Image: Getty Images

The Commonwealth Scientific and Industrial Research Organisation (CSIRO) previously projected that Australia's emerging quantum technology sector would generate over AU$4 billion in annual revenue and support 16,000 jobs by 2040.

This sector is set to become so significant that Australia's chief scientist Dr Cathy Foley recently told the audience of the virtual Collaborate Innovation 2021 event that it's one industry the country needs to prioritise to remain globally competitive.

The CIO's guide to Quantum computing

Quantum computers offer great promise for cryptography and optimization problems, and companies are racing to make them practical for business use. ZDNet explores what quantum computers will and wont be able to do, and the challenges that remain.

Read More

"This is an area that will have a massive impact," she said.

In wanting to take advantage of this burgeoning sector, Australia's Department of Defence has been taking steps to explore ways it can leverage quantum technology, not only for warfare but other areas too.

"Quantum technology is being and will be used in areas such as natural resources, civil engineering, pharmacology, early detection of diseases and medical research, logistics, and finance. Ultimately, quantum technology will pervade every aspect of our lives," a Department of Defence spokesperson told ZDNet.

Defence in fact is already starting to see the early benefits of quantum technology deployment, pointing out that it is using the cryogenic sapphire oscillator, dubbed the Sapphire Clock, which was developed by Australian researchers, to improve the operation of the Jindalee over-the-horizon radar network.

"The Sapphire Clock offers a thousand-fold improvement in timing precision, helping Australian Defence agencies identify threats to the nation," the spokesperson said.

Defence also believes quantum technology could be the alternative solution to GPS as it is not always reliable in complex terrain or where satellite reception is challenging, such as underwater, or in mountainous or dense urban settings. Defence currently uses GPS technology for a variety of defence activities, including precision-guided weapons, cryptography, timestamp intelligence, and synchronising distributed computer systems.

"This will be achieved through the development, miniaturisation, and maturation of quantum clocks, accelerometers, magnetometers, and gravimeters. These will then be fused with classical technologies to provide the best of both worlds for optimal timing and navigation solutions," Defence said.

Other ways Defence intends to explore and exploit the opportunity that quantum technology has been outlined in the Army Quantum Technology Roadmap [PDF]. It highlights that some potential applications of quantum technology could include sensing and imaging, communications and cryptography, and computing and simulation.

Quantum technologies could help military planners, but they might also throw out some unexpected consequences.

"This combination of disruptive potential, ambiguity and complexity presents both strategic risks and opportunities to Land Forces. As a result, Army finds itself in an accelerating global competition to understand, co-develop and exploit quantum technologies for land operations," the report notes.

"Quantum sensing technology provides new levels of sensitivity for sensing things like magnetic fields, acceleration and gravitational fields, which can lead to new capabilities," the Defence spokesperson said.

"Quantum communications technology has the potential to provide the ultimate in secure communications. Quantum computing has the potential to solve problems that cannot be solved by current classical computers."

To further explore quantum technology, the Australian Army ran its inaugural Quantum Technology Challenge last year, which saw teams of Australia's quantum scientists and engineers compete to show how quantum technologies could be conceptually delivered. The specific challenges that were set involved making the ground "transparent" through quantum imaging, resupplying troops while on the battlefield using autonomous ground vehicles, and securing communications through quantum encryption.

The department also recently made a call out for solutions to be presented at next year's Quantum Technology Challenge, tentatively scheduled for August 2022.

Defence said for next year, it wants to test if quantum sensors can detect, locate, and identify electromagnetic emitters with greater precision, range, and bandwidth; see whether quantum computers can identify and classify features in signals and images more precisely and efficiently; and examine if post-quantum cryptography can be practically employed to secure communications from the threat of quantum computers.

The department added that Australia could run the risk of being left behind if quantum technology developed in the country is not supported.

"Australia has world-leading expertise in many areas of quantum technology. These need to continue to be supported and developed in order to avoid Australia being left behind," the spokesperson said.

See the article here:
Quantum technologies are now part of the military's future roadmap - ZDNet

Recently, LBank Exchange held an AMA session with the Polygon team, discussing Polygons achievements, collaborations, NFT and Gaming markets, Nightfall solution, future plans and so on. Heres the summary of this AMA.

