling mode, contracting (taking on) a desire to make a choice, prior to making the choice. In order to prove freedom, one must establish the mental preference for an imagined outcome in order to prove that preference did come from within the person and was not forced by other external deciding factors (genetic factors are pre-determined).
incompatibilism Note: the approach is wrong by the universal assumption, IOW that the intersection of determined and free is zero. It's a supremacy position, or superposition principle (LoL), the error is in over-simplification. The Logic Argument (p.5) is not representative of reality, which is more nuanced. Therefore, Frankfurt's thesis is good (denial of incompatibilism), but not due to the case presented (superposition).
Take Frankfurt's case (p.4) of Black vs Jones4 to be analogy for State vs Individual. Silent Weapons for Quiet Wars (other sources exist, search for yourself)
The (myusername) determinism/free-will duality hypothesis (denial of incompatibilism due to non-zero intersection):
Most choices, including the choice of desires, are determined by contingencies of which one is the natural desire of the actor to optimize his/her outcomes ("best wishes"). Is a person always compelled to have best wishes? What is best depends on a person's mental state, which is usually determined by external factors, but those can vary in cogency (impact on behavior). Consider the choice to commit suicide, certainly not a trivial choice. (The Chosen means of execution (puns intended) is somewhat more trivial, but again, partly determined by external conditions.)
Some choices, nearly all trivial, are free because no interfering contingencies are apparent during the choosing interlude. It may happen in hindsight, that a past choice is observed to be a mistake, usually because some contingency was overlooked or unknown during the choosing. This observation should be remembered so as to avoid repeating a future choice like that mistake. Choices always have risks, including the choice to do nothing.
Different day, slightly different approach... parsing choice. 1 important choices that have many deep effects later, for instances a marriage partner, a new job, a new residence; 2 trivial choices which have minor effects, risks or physical involvement, for instances a choice of toothpaste at the market, to like or not a web-link or museum exhibit.
According to (myusername)'s determined/free paradigm, type 1 choices are nearly all determined by pre-existing conditions (not free). Type 2 choice is the arena of freedom. I suppose a person's low risk-aversion parameter could expand the envelope of freedom, but that's a characteristic that develops during maturation, one's history of choices and ensuing responses. Successful responses lead to more freedom, failures to less. So even when freedom exists, it accumulates a history (habits) which become a determinant.
Contracting the Social Construct Disorder (it's contagious) Take 1:
How does an actor (person in question who comes to an internal state, or inner-construct) interact with a community or society? Must it be IRL, or can virtual interaction suffice to construct internal states? And more to my point, must the interaction be two-way (containing feedback), or simply via broadcast medium? (broadcast includes published books, articles, records, radio, TV or Internet A/V shows, etc.)
Interaction with broadcast media can be summarized by: a choice, a degree of attention and focus (time spent on and attention given to item), a like/dislike or more complex reaction to item, having future behavior influenced by item, to continue a stream of behaviors (especially sequential item choices) as consequence of influence of item, to develop a complex of attitudes built upon stream of items (eg. just mentioned 'risk aversion parameter and habit).
Before going on, I notice that broadcast media is like Sunshine, Rain, and Grace. It is made available by participation in a community, and falls without curse or blessing, it's all there for the choosing (or ignoring), depending on the contingencies.
Mind control theory? (because mind is the inner source of volition... behavior, control the mind (easy), hence control the behaviors (difficult otherwise))
Mind control courtesy Tavistock Inst.
Construction of Favor (or any knowledge) upon Familiarity
What is Social Construction? (cntrlZ)
"For instance, trees are only differentiated from other plants by virtue of the fact that we have all learned to see them as "trees."
But we don't all know about trees to an equal degree. I know rather much about trees from my interaction with them: living among them, planting them, sawing them, moving them, burning them, etc., not from reading or talking about them. No doubt, there are many persons all over the world who have very little experience of trees, and cannot 'construct' treeness as well as me. Direct experience is more realistic and developed than social constructs.
Favor and Familiarity are interwoven by choice
I chose to live alone with trees and not alone with sea, or desert (for examples), because it was easier to go with trees. Was the choice free? I could have chosen city or suburb with even more ease than forest, so ease of choice was not the deciding factor, it was my preference of lonely forest over crowded urb that decided me. So maybe it wasn't really about trees, it was about independence or something else like that. When we choose, we may not understand the contingencies, but our decision (choice) may be due to habits or patterns that have developed in the maturity process. Habits are strong determinants, and they develop, according to Ian Plowman, 4 ways.
The cntrlZ article makes the case for 'Strong Social Construction' based on that 'knowing' which is all about language, certainly a social construct.
Within the social construction of language is the game. Outside the social construction is reality, the real world. (a list of social constructs follows)
That makes it clear. Experiences (direct ones) without resort to language are NOT social constructs. That observation makes another distinction clear: gender may be a social construct, as it's a language issue, but sex is not a social construct, it is a direct experience issue that develops in the maturation process: birth, infant, child, puberty, sexy adolescent, sexy adult, old (unsexy) adult, death. Prior to puberty, sex is incipient in its development, but comes to life, (like a flower blooms) after a decade or so. Knowing about sex as a child is by observation from outside (thru the looking glass), after puberty, it's direct experience, and much later, it's a fading memory.
Regarding Looking-glass self theory the notion of socially constructed identity (defining the self by differences/ affinities to others),
... the outcome of "taking the role of the other", the premise for which the self is actualized. Through interaction with others, we begin to develop an identity of our own as well as developing a capacity to empathize with others... Therefore, the concept of self-identity may be considered an example of a social construction.
... makes a spurious expansion of identity formation to include everyone (a unity), or nearly so. According to Reisman's Lonely Crowd, there is a triality of social nature, expounded by parsing people into tradition, inner, and other directed personalities. This theme was a scholar's response to the US trend toward consumerism and conformity to "norms", (local traditions, eg. "keeping up with the Joneses") mid-20th century. The social construct crowd would be Reisman's Other directed personality, which may truly be the majority, in USA certainly. However, the tradition-following and inner-directed personalities are a significant minority. Let's not ignore them (I'm in there.)
What is “Mob Mentality?”
Herd mentality | wkpd
Are All Personality Descriptions Social Constructions? Sep.2019 | psytdy
