What’s it like to work as a malware researcher? 10 questions answered – We Live Security

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field

Just days ago, we looked at how you can jump-start your career in the broader field of cybersecurity, leveraging insights from ESET security researchers with decades of experience under their belts. Since today is Antimalware Day, a day when we recognize the work of security professionals, we thought it apt to ask a trio of ESET malware researchers to pick up the baton and share their thoughts and experiences about what their daily tasks involve.

Perhaps solving riddles is your thing? Have an inquisitive mind that thrives on new knowledge? Or youre already contemplating carving out a career in the fight against cybercrime, but arent quite sure if youre cut out for it? Or just appreciate the fine work of malware researchers and wonder why they chose this career path?

Whatever the reason (perhaps a little bit of everything?), you need look no further than our Q&A with ESETs Lukas Stefanko, Fernando Tavella and Matas Porolli to learn what the job of an expert in deconstructing malicious software is like.

First off, how did you get into malware analysis/research?

Lukas: It all started when I became more familiar with software reverse engineering and tried to understand how a piece of software works and behaves without having access to its source code. From there, curiosity took me further to gain an understanding how malicious software works, what its purpose is, how it communicates, and so on. It was a new experience that I hugely enjoyed and still do!

Fernando: Most of all, I always liked the research part, whether it was focused on security or other activities. But after I actually started to work in security I realized that I liked reverse engineering best. This was because of its complexity and general allure, and so I started participating in capture-the-flag competitions (CTFs) and dived into various related topics. At one point, I came across a piece of malware and realized just how interesting it is to understand how it works using a low-level language, what kinds of obfuscation and evasion techniques they use, and how you can defend yourself against certain threats.

Matas: In 2011, I won the ESET University Award that is organized by ESET in Latin America and that consisted of writing a research article about topics related to computer security. I had no experience with malware analysis at that time, but I continued to deepen my knowledge in this field through self-study. In 2013, I started working for ESET and got my hands dirty with malware analysis.

Is there such a thing as a typical day at work for you?

Lukas: Most days start the same I check the latest cybersecurity news, my inbox, and Twitter. But some days take a dramatic turn, for example when we discover new or interesting malware samples or its traces that we think might put us on track to identifying new cybercrime or APT campaigns. This is one of the reasons why having good sources of information helps they just save time during the malware analysis, as some of the tricks might already have been revealed.

Fernando: Actually, I dont think theres a typical day in my job. Many new things happen every day and vary from one day to another. Not everything can be planned. Perhaps when I do some research into, say, a malware campaign in Latin America, and it turns out to be time-consuming, Ill spend the day analyzing that particular threat all while setting aside some 30 minutes in the morning to bring myself up to date on fresh security news. But generally, no two days are the same.

Matas: Although there are unusual days when we begin research into an ongoing attack, I do have some sort of routine that consists of two main activities. First, it involves hunting for new threats in my information feeds, keeping track of groups of attackers and so on. Second, I analyze the malicious files that emerge from that hunting activity or from work with my colleagues, in particular reverse engineering and documenting these threats.

Whats the most exciting part of your job?

Lukas: Its actually all those small things that together make up the malware analysis process, which begins with me scratching my head with curiosity. Each step along the way then helps crack the problem and create a clearer picture of it. This means static and dynamic analysis of Android malware that involves running it on an actual device and observe its behavior from the victims perspective in order to understand its purpose. This analysis reveals, for example, who the malware communicates with and what kinds of data it extracts from the device. Look at its permission requests and you can take an educated guess at the capabilities of the malware. However, dynamic analysis is often not enough. To have a better picture of how a piece of malware works and what its functionality is, it is important to fire up an Android decompiler and get my hands dirty with manual code analysis.

From there, I often begin to research and eventually disclose active malware campaigns, which the bad guys dont really like. It appears that some are actually following my work rather closely. On several occasions, their code contained short notes intended for me. They arent always nice. For example, they name their classes or packages after me, sign the malware on my behalf or even register malicious domains that contain my name and afterwards communicate with the malware. However, I dont take it personally.

Figure 1. Some malware authors seem to follow Lukass work pretty closely

Fernando: Its the static analysis of a threat, reverse engineering, the ability to see all the code at a low level and from there gain an understanding of the threats behavior and its most interesting functionalities so that I can then document them.

Matas: What I like best is that I rarely apply the same methods to various research projects. Attackers use various platforms and technologies, and oftentimes you encounter specific problems that require creative solutions. For example, how you automate the extraction of malware settings for thousands of malicious files or how you implement the deobfuscation of files that have been modified to hamper analysis.

Which research or projects are you most proud of?

Lukas: I would probably say its one of my latest research projects the analysis of vulnerabilities in Android stalkerware. I spent months working on it, poring over 80 stalkerware apps and eventually discovering a combined 150-plus serious security and privacy issues in them.

