We have long been told that passwords are on the way. In fact, none other than Bill Gates predicted the death of the password at the 2004 RSA conference, yet we still rely on them to manage much of our daily access.

But things are starting to change. Patrick McBride, CMO at Beyond Identity, believes the technology to eliminate passwords and replace them with something more secure is on the rise. We spoke to him to find out more.

BN: Can you completely replace passwords with something fundamentally secure?

PM: The password problem is known. This is inconvenient for end users, but more importantly, it is a very risky method of authenticating the end user. Early attempts to address this involved longer and stronger passwords when people used cracking techniques to figure out which passwords came from a database that was helpful. But many of the ways passwords are stolen, either malware running on the laptop or phishing sites have nothing to do with it. Hackers use these techniques to compromise thousands upon thousands of accounts. If you look at Have I Been Pwned, there are 11 billion credentials so this is clearly a big problem.

Next came multi-factor authentication, but thats cumbersome, I have to select my phone and get this code. Also, its not hackproof, they use phishing techniques and steal the second code. Its a level of protection, but not a lot, so we set out to have staff members eliminate the password entirely.

BN: Which techniques are required for this?

PM: We are now using SSL to authenticate the website we are going to visit so we know it is authentic and then we just set up a secure connection. It uses what is called symmetric cryptography that we are doing trillions of dollars in business every day and not having a lot of problems with it. So we replaced the employee passwords with the same technique of the underlying cryptographic public key / private key.

We have a small authenticator that runs on the desktop so no password is required after logging in with biometrics or PIN. And the PIN code never leaves the system, it is stored in a hardware chip in the computer, which makes it difficult to crack. All modern PCs and mobile devices have something called a TPM its required for Windows 11 systems its a place where you can securely store a private key in hardware. This gives you a very smooth login experience that is also very secure. We then create an SDK that developers can use to incorporate hardcore technology into their application so that we can provide very secure multi-factor login for any app, whether youre logging into a bank website or ordering a pizza.

BN: So there is no additional software or agent required on the endpoint?

PM: Exactly, its self-contained within the company or in any app you download. When I use my banking app or my delivery application, the technology in it is self-contained. That is why we have integrated our secure and smooth functions into your app. The end user doesnt have to do multiple things, they just log into their device and then open their app and its super seamless and very secure.

BN: Weve heard for several years that passwords are on the way. How far do you think we are from a tipping point where everyone will be passwordless?

PM: Its starting now, its gotten easier for companies to do this for their employees so it gets a lot of attraction and removes passwords from the employees experience. The next step is really the consumer apps and this is where things get a little tricky. There are a lot of passwordless things that hide the password but dont actually remove it. If I send you a magic link or even a one-time code to sign up via text message, the hackers have plenty of options to steal that snatch that code. It doesnt matter how complex or unique your password is because if malware steals it, you are still compromised. We removed some of the hassle, password managers do a bit of it, but they dont eliminate the password security problem.

We have reached a tipping point where companies, especially on the consumer side, will start to incorporate technology as they develop new apps. It does so across a range of industries, from banking or financial services companies to everyday e-commerce applications. To get to a position where no one can remember passwords, I would say it will take another three to five years.

BN: All of that is still based on cryptography. How great is the threat from quantum computing?

PM: The cryptographic algorithms that underlie our technology are the same ones that underlie TLS and SSL, it is public key cryptography that is based on a certain set of things. I think were still a long way from breaking this stuff.

Of course you cant perfectly secure the future, the bad guys see quantum computing as a way to defeat the good guys, and the good guys are looking for ways to develop much stronger quantum-based algorithms, but the responsibility, frankly, rests on the industry.

The bigger question is whether youve built your technology so that you can replace it with something more quantum-secure in the underlying algorithms when that eventually happens. I think its a bit of an arms race now. Its going to be a problem, and so it is up to the companies developing technology to make sure we are using cryptographic techniques and that they are future proof. Its still on the horizon and a problem for every single company.

Photo credit: Siphotography / depositphotos.com

See the original post:
How technology is looking to replace passwords [Q&A] - Fior Reports

News and research before you hear about it on CNBC and others. Claim your 1-week free trial to StreetInsider Premium here.

The Market Leader in Machine Identity Management Ranks as the Fastest Growing Digital Key and Certificate Automation Provider in North America

CLEVELAND--(BUSINESS WIRE)--Keyfactor, the pioneer of PKI as-a-Service, and leader in machine identity management, today announced it placed as the fastest-growing digital key and certificate automation provider on this years Deloitte Technology Fast 500, a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies in North America. The company also ranks as the fastest-growing digital key and certificate automation provider on the list for the second year in a row.

On behalf of our global workforce at Keyfactor, its an honor to be named alongside many of the most innovative and fastest growing technology companies in the world for the second year in a row. Enterprises are adapting to hybrid workforces, struggling to manage the proliferation of digital identities at enterprise scale, said Jordan Rackie, CEO, Keyfactor. Keyfactor continues to play a pivotal role in supporting our customers cloud journey through sophisticated crypto-agility solutions. Our continued growth, including our market-defining merger with PrimeKey, exemplifies how we are disrupting the legacy identity management solutions market while also meeting the security needs of our loyal customers and partners.