Ethereum is the blockchain development platform of choice, but it has limitations such as low throughput, poor UX, and no sovereignty. As a protocol and a framework for building and connecting Ethereum-compatible blockchain networks, Polygon breaks through these limitations by aggregating scalable solutions on Ethereum and supporting a multi-chain Ethereum ecosystem.

Polygon Outperforms Ethereum In-terms Of Active Users

As a layer 2 solutions aggregator built on top of Ethereum, Polygon has made some great achievements since its birth, its POS chain has over 2000 DApps live and processes over 7 million transactions daily. In fact, Polygon now has more daily active users than Ethereum.

MATIC, the token for the polygon network, is already live on trading platforms like LBank Exchange, and currently the trading volume of it is over 1 billion across exchanges. Polygon team is aiming for making more people hold MATIC tokens, and its hoping to see MATICs trading volume on LBank Exchange continue to grow as well.

Expanding the Polygon ecosystem

With the power to bring thousands of new users into blockchain, NFT and Gaming markets are strategic sectors that Polygon continues to focus on. There are already some of the largest gaming projects live on Polygon, such as Decentral Games, Sandbox, Somnium Space, Vulcan Verse, etc. As for NFT projects, there are OpenSea, Lazy.com, Autograph, etc.

The team will be bringing many more such games and NFT projects onto Polygon so that its community can enjoy more artwork and fun. In addition, Polygon allows for massive scalability, and compared to Ethereum, minting costs on Polygon are 100,000 times cheaper on average.

Polygon also has products designed for enterprise customers who need privacy and scalability, such as Nightfall, a one-of-a-kind, privacy-focused Rollup that combines Optimistic Rollups with Zero-Knowledge (ZK) cryptography commonly used in ZK Rollups. It creates a scalable and private hybrid of the two popular technologies.

Polygon Nightfall has the power to bring many large enterprises into blockchain, the team believes that it will lead to a large number of transactions on Polygon and further add new projects and users to the Polygon ecosystem.

Big Plans Ahead

The Polygon team has already got some big plans ahead. On the technical side, Polygon is investing heavily into ZK and ZK Rollup technology, for example, the team has already spent $250 million on acquiring Hermez, which is a decentralized, open-source ZK Rollup optimised for secure, low-cost and usable token transfers on the wings of Ethereum.

Polygon has also acquired another 4 teams to build more ZK Rollup chains, to achieve the goal of building highly scalable EVM enabled ZK Rollup technology. In addition, Polygon has updates coming for its POS chain and details on EIP 1559 implementation.

On the business side, Polygon has many exciting updates as well, with lots of big DApps and integrations planned. Significantly, Arjun, Polygons Head of Growth, points out that LBank is enhancing its global branding. He also assures that the love of the community makes the team achieve its goals, so it will continue to collaborate with LBank Exchange to bring more Polygon projects and tokens to the community. Polygon team will keep posting on its official social media accounts such as Twitter to reveal more details about future plans and latest updates.

About LBank

LBank is an ever-growing crypto trading platform which offers safe trading for the users worldwide. The team aspires to build the professional integration services for crypto-assets being a convenient trading platform. It has become popular with over 6.4 million users around the world.

Visit LBank to Know More:

Trade NowTwitterTelegramLinkedInFacebook

Read this article:
Polygon Reveals About its Future Collaboration With LBank During AMA - bitcoinist.com

The research paper detailing the engineering and design requirements to enable the first distributed, uncensorable, electronic digital cash system to come to life was released 13 years ago. The Bitcoin white paper publicized the long-sought resolution to the double-spending problem of all previous attempts to build digital cash.

However, contrary to popular belief, the invention of Bitcoin by Satoshi Nakamoto wasnt precisely an unprecedented construction. The quest for digital cash had started many years before the Bitcoin white paper was published, and Bitcoin is more accurately seen as the culmination of decades of research and development. Satoshi brilliantly applied some tweaks and puzzled it all together to devise the Bitcoin network and its consensus protocol.