Fernando: I am most proud of the research I did together with Matas into the espionage campaign in Venezuela that leveraged the Bandook malware. It was one of my first research projects, but I was able to carry out a comprehensive technical analysis of the threat affecting the country.

Matas: Any research involves a lot of work behind the scenes that never gets published. Im still very proud of it, though, especially because of what I said earlier about the need to be creative when getting to grips with some problems. But if I were to highlight one specific research project, I would say Evilnum. Little was known about the malware at the time, and practically nothing was known about the group behind it. ESET managed to put the groups malicious arsenal in context, uncover its purpose and see the big picture.

Do you work closely with other teams in the security realm?

Lukas: Yes. Besides in-depth research, our main goal is to protect users of our products and detect threats in the wild. This means not just sharing them with our internal teams, but also with other cybersecurity companies and so help improve general awareness of recent threats.

Fernando: I have worked with folks in incident response, mainly to help them understand the behavior of any threat they have seen during an incident.

Matas: We constantly work together with other professionals. One case worth mentioning is when I worked with the Netherlands Computer Crime Unit to dismantle servers used by Evilnum and perform forensic analysis on them.

What are some essential hard skills for your job?

Lukas: As far as Android malware analysis goes, I would say you need to understand the basics of the operating system, including the application life cycle, and have the ability to read decompiled Java and Kotlin source code. It also pays to keep current on the latest discoveries, tools published recently, and even operating system and app updates. For example, such updates may come with new features that are convenient for users, but may also help create opportunities that the bad guys would take advantage of. Fortunately, most updates hamper malware writers in their work, rather than help them.

Fernando: I think having programming knowledge is very important, though not necessarily write code. Rather, you need to be able to read and understand it. Also, knowledge of operating systems, cryptography, computer and network architecture (be it network protocols or traffic analysis) are the kinds of skills that the more the person knows, the more prepared they are to analyze malware and not get frustrated or give up trying.

Matas: In terms of technical skills, you need to be well-versed in many fields of computer science, including networking, operating systems and programming. My job requires that you have a detailed knowledge of reverse engineering, especially for Windows platforms.

Is there any non-technical aspect of your job you struggle(d) with? Did your job require you to improve any such skills?

Lukas: Yes, there is. Each year, I try to improve one of my non-technical skills, such as writing blog posts, pushing myself into public speaking, improving my presentation skills, speaking to the media, giving interviews, and the like. Most of them are not easy to acquire for an introverted technical person and require me to step outside of my comfort zone, which is easier said than done.

Fernando: Ive had to improve my writing skills. While there is a team that reviews our writing, its important for every researcher to use the right words and be able to express themselves well since their output reflects all the work that may be behind that particular research effort. So I think that being able to express yourself and convey your findings clearly is almost as important as just about anything else.

Matas: Its important to know how to communicate the results of our analyses, be aware of who we produce our reports for, and then adapt the content accordingly. Its also important to know how to tell a story, rather than just stuff a piece of content with technical descriptions.

What personality traits or soft skills should a malware researcher have?

Lukas: I believe that enthusiasm to solve problems and willingness to learn new things are the driving forces here. Everything else can be learned along the way.

Fernando: I think there are two very important characteristics that a malware researcher must have: the ability to learn on their own and curiosity.

Matas: Curiosity, the ability to focus on a task at hand, eagerness to crack problems, patience, and a keen eye for detail.

How do you continue to expand your knowledge and keep up to date?

Lukas: I have to say, staying up to date takes a lot of time every day. However, Ive learned how to keep current using dedicated and trusted RSS feeds and social media channels, reading blog posts and tweets by peer researchers and other cybersecurity companies, as well as academic research and via Google Alerts. Once Ive narrowed this down to and read the most important news updates, I try to share them with other mobile security enthusiasts via my Telegram channel and so perhaps save them some time while theyre also looking for news about mobile security.

Fernando: I usually go Twitter to find information shared by fellow researchers and to read their publications. That way, I learn about new campaigns and new techniques that can be deployed by cybercriminals. Also, if theres something that caught my eye in a piece of research, I make a note of it and then dive into it in my own free time. This could be anything, for example a cipher or a malware obfuscation method.

Matas: You have to read the news and keep up to date on whats going on. I suggest using social networks to follow security companies and find out about new research, or even follow other researchers. Also read computer security blogs: WeLiveSecurity, for example. 😉

What message would you share with people who are keen to embark on a career in malware research?

Lukas: Go for it. Passion and enthusiasm are crucial and make it easier for any budding malware researcher to soak up information and knowledge. In addition, if you find something difficult to understand, dont fret your future colleagues will be more than happy to explain it to you.