Traditional identity management solutions are no match for todays evolving enterprise landscape. The accelerated adoption of cloud-first technologies and the increasing IoT attack surface has created a complex ecosystem of infrastructure. Further, the rapid growth of keys and digital certificates cannot be managed effectively with existing solutions. The global pandemic exacerbated this complex reality and as a result, organizations scrambled to adequately mitigate the inherent risks associated with digital environments. As the leader in cloud-first PKI as-a-service and crypto-agility solutions, Keyfactors Crypto-Agility Platform empowers security teams to seamlessly orchestrate every key and certificate across the entire enterprise. Customers can apply cryptography in the right way from modern, multi-cloud enterprises to even the most complex IoT supply chains. It is the only solution on the market that combines expert-run PKI-as-a-Service and certificate lifecycle automation into a single, cloud-delivered solution.

Now in its 27th year, the Deloitte Technology Fast 500 provides a ranking of the fastest-growing technology, media, telecommunications, life sciences, fintech, and energy tech companies both public and private in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2017 to 2020.

In order to be eligible for Technology Fast 500 recognition, companies must own proprietary intellectual property or technology that is sold to customers in products that contribute to a majority of the companys operating revenues. Companies must have base-year operating revenues of at least US$50,000, and current-year operating revenues of at least US$5 million. Additionally, companies must be in business for a minimum of four years and be headquartered within North America.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (DTTL), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the Deloitte name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about learn more about our global network of member firms.

About Keyfactor

Keyfactor is the leader in cloud-first PKI-as-a-Service and crypto-agility solutions. Its Crypto-Agility Platform(TM) empowers security teams to seamlessly orchestrate every key and certificate across their entire enterprise. The company helps its customers apply cryptography in the right way from modern, multi-cloud enterprises to complex IoT supply chains. With decades of cybersecurity experience, Keyfactor is trusted by more than 500 enterprises across the globe and earned Keyfactor a 98.5% retention rate and a 99% support satisfaction rate. Learn more at http://www.keyfactor.com

View source version on businesswire.com: https://www.businesswire.com/news/home/20211118005390/en/

PR:Nina Korfias for KeyfactorKeyfactor@famapr.com

Source: Keyfactor

See original here:
Keyfactor Named to the Deloitte Technology Fast 500 List for the Second Consecutive Year - StreetInsider.com

LoginID will provide their APIs and SDKs as part of the NFT PRO Platform, providing FIDO2 strong authentication to help secure NFTs.

SAN MATEO, Calif. and SAN FRANCISCO, Nov. 18, 2021 /CNW/ - LoginID, a FIDO-certified passwordless authentication provider, announced today a partnership with NFT PRO, an industry leader for providing tools for the creation, management, and distribution of non-fungible tokens (NFTs) .

The partnership will include the integration of LoginID's SDKs for developers, the simplest tool for integration of the FIDO2 strong authentication standard. FIDO2 biometric authentication can be used on over 4 billion devices today, and is aligned with regulatory frameworks such as PSD2, Open Banking and GDPR. The use of FIDO2 strong authentication will eliminate the need for passwords, help with account recovery and provide 'Transaction Confirmation' for NFT transactions, which is a digital signature and receipt binding the individual's biometrics to the transaction.

The NFT market has exploded from $141m in 2019 to over $1.2b in the first six months of 2021. By the end of 2021, the market expects to top $2b with no signs of slowing down. As the market grows there will be more pressure on NFT providers, consumers and other participants in the NFT market to increase security to thwart hackers from phishing or taking over accounts and stealing NFTs. LoginIDs FIDO2 strong authentication provides defense against these types of attacks.

"Our enterprise clients demand extensive security AND seamless user experience when it comes to their customers buying NFTs," saif Christian Ferri, CEO, NFT PRO.LoginID gives our clients the best of both, whether they are selling from their website or the metaverse. This partnership is a natural fit for our white label platform."

"NFTs and their owners are becoming the latest target for hackers. The market is starting to experience more and more of these attacks, and in many cases, the attacks start with vulnerabilities created by the use of weak authentication," said Jim Brown, CRO and Co-Founder, LoginID. "NFT PRO provides an extensive platform for building NFT campaigns, and will now include our FIDO2 strong authentication, which can help secure access to NFTs for customers."

Story continues

The announcement follows LoginIDs recent announcement with the Algorand Foundation. LoginID will be providing its simple SDKs for Algorand developers to build strong authentication into Algorand applications and smart contracts.

About NFT PRO

NFT PRO is the leading enterprise, white label solution making NFT campaigns seamless, easily executed, and on-brand. Our focus is helping clients extend their brand into digital marketplaces and experiences.

About LoginID

LoginID is a San Mateo/Toronto based company focused on bridging the gap around authenticating users and securing their information. This is facilitated through its FIDO2 and UAF certified strong customer authentication, privacy and tokenization platform. The team is funded by strategic investors such as Visa, and is composed of seasoned executives with decades of experience, across global brands, helping commercialize products around security, cryptography, payments and mobile. For further information contact: sales@loginid.io.

Cision

View original content:https://www.prnewswire.com/news-releases/loginid-and-nft-pro-announce-partnership-301427964.html

SOURCE LoginID

Cision

View original content: http://www.newswire.ca/en/releases/archive/November2021/18/c7850.html

More:
LoginID and NFT PRO Announce Partnership - Yahoo Canada Finance

Image: Getty Images

The Commonwealth Scientific and Industrial Research Organisation (CSIRO) previously projected that Australia's emerging quantum technology sector would generate over AU$4 billion in annual revenue and support 16,000 jobs by 2040.

This sector is set to become so significant that Australia's chief scientist Dr Cathy Foley recently told the audience of the virtual Collaborate Innovation 2021 event that it's one industry the country needs to prioritise to remain globally competitive.