... that objective reality does not directly reveal itself to us, is true beyond a doubt.
The preceding statement author, JA Johnson, is way off (and his article is full of falseness). Objective reality IS direct experience, no more revealing modality exists. Denial of this obvious fact (just lied about above) is a redefinition of the term (a social construct). Experience is beyond language, thus beyond 'description'. However the following is a true reveal about (((Yews))) (the like of whom Dr. Johnson seems):
It is true that when we describe someone with socially undesirable traits... we are constructing for them a social reputation that might decrease their chance of success in life. This is precisely one of the concerns of (((social constructivists, like Dr. Johnson))), that certain categorizations (eg. a separate race) reduce power and status.
Proof that Truth is not a social construct (relative to culture, like morality absolutely is)... What do you believe in? Cultural Relativism
Conformity is a social construct (should be obvious, it's a social source of choices). What causes conformity? Social interactions, which traditionally occurred (Macro-version) in newspapers, magazines, cinema and radio programs. As culture changed the popular media to radio, TV and then to Internet, and church attendance fell out of vogue, the advertising industry became more powerful in defining social constructs. That's why Internet censorship is so important.
Who are the 'influencers' in society? (They used to be parents, teachers, peers... now it seems to be YouTubers, like PewDiePie. But an intentionally underplayed contingent of influencers is the predominantly Left-Leaning academia, who collectively promote Marxist preferences and political activism toward Socialist positions. Academia is pushing social construction because it provides an intellectual framework that denies the old (social injustice), and says ok to their preferred ideology, Cultural Marxism (new social "just us"; socially constructed ideas can be anything you want, their cogency depends on efficacy of publication).
Micro-Social Constructs are most cogent (due to conformity being human nature), discussed in part 2.
Bottom Line (part 1)
If you like freedom, and are serious about it, you must distance yourself from society, because it tries to reconstruct you according to the norm... conform!
Before you go, think about what is a hermit?, which should not be confused with Hermetic, name derived from Greek god Hermes. 7 Great Hermetic Principles – The Teachings of Thoth (illustrated)... same topic 2016
Investigation of (Dis-)Favor 2\3, Micro-Societies
Social Circles; Mates, Kin, Friends
note on Mates: school-, (prison) in-, marriage-, ship-, etc. note on my link choices, page rank has a strong influence
Social group (aka circle)
Is Conformity Human Nature? Don't blow this list off, if you want to understand social constructs. At least look at first item.
What is Social Proof?
Are Micro-societies any less 'constructing' than Macros? Or do some constructs exist for all realms, macro and micro? I think they are more constructing, because micros carry feedback, whereas macro is all absorption, individuals have negligible effects on society at large. They act in a statistical sense, with a few exceptions.
Concept vs Percept (concepts are stable mental recordings, and physical manifestations of them; percepts are changing sensations and reflexes which depend strongly on the situation, memories of which are variable too)
Favor, Good, and Beauty are words that belong in the same 'conceptual basket' (ward), they are alike, all refer to action 'like', as an affective (and affirmative) perception. Conversely for the word's opposites.
Perceptions are non-language reactions to stimuli, therefore not social constructs. They may be evoked into a social arena via language (or other virtual records), but these are only shadows of the perception, so what is evoked is drawn up from the receiver's own memories of perceptions.
Division of Labor (and role models) are Social Constructs
Sex is the most basic divider of labor, for all societies, especially the most primitive. As societies develop towards more technical, sex falls away from the divider, as natural talent and innate interest gain influence, until the basic operations of reproduction remain, the core division. What about rankings in the division?
natural tendency for dominance?
Are males naturally dominant in nature? | qra
(arguments opposing) Male Dominance (theory) with (bogus) "Explanations", by 2 feminist authors using Marxist ideology 2017 | verso While this blog seems to have obvious (to me) flaws, it does raise interesting ideas and references.
what attributes help males gain social status? Basic: status is competitive. It takes talent and effort to win.
To Raise Male Status (18 Rules) | @rctvmn (not because age 18 is best)
Dominance vs Prestige 2010 | psytdy Note: blatant bias toward Prestige via argument parsing Pride. (author is Jewish, maligns DJ Trump (nationalist), lauds John Lennon (globalist))
modes of thought: socially-controlled vs spontaneous
Major Component of Social-Construction: Public Education 3 Modes of Thought Jan.2019
Kaufman again: How Renaissance People Think 2011 | psytdy Note: We discussed concept vs percept, here Kaufman refers to fellow-Jew Seymour Epstein's dual modish rational vs experiential theory, same idea set.
polymath (short for Renaissance Man)
Favor-Goodness-Beauty paradigm
Favor is not favored in prior art, Truth takes Favor's place in the Transcendental Spectrum: Transcendentals 5pg.pdf
We have already seen the idea in part 1 that Truth is a disputed transcendental in the social-constructionism academic universe. Academics use the "universal fallacy" that their favored item is part of an incompatible pair, which by logic excludes everything not in their favor. They want to ignore the nuances in order to push an ideology toward a supremacy of thinking, just like in a totalitarian state.
Whereas the (myusername) principle of Truth, it has a dual nature, 1 relative to a society (democratic consensus); and 2 absolute to reality (math/science/technology). So 'Favor' is a better term because objective proof (no contest) is not required (except the meaning of objective that says 'objection!', meaning 'contest'). 'Favor' implies bias which is the subjective reaction that matches Goodness and Beauty better than 'Truth'.
Apply Truth-Goodness-Beauty paradigm to social construction
it is unconcerned with ontological issues...
because the aim of constructionists is to justify a collective "truth" of their own construction. A social construct is not absolute, it's anything a society wants it to be ("social proof"). That's a good description of tyranny... The Empowered Female Parasite 2014 (that's a surprising result, here is one not-surprising.)
Social Proof: established by culture media (mind control, a monopoly 2012 (scroll down long graphic), of the Juice 2015), go back to part 1, macrosocial constructs.
Does Appreciation of Beauty have any innate sources? (otherwise it's all a social construct) Neuroscience of Beauty; How does the brain appreciate art? 2011 | sciam (in brain)
Onward (Dis)-Favor Readers...
Investigation of (Dis-)Favor 3\3, House of Not-Friends
Contracting the Social Construct Disorder Take 2
Living outside the 'Normitory" (away from Dreamland (everybody's asleep), to where Nessun Dorma (nobody sleeps))
It so happens that an ethnic group which originated in eastern Mediterranean Middle-East evolved to specialize in intelligence, commerce, morally corrupt enterprises, and crime. Essential to their success was eugenic traditions that applied artificial selection to just those same specialties, which makes this ethnic group a formidable enemy. They have developed a very strong sense of in-groupness, and a vested interest in social construct studies. A unified collective is a more effective competitor than an inchoate population of diverse individuals.