Fernando: Go one step at a time. Join CTF contests involving various topics that are related to malware analysis, such as reverse engineering, cryptography and network traffic analysis. You dont need to start by dissecting malware, simply because this can be too complex. Additionally, read what others have already done, so you learn from analyses of previously detected threats and see how the malware samples worked. If you read and search enough, youll notice that some malware variants have certain characteristics in common for example, they tamper with registry entries in order to gain persistence on a victims machine. Also, when reading an article from another researcher, you can see what they considered important about this specific threat, which is an insight you should leverage when setting about analyzing a piece of malware for the first time.

Matas: Keep calm and identify the cryptographic constants.

There you have it. We hope this has given you enough food for thought. Now, one-third of your life is spent at work why not choose a career where you can make an impact and contribute to making technology safer for everybody?

Happy Antimalware Day!

Read the original here:
What's it like to work as a malware researcher? 10 questions answered - We Live Security

Blockchain explained: Breaking down the technology thats transforming the world of finance – Euronews

When you think about blockchains, probably the first thing that comes to mind is Bitcoin or cryptos.

But actually, the technology is extremely versatile and has potential far beyond cryptocurrencies.

Blockchains have become popular over the past few years because they allow us to secure and verify all kinds of data in a decentralised network that cannot be altered.

The idea has its roots as far back as 1991, when two computer scientists, Stuart Haber and Scott Stornetta, proposed a system to protect timestamps on documents from being interfered with.

Satoshi Nakamoto, the anonymous Bitcoin inventor, then built on this system and referenced the two scientists in his Bitcoin whitepaper.

He successfully deployed the first public blockchain in 2009.

Put simply, a blockchain is a database in the form of a distributed ledger that uses cryptography to secure any kind of information.

This ledger takes the form of a series of records or blocks that are each added onto the previous block in the chain, hence the name blockchain.

Each block contains a timestamp, data, and a hash. This is a unique identifier for all the contents of the block, sort of like a digital fingerprint.

Crucially, once data has been recorded and verified in a block, it cannot be altered. Instead, if a change has to be made, this is recorded and verified in a new block which is then added to the chain.

Each new block reinforces the verification of the previous block and hence the entire blockchain.

The block also contains the hash of the previous block in the chain. These are the backbone of a public blockchain.

Its how all the participants in a public, decentralised network can come to a consensus on how a block is verified and added to the chain.

A cryptographic hash function is basically a mathematical algorithm that maps data of arbitrary length to an output of fixed length.

So, if you want to represent, for example, a list of names of varying lengths, a hash function would output each of these names (the data) into a unique string of numbers of a fixed length. This string of numbers is known as the hash.

The hash function will return the same hash no matter how many times you input the same data.

If you even slightly change the inputted data, the hash will change completely.

Hashing is considered a function that only works one-way. Thats because its highly infeasible - but not impossible - to reverse engineer the data that outputs a given hash without a huge, huge amount of computational power.

The fastest way to guess the data that produces a given hash is simply to guess and check, over and over again.

In the Bitcoin blockchain, which uses a proof of work consensus mechanism, computers in the network join in this elaborate guessing game hoping to solve the puzzle first.

The computer with higher computational power - meaning the capability to run through more guesses faster - is more likely to win the race and therefore verify the block for the reward of Bitcoin.

Its important to remember that the word blockchain doesnt describe any single database or network. Rather, its a type of technology and there are different kinds of blockchains that work in different ways.

A public blockchain like Bitcoin, allows anyone to join the network and access the distributed ledger.

A private blockchain is a closed network. It still uses some decentralisation and a peer to peer system, but overall this kind is controlled by a single entity and access is restricted to a defined network.

A hybrid blockchain is a combination of a public and private blockchain. This kind of blockchain allows an entity to distribute a ledger with some publicly accessible data but also restrict access to more sensitive data within the network.

A consortium blockchain has similarities with a private blockchain only. This type of ledger is controlled by multiple entities rather than a single one.

Here is the original post:
Blockchain explained: Breaking down the technology thats transforming the world of finance - Euronews

From Tiktok to bear mascots 7 ways education is recruiting cyber talent – EdScoop

Researchers at Kennesaw State University in Georgia developed virtual reality-based lessons and gamified learning software to help K-12 students develop cybersecurity skills.

Cybersecurity is not yet an official part of school curriculums, yet we are living in an increasingly digital world, Kennesaw professor Joy Li said in a press release. This presented us a wonderful opportunity to make an impact on education by using games, which has become one of the most efficient ways to grab their attention. On a secondary level, we hope that this kind of exposure will encourage kids to pursue careers in cybersecurity.