The CIO's guide to Quantum computing

Quantum computers offer great promise for cryptography and optimization problems, and companies are racing to make them practical for business use. ZDNet explores what quantum computers will and wont be able to do, and the challenges that remain.

Read More

"This is an area that will have a massive impact," she said.

In wanting to take advantage of this burgeoning sector, Australia's Department of Defence has been taking steps to explore ways it can leverage quantum technology, not only for warfare but other areas too.

"Quantum technology is being and will be used in areas such as natural resources, civil engineering, pharmacology, early detection of diseases and medical research, logistics, and finance. Ultimately, quantum technology will pervade every aspect of our lives," a Department of Defence spokesperson told ZDNet.

Defence in fact is already starting to see the early benefits of quantum technology deployment, pointing out that it is using the cryogenic sapphire oscillator, dubbed the Sapphire Clock, which was developed by Australian researchers, to improve the operation of the Jindalee over-the-horizon radar network.

"The Sapphire Clock offers a thousand-fold improvement in timing precision, helping Australian Defence agencies identify threats to the nation," the spokesperson said.

Defence also believes quantum technology could be the alternative solution to GPS as it is not always reliable in complex terrain or where satellite reception is challenging, such as underwater, or in mountainous or dense urban settings. Defence currently uses GPS technology for a variety of defence activities, including precision-guided weapons, cryptography, timestamp intelligence, and synchronising distributed computer systems.

"This will be achieved through the development, miniaturisation, and maturation of quantum clocks, accelerometers, magnetometers, and gravimeters. These will then be fused with classical technologies to provide the best of both worlds for optimal timing and navigation solutions," Defence said.

Other ways Defence intends to explore and exploit the opportunity that quantum technology has been outlined in the Army Quantum Technology Roadmap [PDF]. It highlights that some potential applications of quantum technology could include sensing and imaging, communications and cryptography, and computing and simulation.

Quantum technologies could help military planners, but they might also throw out some unexpected consequences.

"This combination of disruptive potential, ambiguity and complexity presents both strategic risks and opportunities to Land Forces. As a result, Army finds itself in an accelerating global competition to understand, co-develop and exploit quantum technologies for land operations," the report notes.

"Quantum sensing technology provides new levels of sensitivity for sensing things like magnetic fields, acceleration and gravitational fields, which can lead to new capabilities," the Defence spokesperson said.

"Quantum communications technology has the potential to provide the ultimate in secure communications. Quantum computing has the potential to solve problems that cannot be solved by current classical computers."

To further explore quantum technology, the Australian Army ran its inaugural Quantum Technology Challenge last year, which saw teams of Australia's quantum scientists and engineers compete to show how quantum technologies could be conceptually delivered. The specific challenges that were set involved making the ground "transparent" through quantum imaging, resupplying troops while on the battlefield using autonomous ground vehicles, and securing communications through quantum encryption.

The department also recently made a call out for solutions to be presented at next year's Quantum Technology Challenge, tentatively scheduled for August 2022.

Defence said for next year, it wants to test if quantum sensors can detect, locate, and identify electromagnetic emitters with greater precision, range, and bandwidth; see whether quantum computers can identify and classify features in signals and images more precisely and efficiently; and examine if post-quantum cryptography can be practically employed to secure communications from the threat of quantum computers.

The department added that Australia could run the risk of being left behind if quantum technology developed in the country is not supported.

"Australia has world-leading expertise in many areas of quantum technology. These need to continue to be supported and developed in order to avoid Australia being left behind," the spokesperson said.

See the article here:
Quantum technologies are now part of the military's future roadmap - ZDNet

Recently, LBank Exchange held an AMA session with the Polygon team, discussing Polygons achievements, collaborations, NFT and Gaming markets, Nightfall solution, future plans and so on. Heres the summary of this AMA.

Ethereum is the blockchain development platform of choice, but it has limitations such as low throughput, poor UX, and no sovereignty. As a protocol and a framework for building and connecting Ethereum-compatible blockchain networks, Polygon breaks through these limitations by aggregating scalable solutions on Ethereum and supporting a multi-chain Ethereum ecosystem.

Polygon Outperforms Ethereum In-terms Of Active Users

As a layer 2 solutions aggregator built on top of Ethereum, Polygon has made some great achievements since its birth, its POS chain has over 2000 DApps live and processes over 7 million transactions daily. In fact, Polygon now has more daily active users than Ethereum.

MATIC, the token for the polygon network, is already live on trading platforms like LBank Exchange, and currently the trading volume of it is over 1 billion across exchanges. Polygon team is aiming for making more people hold MATIC tokens, and its hoping to see MATICs trading volume on LBank Exchange continue to grow as well.

Expanding the Polygon ecosystem

With the power to bring thousands of new users into blockchain, NFT and Gaming markets are strategic sectors that Polygon continues to focus on. There are already some of the largest gaming projects live on Polygon, such as Decentral Games, Sandbox, Somnium Space, Vulcan Verse, etc. As for NFT projects, there are OpenSea, Lazy.com, Autograph, etc.

The team will be bringing many more such games and NFT projects onto Polygon so that its community can enjoy more artwork and fun. In addition, Polygon allows for massive scalability, and compared to Ethereum, minting costs on Polygon are 100,000 times cheaper on average.

Polygon also has products designed for enterprise customers who need privacy and scalability, such as Nightfall, a one-of-a-kind, privacy-focused Rollup that combines Optimistic Rollups with Zero-Knowledge (ZK) cryptography commonly used in ZK Rollups. It creates a scalable and private hybrid of the two popular technologies.