This group has as ethnic traits: global dispersion (aka Diaspora), preference for urban environments (aka Cosmopolitan, or Globalist), covert inter-group rivalry (aka InfoWar), and deception (aka MOSSAD). This cosmopolitan group must operate covertly and deceptively, because those are effective tactics, and they are a small minority (2% of USA), therefore weak in the democratic sense.
Immoral Social Constructs enforced by 5th column subversives
wethefifth (political audio series)
serendipity: freethink
Another construct search, without gender reference
Is morality a social construct? If so, how can concepts such as 'good' exist? (note especially the links in top comment, to reddit posts)
"Good" can be understood as a variation of "Favor" as a direct experience (perception) of "like", rather than some idealized notion of an obvious social construct such as "greater good" (a theoretical derivation by interventionist actors-with-agendas trying to impose their own preferences upon others, IOW ideology hegemony pushers, for instance viz da wiz)
Cultural hegemony is the Chosen's mitzvah, that we all must go to Emerald City, land of Oz, where YHWH (impostor) rules.
Cultural hegemony
Concepts of Ideology, Hegemony, and Organic Intellectuals in Gramsci’s Marxism 1982
There is no universal morality. Morality is much like Beauty, in the mind of beholder (actor who holds to a specific moral code). Morality is a social construct, and varies between societies. (I think a fair definition of morality is a code of ethics which is community-specific.) For a society to sustain, it needs to be isolate from conflicting societies. If different societies, with different moralities must coexist, the natural tendency for actors in the same niche toward dominance will destroy or remake the subordinate societies, which reduces the conflicts.
Status Hierarchies: Do We Need Them? blog 2012 | psytd
a need for 'virtue signaling'? It's natural, and likely unavoidable, evidence pride displays.
Status Assignments: by birth (heredity) or merit (talent)?
Let's assume your morality values social effectiveness. The best path to that is to have talented persons dominant (meritocracy). Next we happen to know that talent is hereditary, but not perfectly so. Therefore birth (kinship, aka kingship) is only an indicator of talent, which is infrequent among low status groups, much higher among high status kinship groups. Thus we must conclude that awarding status by pedigree and family privilege is not the best way to effectiveness, but it often does work. What works best then, must be? a competitive system of merit-proving, with special attention to high-status families. (Helps if the natural tendency for snobbish repression is circumvented, for examples Han-style Civil Service Exams, and the Roman military promotion avenue, which occasionally led to top gun.)
Sustainable Competitive Advantages (aka moats): Network Effects 2019 | sEknα
Our Brain's Negative Bias 2003 | psytdA
Fear: it's the greatest (motivator) 2009 Owen Benjamin made a video about Fear over TIME 16 min.
Dominance Hierarchy employs FEAR to dominate
Dominance hierarchy | wkpd Social dominance theory | wkpd
scaring children is not ok, Sydney Watson blog 11 min
tools for social mobility and dominance (list)
9 Important Factors That Influence Social Mobility Social dominance orientation | wkpd SDO should theoretically be highly important to Jews, as their ethos tends strongly to emulate it among themselves and denigrate it towards outgroups (Goyim). Thus we should expect to see this field of study monopolized by Jewish scholars. Studying the Gentile: Fanciful Pseudoscience in the Service of Pathologizing the Covington Boys | OO
Contracting the Social Construct Disorder Take 3
Different day from Take 2. Re-consider interactions with a community or society: traditionally occurred locally, on Sunday meetings at church, parties, having a beer after work, town hall or children's group meetings, (eg. PTA, scouts) etc.
Re-consider "contracting". Original idea was meant to acquire, like a disease, not by design (choice), but determined by contingency (unlucky chance). Today, "contracting" means getting smaller, shrinking, like a cooling branding iron, or melting ice. Iron has several crystalline phases, the cooler, the more compact (more atomic order). Ice is contrary to most materials, as its crystalline structure is larger than its liquid phase, so as it melts (entropy always increases, going to less ordered) its atoms become more fluid. In both cases, the natural mode of change is toward ambient temperature. This trend (recursion to the mean) is maybe the most unbroken law of all physics.
Re-considering "Disorder"; original idea was meant as a mental disease, like ADHD (Attention Deficit Hyperactive Disorder), IOW anomalous condition, out-of-order, (order being assumed normal) in the human behavior dimension. Today it means individuals out-of-line, like discontinuities in a crystal. (Discontinuities are what make metal harder.)
When all the atoms of a metal are aligned (continuous), the state is called "annealed". This is the softest condition. When the metal has been "work hardened" by hammering, or forging, it acquires discontinuities (crystalline order becomes mucked up). This is a harder state. Hardness is measured by forcing a small ball into a test material and measuring the resulting depression (dent). Discontinuities resist dents and every other kind of deforming force (decreased plasticity (weakness) means increased elasticity and maximum yield (resilience, see Young's Modulus, Indentation hardness, Impact Toughness and Moh's Hardness)).
Now make analogy of metal with society. Non-conformist individuals (like followers of Marginotions) make society (if he-he-heeded) more resistant to outside forces (like George Soros, or seekers of Tikkun Olam) trying to make a dent in the established order (tradition, Protestant Ethic).
Contracting the Social Construct Disorder Take 4
Different day Re-consider "contracting" again. Today, it means make-a-deal, as in commercial contract. This kind of contract is in flux nowadays, as the advent of bitcoin has introduced a mathematical means of authorizing legal agreements (aka contracts) in a distributed ledger that makes such agreements social in a very direct sense. The social part of "social construct" is present in a world wide network of participating computer operators, while the construct part is present in a software package (app) that is now called "smart", meaning has built-in security and ongoing timely operations, like confirmation checking. In this contract-paradigm, the "disorder" part is due to it being outside of previous power-holding elites who are chagrined by the prospect of losing some of their powers to the Internetwork, which is out of their control. IOW disorder for elites, and made-to-order for independents. (note on that quote)
Social Contract per britannica (briefly) per wkpd
explicit vs implicit contracts Differences Between Implicit & Explicit Agreements (law) 2017 more specific, social contracts Social Contract Theory UT (includes videos, glossary)
to be continued: fairness is a social construct (contrast with deterministic fate)
study notes (all 3 parts, this series)
Gentrification, Displacement and the Role of Public Investment: A Literature Review 2015 pdf
https://duckduckgo.com/?q=Owen+Benjamin+made+video+about+Fear&atb=v81-4__&ia=videos
why is 'social construct' a popular theme?
https://www.success.com/8-daily-habits-to-build-your-mental-strength/
Pareto principle implications for marital harmony, a very brief summary of research by J Cacioppo)
https://en.wikipedia.org/wiki/Jewish_culture
https://en.wikipedia.org/wiki/Race_and_society
https://thejewishwars.blogspot.com/2019/03/aipac-traitor-jews-having-successfully.html
https://theevilofzionismexposedbyjews.weebly.com/14-what-zionist-and-anti-zionist-jews-have-said-about-education.html
submitted by acloudrift to AlternativeHypothesis [link] [comments]