Bitcoin marvelously joins together digital signatures, proof of work, public-key cryptography, hash functions, timestamps, block rewards, transaction fees, mining difficulty adjustment, Merkle Trees, and the concept of a peer-to-peer network run by independent nodes. This unique construction allowed the double-spending problem to be solved and the soundest form of money ever created to emerge.

Each of these pieces was built upon previous knowledge. The white paper cited eight of such prior developments, hinting at how the pseudonymous inventor arrived at the requirements for creating Bitcoin.

The first reference is b-money, where Wei Dai explores how cooperation could be possible without governments and trusted entities.

A community is defined by the cooperation of its participants, and efficient cooperation requires a medium of exchange (money) and a way to enforce contracts, Dai wrote. Traditionally these services have been provided by the government or government sponsored institutions and only to legal entities. In this article I describe a protocol by which these services can be provided to and by untraceable entities.

The papers three subsequent references are all about timestamping, which is central to the functioning of the Bitcoin network and its ordered history of blocks and essential to help solve the double-spending problem. Moreover, timestamping proves the existence of data at a specific time.

The second reference is Design of a secure timestamping service with minimal trust requirements by H. Massias, X.S. Avila, and J.-J. Quisquater. Again, a paper that explores how to reduce trust requirements in systems.

We define digital timestamp as a digital certificate intended to assure the existence of a generic digital document at a certain time, the authors wrote. There are two families of timestamping techniques: those that work with a trusted third party and those that are based on the concept of distributed trust. Techniques based on a trusted party rely on the impartiality of the entity that is in charge of issuing the timestamps. Techniques based on the distributed trust consist on making documents dated and signed by a large set of people in order to convince the verifiers that we could not have corrupted all of them.

How to timestamp a digital document is the papers third reference, in which S. Haber and W.S. Stornetta propose a technique to make it infeasible for a document to be back-dated or forward-dated. Bitcoin leverages the idea of linking hashed data to make it not practical to tamper with the records without leaving telltale signs.

The two authors are cited once again in the fourth reference, Improving the efficiency and reliability of digital timestamping, in which they explore a way to achieve exponential increase in the publicity obtained for each timestamping event, while reducing the storage and the computation required. Merkle Trees are also central to how Bitcoin stores transactional data in blocks and allow for quick payment and block verification by validating nodes.

From the latest reference to Haber and Stornetta, Satoshi Nakamoto leveraged Secure names for bit-strings to combine hash functions with Merkle Trees, allowing for easier integrity verification.

Adam Backs Hashcash - a denial of service counter-measure is cited by Satoshi and was leveraged to implement Bitcoins proof-of-work (PoW) systemthe core of the Bitcoin consensus model and responsible for allowing BTC to be mined in a decentralized and free-market fashion. PoW also allows for the lack of human coordination for recording transactions and the lack of trust for achieving consensus. Simply put, without PoW, there would be no Bitcoin.

Protocols for public key cryptosystems by R.C. Merkle explores schemes for public key distribution and protocols for digital signatures, which it says is an ideal method of broadcasting authenticated messages from a central source which must be confirmed by many separate recipients.

Digital signatures enable Bitcoin users to prove ownership of a transaction output and spend it in a pseudonymous way while allowing peers to verify the validity of such claims quickly. Bitcoin currently uses ECDSA and enables users not to reveal their identities (private keys) when interacting with the protocol. The next major upgrade to Bitcoin will add Schnorr signatures, further improving the capabilities of Bitcoin in that regard.

Last but not least, An introduction to probability theory and its applications by William Feller was cited by Satoshi. The pseudonymous creator of Bitcoin leveraged the mathematics book to calculate the probability that an attacker can successfully compete with the honest chaina central issue in the double-spend problem.

Read the rest here:
13 Years Ago Today, The Bitcoin White Paper Was Released - Bitcoin Magazine

Loopring, an Ethereum-based protocol that offers cutting-edge cryptography for Decentralized Finance (DeFi) applications, has been garnering increased attention from investors over the past few hours amid persistent rumors of its integration with GameStops (GME) NFT platform.