Polygon Nightfall has the power to bring many large enterprises into blockchain, the team believes that it will lead to a large number of transactions on Polygon and further add new projects and users to the Polygon ecosystem.

Big Plans Ahead

The Polygon team has already got some big plans ahead. On the technical side, Polygon is investing heavily into ZK and ZK Rollup technology, for example, the team has already spent $250 million on acquiring Hermez, which is a decentralized, open-source ZK Rollup optimised for secure, low-cost and usable token transfers on the wings of Ethereum.

Polygon has also acquired another 4 teams to build more ZK Rollup chains, to achieve the goal of building highly scalable EVM enabled ZK Rollup technology. In addition, Polygon has updates coming for its POS chain and details on EIP 1559 implementation.

On the business side, Polygon has many exciting updates as well, with lots of big DApps and integrations planned. Significantly, Arjun, Polygons Head of Growth, points out that LBank is enhancing its global branding. He also assures that the love of the community makes the team achieve its goals, so it will continue to collaborate with LBank Exchange to bring more Polygon projects and tokens to the community. Polygon team will keep posting on its official social media accounts such as Twitter to reveal more details about future plans and latest updates.

About LBank

LBank is an ever-growing crypto trading platform which offers safe trading for the users worldwide. The team aspires to build the professional integration services for crypto-assets being a convenient trading platform. It has become popular with over 6.4 million users around the world.

Visit LBank to Know More:

Trade NowTwitterTelegramLinkedInFacebook

Read this article:
Polygon Reveals About its Future Collaboration With LBank During AMA - bitcoinist.com

Loopring, an Ethereum-based protocol that offers cutting-edge cryptography for Decentralized Finance (DeFi) applications, has been garnering increased attention from investors over the past few hours amid persistent rumors of its integration with GameStops (GME) NFT platform.

As a refresher, Loopring is essentially a Layer 2 Ethereum blockchain that utilizes a new type of cryptography, dubbed the zkRollup (zero-knowledge rollups). Instead of settling transactions on the main Ethereum blockchain, zkRollup allows key calculations to be performed elsewhere without requiring confirmation from the Ethereum network. This process allows the establishment of decentralized exchanges without the associated high fees and slow transaction processing speed. A zero-knowledge proof makes a claim regarding the accuracy of a particular data set without actually sharing that data. For instance, it may allow age verification for certain sites without actually revealing the age of the user. zkRollups bundle hundreds of transactions into a single one, thereby boosting the scale and efficiency of the network. These bundled transactions are then settled on the blockchain using zero-knowledge proofs to ensure the accuracy of those off-chain transactions.

GameStop, AMC Short Sellers Recover Losses At $20 Million/day But Is It Enough?

So, how does a Loopring exchange work in real-life? Well, users first send their funds to a smart contract managed by the Loopring protocol. From there, user-identifying information is moved off-chain, and the associated trades are batched together and matched for efficiency gains. Each batch of transactions is then added to the Ethereum blockchain using zero-knowledge proofs that allow for a complete reconstruction of those off-chain transactions. Loopring claims that it can process over 2,000 trades per second by using this method. Looprings native cryptocurrency, the LRC, is used by decentralized exchange operators to provide the mandatory lock-up capital. The locked-up LRC can be confiscated in case the operator violates certain terms and conditions. Users who stake LRC win the right to 70 percent of the exchange fees, while 10 percent of these fees paid in the form of LRC are burnt, thereby ensuring an overall deflationary environment. The total supply of LRC is capped at 1.395 million tokens.

This brings us to the crux of the matter. Source code from Looprings GitHub profile suggests that the protocols developers are preparing to integrate with GameStops much-hyped NFT platform. As noted by GMEdd, the code makes certain interesting references:

The amended code in the branch NFT-DEV, under the GitHub commit titled NFT feature, makes reference to gameStopMeta and an IPFS URL.

Bear in mind that the IPFS is a distributed system for storing and accessing files and data and was used by GameStop during its first iteration of an NFT platform reveal.

Weve continued to note that, in the approaching era of cloud-based gaming, GameStop needs to think out of the box to strike gold, as its brick-and-mortar stores are already facing extinction. In the prevailing paradigm, the companys recent push into the arena of Non-Fungible Tokens (NFTs) is a solid initiative,, and Looprings alleged involvement is only adding more confidence. To wit, GameStop has activated a dedicated website for NFTs that references players, creators, and collectors, thereby indicating an incoming ecosystem to cater to the gaming community. As NFTs are now being used to develop and monetize video games, GameStops interest in this field is logical.

While it still remains to be seen whether the much-vaunted partnership between Loopring and GameStop materializes, investors are already jumping on the bandwagon. To wit, the LRC has now recorded gains of over 50 percent in just the past 24 hours, with the coin currently trading around the $1.07 price level.

GameStop & AMC Short Sellers Recover Close To $1 Billion In Two Weeks

Source: https://coinmarketcap.com/currencies/loopring/

Nonetheless, Looprings current price is still far below the all-time high of $2.59 recorded back in January 2018.

Given the budding interest around Loopring, we would not be surprised if the coin were to take out its current all-time high should the partnership with GameStop materialize.

Do you think a partnership between GameStop and Loopring is just around the corner? Let us know your thoughts in the comments section below.

Read the rest here:
Loopring (LRC) Is Poised To Take Out Its Current All-time High Should the Projects Rumored Partnership With GameStops (GME) NFT Platform Materialize -...