The University of Texas at San Antonios cybersecurity center developed games for K-12 students, both in digital and physical card formats. The games, designed for children as young as five years old, teach vocabulary and general cybersecurity concepts, like cryptography. One of the games introduces cybersecurity using bear mascots, called the CyBear family, which is complete with four bear characters named after famous computer scientists: Alan Turing, Grace Hopper, Augusta Ada King and Vint Cerf.

Read the rest here:
From Tiktok to bear mascots 7 ways education is recruiting cyber talent - EdScoop

Heres whats next for the Bitcoin price: expert panel – The Motley Fool Australia

The Bitcoin (CRYPTO: BTC) price has retreated from Wednesdays new all-time highs of US$66,930 (AU$89,240).

The digital tokens lost 6% since then, currently trading for US$62,845.

Interest in the worlds biggest crypto remains elevated, with more than US$45 billion worth changing virtual hands over the past 24 hours, according to data from CoinMarketCap.

With that level of interest in mind, the Motley Fool reached out to 3 crypto experts for their take on BITO, the new US listed, futures-based Bitcoin exchange traded fund (ETF), and their forecasts for where the Bitcoin price could be heading next.

(For details on the launch of the ProShares Bitcoin Strategy ETF(NYSE: BITO), go here.)

Now, on to our expert panel:

The Motley Fool: The launch of BITO garnered a lot of investor excitement and looks to have helped drive the Bitcoin price to new highs. What are your thoughts on a futures-based Bitcoin ETF, and will we ever see something similar on the ASX?

Jonathon Miller: The launch of a Bitcoin ETF is an exciting moment for the maturation of the digital assets industry and a good measure of where Bitcoin is in its adoption journey.

The timing of the BITO launch is also significant in that it went live when the Bitcoin price was reaching all-time highs. We saw US$1 billion in trading volume on the first day which is a great achievement, and another of the many positive news stories we have seen lately for crypto adoption.

We can expect that Australian regulators are watching what happens in the US and will use this as a framework for decisions on local products. Its hard to predict when this will happen, but the success of BITO so far is a very positive thing.

Peter Kazacos: Anything that makes it easier for investors to get exposure to an asset is a good thing for that asset. In the case of BITO, its a good thing for Bitcoin. The ETF means large institutional investors and investment houses can easily participate in a very traditional sense in the fortunes of BTC. A futures-based ETF like BITO paves the way to a spot ETF in the near term, which would be a significant milestone and have a positive impact on the Bitcoin price.

It is likely that we will one day see an Australian Bitcoin ETF as demand for the asset continues globally.

Simon Peters: While ProShares (BITO) is not an ETF holding the underlying asset that many in the crypto community want to see, its still a step forward in the right direction.

ABitcoin futures ETF now provides a convenient way for investors to get exposure to the Bitcoin price movement. However, investors who plan to hold for the longer term would need to take into account hidden fees within the futures ETF. Contracts will have to roll every month, and this could erode potential gains.

BITO saw a strong first day of trading. However, with more Bitcoin futures ETFs in the approval pipeline, whether this particular ProShares Bitcoin futures ETF can carry this momentum forward, well see.

Motley Fool: After posting a new all-time high this week, what is your outlook for the Bitcoin price movement?

Jonathon Miller: This rally has been driven by an incredible year of crypto adoption news for Bitcoin as well as Ethereum. The two coins have both shared leading roles in the news cycle, dragging each other down and bringing each other up in the market.

The all-time Bitcoin price high earlier this year was largely due to institutional interest where we saw adoption from big names such as Fidelity, Tesla and PayPal.

There is no way to predict the market, but its important to highlight that Bitcoin has scarcity with only 21 million in total in supply. And there are a lot more people in the world than that. The space is moving very quickly, and we know from Kraken Intelligence reports that the final quarter of the year has historically been the most bullish.

However, after price hikes, there is always the risk that we will see price drops as people look to take a profit.

Peter Kazacos: Mass adoption is the buzz word for any Bitcoin maximalist. If we see more mass adoption, which we define as BTC entering the traditional financial system, we will see more demand for the asset, which will fuel Bitcoin price increases.

If Bitcoin finds more champions like Jack Dorsey from Twitter and President Bukele from El Salvador we could very well see a US$100,000 Bitcoin price in the near future.

Advances in technology are the biggest risk for Bitcoin. Specifically the advent of quantum computing, which could break current cryptography. Kaz has a solution which uses quantum technology to upgrade the cryptography of existing protocols like BTC.

Quantum Assets on the Binance Smart Chain are the first crypto to adopt our quantum technology and are using it to launch Quantum Bitcoin in a bid to ensure the cryptography of Bitcoin remains safe and secure.

Simon Peters: Now that weve seen a new all-time Bitcoin price high, the question is turning to whether well see a pull back or will the price carry on. Given the price run in the last few weeks, the Bitcoin price is somewhat overextended and we could (very soon) see a pullback in the short term as some investors and traders take some profit off the table.