As a refresher, Loopring is essentially a Layer 2 Ethereum blockchain that utilizes a new type of cryptography, dubbed the zkRollup (zero-knowledge rollups). Instead of settling transactions on the main Ethereum blockchain, zkRollup allows key calculations to be performed elsewhere without requiring confirmation from the Ethereum network. This process allows the establishment of decentralized exchanges without the associated high fees and slow transaction processing speed. A zero-knowledge proof makes a claim regarding the accuracy of a particular data set without actually sharing that data. For instance, it may allow age verification for certain sites without actually revealing the age of the user. zkRollups bundle hundreds of transactions into a single one, thereby boosting the scale and efficiency of the network. These bundled transactions are then settled on the blockchain using zero-knowledge proofs to ensure the accuracy of those off-chain transactions.

GameStop, AMC Short Sellers Recover Losses At $20 Million/day But Is It Enough?

So, how does a Loopring exchange work in real-life? Well, users first send their funds to a smart contract managed by the Loopring protocol. From there, user-identifying information is moved off-chain, and the associated trades are batched together and matched for efficiency gains. Each batch of transactions is then added to the Ethereum blockchain using zero-knowledge proofs that allow for a complete reconstruction of those off-chain transactions. Loopring claims that it can process over 2,000 trades per second by using this method. Looprings native cryptocurrency, the LRC, is used by decentralized exchange operators to provide the mandatory lock-up capital. The locked-up LRC can be confiscated in case the operator violates certain terms and conditions. Users who stake LRC win the right to 70 percent of the exchange fees, while 10 percent of these fees paid in the form of LRC are burnt, thereby ensuring an overall deflationary environment. The total supply of LRC is capped at 1.395 million tokens.

This brings us to the crux of the matter. Source code from Looprings GitHub profile suggests that the protocols developers are preparing to integrate with GameStops much-hyped NFT platform. As noted by GMEdd, the code makes certain interesting references:

The amended code in the branch NFT-DEV, under the GitHub commit titled NFT feature, makes reference to gameStopMeta and an IPFS URL.

Bear in mind that the IPFS is a distributed system for storing and accessing files and data and was used by GameStop during its first iteration of an NFT platform reveal.

Weve continued to note that, in the approaching era of cloud-based gaming, GameStop needs to think out of the box to strike gold, as its brick-and-mortar stores are already facing extinction. In the prevailing paradigm, the companys recent push into the arena of Non-Fungible Tokens (NFTs) is a solid initiative,, and Looprings alleged involvement is only adding more confidence. To wit, GameStop has activated a dedicated website for NFTs that references players, creators, and collectors, thereby indicating an incoming ecosystem to cater to the gaming community. As NFTs are now being used to develop and monetize video games, GameStops interest in this field is logical.

While it still remains to be seen whether the much-vaunted partnership between Loopring and GameStop materializes, investors are already jumping on the bandwagon. To wit, the LRC has now recorded gains of over 50 percent in just the past 24 hours, with the coin currently trading around the $1.07 price level.

GameStop & AMC Short Sellers Recover Close To $1 Billion In Two Weeks

Source: https://coinmarketcap.com/currencies/loopring/

Nonetheless, Looprings current price is still far below the all-time high of $2.59 recorded back in January 2018.

Given the budding interest around Loopring, we would not be surprised if the coin were to take out its current all-time high should the partnership with GameStop materialize.

Do you think a partnership between GameStop and Loopring is just around the corner? Let us know your thoughts in the comments section below.

Read the rest here:
Loopring (LRC) Is Poised To Take Out Its Current All-time High Should the Projects Rumored Partnership With GameStops (GME) NFT Platform Materialize -...

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field

Just days ago, we looked at how you can jump-start your career in the broader field of cybersecurity, leveraging insights from ESET security researchers with decades of experience under their belts. Since today is Antimalware Day, a day when we recognize the work of security professionals, we thought it apt to ask a trio of ESET malware researchers to pick up the baton and share their thoughts and experiences about what their daily tasks involve.

Perhaps solving riddles is your thing? Have an inquisitive mind that thrives on new knowledge? Or youre already contemplating carving out a career in the fight against cybercrime, but arent quite sure if youre cut out for it? Or just appreciate the fine work of malware researchers and wonder why they chose this career path?

Whatever the reason (perhaps a little bit of everything?), you need look no further than our Q&A with ESETs Lukas Stefanko, Fernando Tavella and Matas Porolli to learn what the job of an expert in deconstructing malicious software is like.