The research paper detailing the engineering and design requirements to enable the first distributed, uncensorable, electronic digital cash system to come to life was released 13 years ago. The Bitcoin white paper publicized the long-sought resolution to the double-spending problem of all previous attempts to build digital cash.

However, contrary to popular belief, the invention of Bitcoin by Satoshi Nakamoto wasnt precisely an unprecedented construction. The quest for digital cash had started many years before the Bitcoin white paper was published, and Bitcoin is more accurately seen as the culmination of decades of research and development. Satoshi brilliantly applied some tweaks and puzzled it all together to devise the Bitcoin network and its consensus protocol.

Bitcoin marvelously joins together digital signatures, proof of work, public-key cryptography, hash functions, timestamps, block rewards, transaction fees, mining difficulty adjustment, Merkle Trees, and the concept of a peer-to-peer network run by independent nodes. This unique construction allowed the double-spending problem to be solved and the soundest form of money ever created to emerge.

Each of these pieces was built upon previous knowledge. The white paper cited eight of such prior developments, hinting at how the pseudonymous inventor arrived at the requirements for creating Bitcoin.

The first reference is b-money, where Wei Dai explores how cooperation could be possible without governments and trusted entities.

A community is defined by the cooperation of its participants, and efficient cooperation requires a medium of exchange (money) and a way to enforce contracts, Dai wrote. Traditionally these services have been provided by the government or government sponsored institutions and only to legal entities. In this article I describe a protocol by which these services can be provided to and by untraceable entities.

The papers three subsequent references are all about timestamping, which is central to the functioning of the Bitcoin network and its ordered history of blocks and essential to help solve the double-spending problem. Moreover, timestamping proves the existence of data at a specific time.

The second reference is Design of a secure timestamping service with minimal trust requirements by H. Massias, X.S. Avila, and J.-J. Quisquater. Again, a paper that explores how to reduce trust requirements in systems.

We define digital timestamp as a digital certificate intended to assure the existence of a generic digital document at a certain time, the authors wrote. There are two families of timestamping techniques: those that work with a trusted third party and those that are based on the concept of distributed trust. Techniques based on a trusted party rely on the impartiality of the entity that is in charge of issuing the timestamps. Techniques based on the distributed trust consist on making documents dated and signed by a large set of people in order to convince the verifiers that we could not have corrupted all of them.

How to timestamp a digital document is the papers third reference, in which S. Haber and W.S. Stornetta propose a technique to make it infeasible for a document to be back-dated or forward-dated. Bitcoin leverages the idea of linking hashed data to make it not practical to tamper with the records without leaving telltale signs.

The two authors are cited once again in the fourth reference, Improving the efficiency and reliability of digital timestamping, in which they explore a way to achieve exponential increase in the publicity obtained for each timestamping event, while reducing the storage and the computation required. Merkle Trees are also central to how Bitcoin stores transactional data in blocks and allow for quick payment and block verification by validating nodes.

From the latest reference to Haber and Stornetta, Satoshi Nakamoto leveraged Secure names for bit-strings to combine hash functions with Merkle Trees, allowing for easier integrity verification.

Adam Backs Hashcash - a denial of service counter-measure is cited by Satoshi and was leveraged to implement Bitcoins proof-of-work (PoW) systemthe core of the Bitcoin consensus model and responsible for allowing BTC to be mined in a decentralized and free-market fashion. PoW also allows for the lack of human coordination for recording transactions and the lack of trust for achieving consensus. Simply put, without PoW, there would be no Bitcoin.

Protocols for public key cryptosystems by R.C. Merkle explores schemes for public key distribution and protocols for digital signatures, which it says is an ideal method of broadcasting authenticated messages from a central source which must be confirmed by many separate recipients.

Digital signatures enable Bitcoin users to prove ownership of a transaction output and spend it in a pseudonymous way while allowing peers to verify the validity of such claims quickly. Bitcoin currently uses ECDSA and enables users not to reveal their identities (private keys) when interacting with the protocol. The next major upgrade to Bitcoin will add Schnorr signatures, further improving the capabilities of Bitcoin in that regard.

Last but not least, An introduction to probability theory and its applications by William Feller was cited by Satoshi. The pseudonymous creator of Bitcoin leveraged the mathematics book to calculate the probability that an attacker can successfully compete with the honest chaina central issue in the double-spend problem.

Read the rest here:
13 Years Ago Today, The Bitcoin White Paper Was Released - Bitcoin Magazine

Worried about your account security? Today we have a device to help protect email, social media, and other account types. This physical key is a simple, effective solution you need in your tech arsenal. Read on to learn about the Yubico Security Key C NFC.

You really cant be too careful when it comes to digital security. In fact, most people arent careful enough.

Your email and social media accounts likely contain a vast amount of personal information, and data thieves are always on the prowl. This is why two-factor authentication is a great way to add extra security to your login game.

While those who use this kind of security often gravitate toward software-based authentication apps, another method is available: physical keys. One such key is the Yubico Security Key C NFC. Lets take a closer look, shall we?

From Gmail and Facebook to Skype and Outlook, your passwords and usernames are only one layer of security between you and hackers or data thieves.

Its easy to forget how many pieces of personal information, files, photos, and memories, are stored across our accounts. The Yubico Security Key C NFC helps shield against phishing and sudden account takeovers.

We get it. Much of this sort of thing sounds complicated and confusing. Thankfully Yubico makes its key easy to set up and use. You can register your key with many popular services.