Long term, on-chain metrics continue to be bullish. More of the circulating Bitcoin supply is continuing to migrate from short-term holders to long-termholders, which is squeezingsupply. Simultaneously, inflation concerns could increase demand, with institutional and retail investors exploring alternative assets like Bitcoin rather than traditional inflation hedges or holding cash.

Also taking into account seasonality, the fourth quarter tends to be a strong time of the year for crypto bull markets. Refer back to 2017 for example. So, I wouldnt rule out higher prices than where we are currently by the end of 2021, possibly into the six-figure zone.

The Motley Fool will end with a recap of Jonathon Millers words, There is no way to predict the market.

While the Bitcoin price could head into the six-figure range from here, it could also go the other way.

Invest with care.

View original post here:
Heres whats next for the Bitcoin price: expert panel - The Motley Fool Australia

The 14-Year-Old Who Founded Girls Who Hack Is Inspiring the Next Generation of Hackers – VICE

Bianca Lewis, or as she is known in the hacker world: BiaSciLab, is part of the next generation of hackers. At 14 years old, she has already made a name for herself in hacker conference circles when a few years ago, she was among a group of kids that hacked into an election reporting system. This inspired her to start her Secure Open Vote project, where she plans to build a secure end-to-end election system.

Lewis also started Girls Who Hack, where she focuses on teaching girls the skills they need to get into hacking, starting at a very basic level. Women aren't really taken as seriously in the cybersecurity field, and I've noticed that with most of my girlfriends, they don't really get opportunities to work with a community of girls to learn, she says. And just working in this field, being younger and having a new perspective makes me want to teach a different way and showcase things in a different way. And it makes it feel easier to teach to kids who are my age. Kids don't really want to learn from an adult who's super technical, but someone their age who's just explaining it to them as a friend.

I love to learn new things and stretch my brain to solve different puzzles and challenges, she added. So I started to go to more and more conferences. After that, I decided, hey, I learned so much stuff. I want to teach all the stuff to people. So I started presenting and doing talks. My first talk was on cryptography and since then, anything that I learn, I make a talk on.

Lewis knows that new threats and problems arise every single day in the cyber security field, and that she has to keep learning to keep up, but shes up for the task and looking forward to what the future holds for her. I feel like what I'm doing now is the path to a bunch of different careers. If Girls Who Hack really takes off then I can go focus on that, or Secure Open Vote, I can focus on that and put all my energy into that. Or if I decide that presenting really is my lifelong passion, I can keep presenting. The cybersecurity field is so wide that I feel like there's endless options for different jobs and things I could do.

Also featured in this episode of FutureProof is Marc Maiffret, who got his start in cybersecurity by hacking as a teenager in the 90s, and honed his skills by breaking into the digital spaces and exploring.

Looking to the future of the field, Maiffret is encouraged by what he sees from the next generation of hackers like Lewis. The things that a teenager these days is coming up with in security versus 20 years ago. I mean, it's mind boggling things around like artificial intelligence, machine learning stuff that just couldn't even fathom back then. And so I'm I'm just extremely excited for where things are going.

Read more:
The 14-Year-Old Who Founded Girls Who Hack Is Inspiring the Next Generation of Hackers - VICE

Hillsu Debuts as a Public Crypto Exchange in the United States – StreetInsider.com

Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.

New York, New York--(Newsfile Corp. - October 21, 2021) - Hillsu is a trusted digital asset exchange that enables consumers to buy, sell, store and exchange digital assets. Hillsu's consumer platform is now available through the recently-released the Hillsu app.

"Today, Hillsu's vision - to connect the digital economy - reaches new heights, and we're excited to continue our momentum as a public exchange," said Leonard M. Adleman, CEO of Hillsu. "Our platform sits at the intersection of cryptocurrency exchange, payments, and safety. We look forward to accelerating the plan that is already underway: building out a broader partner network, expanding the access and utility of digital assets, and gaining momentum in a space that is continuing to grow."

The Hillsu platform has seen strong growth since its founding in 2020. Last month, the company announced that more than millions of users have been using the Hillsu app, only one year after its public launch.

Hillsu Integrates Bitcoin's Lightning Network

Hillsu has now integrated Bitcoin's Lightning Network after first announcing its plan to do so in April, 2020.

Hillsu users can now use the Lightning Network, a Layer-2 scaling solution for bitcoin, for deposits and withdrawals. The feature is currently live on Hillsu's mobile app.

