134,000+ names and social security numbers of Navy personnel were accessed by an unknown individuals, according to a report by the NCIS on Wednesday. HP Enterprise services notified the Navy on October 27th that one of it's employees had their laptop breached, though officials say there is no evidence the liberated data had been misused at this time. The data was part of the Career Waypoints database, which sailors use to submit re-enlistment or Military Occupation Specialty job requests. The Navy has stated it will be offering credit monitoring services for those affected and will contact the affected personnel by phone, email, and post to advise them of their loss.
Author Archives: shinohai
Slock Prepares "Charity DAO" For Your Loss
The slock.it team is gearing up for Sorry For Your Loss 2.0, announcing in a blog post that they are working on a new improved version called "Charity DAO". Exploits in the original DAO resulted in a US $60 million dollar loss, and led Ethereum developers to cement their status as a failed cryptocurrency. Slock.it CTO Christoph Jentzsch assured the community there would be a "security hatch" written into their code this round and that the amount of investment monies would be capped to avoid a repeat of the original DAO. Jentzsch is convinced that the team learned a lot from the past experience and can make the new version work, despite continuing to build on a platform that is riddled with bugs and been proven time and again to be woefully insecure.
Last Remains Of ChangeTip To Be Buried
Spam "Bitcoin" tipping service ChangeTip has finally decided to bury the rotting corpse of its company, months after most of it's employees were acquired by AirBNB.
Reddit user Nick_Changetip stated the following in their reddit announcement:
In the spring of 2016, ChangeTip’s employees were acqui-hired by Airbnb, where most of us work today. Since then, we’ve been searching for the best outcome for ChangeTip, and unfortunately the only remaining option is to shut it down.
At the end of November 2016, all tipping functionality will be deactivated, and the site will be put into withdrawal-only mode for people to collect their funds. The site will remain up for a number of months to allow users to withdraw their funds, and we will be reaching out to users to notify them.
We recommend you close your ChangeTip account. You may withdraw any remaining funds via BTC withdrawal, or you can donate your funds to Charity when you close your account from the settings page.
The move marks an end to the lulz that have graced the pages of Qntra on several occasions. Victoria van Eyk (WOT:nonperson) was unable to be reached for comment on the announcement.
Still Another Fork Digs Into Overcooked Ethereum
Ethereum developers have announced that another hard fork will be taking place on the platform at ETH block height 2,675,000, the fourth such hard fork applied to the platform this year alone. Following the usual Ethereum SOP, the update will be used to erase certain accounts that DoS attackers previously used to bloat the chain, the concept of immutability in blockchains having been lost to them long ago. Developers say that users are expecting the upgrade to fix the slow transaction and block times that occur due to the attacks. The fork also supposedly fixes the replay attack problem, which resulted in a plethora of sorry for your loss this past summer.
ViaBTC Enters Contract Mining Scamspace
ViaBTC has announced their entry into the world of Bitcoin cloud-mining scams, offering hashrate sales of their S9 mining power for 0.21 BTC per 1 TH/s. The announcement also stated that users would be able to trade mining contracts in a similar manner to failed mining exchange cex.io.
Our cloud mining exchange platform is under development and will be soon integrated into www.viabtc.com. At that time users can freely trade their cloud mining contracts. Early-stage contract holders can direct their contacts to www.viabtc.com then by signing their wallet addresses.
ViaBTC further stated that "Redemption of miners and change of mining pool are not available for the contract" ensuring that suckers for the scam are not able to use the purchased hashpower on any competing pool or fork.
The recent moves seem to be the death rattles of Roger Ver's latest attempt to stage a coup, having failed to bribe Venezuelan miners to join his revolution. ViaBTC pool stands at ~7% of total network hashrate at the time of this article.