Then, upon future logins, just connect the key to your device. One little NFC tap, and youre into your accounts. While using a physical key may seem inconvenient, security experts argue that trying to get your accounts back after a hack is far more inconvenient. The protection and peace of mind you get in return make it worth the effort.

If you have concerns about the security of the Yubico Security Key C NFC device itself, dont sweat it. Its manufactured in only two placesthe US and Swedenand packaged in sealed, tamper-evident packaging. The key also supports asymmetric cryptography with public and private key tech.

Despite being such a tiny device, it harnesses a handy set of features. In addition to the great security it delivers, its also conveniently portable and battery free.

Not only is the Yubico Security Key C NFC resistant to crushes and water, but it also doesnt require batteries or network connectivity to authenticate. It can even be placed in a wallet or on a key ring so you can take it anywhere you go.

Its easy to look at a device like the Yubico Security Key C NFC as a cool, but unnecessary way to protect accounts. Unfortunately, this couldnt be farther from the truth.

While it isnt required, the sad reality is that hackers and data thieves never cease to attempt to access accounts. We sleep soundly at night, but theyre hard at work. Though the idea that they wouldnt bother with little ol you is tempting to give into, its highly inaccurate.

For example, two friends of mine (both regular people, unconnected and on opposite sides of the US) had their Instagram accounts hacked and ransomed. They lost many personal photos along with private messages and other information. It can happen to anyone.

All that said, a device like this isnt going to appeal to everyone. However, if youre interested in improving the security of your accounts and adding additional protection between you and sketchy opportunists, you should absolutely keep it on your gadget radar.

You can find the Yubico Security Key C NFC on Amazon for $25 or on the official website for $29.

Mark is a writer and podcaster who loves technology. When not writing for Gadget Flow, he enjoys passionately working on storytelling projects and exploring the outdoors.

Go here to see the original:
Receive protection against phishing and account takeovers with the Yubico Security Key C NFC - Gadget Flow

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field

Just days ago, we looked at how you can jump-start your career in the broader field of cybersecurity, leveraging insights from ESET security researchers with decades of experience under their belts. Since today is Antimalware Day, a day when we recognize the work of security professionals, we thought it apt to ask a trio of ESET malware researchers to pick up the baton and share their thoughts and experiences about what their daily tasks involve.

Perhaps solving riddles is your thing? Have an inquisitive mind that thrives on new knowledge? Or youre already contemplating carving out a career in the fight against cybercrime, but arent quite sure if youre cut out for it? Or just appreciate the fine work of malware researchers and wonder why they chose this career path?

Whatever the reason (perhaps a little bit of everything?), you need look no further than our Q&A with ESETs Lukas Stefanko, Fernando Tavella and Matas Porolli to learn what the job of an expert in deconstructing malicious software is like.

First off, how did you get into malware analysis/research?

Lukas: It all started when I became more familiar with software reverse engineering and tried to understand how a piece of software works and behaves without having access to its source code. From there, curiosity took me further to gain an understanding how malicious software works, what its purpose is, how it communicates, and so on. It was a new experience that I hugely enjoyed and still do!

Fernando: Most of all, I always liked the research part, whether it was focused on security or other activities. But after I actually started to work in security I realized that I liked reverse engineering best. This was because of its complexity and general allure, and so I started participating in capture-the-flag competitions (CTFs) and dived into various related topics. At one point, I came across a piece of malware and realized just how interesting it is to understand how it works using a low-level language, what kinds of obfuscation and evasion techniques they use, and how you can defend yourself against certain threats.

Matas: In 2011, I won the ESET University Award that is organized by ESET in Latin America and that consisted of writing a research article about topics related to computer security. I had no experience with malware analysis at that time, but I continued to deepen my knowledge in this field through self-study. In 2013, I started working for ESET and got my hands dirty with malware analysis.

Is there such a thing as a typical day at work for you?

Lukas: Most days start the same I check the latest cybersecurity news, my inbox, and Twitter. But some days take a dramatic turn, for example when we discover new or interesting malware samples or its traces that we think might put us on track to identifying new cybercrime or APT campaigns. This is one of the reasons why having good sources of information helps they just save time during the malware analysis, as some of the tricks might already have been revealed.

Fernando: Actually, I dont think theres a typical day in my job. Many new things happen every day and vary from one day to another. Not everything can be planned. Perhaps when I do some research into, say, a malware campaign in Latin America, and it turns out to be time-consuming, Ill spend the day analyzing that particular threat all while setting aside some 30 minutes in the morning to bring myself up to date on fresh security news. But generally, no two days are the same.

Matas: Although there are unusual days when we begin research into an ongoing attack, I do have some sort of routine that consists of two main activities. First, it involves hunting for new threats in my information feeds, keeping track of groups of attackers and so on. Second, I analyze the malicious files that emerge from that hunting activity or from work with my colleagues, in particular reverse engineering and documenting these threats.

Whats the most exciting part of your job?

Lukas: Its actually all those small things that together make up the malware analysis process, which begins with me scratching my head with curiosity. Each step along the way then helps crack the problem and create a clearer picture of it. This means static and dynamic analysis of Android malware that involves running it on an actual device and observe its behavior from the victims perspective in order to understand its purpose. This analysis reveals, for example, who the malware communicates with and what kinds of data it extracts from the device. Look at its permission requests and you can take an educated guess at the capabilities of the malware. However, dynamic analysis is often not enough. To have a better picture of how a piece of malware works and what its functionality is, it is important to fire up an Android decompiler and get my hands dirty with manual code analysis.