The biggest cryptocurrency thefts in the last 10 years

In this article, we will try to remember all the major theft of cryptocurrencies over the past 10 years.
1. Bitstamp $5.3 mln (BTC), January 4th, 2015
On January 4, 2015, the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker and 19,000 Bitcoins (worth of $5 million) were lost.
The initiation of the attack fell on November 4, 2014. Then Damian Merlak, the CTO of the exchange, was offered free tickets to punk rock festival Punk Rock Holiday 2015 via Skype, knowing that Merlak is interested in such music and he plays in the band. To receive the tickets, he was asked to fill out a participant questionnaire by sending a file named “Punk Rock Holiday 2015 TICKET Form1.doc”. This file contained the VBA script. By opening the file, he downloaded the malware on his computer. Although Merlak did not suspect wrong and has opened the "application form", to any critical consequences, this did not open access to the funds of exchange.
The attackers, however, did not give up. The attack continued for five weeks, during which hackers presented themselves as journalists, then headhunters.
Finally, the attackers were lucky. On December 11, 2014, the infected word document was opened on his machine by Bitstamp system administrator Luka Kodric, who had access to the exchange wallet. The file came to the victim by email, allegedly on behalf of an employee of the Association for computer science, although in fact, as the investigation showed, the traces of the file lead deep into Tor. Hackers were not limited to just one letter. Skype attacker pretending to be an employee of the Association for computing machinery, convinced that his Frame though to make international honor society, which required some paperwork. Kodric believed.
By installing a Trojan on Kodriс's computer hackers were able to obtain direct access to the hot wallet of the exchange. The logs show that the attacker, under the account of Kodric, gained access to the server LNXSRVBTC, where he kept the wallet file.dat, and the DORNATA server where the password was stored. Then the servers were redirected to a certain IP address that belongs to one of the providers of Germany.
There are still no official reports of arrests in this case. Obviously, the case is complicated by the fact that the hackers are outside the UK, and the investigation has to cooperate with law enforcement agencies in other countries.
2. GateHub $9.5 mln (XRP), June 1th, 2019
Hackers have compromised nearly 100 XRP Ledger wallets on cryptocurrency wallet service GateHub. The incident was reported by GateHub in a preliminary statement on June 6.
XRP enthusiast Thomas Silkjær, who first noticed the suspicious activity, estimates that the hackers have stolen nearly $10 million worth of cryptocurrency (23,200,000 XRP), $5.5 million (13,100,000 XRP) of which has already been laundered through exchanges and mixer services.
GateHub notes that it is still conducting an investigation and therefore cannot publish any official findings. Also, GateHub advises victims to make complaints to the relevant authorities of their jurisdiction.
3. Tether, $30.9 mln (USDT), November 19th, 2017
Tether created a digital currency called "US tokens" (USDT) — they could be used to trade real goods using Bitcoin, Litecoin and Ether. By depositing $1 in Tether, the user received 1 USD, which can be converted back into fiat. On November 19, 2017, the attacker gained access to the main Tether wallet and withdrew $ 30.9 million in tokens. For the transaction, he used a Bitcoin address, which means that it was irreversible.
To fix the situation, Tether took action by which the hacker was unable to withdraw the stolen money to fiat or Bitcoin, but the panic led to a decrease in the value of Bitcoin.
4. Ethereum, $31 mln (ETH), July 20th, 2017
On July 20, 2017, the hacker transferred 153,037 Ethers to $31 million from three very large wallets owned by SwarmCity, Edgeless Casino and Eternity. Unknown fraudster managed to change the ownership of wallets, taking advantage of the vulnerability with multiple signatures.
First, the theft was noticed by the developers of SwarmCity.
Further events deserve a place in history: "white hackers" returned the stolen funds, and then protected other compromised accounts. They acted in the same way as criminals, who stole funds from vulnerable wallets — just not for themselves. And it all happened in less than a day.
5. Dao (Decentralized Autonomous Organization) $70 mln (ETH), June 18th, 2016
On June 18, 2016, members of the Ethereum community noticed that funds were being drained from the DAO and the overall ETH balance of the smart contract was going down. A total of 3.6 million Ether (worth around $70 million at the time) was drained by the hacker in the first few hours. The attack was possible because of an exploit found in the splitting function. The attackes withdrew Ether from the DAO smart contract multiple times using the same DAO Tokens. This was possible due to what is known as a recursive call exploit.
In this exploit, the attacker was able to "ask" the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its own balance. There were two main faults that made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call, and the fact that the smart contract first sent the ETH funds and then updated the internal token balance.
It's important to understand that this bug did not come from Ethereum itself, but from this one application that was built on Ethereum. The code written for the DAO had multiple bugs, and the recursive call exploit was one of them. Another way to look at this situation is to compare Ethereum to the Internet and any application based on Ethereum to a website: if a website is not working, it doesn't mean that the Internet is not working, it simply means that one website has a problem.
The hacker stopped draining the DAO for unknown reasons, even though they could have continued to do so.
The Ethereum community and team quickly took control of the situation and presented multiple proposals to deal with the exploit. In order to prevent the hacker from cashing in the Ether from his child DAO after the standard 28 days, a soft-fork was voted on and came very close to being introduced. A few hours before it was set to be released, a few members of the community found a bug with the implementation that opened a denial-of-service attack vector. This soft fork was designed to blacklist all the transactions made from the DAO.
6. NiceHash, 4736.42 (BTC), December 6th, 2017
NiceHash is a Slovenian cryptocurrency hash power broker with integrated marketplace that connects sellers of hashing power (miners) with buyers of hashing power using the sharing economy approach.
On December 6, 2017, the company's servers became the target of attack. At first, Reddit users reported that they could not access their funds and make transactions — when they tried to log in, they were shown a message about a service interruption. In the end, it became known that the service had undergone a major cyberattack and 4736,42 Bitcoins disappeared without a trace.
Despite heavy losses, NiceHash was able to continue working, but CEO and founder Marco Koval resigned, giving way to a new team. The company managed to maintain the trust of investors and began to strengthen the protection of its systems.
7. Mt.Gox, 850000 (BTC), June 19th, 2011
The Hacking Of Mt.Gox was one of the biggest Bitcoin thefts in history. It was the work of highly professional hackers using complex vulnerabilities.
A hacker (or a group of hackers) allegedly gained access to a computer owned by one of the auditors and used a security vulnerability to access Mt.Gox servers, then changed the nominal value of Bitcoin to 1 cent per coin.
Then they brought out about 2000 BTC. Some customers, without knowing it, conducted transactions at this low price, a total of 650 BTC, and despite the fact that the hacking hit the headlines around the world, no Bitcoin could be returned.
To increase investor confidence, the company has compensated all of the stolen coins, placed most of the remaining funds in offline storage, and the next couple of years was considered the most reliable Bitcoin exchanger in the world.
However, it was only an illusion of reliability.
The problems of the organization were much more serious, and the management probably did not even know about them.
CEO of Mt.Gox, Mark Karpeles, was originally a developer, but over time he stopped delving into technical details, basking in the rays of glory — because he created the world's largest platform for cryptocurrency exchange. At that time Mt.Gox handled over 70% of all Bitcoin transactions.
And, of course, there were those who wanted to take advantage of the technological weakness of the service. At some point, hackers made it so that Bitcoins could be bought at any price, and within minutes millions of dollars worth of coins were sold — mostly for pennies. World prices for Bitcoin stabilized in a few minutes, but it was too late.
As a result, Mt.Gox lost about 850,000 Bitcoins. The exchange had to declare bankruptcy, hundreds of thousands of people lost money, and the Japanese authorities arrested CEO Mark Karpeles for fraud. He pleaded not guilty and was subsequently released. In 2014, the authorities restored some of the Bitcoins remaining at the old addresses, but did not transfer them to the exchange, and created a trust to compensate for the losses of creditors.
8. Coincheck, $530 mln, January 26th, 2018
The sum was astonishing, and even surpassed the infamous Mt.Gox hack.
While Mt.Gox shortly filed for bankruptcy following the hack, Coincheck has surprisingly remained in business and was even recently approved as a licensed exchange by Japan’s Financial Services (FSA).
Coincheck was founded in 2014 in Japan and was one of the most popular cryptocurrency exchanges in the country. Offering a wide variety of digital assets including Bitcoin, Ether, LISK, and NEM, Coincheck was an emerging exchange that joined the Japan Blockchain Association.
Since Coincheck was founded it 2014, it was incidentally not subject to new exchange registration requirements with Japan’s FSA — who rolled out a framework after Mt. Gox –, and eventually was a contributing factor to its poor security standards that led to the hack.
On January 26th, 2018, Coincheck posted on their blog detailing that they were restricting NEM deposits and withdrawals, along with most other methods for buying or selling cryptocurrencies on the platform. Speculation arose that the exchange had been hacked, and the NEM developers issued a statement saying they were unaware of any technical glitches in the NEM protocol and any issues were a result of the exchange’s security.
Coincheck subsequently held a high-profile conference where they confirmed that hackers had absconded with 500 million NEM tokens that were then distributed to 19 different addresses on the network. Totaling roughly $530 million at the time — NEM was hovering around $1 then — the Coincheck hack was considered the largest theft in the industry’s history.
Coincheck was compelled to reveal some embarrassing details about their exchange’s security, mentioning how they stored all of the NEM in a single hot wallet and did not use the NEM multisignature contract security recommended by the developers.
Simultaneously, the NEM developers team had tagged all of the NEM stolen in the hack with a message identifying the funds as stolen so that other exchanges would not accept them. However, NEM announced they were ending their hunt for the stolen NEM for unspecified reasons several months later, and speculation persisted that hackers were close to cashing out the stolen funds on the dark web.
Mainstream media covered the hack extensively and compared it to similar failures by cryptocurrency exchanges in the past to meet adequate security standards. At the time, most media coverage of cryptocurrencies was centered on their obscure nature, dramatic volatility, and lack of security. Coincheck’s hack fueled that narrative considerably as the stolen sum was eye-popping and the cryptocurrency used — NEM — was unknown to most in the mainstream.
NEM depreciated rapidly following the hack, and the price fell even more throughout 2018, in line with the extended bear market in the broader industry. Currently, NEM is trading at approximately $0.07, a precipitous fall from ATH over $1.60 in early January.
The extent of the Coincheck hack was rivaled by only a few other hacks, notably the Mt.Gox hack. While nominally Coincheck is the largest hack in the industry’s history, the effects of Mt.Gox were significantly more impactful since the stolen funds consisted only of Bitcoin and caused a sustained market correction as well as an ongoing controversy with the stolen funds and founder. Moreover, Mt.Gox squandered 6% of the overall Bitcoin circulation at the time in a market that was much less mature than it is today.
Despite the fallout, Coincheck is now fully operational and registered with Japan’s FSA.
As practice shows, people make mistakes and these mistakes can cost a lot. Especially, when we talk about mad cryptoworld. Be careful and keep your private keys in a safe place.
submitted by SwapSpace_co to ethtrader [link] [comments]

