Sparrowvsrevolution (1926150) writes "The reincarnated drug site Silk Road 2.0 announced Thursday that it's been hacked by sellers on the site who used a bug in Bitcoin known as "transaction malleability," the same one plaguing Bitcoin exchange Mt. Gox and others. At least $2.6 million worth of bitcoins have been stolen, according to an estimate based on analyzing the Bitcoin blockchain by Nicholas Weaver of the International Computer Science Institute.
Silk Road's users and others in the Bitcoin community, however, are crying foul. As in the case of Mt. Gox's shutdown, they point out that transaction malleability has been a known issue since 2011, and shouldn't allow the theft of bitcoins. A more likely theory is that Silk Road's administrators have pocketed the funds and used the transaction malleability bug as a convenience scapegoat." Link to Original Source top
Sparrowvsrevolution (1926150) writes "At the Black Hat Asia security conference in Singapore next month, two Spanish researchers plan to demo a small gadget they built for less than $20 that can be connected to a car’s internal Controller Area Network to allow hackers ot wirelessly inject malicious commands affecting everything from the vehicle's windows and headlights to its steering and brakes. Their tool, which is about three-quarters the size of an iPhone, draws power from the car’s electrical system and can wait for minutes or years before relaying a wireless command to the car's network via Bluetooth or GSM sent remotely from an attacker’s computer. They call it the CAN Hacking Tool, or CHT.
Just what the CHT can trick a car into doing depends on the model--the researchers tried four different vehicles and managed to only fiddle with windows and lights in some cases, while triggering anti-lock brake or emergency brake systems in others. For some of the cars, the device could only be planted by gaining access under the hood, but in other cases, it could be attached to the network just crawling under the car.
"It can take five minutes or less to hook it up and then walk away,” says one of the researchers. “We could wait one minute or one year, and then trigger it to do whatever we have programmed it to do.”" Link to Original Source top
Google Says It's Considering Bitcoin Payment Adoption
Sparrowvsrevolution (1926150) writes "After Overstock.com, Google might be the next major web firm to adopt Bitcoin. Bitcoin early adopter, musician and online marketing manager Jarar Malik wrote emails to Jeff Bezos, Tim Cook, Sergey Brin, Larry Page, and Eric Schmidt asking them if they planned to adopt Bitcoin at Amazon, Apple, and Google. When none responded, he moved on to other executives, and surprisingly got a response from a couple of senior vice presidents at Google. One, Google Senior VP of Ads and Commerce Sridhar Ramaswamy, told him that "we are working in the payments team to figure out how to incorporate bitcoin into our plans" and promised to update him "when we are a little more sure.”
When Malik posted that exchange to Reddit and the news got a mostly positive response, Google Wallet exec Ariel Bardin asked Malik if he'd be willing to moderate a Google survey on "What would I want Google to do with Bitcoin?"
Aside from these backchannel comments, however, Google isn't saying whether it will adopt Bitcoin, and a press spokeperson says that "while we're keen to actively engage with Wallet users to help inform and shape the product, there's no change to our position: we have no current plans regarding Bitcoin." But it seems clear that the company is exploring the option." Link to Original Source top
Zerocoin Set To Become A Fully Anonymous Bitcoin Alternative
Sparrowvsrevolution (1926150) writes "At the Real World Crypto conference earlier this week in New York, Johns Hopkins cryptography professor Matthew Green announced the next phase in the evolution of Zerocoin, an alternative cryptocurrency with a focus on perfect anonymity. The new coins will go into circulation in May in some sort of beta program, with their own miners, blockchain, and exchanges, just like Bitcoin. But unlike Bitcoin, Zerocoin is designed to be spent and received without revealing even a trace of a user’s identity.