From there, I often begin to research and eventually disclose active malware campaigns, which the bad guys dont really like. It appears that some are actually following my work rather closely. On several occasions, their code contained short notes intended for me. They arent always nice. For example, they name their classes or packages after me, sign the malware on my behalf or even register malicious domains that contain my name and afterwards communicate with the malware. However, I dont take it personally.

Figure 1. Some malware authors seem to follow Lukass work pretty closely

Fernando: Its the static analysis of a threat, reverse engineering, the ability to see all the code at a low level and from there gain an understanding of the threats behavior and its most interesting functionalities so that I can then document them.

Matas: What I like best is that I rarely apply the same methods to various research projects. Attackers use various platforms and technologies, and oftentimes you encounter specific problems that require creative solutions. For example, how you automate the extraction of malware settings for thousands of malicious files or how you implement the deobfuscation of files that have been modified to hamper analysis.

Which research or projects are you most proud of?

Lukas: I would probably say its one of my latest research projects the analysis of vulnerabilities in Android stalkerware. I spent months working on it, poring over 80 stalkerware apps and eventually discovering a combined 150-plus serious security and privacy issues in them.

Fernando: I am most proud of the research I did together with Matas into the espionage campaign in Venezuela that leveraged the Bandook malware. It was one of my first research projects, but I was able to carry out a comprehensive technical analysis of the threat affecting the country.

Matas: Any research involves a lot of work behind the scenes that never gets published. Im still very proud of it, though, especially because of what I said earlier about the need to be creative when getting to grips with some problems. But if I were to highlight one specific research project, I would say Evilnum. Little was known about the malware at the time, and practically nothing was known about the group behind it. ESET managed to put the groups malicious arsenal in context, uncover its purpose and see the big picture.

Do you work closely with other teams in the security realm?

Lukas: Yes. Besides in-depth research, our main goal is to protect users of our products and detect threats in the wild. This means not just sharing them with our internal teams, but also with other cybersecurity companies and so help improve general awareness of recent threats.

Fernando: I have worked with folks in incident response, mainly to help them understand the behavior of any threat they have seen during an incident.

Matas: We constantly work together with other professionals. One case worth mentioning is when I worked with the Netherlands Computer Crime Unit to dismantle servers used by Evilnum and perform forensic analysis on them.

What are some essential hard skills for your job?

Lukas: As far as Android malware analysis goes, I would say you need to understand the basics of the operating system, including the application life cycle, and have the ability to read decompiled Java and Kotlin source code. It also pays to keep current on the latest discoveries, tools published recently, and even operating system and app updates. For example, such updates may come with new features that are convenient for users, but may also help create opportunities that the bad guys would take advantage of. Fortunately, most updates hamper malware writers in their work, rather than help them.

Fernando: I think having programming knowledge is very important, though not necessarily write code. Rather, you need to be able to read and understand it. Also, knowledge of operating systems, cryptography, computer and network architecture (be it network protocols or traffic analysis) are the kinds of skills that the more the person knows, the more prepared they are to analyze malware and not get frustrated or give up trying.

Matas: In terms of technical skills, you need to be well-versed in many fields of computer science, including networking, operating systems and programming. My job requires that you have a detailed knowledge of reverse engineering, especially for Windows platforms.

Is there any non-technical aspect of your job you struggle(d) with? Did your job require you to improve any such skills?

Lukas: Yes, there is. Each year, I try to improve one of my non-technical skills, such as writing blog posts, pushing myself into public speaking, improving my presentation skills, speaking to the media, giving interviews, and the like. Most of them are not easy to acquire for an introverted technical person and require me to step outside of my comfort zone, which is easier said than done.

Fernando: Ive had to improve my writing skills. While there is a team that reviews our writing, its important for every researcher to use the right words and be able to express themselves well since their output reflects all the work that may be behind that particular research effort. So I think that being able to express yourself and convey your findings clearly is almost as important as just about anything else.

Matas: Its important to know how to communicate the results of our analyses, be aware of who we produce our reports for, and then adapt the content accordingly. Its also important to know how to tell a story, rather than just stuff a piece of content with technical descriptions.

What personality traits or soft skills should a malware researcher have?

Lukas: I believe that enthusiasm to solve problems and willingness to learn new things are the driving forces here. Everything else can be learned along the way.

Fernando: I think there are two very important characteristics that a malware researcher must have: the ability to learn on their own and curiosity.

Matas: Curiosity, the ability to focus on a task at hand, eagerness to crack problems, patience, and a keen eye for detail.

How do you continue to expand your knowledge and keep up to date?

Lukas: I have to say, staying up to date takes a lot of time every day. However, Ive learned how to keep current using dedicated and trusted RSS feeds and social media channels, reading blog posts and tweets by peer researchers and other cybersecurity companies, as well as academic research and via Google Alerts. Once Ive narrowed this down to and read the most important news updates, I try to share them with other mobile security enthusiasts via my Telegram channel and so perhaps save them some time while theyre also looking for news about mobile security.

Fernando: I usually go Twitter to find information shared by fellow researchers and to read their publications. That way, I learn about new campaigns and new techniques that can be deployed by cybercriminals. Also, if theres something that caught my eye in a piece of research, I make a note of it and then dive into it in my own free time. This could be anything, for example a cipher or a malware obfuscation method.

Matas: You have to read the news and keep up to date on whats going on. I suggest using social networks to follow security companies and find out about new research, or even follow other researchers. Also read computer security blogs: WeLiveSecurity, for example. 😉

What message would you share with people who are keen to embark on a career in malware research?

