 |
Qntra - Herald Of The Most Serene Republic |
On Thursday, Sakurity published an exploit on their blog regarding Authy's SMS 2-Factor Authentication API. The bug allows for an attacker to bypass the now notorious 2FA window with the string
../sms
Coinbase is one of Authy's customers, who claims to "take careful measures to ensure that your bitcoin is as safe as possible." The bitcoin webwallet provider has been a vocal advocate of 2FA, popularizing it to the point of Gavin proposing its inclusion in Bitcoin Core. Continue reading
The OpenSSL project has announced that on March 19th they will be releasing updates to address what they are referring to as a "highest severity defect" affecting all of their supported versions. Details of the vulnerability are being kept under embargo until the patches are released, though this time the OpenSSL has had the courtesy to disclose the issue to the LibreSSL core team. Here's a snippet from the OpenSSL security policy on high security vulnerabilities: Continue reading
According to a post on a Polish language Bitcoin forum the Polish "Bitcoin Embassy" has closed. The operators report physical assault on at least one person affiliated with their effort along with a number of threatening communications directed at the embassy. The original announcement: Continue reading
Czech Republic based Bitcoin exchange Bitcash.cz was allegedly hacked on November 11, 2013 and approximately 4000 bitcoins were stolen. The operator or operators almost succeeded in their efforts to remain anonymous with impunity, were it not for disgruntled users that named some suspected perpetrators in online forums. According to the 2014 yearly report of the analytics departmentt of the Czech Ministry of Finance, one of the named persons opened new bank account (in a Czech bank) and immediately transferred to there non-trivial amounts from an EU Bitcoin exchange, thus prompting a closer look from the Department. It concluded with a money laundering criminal complaint, which is currently waiting for court proceedings.
Five years after Microsoft issued a patch (archived) to "close" the vulnerability that allowed the Stuxnet virus to propagate, Microsoft today issued another patch which purports to finish closing that same vulnerability. Reportedly rather than actually resolving the vulnerability the patch issued in 2010 merely increased the difficulty threshold for exploiting the open vulnerability. Continue reading
Police in the Netherlands have arrested three persons allegedly involved in cannabis cultivation and money laundering. During a raid in Sneek, Friesland police seized 135 cannabis plants, cash, jewels, and assorted other items. Allegedly a financial investigation shows the suspects received "440,000 euros" in Bitcoin, though how they received it apparently remains a mystery. Dutch legal treatment of cannabis involves a "tolerance policy" allowing for limited retail commerce in cannabis though production and wholesaling to retailers is prosecuted.
The Daily Dot reports that the developers of the Tor software and network have decided to set an ambitious fund raising goal for this year. Specifically they aspire to reduce the portion of their funding which comes from the United States government to under half of their total. Last year roughly three quarters of their funding came from the United States Government. This follows another piece published by Yasha Levine on March 1st where Levine highlighted that the "activists" behind Tor, Open Whisper Systems, and other popular "privacy" ventures receive funding from the Broadcasting Board of Governors, a Federal Agency born in the CIA which specializes in propaganda and psychological warfare. Continue reading
The uTorrent software has been bundled with a cryptocurrency miner in its latest update. This inclusion has generated a number of user complaints as the mining software degrades the performance of the users computer while also not offering them any benefit. This sort of user abuse is par for the course with explicitly closed source and Windows software.
Former United States Centeral Intelligence Agency Director General David Petraeus has accepted a plea deal with the Department of Justice to avoid trial in a case that involves him leaking National Security secrets to his mistress. Petraeus plead guilty to a single misdemeanor charge. Continue reading
This week former Twitter engineer and microcelebrity Moxie Marlinspike unleashed a torrent of criticism against the Gnu Privacy Guard encryption software, which he loosely justified by confusing an etiquette problem with a technical problem. Continue reading