Zerocoin, which began as an attempt to upgrade Bitcoin's codebase but is now being spun out into an independent cryptocurrency, use a decades-old mathematical scheme called a “zero-knowledge proof,” which makes it possible to prove that a mathematical statement is true without revealing the content of the computation. That means Zerocoins can act as sealed envelopes of cash that can be combined, split, or spent without either revealing the value of the cash inside those envelopes or their path through the network, all while still protecting against fraud and forgery." Link to Original Source top
BitTorrent's Bram Cohen Unveils New Steganography Tool DissidentX
Sparrowvsrevolution (1926150) writes "For the last year Bram Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a tool he calls DissidentX, a steganography tool that's available now but is still being improved with the help of a group of researchers at Stanford. Like any stego tool, DissidentX can camouflage users' secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment. But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego. And it also makes it possible to encode multiple encrypted messages to different keys in the same cover text." Link to Original Source top
3D-Printed Gun Bought And Displayed By London Art Museum
Sparrowvsrevolution (1926150) writes "The world’s first 3D-printed gun known as the Liberator has been treated as a technological marvel and a terrorist threat. Now it’s officially become a work of art. On Sunday, London’s Victoria & Albert museum of art and design announced that it’s buying two of the original Liberator printed guns from their creator, the libertarian hacker non-profit known as Defense Distributed, and will display them during its Design Festival. Cody Wilson, Defense Distributed's founder, calls the museum's acquisition of the gun a victory for his group: "It will now be this curated, permanent cultural provocation."" Link to Original Source top
Researcher Spots A Drug Buy In Bitcoin's Blockchain
Sparrowvsrevolution (1926150) writes ""It should come as no surprise to Bitcoin users that despite the pseudonymity the cryptocurrency offers, its transactions can be tracked. But University of California at San Diego researcher Sarah Meiklejohn proved that privacy problem more clearly than ever by showing a reporter that she could detect a specific point in Bitcoin's blockchain record of transactions where he had spent Bitcoins in exchange for marijuana on the Silk Road, the most popular online Bitcoin-based black market for drugs.
To simulate a law enforcement subpoena, the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses and match them with the one used in the.3 BTC drug buy. She admits that a user who took more efforts to obscure his or her Bitcoin address through a laundering service or other unidentified Bitcoin wallets would be harder to track."" Link to Original Source top
NSA Director Was Nearly Egged At Black Hat Conference
Sparrowvsrevolution (1926150) writes "General Keith Alexander, the director of the National Security Agency, may not have enjoyed being heckled during his keynote address last Wednesday at the Black Hat security conference in Las Vegas. But he almost got hit with a much messier form of criticism. An anonymous member of the Black Hat audience has revealed that he smuggled six dozen eggs into Alexander's talk and attempted to distribute them to five rows of the crowd in front of the stage, hoping to incite Black Hat's hackers and security professionals to start a yolk-spattered protest of the NSA's newly-confirmed mass surveillance programs.
The egg agitator says that he planned to throw the first egg himself, in order to inspire everyone else to follow suit. But to his disappointment, no one in the audience dared to even take an egg, not to mention throw one, and the cartons were instead confiscated by the conference hall's security guards." Link to Original Source top
MIT Students Release Code To 3D-Print High Security Keys
Sparrowvsrevolution (1926150) writes "At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage’s attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads "do not duplicate" printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5." Link to Original Source top
Sparrowvsrevolution (1926150) writes "At the Def Con hacker conference in Las Vegas early next month, security researchers Justin Engler and Paul Vines plan to show off the R2B2, or Robotic Reconfigurable Button Basher, a piece of hardware they built for around $200 that can automatically punch PIN numbers at a rate of about one four-digit guess per second, fast enough to crack a typical Android phone's lock screen in 20 hours or less.
Engler and Vines built their bot, shown briefly in a preview video, from three $10 servomotors, a plastic stylus, an open-source Arduino microcontroller, a collection of plastic parts 3D-printed on their local hackerspace's Makerbot 3D printer, and a five dollar webcam that watches the phone's screen to detect if it's successfully guessed the password. The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release both the free software and the blueprints for their 3D-printable parts at the time of their Def Con talk.
In addition to their finger-like R2B2, Engler and Vines are also working on another version of their invention that will instead use electrodes attached to a phone’s touchscreen, simulating capacitative screen taps with faster electrical signals. That bot, which they’re calling the Capacitative Cartesian Coordinate Brute-force Overlay or C3BO, remains a work in progress, Engler says, though he plans to have it ready for Def Con." Link to Original Source top
Researchers Infect iOS Devices With Malware Via Malicious Charger
Sparrowvsrevolution (1926150) writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple’s iOS.