Figure 1

To view an enhanced version of this graphic, please visit:https://orders.newsfilecorp.com/files/7987/100457_84d3108ba4b53b44_001full.jpg

With the Lightning Network, the average cost of bitcoin transactions will come down to "less than 0.01 cents," Hillsu CEO Leonard M. Adleman told us in September. Whereas the average transaction confirmation time will reduce to "1-3 seconds," Adleman said at the time.

The Lightning Network was launched in 2018. Several crypto exchanges currently support the network, including OKCoin, Bitfinex, and Bitstamp. Earlier this year, Kraken also announced its plan to integrate the network. Other U.S. based exchanges, such as Coinbase and Gemini, do not currently support the network.

The Encrypt Coin is Listing on Hillsu

The price of the Encrypt Coin otherwise known as "ECPC," has continued to skyrocket in value capturing fresh new price highs; it skyrocketed more than 160% in the past week amid the overall momentum happening across the crypto markets.

The notion that a quantum computer might someday break bitcoin is quickly gaining ground. That is because quantum computers are becoming powerful enough to factor large prime numbers, a critical component of bitcoin's public key cryptography. Within a decade, quantum computing is expected to be able to hack into cell phones, bank accounts, email addresses, and bitcoin wallets.

Quantum cryptography, also called quantum encryption is used in Encrypt Coin; it applies the principles of quantum mechanics to encrypt messages in a way that is never read by anyone outside of the intended recipient. It takes advantage of quantum's multiple states, coupled with its "no change theory," which means it cannot be unknowingly interrupted. The Encrypt Coin aims to become the safest digital asset in the future.

Hillsu has developed rapidly. This cooperation has a great effect on ECPC's exposure and promotion. Hillsu can obtain a better development platform and strive to find more business opportunities inside and outside the industry, which has caused the price of ECPC to skyrocket.

Website: http://www.Hillsu.com

Media ContactContact: Leonard MCompany Name: Hillsu Technology co.,ltd.Website: http://hillsu.comEmail: cs@hillsu.com

To view the source version of this press release, please visit https://www.newsfilecorp.com/release/100457

Read the original:
Hillsu Debuts as a Public Crypto Exchange in the United States - StreetInsider.com

Apples plan to scan images will allow governments into smartphones – The Guardian

For centuries, cryptography was the exclusive preserve of the state. Then, in 1976, Whitfield Diffie and Martin Hellman came up with a practical method for establishing a shared secret key over an authenticated (but not confidential) communications channel without using a prior shared secret. The following year, three MIT scholars Ron Rivest, Adi Shamir and Leonard Adleman came up with the RSA algorithm (named after their initials) for implementing it. It was the beginning of public-key cryptography at least in the public domain.

From the very beginning, state authorities were not amused by this development. They were even less amused when in 1991 Phil Zimmermann created Pretty Good Privacy (PGP) software for signing, encrypting and decrypting texts, emails, files and other things. PGP raised the spectre of ordinary citizens or at any rate the more geeky of them being able to wrap their electronic communications in an envelope that not even the most powerful state could open. In fact, the US government was so enraged by Zimmermanns work that it defined PGP as a munition, which meant that it was a crime to export it to Warsaw Pact countries. (The cold war was still relatively hot then.)

In the four decades since then, theres been a conflict between the desire of citizens to have communications that are unreadable by state and other agencies and the desire of those agencies to be able to read them. The aftermath of 9/11, which gave states carte blanche to snoop on everything people did online, and the explosion in online communication via the internet and (since 2007) smartphones, has intensified the conflict. During the Clinton years, US authorities tried (and failed) to ensure that all electronic devices should have a secret backdoor, while the Snowden revelations in 2013 put pressure on internet companies to offer end-to-end encryption for their users communications that would make them unreadable by either security services or the tech companies themselves. The result was a kind of standoff: between tech companies facilitating unreadable communications and law enforcement and security agencies unable to access evidence to which they had a legitimate entitlement.

In August, Apple opened a chink in the industrys armour, announcing that it would be adding new features to its iOS operating system that were designed to combat child sexual exploitation and the distribution of abuse imagery. The most controversial measure scans photos on an iPhone, compares them with a database of known child sexual abuse material (CSAM) and notifies Apple if a match is found. The technology is known as client-side scanning or CSS.

Powerful forces in government and the tech industry are now lobbying hard for CSS to become mandatory on all smartphones. Their argument is that instead of weakening encryption or providing law enforcement with backdoor keys, CSS would enable on-device analysis of data in the clear (ie before it becomes encrypted by an app such as WhatsApp or iMessage). If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device.

CSS evangelists claim that its a win-win proposition: providing a solution to the encryption v public safety debate by offering privacy (unimpeded end-to-end encryption) and the ability to successfully investigate serious crime. Whats not to like? Plenty, says an academic paper by some of the worlds leading computer security experts published last week.