First off, how did you get into malware analysis/research?

Lukas: It all started when I became more familiar with software reverse engineering and tried to understand how a piece of software works and behaves without having access to its source code. From there, curiosity took me further to gain an understanding how malicious software works, what its purpose is, how it communicates, and so on. It was a new experience that I hugely enjoyed and still do!

Fernando: Most of all, I always liked the research part, whether it was focused on security or other activities. But after I actually started to work in security I realized that I liked reverse engineering best. This was because of its complexity and general allure, and so I started participating in capture-the-flag competitions (CTFs) and dived into various related topics. At one point, I came across a piece of malware and realized just how interesting it is to understand how it works using a low-level language, what kinds of obfuscation and evasion techniques they use, and how you can defend yourself against certain threats.

Matas: In 2011, I won the ESET University Award that is organized by ESET in Latin America and that consisted of writing a research article about topics related to computer security. I had no experience with malware analysis at that time, but I continued to deepen my knowledge in this field through self-study. In 2013, I started working for ESET and got my hands dirty with malware analysis.

Is there such a thing as a typical day at work for you?

Lukas: Most days start the same I check the latest cybersecurity news, my inbox, and Twitter. But some days take a dramatic turn, for example when we discover new or interesting malware samples or its traces that we think might put us on track to identifying new cybercrime or APT campaigns. This is one of the reasons why having good sources of information helps they just save time during the malware analysis, as some of the tricks might already have been revealed.

Fernando: Actually, I dont think theres a typical day in my job. Many new things happen every day and vary from one day to another. Not everything can be planned. Perhaps when I do some research into, say, a malware campaign in Latin America, and it turns out to be time-consuming, Ill spend the day analyzing that particular threat all while setting aside some 30 minutes in the morning to bring myself up to date on fresh security news. But generally, no two days are the same.

Matas: Although there are unusual days when we begin research into an ongoing attack, I do have some sort of routine that consists of two main activities. First, it involves hunting for new threats in my information feeds, keeping track of groups of attackers and so on. Second, I analyze the malicious files that emerge from that hunting activity or from work with my colleagues, in particular reverse engineering and documenting these threats.

Whats the most exciting part of your job?

Lukas: Its actually all those small things that together make up the malware analysis process, which begins with me scratching my head with curiosity. Each step along the way then helps crack the problem and create a clearer picture of it. This means static and dynamic analysis of Android malware that involves running it on an actual device and observe its behavior from the victims perspective in order to understand its purpose. This analysis reveals, for example, who the malware communicates with and what kinds of data it extracts from the device. Look at its permission requests and you can take an educated guess at the capabilities of the malware. However, dynamic analysis is often not enough. To have a better picture of how a piece of malware works and what its functionality is, it is important to fire up an Android decompiler and get my hands dirty with manual code analysis.

From there, I often begin to research and eventually disclose active malware campaigns, which the bad guys dont really like. It appears that some are actually following my work rather closely. On several occasions, their code contained short notes intended for me. They arent always nice. For example, they name their classes or packages after me, sign the malware on my behalf or even register malicious domains that contain my name and afterwards communicate with the malware. However, I dont take it personally.

Figure 1. Some malware authors seem to follow Lukass work pretty closely

Fernando: Its the static analysis of a threat, reverse engineering, the ability to see all the code at a low level and from there gain an understanding of the threats behavior and its most interesting functionalities so that I can then document them.

Matas: What I like best is that I rarely apply the same methods to various research projects. Attackers use various platforms and technologies, and oftentimes you encounter specific problems that require creative solutions. For example, how you automate the extraction of malware settings for thousands of malicious files or how you implement the deobfuscation of files that have been modified to hamper analysis.

Which research or projects are you most proud of?

Lukas: I would probably say its one of my latest research projects the analysis of vulnerabilities in Android stalkerware. I spent months working on it, poring over 80 stalkerware apps and eventually discovering a combined 150-plus serious security and privacy issues in them.

Fernando: I am most proud of the research I did together with Matas into the espionage campaign in Venezuela that leveraged the Bandook malware. It was one of my first research projects, but I was able to carry out a comprehensive technical analysis of the threat affecting the country.