Proof of Work Energy Use

The creation of proof of work protocol is for accomplishing accord between devices on a distributed network is ostensibly the most distinguished accomplishment of Bitcoin founder Satoshi Nakamoto. In doing so, he laid the groundwork for the revolutionary innovation that is blockchain. Proof of work also known as PoW is a consensus protocol presented by Bitcoin and utilized broadly by numerous different cryptocurrencies. This procedure is referred to as mining and as such the nodes on the network are known as “miners”. The proof of work comes in the form of a response to a mathematical problem, one that requires impressive work to arrive at,but is easily verified to be correct once the answer has been reached. The proof of work system is specifically designed to be difficult and require considerable computing power to ensure that too many Bitcoins are not mined too quickly, preserving a consistent supply and incentive for miners to maintain the network. Essentially, the security of the network is enforced physically by specialized hardware. As such, proof of work can be seen as not being an infinitely scalable protocol since the hardware and the electricity spent to power that hardware are limited in resources.
As far back as its commencement Bitcoin's trust-minimizing consensus has been empowered by its proof-of-work calculation. The machines performing the "work" are consuming huge amounts of energy while doing so. The Bitcoin Energy Consumption Index was made to to provide insight into this amount, and raise awareness on the unsustainability of the proof-of-work algorithm. This news creates awareness about the energy consumption and as it said to this article, Proof-of-work does function to prevent attacks, specifically denial-of-service attacks, and the security of the network is its greatest feature. While it is this large pool of machines that create the security of the network, it is also this massive number of miners that are constantly driving up the competition and leading to the current conversation regarding energy consumption. With this kind of issue alternatives were being made by some crypto companies to limit the energy consumption of the PoW protocol. Conserving the energy will positively affect the environment, it is possible to earn money and take care of the environment and through this kind of advancement limitations and alternatives are needed.
submitted by Nippondaisuki to CryptoMoonShots [link] [comments]

Era Swap Network White Paper

Era Swap Network White Paper

Era Swap Network

White Paper



DISCLAIMER
This Whitepaper is for Era Swap Network. Its purpose is solely to provide prospective community members with information about the Era Swap Ecosystem & Era Swap Network project. This paper is for information purposes only and does not constitute and is not intended to be an offer of securities or any other financial or investment instrument in any jurisdiction.
The Developers disclaim any and all responsibility and liability to any person for any loss or damage whatsoever arising directly or indirectly from (1) reliance on any information contained in this paper, (2) any error, omission or inaccuracy in any such information, or (3) any action resulting therefrom
Digital Assets are extremely high-risk, speculative products. You should be aware of the risks involved and fully consider before participating in Digital assets whether it’s appropriate for you. You should only participate if you are an experienced investor with sophisticated knowledge of financial markets and you fully understand the risks associated with digital assets. We strongly advise you to take independent professional advice before making any investment or participating in any way. You should check what rules and protections apply to your respective jurisdictions before investing or participating in any way. The Creators & community will not compensate you for any losses from trading, investment or participating in any way. You should read whitepaper carefully before participating and consider whether these products are right for you.

TABLE OF CONTENT

· Abstract
· Introduction to Era Swap Network
· Development Overview
· Era Swap Utility Platform
· Alpha-release Development Plan
· Era Swap Network Version 1: Specification
· Bunch Structure: 10
· Converting ES-ERC20 to ES-Na:
· Conclusion:
· Era Swap Ecosystem
· Social Links

Abstract

The early smart contracts of Era Swap Ecosystem like TimeAlly, Newly Released Tokens, Assurance, BetDeEx of Era Swap Ecosystem, are deployed on Ethereum mainnet. These smart contracts are finance-oriented (DeFi), i.e. most of the transactions are about spending or earning of Era Swap tokens which made paying the gas fees in Ether somewhat intuitive to the user (withdrawal charges in bank, paying tax while purchasing burgers) but transactions that are not token oriented like adding a nominee or appointee voting also needs Ether to be charged. As more Era Swap Token Utility platform ideas kept appending to the Era Swap Main Whitepaper, more non-financial transaction situations arise like updating status, sending a message, resolving a dispute and so on. Paying extensively for such actions all day and waiting for the transaction to be included in a block and then waiting for enough block confirmations due to potential chain re-organizations is counter-intuitive to existing free solutions like Facebook, Gmail. This is the main barrier that is stopping Web 3.0 from coming to the mainstream.
As alternatives to Ethereum, there are few other smart contract development platforms that propose their own separate blockchain that features for higher transaction throughput, but they compromise on decentralization for improving transaction speeds. Moreover, the ecosystem tools are most advancing in Ethereum than any other platform due to the massive developer community.
With Era Swap Network, the team aims to achieve scalability, speed and low-cost transactions for Era Swap Ecosystem (which is currently not feasible on Ethereum mainnet), without compromising much on trustless asset security for Era Swap Community users.