The drive behind the CSS lobbying is that the scanning software be installed on all smartphones rather than installed covertly on the devices of suspects or by court order on those of ex-offenders. Such universal deployment would threaten the security of law-abiding citizens as well as lawbreakers. And even though CSS still allows end-to-end encryption, this is moot if the message has already been scanned for targeted content before it was dispatched. Similarly, while Apples implementation of the technology simply scans for images, it doesnt take much to imagine political regimes scanning text for names, memes, political views and so on.

In reality, CSS is a technology for what in the security world is called bulk interception. Because it would give government agencies access to private content, it should really be treated like wiretapping and regulated accordingly. And in jurisdictions where bulk interception is already prohibited, bulk CSS should be prohibited as well.

In the longer view of the evolution of digital technology, though, CSS is just the latest step in the inexorable intrusion of surveillance devices into our lives. The trend that started with reading our emails, moved on to logging our searches and our browsing clickstreams, mining our online activity to create profiles for targeting advertising at us and using facial recognition to allow us into our offices now continues by breaching the home with smart devices relaying everything back to motherships in the cloud and, if CSS were to be sanctioned, penetrating right into our pockets, purses and handbags. That leaves only one remaining barrier: the human skull. But, rest assured, Elon Musk undoubtedly has a plan for that too.

Wheels within wheelsIm not an indoor cyclist but if I were, The Counterintuitive Mechanics of Peloton Addiction, a confessional blogpost by Anne Helen Petersen, might give me pause.

Get out of hereThe Last Days of Intervention is a long and thoughtful essay in Foreign Affairs by Rory Stewart, one of the few British politicians who always talked sense about Afghanistan.

The insiderBlowing the Whistle on Facebook Is Just the First Step is a bracing piece by Maria Farrell in the Conversationalist about the Facebook whistleblower.

Read more here:
Apples plan to scan images will allow governments into smartphones - The Guardian

Future Trend of Crypto Health Market by Regions, Type and Application, Forecast till 2030 | Abto Software, Guardtime, Hashed Health, IBM Corporation,…

The global business analytical report titled Crypto Health market has recently been published by Absolute Markets Insights to its extensive database. The global Crypto Health market is examined on the basis of technological advancements and recent trends of the healthcare sector. The market study has been evaluated on the basis of different aspects of the businesses such as drivers and restraints which will affect the progress of the companies. An informative data gathered from distinctive sources such as case studies from numerous industry experts, views and opinions of business leaders, among others further contribute to the authenticity of the report.

Across the globe, the Crypto Health market has been fragmented into several regions for studies of successful sales strategies implemented by top-level companies. The report also provides an effective analysis of investments and market shares for a better understanding of the market. The study includes an analysis of several segments along with its sub-segments. It also helps to analyze the several key factors such as pricing structure and manufacturing base of different companies.

The global Crypto Health Market is expected to grow at CAGR of +20.12% during the forecast period (2021-2030) year. Distinctive techniques such as primary and secondary research methods have been scrutinized in the report to discover, study and analyze the market information.

Get Sample Copy of this report: https://www.absolutemarketsinsights.com/request_sample.php?id=639

Government agencies across the globe are promoting and adopting advanced cryptography technologies for securing and raising the efficiency of healthcare sector. For instance, in September 2019 UAEs Ministry of Health and Prevention launched a blockchain platform for storing healthcare and pharmaceutical data which can be used for users searching health facilities and licensed medical personnel. Similarly, governments of U.S, Estonian India and many other nations have also deployed advanced cryptography technologies in the healthcare sector, hence, propelling the growth of global crypto health market.

COVID-19 pandemic has increased the use of telehealth services which is expected to increase the demand for cryptographic techniques to safeguard interactions between doctor and patients. Based on component, coin is expected to witness highest compound annual growth rate in crypto market in future years owing to the increasing acceptance of cryptocurrency in various healthcare service platforms. Insurance companies are rapidly emerging in crypto health market with applications of cryptography to secure claims and payment processing and exchange of health data.

This report provides insights into the following pointers:

Get Customized Template of this report:https://www.absolutemarketsinsights.com/request_for_customization.php?id=639

List of Companies Covered in the Report: Abto Software, Guardtime, Hashed Health, IBM Corporation, iSolve, LLC, Medicalchain SA., Microsoft, NTT DATA, Inc., Patientory, Inc., PokitDok, Inc., Solve.Care, Tata Consultancy Services Limited and The Linux Foundation amongst others.