Coinbase Partnering Up For Facial Verification As Relevance Continues Sinking
Coinbase has partnered with a bio-metrics firm to enable facial recognition of customers as part of KYC compliance measures. (archived)
Officials from Jumio stated:
“Adding bio-metric facial recognition to Netverify was inspired by a need that impacts organizations across many industries, especially financial services with account opening and money transfers,” said Jumio CEO Stephen Stuut. “As evidenced by the millions of unauthorized accounts that were opened at Wells Fargo, it’s critical to look beyond existing multi-factor authentication solutions whenever any digital transaction takes place. The addition of biometric facial recognition, combined with ID verification, will not only help ensure that the individual in front of the screen is who they say they are.”
Coinbase is touted on the site as giving "customers a secure and seamless way for both investment managers and consumers to trade and exchange Bitcoin or Ethereum for traditional currency." Customers can have total confidence that their data and funds are 100% safe in the vaults of Buterin's waterfall.
Bitfinex Publicity Spree Touts Changes But Security Unmentioned
Bitfinex announced a recent swath of updates on reddit yesterday, none of which focused on their abysmal security or protection of customer funds.(archived) The changes mostly focused on cosmetic enhancements of the sort designed to hold a child’s attention for long periods of time, and keep them focused on pouring more money into the token scheme they hope will eventually help them recover losses.
El Paso Fiat Payments MITM'd 3.2 Million United States dollar SFYL
City officials in El Paso Texas disclosed on Wednesday that they had fallen prey to an email phishing scam that resulted in a 3.2 million United States dollar sorry for your loss. The city became aware of scam in October after a vendor informed the city that it had not been paid for work involving a streetcar project, with the money instead having been routed to fraudulent bank accounts. Employees have reverted to issuing paper checks in the meantime to thwart further attempts at social engineering. An attorney for the city stated that some of the funds had been recovered by law enforcement, though few details were given due to the ongoing investigation as to how the thefts occurred – but now that the Nigerian Prince has been paid hope is that the rest of the fortune will arrive in their coffers soon.
Hack Forum Kicks DDoS Vendors
Hack Forums, one of the oldest and most well-known forums of its kind on the internet, has announced it will no longer allow vendors to offer DDoS services or "server stress testing" for sale in it's services section, in part due to the attack that left many sites unreachable last week.
Forum admin Jesse "Omniscient" LaBrocca (WoT:nonperson) explained:
"I do need to make sure that we continue to exist and given the recent events I think it's more important that the section be permanently shut down,"
The forums had been under pressure from online security researchers who claimed that forum users were likely responsible for the recent spate of attack using the Mirai malware. The source code for Mirai first appeared on the forums on September 30th when user Anna-senpai released a copy for public consumption. Omniscient denied that the forums promoted using the services for illegal purposes and that much like other user-generated content sites, "The content ….. reflects the topics they are interested in discussing,"
Ethereum Security Still Ethereal, Has Yet To Appear After Hard Forks
The recent hard fork has failed to protect the ETH huffer ecosystem as yet another serious vulnerability was discovered in the Mist implementation, affecting all versions "including and prior to 0.8.6".
– From the Ethereum blog:
Mist is leaks (sic) some low level APIs which Dapps could use to gain access to the computers file system and read/delete files. This would only affect you if you navigate to an untrusted Dapp, which knows about this vulnerabilities and specifically tries to attack users. Upgrading Mist is highly recommended to prevent any exposure to attacks.
The severity of the bug is listed as high, and can be triggered by merely visiting a webpage containing malicious code or dapp. It finally occurred to the Mist developers that it might be a good idea to add the platform to the bug bounty program, whose fund is sure to be rapidly depleted considering the pace at which new bugs are discovered in this flaming-tire-in-a-shitpit of a platform. Pope Buterin inspired many lulz this week by tweeting "Who says Ethereum is "failing"? Pulling off HFs in 6 days b/w 5 clients with no consensus failures in 1 year is success to me." Consensus seems to be that he is now using scented rose-tinted glasses to cover up the offending smells that continuously emanate from the project.