Lukas: Go for it. Passion and enthusiasm are crucial and make it easier for any budding malware researcher to soak up information and knowledge. In addition, if you find something difficult to understand, dont fret your future colleagues will be more than happy to explain it to you.

Fernando: Go one step at a time. Join CTF contests involving various topics that are related to malware analysis, such as reverse engineering, cryptography and network traffic analysis. You dont need to start by dissecting malware, simply because this can be too complex. Additionally, read what others have already done, so you learn from analyses of previously detected threats and see how the malware samples worked. If you read and search enough, youll notice that some malware variants have certain characteristics in common for example, they tamper with registry entries in order to gain persistence on a victims machine. Also, when reading an article from another researcher, you can see what they considered important about this specific threat, which is an insight you should leverage when setting about analyzing a piece of malware for the first time.

Matas: Keep calm and identify the cryptographic constants.

There you have it. We hope this has given you enough food for thought. Now, one-third of your life is spent at work why not choose a career where you can make an impact and contribute to making technology safer for everybody?

Happy Antimalware Day!

Read the original here:
What's it like to work as a malware researcher? 10 questions answered - We Live Security

The metaverse, a digital space that allows users to communicate and move virtually in their three-dimensional avatars or digital representations, is being seen as the future of business and human interaction.

Last month, Chipotle Mexican Grill offered free burritos to customers who visited the restaurant virtually on Roblox an online gaming platform.

Each day from October 28 to 31, the first 30,000 Roblox users who visited the virtual Chipotle restaurant in a Halloween-themed costume received a code for a free burrito.

As a digital innovator, we are always experimenting on new platforms to meet our guests where they are, said Chris Brandt, chief marketing officer at Chipotle.

Roblox's popularity has boomed over the past year and we know our fans will be excited to celebrate the next evolution of burrito in the metaverse, Mr Brandt said.

A man tries VR goggles during the Cop26 conference in Glasgow. Getty

Here is a look at the history of the metaverse and its potential opportunities.

The term was coined by Neal Stephenson in his 1992 sci-fi novel Snow Crash, which covered subjects such as computer science, politics, cryptography and philosophy.

Hailed as a successor to the internet, the metaverse is a set of immersive spaces shared by users, where they can interact, innovate and engage other people who are not in the same physical space. They do it by creating 3D avatars.

Based on augmented reality principles, it merges physical and virtual existences in a shared online space.

A journalist poses for a 360-degree image during a demonstration to create a 3D avatar at the Jump Studio in the SK Telecom headquarters in Seoul. Bloomberg

It is a mix of work and play.

With the metaverse, users can create their digital representation and use it while attending virtual family gatherings or office meetings. They can also attend the virtual streaming of a music concert where their 3D avatar will appear among the audience. Their digital representation can shop online, lend their belongings to colleagues or friends, try new products, such as clothes and shoes, at virtual shops and pay for them using digital currencies.

But we are still in the initial stages of the development of the metaverse. Industry experts say it might take 10 to 15 years to fully realise metaverse products and it will work well when all stakeholders create a compatible digital ecosystem.

Social networking site Meta, formerly Facebook, plans to spend $10 billion this year on Reality Labs its metaverse division despite the platform facing controversies that have led to calls for tighter regulation.

Facebook chief executive Mark Zuckerberg fencing in the metaverse with an Olympic gold medal fencer during a live-streamed conference to announce the rebranding of Facebook as Meta. Reuters

Industry analysts say despite the recent hype, the metaverse is Facebooks most potent and underappreciated innovation opportunity.

About every decade we believe companies need to reinvent themselves to address large new markets and satisfy investors for the long term, the US venture capital company Loup Ventures said in a note to clients.

For a company the size of Facebook, with an expected $150 billion in revenue next year, maintaining growth requires a massive, greenfield opportunity we believe the metaverse is a sufficiently large opportunity for a company the size of Facebook to chase.

Technology giant Microsoft aims to allow avatars to share PowerPoint presentations and Excel files in Teams an app that offers workspace chat, videoconferencing and file storage next year.

Software maker Unity is developing a concept called digital twins a virtual copy of the real world. Graphics chip maker Nvidia is developing a technology called Omniverse that will link 3D virtual worlds in the metaverse.

Tencent Holdings, the world's largest gaming company by revenue, is reportedly developing an advanced gaming studio to focus on the metaverse.

A software engineer explores a detailed 3D map of the universe with the virtual reality software VIRUP, developed by the Swiss Federal Institute of Technology. AP

In September, the Chinese company filed to register nearly 100 metaverse-related trademarks. They include QQ Metaverse, QQ Music Metaverse and Kings Metaverse, similar to the names of the companys messaging app, music-streaming service and mobile game Honour of Kings.

In March, Gucci released branded virtual trainers, allowing users to wear them on social media only.

UK start-up Auroboros has launched what it calls a biomimicry digital collection, which allows users to buy looks to wear on Snapchat. Buyers submit an image of themselves, on to which high-quality sci-fi fantasy digital wear is added. This image can then be uploaded to Snapchat through a filter.

While building the metaverse, companies need to minimise the amount of data that is used and build a parallel digital world that gives users control over their data.

Employees create a 3D avatar in the Jump Studio at the SK Telecom headquarters in Seoul. Bloomberg

Industry experts say developers need to make sure these technologies are designed inclusively and in a way that is accessible.

It is essential to keep people safe online and give them tools to act or get help if they see something they are not comfortable with, Facebook said.

Updated: November 5th 2021, 4:00 AM

See the rest here:
Quicktake: what is the metaverse and why does it matter? - The National