Matas: Any research involves a lot of work behind the scenes that never gets published. Im still very proud of it, though, especially because of what I said earlier about the need to be creative when getting to grips with some problems. But if I were to highlight one specific research project, I would say Evilnum. Little was known about the malware at the time, and practically nothing was known about the group behind it. ESET managed to put the groups malicious arsenal in context, uncover its purpose and see the big picture.

Do you work closely with other teams in the security realm?

Lukas: Yes. Besides in-depth research, our main goal is to protect users of our products and detect threats in the wild. This means not just sharing them with our internal teams, but also with other cybersecurity companies and so help improve general awareness of recent threats.

Fernando: I have worked with folks in incident response, mainly to help them understand the behavior of any threat they have seen during an incident.

Matas: We constantly work together with other professionals. One case worth mentioning is when I worked with the Netherlands Computer Crime Unit to dismantle servers used by Evilnum and perform forensic analysis on them.

What are some essential hard skills for your job?

Lukas: As far as Android malware analysis goes, I would say you need to understand the basics of the operating system, including the application life cycle, and have the ability to read decompiled Java and Kotlin source code. It also pays to keep current on the latest discoveries, tools published recently, and even operating system and app updates. For example, such updates may come with new features that are convenient for users, but may also help create opportunities that the bad guys would take advantage of. Fortunately, most updates hamper malware writers in their work, rather than help them.

Fernando: I think having programming knowledge is very important, though not necessarily write code. Rather, you need to be able to read and understand it. Also, knowledge of operating systems, cryptography, computer and network architecture (be it network protocols or traffic analysis) are the kinds of skills that the more the person knows, the more prepared they are to analyze malware and not get frustrated or give up trying.

Matas: In terms of technical skills, you need to be well-versed in many fields of computer science, including networking, operating systems and programming. My job requires that you have a detailed knowledge of reverse engineering, especially for Windows platforms.

Is there any non-technical aspect of your job you struggle(d) with? Did your job require you to improve any such skills?

Lukas: Yes, there is. Each year, I try to improve one of my non-technical skills, such as writing blog posts, pushing myself into public speaking, improving my presentation skills, speaking to the media, giving interviews, and the like. Most of them are not easy to acquire for an introverted technical person and require me to step outside of my comfort zone, which is easier said than done.

Fernando: Ive had to improve my writing skills. While there is a team that reviews our writing, its important for every researcher to use the right words and be able to express themselves well since their output reflects all the work that may be behind that particular research effort. So I think that being able to express yourself and convey your findings clearly is almost as important as just about anything else.

Matas: Its important to know how to communicate the results of our analyses, be aware of who we produce our reports for, and then adapt the content accordingly. Its also important to know how to tell a story, rather than just stuff a piece of content with technical descriptions.

What personality traits or soft skills should a malware researcher have?

Lukas: I believe that enthusiasm to solve problems and willingness to learn new things are the driving forces here. Everything else can be learned along the way.

Fernando: I think there are two very important characteristics that a malware researcher must have: the ability to learn on their own and curiosity.

Matas: Curiosity, the ability to focus on a task at hand, eagerness to crack problems, patience, and a keen eye for detail.

How do you continue to expand your knowledge and keep up to date?

Lukas: I have to say, staying up to date takes a lot of time every day. However, Ive learned how to keep current using dedicated and trusted RSS feeds and social media channels, reading blog posts and tweets by peer researchers and other cybersecurity companies, as well as academic research and via Google Alerts. Once Ive narrowed this down to and read the most important news updates, I try to share them with other mobile security enthusiasts via my Telegram channel and so perhaps save them some time while theyre also looking for news about mobile security.

Fernando: I usually go Twitter to find information shared by fellow researchers and to read their publications. That way, I learn about new campaigns and new techniques that can be deployed by cybercriminals. Also, if theres something that caught my eye in a piece of research, I make a note of it and then dive into it in my own free time. This could be anything, for example a cipher or a malware obfuscation method.

Matas: You have to read the news and keep up to date on whats going on. I suggest using social networks to follow security companies and find out about new research, or even follow other researchers. Also read computer security blogs: WeLiveSecurity, for example. 😉

What message would you share with people who are keen to embark on a career in malware research?