Introduction to Era Swap Network

Era Swap Network (ESN) aims to solve the above-mentioned problems faced by Era Swap Ecosystem users by building a side-blockchain on top of Ethereum blockchain using the Plasma Framework.
Era Swap Network leverages the Decentralisation and Security of Ethereum and the Scalability achieved in the side-chain, this solves the distributed blockchain trilema. In most of the other blockchains, blocks are a collection of transactions and all the transactions in one block are mined by a miner in one step. Era Swap Network will consist of Bunches of Blocks of Era Swap Ecosystem Transactions.

Decentralization

Layer 2


Scalable and Secure

A miner mines all the blocks in a bunch consequently and will commit the bunch-root to the ESN Plasma Smart Contract on Ethereum mainnet.

Development Overview
Initially, we will start with a simple Proof-of-Authority (PoA) based consensus of EVM to start the development and testing of Era Swap Ecosystem Smart Contracts as quickly as possible on the test-net. We will call this as an alpha-release of ESN test-net and only internal developers will work with this for developing smart contracts for Era Swap Ecosystem. User’s funds in a Plasma implementation with a simple consensus like PoA are still secured as already committed bunch-roots cannot be reversed.
Eventually, we want to arrive on a more control-decentralized consensus algorithm like Proof-of-Stake (PoS) probably, so that even if the chain operator shuts down their services, a single Era Swap Ecosystem user somewhere in the world can keep the ecosystem alive by running software on their system and similarly more people can join to decentralize the control further. In this PoS version, we will modify the Parity Ethereum client in such a way, that at least 50% of transaction fees collected will go to the Luck Pool of NRT Smart Contract on Ethereum mainnet and rest can be kept by miner of the blocks/bunch of blocks if they wish. After achieving such an implementation, we will release this as a beta version to the community for testing the software on their computers with Kovan ERC20 Era Swaps (Ethereum test-net).

Era Swap Decentralised Ecosystem
Following platforms are to be integrated:
  1. Era Swap Token Contract (adapted ERC20 on Ethereum) The original asset will lie on Ethereum to avoid loss due to any kind of failure in ESN.
  2. Plasma Manager Contract (on Ethereum) To store ESN bunch headers on Ethereum.
  3. Reverse Plasma Manager Contract (on ESN) Bridge to convert ES to ES native and ES native to ES. User deposits ES on Mainnet Plasma, gives proof on ESN and gets ES native credited to their account in a decentralised way.
  4. NRT Manager Contract (on Ethereum or on ESN) If it is possible to send ES from an ESN contract to luck pool of NRT Manager Contract on Ethereum, then it’s ok otherwise, NRT Manager will need to be deployed on ESN for ability to add ES to luck pool.
  5. Era Swap Wallet (React Native App for managing ESs and ES natives) Secure wallet to store multiple private keys in it, mainly for managing ES and ES native, sending ES or ES native, also for quick and easy BuzCafe payments.
  6. TimeAlly (on Ethereum or on ESN) On whichever chain NRT Manager is deployed, TimeAlly would be deployed on the same chain.
  7. Assurance (on Ethereum or on ESN) On whichever chain NRT Manager is deployed, TimeAlly would be deployed on the same chain.
  8. DaySwappers (on ESN) KYC manager for platform. For easily distributing rewards to tree referees.
  9. TimeSwappers (on ESN) Freelance market place with decentralised dispute management.
  10. SwappersWall (on ESN) Decentralised social networking with power tokens.
  11. BuzCafe (on ESN) Listing of shops and finding shops easily and quick payment.
  12. BetDeEx (on ESN) Decentralised Prediction proposals, prediction and results.
  13. DateSwappers (on ESN) Meeting ensured using cryptography.
  14. ComputeEx (on Ethereum / centralised way) Exchange assets.
  15. Era Swap Academy (on ESN / centralised way) Learn. Loop. Leap. How to implement ES Academy is not clear. One idea is if content is constantly being modified, then subscription expired people will only have the hash of old content while new content hash is only available to people who have done Dayswapper KYC and paid for the course. Dayswapper KYC is required because this way people won’t share their private keys to someone else.
  16. Value of Farmers (tbd) The exchange of farming commodities produced by farmers in VoF can be deposited to warehouses where the depositors will get ERC721 equivalent tokens for their commodities (based on unique tagging).
  17. DeGameStation (on ESN) Decentralised Gaming Station. Games in which players take turns can be written in Smart Contract. Games like Chess, Poker, 3 Patti can be developed. Users can come to DeGameStation and join an open game or start a new game and wait for other players to join.

Alpha-release Development Plan
  1. Deploying Parity Node customized according to Era Swap Whitepaper with PoA consensus.
  2. Setting up Plasma Smart Contracts.
  3. Creating a bridge for ERC20 Swap from Ethereum test-net to ESN alpha test-net.

Alpha Version
Era Swap Network Version 1 : Specification
The Version 1 release of ESN plans to fulfill the requirements for political decentralisation and transparency in dApps of Era Swap Ecosystem using Blockchain Technology. After acquiring sufficient number of users, a version 2 construction of ESN will be feasible to enable administrative decentralization, such that the Era Swap Ecosystem will be run and managed by the Era Swap Community and will no longer require the operator to support for it's functioning.
Era Swap Network (ESN) Version 1 will be a separate EVM-compatible sidechain attached to Ethereum blockchain as it’s parent chain. ESN will achieve security through Plasma Framework along with Proof-of-Authority consensus for faster finality. The idea behind plasma framework is to avoid high transaction fees and high transaction confirmation times on Ethereum mainnet by instead doing all the ecosystem transactions off-chain and only post a small information to an Ethereum Smart Contract which would represent hash of plenty of ecosystem transactions. Also, to feature movement of Era Swap Tokens from Ethereum blockchain to ESN using cryptographic proof, reverse plasma of Ethereum on ESN will be implemented.
Also, submitting hash of each ESN blocks to ESN Plasma Smart Contract on Ethereum would force ESN to have a block time equal to or more than Ethereum’s 15 second time as well as it would be very much costly for operator to post lot of hashes to an Ethereum Smart Contract. This is why, merkle root of hashes of bunch of blocks would instead be submitted to ESN Plasma Smart Contact on Ethereum.
Actors involved in the ESN:
  1. Block Producer Nodes Lesser the number of nodes, quicker is the block propagation between block producers which can help quick ecosystem transactions. We find that 7 block producers hosted on different could hosting companies and locations reduces the risk of single point of failure of Era Swap Ecosystem and facilitates 100% uptime of dApps. Block Producer Nodes will also be responsible to post the small information to the Blockchain.
  2. Block Listener Nodes Rest of the nodes will be Block Listeners which will sync new blocks produced by the block producer nodes. Plenty of public block listener nodes would be setup in various regions around the world for shorter ping time to the users of Era Swap Ecosystem. Users would submit their Era Swap Ecosystem transactions to one of these public nodes, which would relay them to rest of the Era Swap Network eventually to the block producer nodes which would finalize a new block including the user transaction.
  3. Bunch Committers This will be an instance in the block producers which will watch for new blocks confirmed on ESN and will calculate bunch merkle roots and will submit it to ESN Plasma Smart Contract. This instance will also post hash of new Ethereum blocks to ESN (after about 10 confirmations) for moving assets between both the blockchain.
  4. Users These will be integrating with dApps which would be connected to some public ESN nodes or they can install a block listner node themselves. They can sign and send transactions to the node which they are connected to and then that node will relay their transactions to block producer nodes who would finalise a block including their transaction.