Report Scope & Segmentation:

Crypto Health industry -By Application:

Crypto Health industry By Product:

Geographical Analysis: Geographically, this report is segmented into several key Regions, with production, consumption, revenue (million USD), and market share and growth rate of Global Crypto Health Market these regions, from 2021 to 2030 (forecast), covering:

North America (United States, Canada, Mexico)

Asia-Pacific (China, India, Japan, South Korea, Australia, Indonesia, Malaysia, Philippines, Thailand, Vietnam)

Europe (Germany, France, UK, Italy, Russia, Rest of Europe)

Central & South America (Brazil, Rest of South America)

Middle East & Africa (GCC Countries, Turkey, Egypt, South Africa, Other)

Click to view the full report: https://www.absolutemarketsinsights.com/reports/Global-Crypto-Health-Market-2019-2027-639

Contact Us:

Company: Absolute Markets Insights

Email id: sales@absolutemarketsinsights.com

Phone: +91-740-024-2424

Contact Name: Shreyas Tanna

The Work Lab, Model Colony, Shivajinagar, Pune, MH, 411016

Website: https://www.absolutemarketsinsights.com/

Go here to read the rest:
Future Trend of Crypto Health Market by Regions, Type and Application, Forecast till 2030 | Abto Software, Guardtime, Hashed Health, IBM Corporation,...

IBM partners Raytheon Technologies on AI and cryptography – Yahoo Finance

IBM and Raytheon Technologies have formed a partnership in order to establish advanced artificial intelligence, cryptographic and quantum solutions for the aerospace, defence and intelligence industries.

The partnership agreement will also include the federal government, as part of a strategic collaboration.

According to the official announcement, AI and quantum technologies give aerospace and government customers the ability to design systems in a faster manner and better secures their communications networks.

IBM was an early investor in cryptography and, 50 years later, it is following suit with blockchain technology.

By combining IBMs breakthrough commercial research with Raytheon Technologies own research, plus aerospace and defence expertise, the companies will be able to crack once-unsolvable challenges.

Dario Gil, senior vice president of IBM and director of Research, said the rapid advancement of quantum computing and its exponential capabilities have spawned one of the greatest technological races in recent history one that demands unprecedented agility and speed.

Our new collaboration with Raytheon Technologies will be a catalyst in advancing these state-of-the-art technologies combining their expertise in aerospace, defence and intelligence with IBMs next-generation technologies to make discovery faster, and the scope of that discovery larger than ever, he said.

Together with AI and quantum, the companies will jointly research and develop advanced cryptographic technologies that lie at the heart of some of the toughest problems faced by the aerospace industry and government agencies.

Mark E Russell, Raytheon Technologies chief technology officer, stressed that encrypted communications were at risk of becoming too exposed.

Take something as fundamental as encrypted communications. As computing and quantum technologies advance, existing cybersecurity and cryptography methods are at risk of becoming vulnerable, he said.

IBM and Raytheon Technologies will now be able to collaboratively help customers maintain secure communications and defend their networks better than previously possible.

Both companies said they would be building a technical collaboration team to quickly insert IBMs commercial technologies into active aerospace, crypto, defence and intelligence programs.

See the original post here:
IBM partners Raytheon Technologies on AI and cryptography - Yahoo Finance

Encryption Consulting announces their first-ever virtual conference – "Encryption Consulting Virtual conference 2021." – Tyler Morning…

PROSPER, Texas, Oct. 11, 2021 /PRNewswire/ -- Is Applied cryptography your passion? Then, you've come to the right place, Encryption Consulting has something for you. Encryption consulting is hosting the first ever Encryption Consulting Virtual Conference 2021 on Nov 3rd and 4th, 2021. #ECconference2021

Encryption Consulting's Virtual Conference 2021 will provide you with an opportunity to keep up with widespread changes in cryptography, PKI, Encryption, Data protection, Cloud key management, and other cryptography-related topics. The event is a unique, technical event that brings together cyber security leaders worldwide.

There will be 30 minute presentations from 18 experts at leading global companies such as Thales, Protigrity, Entrust, Comforte, DigiCert, AppviewX, Primekey, Utimaco, FutureX, Fortanix, Akeyless, and many other reputed and leading organizations. There will also be a live Q&A session after the presentation on the virtual conference day.

Hurry up and register for your favorite topic(s).

We also have hands-on lab sessions scheduled on Nov 3rd and 4th, 2021 for our code signing tool (CodeSign Secure 3.0) and deploying a PKI on an AWS environment.

For information about the speakers, schedule, and conference,

visit http://www.encryptionconsulting.com/ecconf/

Media contact: Ashleigh Nalley, ashleigh@encryptionconsulting.com

View original content:https://www.prnewswire.com/news-releases/encryption-consulting-announces-their-first-ever-virtual-conference--encryption-consulting-virtual-conference-2021-301396178.html

SOURCE Encryption Consulting

Recent Stories You Might Have Missed

See more here:
Encryption Consulting announces their first-ever virtual conference - "Encryption Consulting Virtual conference 2021." - Tyler Morning...