A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they’re calling “Mactans" after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do." Link to Original Source top
Working Handgun Printed On A Sub-$2,000 3D Printer
Sparrowvsrevolution (1926150) writes "When the high-tech gunmakers Defense Distributed demonstrated earlier this month that they could 3D print an entire working gun, it was only a matter time of before that printed weapon's price and practicality dropped into the realm of normal consumers. Just a few weeks later, a couple of Wisconsin hobbyist gunsmiths have already managed to adapt Defense Distributed's so-called Liberator firearm and print it on a $1,725 Lulzbot 3D printer, a consumer grade machine that's far cheaper than the industrial quality Stratasys machine Defense Distributed used. They then proceeded to record their cheaper gun (dubbed the "Lulz Liberator") firing nine.380 rounds without any signs of cracking or melting. Eight of the rounds were fired from a single plastic barrel. (Defense Distributed only fired one through its prototype.) In total, the Lulz Liberator's materials cost around $25 and were printed over just 48 hours." Link to Original Source top
State Dept Demands Takedown Of 3D-Printed Gun File Under Export Control Laws
Sparrowvsrevolution (1926150) writes "The battle for control of dangerous digital shapes may have just begun. On Thursday, Defense Distributed founder Cody Wilson received a letter from the State Department Office of Defense Trade Controls Compliance demanding that he take down the online blueprints for the 3D-printable “Liberator” handgun that his group released Monday, along with nine other 3D-printable firearms components hosted on the group’s website Defcad.org, while it reviews the files for compliance with export control laws for weapons known as the International Traffic in Arms Regulations, or ITAR. By uploading the weapons files to the Internet and allowing them to be downloaded abroad, the letter implies Wilson’s high-tech gun group may have violated those export controls.
Of course, the files have already been downloaded 100,000 times and found there way to the Pirate Bay, so the State Department's data control attempts are likely futile.
Cody Wilson has agreed to take down the files from his website, but compares the move to the State Department investigation of Phillip Zimmermann for putting encryption software online in 1993, which was based on the same arms export laws. "It's PGP all over again," he says." Link to Original Source top
3D-Printable Gun Downloaded 100k Times In Two Days (Thanks To Kim Dotcom)
Sparrowvsrevolution (1926150) writes "The promise of a fully 3D-printable gun is that it can spread via the Internet and entirely circumvent gun control laws. Two days after that digital weapon's blueprint first appeared online, it seems to be fulfilling that promise. Files for the printable gun known as that "Liberator" have been downloaded more than 100,000 times in two days, according to Defense Distributed, the group that created it. Those downloads were facilitated by Kim Dotcom's startup Mega, which Defense Distributed is using to host the Liberator's CAD files. And it's also been uploaded to the Pirate Bay, where it's one of the most popular files in the filesharing site's uncensorable 3D printing category." Link to Original Source top
The First Fully 3D-Printed Gun Has Been Successfully Test-Fired
Sparrowvsrevolution (1926150) writes "For the last eight months, a group called Defense Distributed has been seeking to create the world's first entirely 3D-printed handgun. Now they have. The "Liberator," as the group calls its printable firearm, is made of sixteen components, fifteen of which were printed in plastic on a Stratasys Dimension SST 3D printer. The only non-printed part is a common hardware store nail that serves as the gun's firing pin.
Last week, the Liberator was fired for the first time at a firing range and successfully shot a.380 caliber bullet using a remote firing setup. Over the weekend, Defense Distributed's founder, the anarchist and radical libertarian Cody Wilson, was bold enough to try firing it by hand. The results of that test, witnessed by a reporter, indicate that the era of the 3D-printed firearm may be upon us, for better or for worse." Link to Original Source top
100,000 Devices Exposed In Serial Ports Scans, Including Critical Infrastructure
Sparrowvsrevolution (1926150) writes "In a cautionary tale for the coming "Internet of Things," hacker HD Moore gave a talk at the Infosec Southwest conference in Austin, showing how he was able to locate and access a hidden layer of vulnerable machines via 114,000 devices known as “serial servers” or “terminal servers”–systems that allow outmoded hardware to be accessed remotely over the Internet via their serial ports.