Bunch Structure

A Bunch Structure in Smart Contract will consist of the following:
• Start Block Number: It is the number of first ESN block in the bunch.
• Bunch Depth: It is Merkle Tree depth of blocks in the bunch. For e.g. If bunch depth is 3, there would be 8 blocks in the bunch and if bunch depth is 10, there would be 1024 blocks in the bunch. Bunch depth of Bunches on ESN Plasma Contract is designed to be variable. During the initial phases of ESN, it would be high, for e.g. 15, to avoid ether expenditure and would be decreased in due course of time.
• Transactions Mega Root: This value is the merkle root of all the transaction roots in the bunch. This is used by Smart Contract to verify that a transaction was sent on the chain.
• Receipts Mega Root: This value is the merkle root of all the receipt roots in the bunch. This is used to verify that the transaction execution was successful.
• Timestamp: This value is the time when the bunch proposal was submitted to the smart contract. After submission, there is a challenge period before it is finalised.

Converting ES-ERC20 to ERC-NA and BACK

On Ethereum Blockchain, the first class cryptocurrency is ETH and rest other tokens managed by smart contracts are second class. On ESN, there is an advancement to have Era Swaps as the first class cryptocurrency. This cryptocurrency will feature better user experience and to differentiate it from the classic ERC20 Era Swaps, it will be called as Era Swap Natives (ES-Na). According to the Era Swap Whitepaper, maximum 9.1 Million ES will exist which will be slowly released in circulation every month.
Era Swaps will exist as ES-ERC20 as well as in form of ES-Na. One of these can be exchanged for the other at 1:1 ratio.
Following is how user will convert ES-ERC20 to ES-Na:
  1. User will give allowance to a Deposit Smart Contract, and following that call deposit method to deposit tokens to the contract.
  2. On transaction confirmation, user will paste the transaction hash on a portal which will generate a Proof of Deposit string for the user. This string is generated by fetching all the transactions in the Ethereum Block and generating a Transaction Patricia Merkle Proof to prove that user’s transaction was indeed included in the block and the Receipts Patricia Merkle Proof to confirm that the user’s transaction was successful.
  3. Using the same portal, user will submit the generated proofs to a Smart Contract on ESN, which would release funds to user. Though, user will have to wait for the Etheruem block roots to be posted to ESN after waiting for confirmations which would take about 3 minutes. Once, it’s done user’s proofs will be accepted and will receive exact amount of ES- Na on ESN.
Following is how user will convert ES-Na to ES-ERC20:
  1. ES-Na being first class cryptocurrency, user will simply send ES-Na to a contract.
  2. User will paste the transaction hash on a portal which will generate a Proof of Deposit for the user. Again ES-Na being first class cryptocurrency, Transaction Patricia Merkle Proof is enough to prove that user’s transaction was indeed included in the block. Another thing which will be generated is the block inclusion proof in the bunch.
  3. User will have to wait for the bunch confirmation to the Plasma Smart Contract and once it’s done, user can send the proof to the Plasma Smart Contract to receive ES-ERC20.

HARD Exit

Since the blocks are produced and transactions are validated by few block producers, it exposes a possibility for fraud by controlling the block producer nodes. Because ESN is based on the Plasma Model, when failure of sidechain occurs or the chain halts, users can hard exit their funds directly from the Plasma Smart Contract on Ethereum by giving a Proof of Holdings.

HOld ES Tokens Swapping with New ES Tokens

The old ES Tokens will be valueless as those tokens will not be accepted in ESN because of NRT (New Released Tokens) and TimeAlly contracts on mainnet which is causing high gas to users, hence reducing interactions. Also, there was an event of theft of Era Swap Tokens and after consensus from majority of holders of Era Swap Tokens; it was decided to create a new contract to reverse the theft to secure the value of Era Swap Tokens of the community. Below is the strategy for swapping tokens:
TimeAlly and TSGAP: Majority of Era Swap Community have participated in TimeAlly Smart Contract in which their tokens are locked for certain period of time until which they cannot move them. Such holders will automatically receive TimeAlly staking of specific durations from the operator during initialization of ESN.
Liquid Tokens: Holders of Liquid Era Swap Tokens have to transfer the old tokens to a specified Ethereum wallet address managed by team. Following that, team will audit the token source of the holder (to eliminate exchange of stolen tokens) and send new tokens back to the wallet address.

Post-Genesis Tokens Return Program

Primary asset holding of Era Swap tokens will exist on Ethereum blockchain as an ERC20 compatible standard due to the highly decentralised nature of the blockchain. Similar to how users deposit tokens to an cryptocurrency exchange for trading and then withdraw the tokens back, users will deposit tokens to ESN Contract to enter Era Swap Ecosystem and they can withdraw it back from ESN Contract for exiting from ecosystem network. The design of the token system will be such that, it will be compatible with the future shift (modification or migration of ESN version 1) to ESN version 2, in which an entirely new blockchain setup might be required.
To manage liquidity, following genesis structure will be followed:

Holder ES-ERC20 ES-Na
Team Wallet 1.17 billion (Circulating Supply) 0
Locked in Smart Contract 7.93 billion (pending NRT releases) 9.1 billion
Though it looks like there are 9.1 * 2 = 18.2 Billion ES, but the cryptographic design secures that at any point in time at least a total of 9.1 billion ES (ES-ERC20 + ES-Na) will be locked. To unlock ES-Na on ESN, an equal amount of ES-ERC20 has to be locked on Ethereum and vice-versa.
9.1 billion ES-ERC20 will be issued by ERC20 smart contract on Ethereum Blockchain, out of which the entire circulating supply (including liquid and TimeAlly holdings) of old ES will be received to a team wallet.
TimeAlly holdings of all users will be converted to ES-Na and distributed on ESN TimeAlly Smart Contract by team to the TimeAlly holders on their same wallet address.
Liquid user holdings will be sent back to the users to the wallet address from which they send back old ES tokens (because some old ES are deposited on exchange wallet address).
ES-Na will be issued in the genesis block to an ESN Manager Smart Contract address. It will manage all the deposits and withdrawals as well as NRT releases.