Lukas: Go for it. Passion and enthusiasm are crucial and make it easier for any budding malware researcher to soak up information and knowledge. In addition, if you find something difficult to understand, dont fret your future colleagues will be more than happy to explain it to you.

Fernando: Go one step at a time. Join CTF contests involving various topics that are related to malware analysis, such as reverse engineering, cryptography and network traffic analysis. You dont need to start by dissecting malware, simply because this can be too complex. Additionally, read what others have already done, so you learn from analyses of previously detected threats and see how the malware samples worked. If you read and search enough, youll notice that some malware variants have certain characteristics in common for example, they tamper with registry entries in order to gain persistence on a victims machine. Also, when reading an article from another researcher, you can see what they considered important about this specific threat, which is an insight you should leverage when setting about analyzing a piece of malware for the first time.

Matas: Keep calm and identify the cryptographic constants.

There you have it. We hope this has given you enough food for thought. Now, one-third of your life is spent at work why not choose a career where you can make an impact and contribute to making technology safer for everybody?

Happy Antimalware Day!

Read the original here:
What's it like to work as a malware researcher? 10 questions answered - We Live Security

Worried about your account security? Today we have a device to help protect email, social media, and other account types. This physical key is a simple, effective solution you need in your tech arsenal. Read on to learn about the Yubico Security Key C NFC.

You really cant be too careful when it comes to digital security. In fact, most people arent careful enough.

Your email and social media accounts likely contain a vast amount of personal information, and data thieves are always on the prowl. This is why two-factor authentication is a great way to add extra security to your login game.

While those who use this kind of security often gravitate toward software-based authentication apps, another method is available: physical keys. One such key is the Yubico Security Key C NFC. Lets take a closer look, shall we?

From Gmail and Facebook to Skype and Outlook, your passwords and usernames are only one layer of security between you and hackers or data thieves.

Its easy to forget how many pieces of personal information, files, photos, and memories, are stored across our accounts. The Yubico Security Key C NFC helps shield against phishing and sudden account takeovers.

We get it. Much of this sort of thing sounds complicated and confusing. Thankfully Yubico makes its key easy to set up and use. You can register your key with many popular services.

Then, upon future logins, just connect the key to your device. One little NFC tap, and youre into your accounts. While using a physical key may seem inconvenient, security experts argue that trying to get your accounts back after a hack is far more inconvenient. The protection and peace of mind you get in return make it worth the effort.

If you have concerns about the security of the Yubico Security Key C NFC device itself, dont sweat it. Its manufactured in only two placesthe US and Swedenand packaged in sealed, tamper-evident packaging. The key also supports asymmetric cryptography with public and private key tech.

Despite being such a tiny device, it harnesses a handy set of features. In addition to the great security it delivers, its also conveniently portable and battery free.

Not only is the Yubico Security Key C NFC resistant to crushes and water, but it also doesnt require batteries or network connectivity to authenticate. It can even be placed in a wallet or on a key ring so you can take it anywhere you go.

Its easy to look at a device like the Yubico Security Key C NFC as a cool, but unnecessary way to protect accounts. Unfortunately, this couldnt be farther from the truth.

While it isnt required, the sad reality is that hackers and data thieves never cease to attempt to access accounts. We sleep soundly at night, but theyre hard at work. Though the idea that they wouldnt bother with little ol you is tempting to give into, its highly inaccurate.

For example, two friends of mine (both regular people, unconnected and on opposite sides of the US) had their Instagram accounts hacked and ransomed. They lost many personal photos along with private messages and other information. It can happen to anyone.

All that said, a device like this isnt going to appeal to everyone. However, if youre interested in improving the security of your accounts and adding additional protection between you and sketchy opportunists, you should absolutely keep it on your gadget radar.

You can find the Yubico Security Key C NFC on Amazon for $25 or on the official website for $29.

Mark is a writer and podcaster who loves technology. When not writing for Gadget Flow, he enjoys passionately working on storytelling projects and exploring the outdoors.

Go here to see the original:
Receive protection against phishing and account takeovers with the Yubico Security Key C NFC - Gadget Flow