Analyzing a database of a year’s worth of Internet scan results he’s assembled, Moore discovered that thousands of devices had no authentication, weak or no encryption, default passwords, or had no automatic “log-off” functionality, leaving them pre-authenticated and ready to access. Moore says he could have in some cases switched off the ability to monitor traffic lights, disabled trucking companies’ gas pumps or faked credentials to get free fuel, sent fake alerts over public safety system alert systems, and changed environmental settings in buildings to burn out equipment or turn off refrigeration, leaving food stores to rot." Link to Original Source top
Zerocoin Extension To Bitcoin Would Make It Truly Anonymous
Sparrowvsrevolution (1926150) writes "Bitcoin, despite what many users think, isn't really anonymous. Every transaction can be traced in the Bitcoin blockchain, making it in some ways even more difficult than traditional money to spend privately. But a group of cryptographers at Johns Hopkins University have come up with Zerocoin, an extension to the cryptographic currency that could make it truly anonymous and untraceable. If enough users adopted Zerocoin, it would represent an upgrade to Bitcoin's code that would allow any user to swap out his or her Bitcoins for Zerocoin tokens at any time and then redeem them for Bitcoins at will, using some clever cryptographic tricks to prevent anyone from tracing the tokens between those two transactions.
Until now, users who wanted to use Bitcoins for anonymous purposes (such as on the drug site Silk Road) have had to run them through a Bitcoin laundry service that mixes Bitcoins randomly to foil surveillance. But that's required depending on potentially shady third parties. Zerocoin would essentially build a laundry system into Bitcoin at the protocol level, without the need to trust anything other than the distributed code itself." Link to Original Source top
Drug Site Silk Road Says It Will Survive Bitcoin's Volatility
Sparrowvsrevolution (1926150) writes "Bitcoin's recent spike and then collapse in value has convinced many that it's too unstable to use as a practical currency. But not the founder of Silk Road, the black market drug site that exclusively accepts Bitcoin in exchange for heroin, cocaine and practically every other drug imaginable. Silk Road's creator, who calls himself the Dread Pirate Roberts, broke his usual media silence to issue a short statement that Silk Road will survive Bitcoin's bubble and bust. The market's prices are generally pegged to the dollar, with prices in Bitcoin fluctuating to account for movements in the exchange rate. And Roberts explained that vendors on the site have the option to also hedge the Bitcoins that buyers place in escrow for their products, so that they can't lose money due to Bitcoin's volatility while the drugs are in the mail. As a result, only about 1,000 of the site's more than 11,000 product listings were taken down during the recent crash." Link to Original Source top
Apple Releases Patch For Evasi0n Jailbreak (After It's Used 18 Million Times)
Sparrowvsrevolution (1926150) writes "Apple has released a new update for iOS that prevents the jailbreak evasi0n released last month. But that hacking tool has already become the most popular jailbreak ever: It's been used to remove the software restrictions on 18.2 million devices in the 43 days between its release and the patch, according to data from Cydia, the app store for jailbroken devices. In its announcement of the update, Apple says it has fixed six bugs and was polite enough to credit the hackers behind evasi0n with finding four of them. At least one of the bugs used by evasi0n remains unpatched, according to David Wang, one of evasi0n's creators. And Wang says that he and his fellow hackers still have bugs in reserve for a new jailbreak, although they plan to keep them secret until the next major release." Link to Original Source top
Cryptographers Break Commonly Used RC4 Cipher For Web Encryption
Sparrowvsrevolution (1926150) writes "At the Fast Software Encryption conference in Singapore earlier this week, University of Illinois at Chicago Professor Dan Bernstein presented a method for breaking TLS and SSL web encryption when it's combined with the popular stream cipher RC4 invented by Ron Rivest in 1987. Bernstein demonstrated that when the same message is encrypted enough times--about a billion--comparing the ciphertext can allow the message to be deciphered. While that sounds impractical, Bernstein argued it can be achieved with a compromised website, a malicious ad or a hijacked router.
It's long been suspected that RC4 had weakness based on biases in how it generates random numbers. But sites have nonetheless been moving back to the scheme in response to news of vulnerabilities in AES and Triple DES exploited by recent cryptographic attacks like BEAST and Lucky 13, both of which showed flaws in SSL and TLS in combination with block ciphers. With the news of RC4's insecurity it now seems that it's likely safer to stick with those more modern ciphers and depend on browser vendors to patch the flaws used by those other attacks." Link to Original Source