Attack Vectors


Following are identified risks to be taken care of during the development of ESN:
Network Spamming: Attackers can purchase ES from the exchange and make a lot of transactions between two accounts. This is solved by involving gas fees. A setting of 200 nanoES minimum gas price will be set, which can be changed as per convenience.
DDoS: Attackers can query public nodes for computationally heavy output data. This will overload the public node with requests and genuine requests might get delayed. Block producers RPC is private, so they will continue to produce blocks. To manage user’s denial of service, the provider in dApps needs to be designed in such a way such that many public nodes will be queried simple information (let’s say latest block number) and the one which response quickly to user will be selected.
AWS is down: To minimize this issue due to cloud providers down, there will be enough nodes on multiple cloud providers to ensure at least one block producer is alive.
User deposit double spending: User deposits ES on Ethereum, gets ES-Na on ESN. Then the issue happens that there are re-org on ETH mainnet and the user’s transaction is reversed. Since ETH is not a fixed chain and as per PoW 51% attack can change the blocks. As Ethereum is now enough mature and by statistics forked blocks are at most of height 2. So it is safe to consider 15 confirmations.
Exit Game while smooth functioning: User starts a hard exit directly from Plasma Smart Contract on Ethereum, then spends his funds from the plasma chain too. To counter this, the exit game will be disabled, only when ESN halts, i.e. fails to submit block header within the time the exit game starts. This is because it is difficult to mark user’s funds as spent on ESN.
Vulnerability in Ecosystem Smart Contracts: Using traditional methods to deploy smart contracts results in a situation where if a bug is found later, it is not possible to change the code. Using a proxy construction for every ecosystem smart contract solves this problem, and changing a proxy can be given to a small committee in which 66% of votes are required, this is to prevent a malicious change of code due to compromising of a single account or similar scenario.
ChainID replay attacks: Using old and traditional ways to interact with dApps can cause loss to users, hence every dApp will be audited for the same.

Conclusion

Era Swap Network is an EVM-compatible sidechain attached to the Ethereum blockchain through Plasma Framework. This allows off-chain processing of Era Swap Ecosystem transactions and posting only the hash of the bunch to Ethereum. This greatly reduces the high network fee and confirmation time issues faced by the current Era Swap Ecosystem DApps deployed on Ethereum. Also, having a separate EVM-compatible blockchain tailored to Era Swap Ecosystem improves the user experience to a higher extent. Since by design, Plasma Framework makes the Era Swap Network as secure as the Ethereum Network, user's funds on the network would be secure as well.
We believe Era Swap Network will help scale dApps of Era Swap Ecosystem to onboard the increasing numbers of users.


Era Swap Ecosystem
Era Swap Ecosystem consist of multiple interlinked platforms which is powered by Era swap (ES) token, a decentralized utility token to be used on below utility platforms. Users can access the Platforms through Era Swap Life which is the Single Sign on (SSO) gateway to the one world of Era Swap Ecosystem.
Era Swap Life: https://eraswap.life/
TimeAlly DApp -> Decentralized Token Vesting: https://www.timeally.io/
BetDeEx -> Decentralized prediction platform: https://www.betdeex.com/
Swappers Wall -> Social Time Ledgerise: https://timeswappers.com/swapperswall
TimeSwappers -> Global P2P marketplace: https://timeswappers.com/
BuzCafe -> Connects local P2P outlets: https://buzcafe.com/
DaySwappers -> Unique Affiliate Program: https://dayswappers.com/
Era Swap Academy -> E-mart for skill development: https://eraswap.academy/
Value of Farmers (VOF) -> Farming ecosystem: http://valueoffarmers.org/ coming soon
ComputeEx -> P2P lending and borrowing: https://computeex.net/ coming soon
DateSwappers -> Next gen dating: coming soon
Smart Contract address

Era Swap Token (ES)
https://etherscan.io/address/0xef1344bdf80bef3ff4428d8becec3eea4a2cf574#code

Newly Released Token (NRT) https://etherscan.io/address/0x20ee679d73559e4c4b5e3b3042b61be723828d6c#code

TimeAlly DApp
https://etherscan.io/address/0x5630ee5f247bd6b61991fbb2f117bbeb45990876#code

BetDeEx DApp https://etherscan.io/address/0x42225682113E6Ed3616B36B4A72BbaE376041D7c#code
TSGAP DApp
https://etherscan.io/address/0xbad9af4db5401b7d5e8177a18c1d69c35fc03fd3#code

White Paper
Era Swap Whitepaper: https://eraswaptoken.io/pdf/eraswap_whitepaper.pdf
Era Swap Light Paper: https://eraswaptoken.io/pdf/eraswap_lightpaper.pdf

Howey Test
Howey Test: https://eraswaptoken.io/era-swap-howey-test-letter-august7-2018.php

Era Swap SOCIAL LINKS
Telegram: https://t.me/eraswap
Twitter: https://twitter.com/eraswaptec
Facebook: https://www.facebook.com/eraswap/
Instagram: https://www.instagram.com/eraswap/
BitcoinTalk: https://bitcointalk.org/index.php?topic=5025979.msg45502457
Youtube: https://www.youtube.com/channel/UCGCP4f5DF1W6sbCjS6y3T1g
LinkedIn: https://www.linkedin.com/company/eraswap/
Reddit: https://www.reddit.com/useEraSwap
Medium: https://medium.com/@eraswap
Tumblr: https://eraswap.tumblr.com/
Mix: https://mix.com/eraswap
Pinterest: https://www.pinterest.com/eraswapt/
GitHub: https://github.com/KMPARDS/EraSwapSmartContracts
submitted by EraSwap to u/EraSwap [link] [comments]

Bitfinex Experience Withdrawal Difficulties All Things DDoS, Presented by IDC and Neustar  Neustar Mandar Kulkarni of Netmagic Solutions speaking on DDoS(Distributed Denial of Service) DDOS Attacken (Distributed Denial of Service Attacks) - Was ist das in der Krypto Welt? Botnet Distributed Denial of Service Attacks are Mining ...

Bitcoin News Schweiz. Ein DDoS-Angriff ist eine spezielle Art der Cyber-Kriminalität. Der Distributed-Denial-of-Service (DDoS) ist ein „verteilter“ Denial-of-Service (DoS), der wiederum eine Dienstblockade darstellt. A distributed denial of service (DDOS) is taking place against the bitcoin network and disrupting a number of exchange operations, Blockchain.info chief Najważniejsze informacje o kryptowalucie Bitcoin. Na rynku od 2010 roku. Na rynku od 2010 roku. Distributed Denial of Service Bitcoin.pl - Polski Portal Bitcoin Distributed Denial of Service (DDoS) attacks are nothing new, but recent attacks are increasing in severity, complexity, and frequency and have therefore become a mainstream concern for businesses and private customers alike. The most recent DDoS attacks have been observed to hijack connected devices such as webcams, baby phones, routers, vacuum robots, etc. to launch their attacks. The number ... Botnet Distributed Denial of Service Attacks are Mining for Your Bitcoin. Allotted Denial of Provider is understood for harmful enterprises for over $2.three million and negatively affecting the recognition of businesses that needed to recuperate from those cyberattacks. Learn extra about DDoS assaults and their position in mining for Bitcoin the usage of botnets. What’s a Allotted Denial of ...

[index] [13718] [30921] [4849] [40903] [43323] [44648] [27336] [14864] [22365] [39603]

Bitfinex Experience Withdrawal Difficulties

The exchange says its been the subject of numerous distributed denial-of-service (DDoS) attacks in recent days, and that network congestion has contributed to the challenges. Many Customers Are ... Distributed denial of service (DDoS) attacks are growing in size, complexity, frequency and malice, with the Australia and Asian markets being no exception. It’s important to be aware of the ... Teil dieses Video und lass uns gemeinsam AT, DE und CH krypto-fit machen :) ----- Ich freue mich auf einen “Daumen hoch” und ein “Abonnieren meines... [[ W3B573R ]] ----- DDoS is short for Distributed Denial of Service. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a ... Distributed Denial of Service is known for damaging enterprises for over $2.3 million and negatively affecting the reputation of companies that had to recove...

#