Sikur is defining the future of secure communication. Operating globally, it has offices in Latin America, United States, and Europe. Sikur works alongside governments and corporations that believe security is fundamental to the integrity of their work. We believe that security is not only about platforms and digital systems but is a mindset that surrounds every aspect of business.
Ted Schlein, a general partner at venture capital firm Kleiner Perkins Caufield & Byers, focuses on early-stage technology companies in the enterprise software and infrastructure markets, including ventures within the networking and consumer security arenas.
This week more than 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian-sponsored hack of the American 2016 election, with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.
Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.
A new analysis, titled ‘Burning Zerocoins for fun and profit,’ exposes several flaws in Zerocoin, a technology that aims to improve anonymity and used by several cryptocurrencies. The study was published by the Chair of Applied Cryptography on April 12, 2018. The German authors said, “We identified critical coding issues in a software library implementing Zerocoin, allowing an attacker to create money out of thin air and stealing coins from honest users.”
What is Zerocoin?
Zerocoin was originally touted as a cryptographic extension to enable fully autonomous cryptocurrency transactions. It was proposed by a team of cryptographers from The John Hopkins University Department of Computer Science, Baltimore. The team included Ian Miers, Christina Garman, Matthew Green and Aviel D. Rubin.
The original Zerocoin research paper described it as, “A distributed e-cash system that uses cryptographic techniques to break the link between individual bitcoin transactions without adding trusted parties.” Zerocoin primarily works on two operations, mint and spend. Users can convert the number of digital coins they wish to spend to equivalent zerocoin, and this process is called minting.
During the process of minting, each coin is generated using a randomized minting algorithm. The minted coin is allocated a unique serial number which is then released during the spending of the coin. This unique number is validated by the algorithm to prevent double spending using zero-knowledge proofs.
Denial of Spending Attack
Out of the two major flaws highlighted by the paper, the more worrisome one is the denial of spending attack. The unique serial number required to validate zerocoin during spending is a string. Users are required to select a random serial number during initialization.
In the event that an attacker gains access to an honest user’s account, they may then be able to select the same serial number of the target instead of selecting a new serial number. The attacker can spend Zerocoins on the network or transfer them to some other account. Given that nodes would have now validated this unique serial number, they will not recognize a second legitimate transaction with the same matching serial number.
A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report.
The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction.
The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections.
A remote attacker can exploit this vulnerability by sending an RTF email to a target victim, containing a remotely-hosted image file (OLE object), loading from the attacker-controlled SMB server.
Since Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker’s controlled remote server over SMB protocol using single sign-on (SSO), handing over the victim’s username and NTLMv2 hashed version of the password, potentially allowing the attacker to gain access to the victim’s system.
Since the Coincheck hack that gifted some unknown cyberpunks $500 million worth of the altcoin XEM and the Zaif exchange system mishap, crypto-friendly Japan has increased its regulatory oversight on cryptocurrency exchanges in the nation. On Friday, April 6, the Japanese financial watchdog has pulled the trigger on two bitcoin exchanges who have gone against its statutes.
No Room for Errors
According to reports, the Japanese Financial Services Agency (FSA) has ordered Eternal Link and FSHO to cease their operations for two months, effective immediately. With this latest development, Eternal Link will be out of service until June 5, 2018, while FSHO will resume on June 7, 2018.
It is worth noting that the FSHO is now a serial offender and this is not a particularly good sign for the exchange. On March 8, the regulatory authority ordered FSHO along with another registered exchange Bitstation to suspend trading for one month, due to lack of proper security for customer data.
The FSA had to take disciplinary actions against the two cryptocurrency exchanges after investigating the operations of the firms for several months and discovered that both operators had not been making serious efforts to conduct proper know-your-customer (KYC) checks. Also, the exchanges failed to implement procedures that would enable them to report suspicious money laundering transactions to the FSA promptly.
The FSA strongly condemned the inactions of both exchanges stating that they are not carrying out their business operations in compliance with the Act on Prevention of Transfer of Revenue due to Crime (Act No. 22 of 2007).
Notably, the agency also indicated in the cease order that Eternal Link violated the laws in the nation by using customers’ deposits to pay for company expenses, even though it had intentions to replace the funds shortly after.
Wie das Portal “CNET” berichtet, soll im August ein Smartphone speziell für Krypto-Anleger auf den Markt kommen. Besonders macht es nicht nur das vorinstallierte Wallet für Bitcoin, Ethereum und Co., sondern allem voran die Tatsache, dass das Smartphone laut Hersteller nicht “hackbar” sein soll.Sie möchten in Kryptowährungen investieren? Unsere Ratgeber erklären, wie es innerhalb von 15 Minuten geht:
Auf die Sicherheit bedacht
Der brasilianische Konzern Sikur setzt mit seinen Smartphones insbesondere auf das Thema Sicherheit. Der neueste Spross aus Sikurs Reihen, das “SikurPhone”, ist mit seiner Hardware-Ausstattung nichts besonderes: Ein 5,5 Zoll-Display ist inzwischen Standard. Die 13 Megapixel-Kamera ist ebenso bei Nokia und auch bei Xiaomi zu finden. Hinzu kommen 4 GB Arbeitsspeicher und 64 GB interner Datenspeicher. Ausschlaggebend soll jedoch die Sicherheit des Android-Smartphones sein. Das Unternehmen versichert, dass das Gerät vollständig verschlüsselt sei und damit “unhackbar”.
In einem Statement ließ Sikur-CEO Cristiano Iop verlauten: “Informationen sicher auf unseren Geräten zu speichern ist eine unserer Stärken. Wir waren bei Browser- und Messaging-Sicherheit erfolgreich. Also fragten wir uns, wieso nicht auch bei Kryptowährungen?”.
Xkeyscore. MAC addresses. OAKSTAR. MONKEYROCKET. Edward Snowden is at it again. This time the world’s most notorious whistleblower has handed over National Security Agency (NSA) documentation to online investigative news outlet The Intercept revealing an invasive covert program to track bitcoin users using spy tools he uncovered during his infamous first go-round. The implications include the future of privacy along with warrantless data collection being used to prosecute bitcoiners such as Ross Ulbricht of Silk Road.
Snowden Reveals How NSA Tracked Bitcoin Users
Ever get the feeling you’re being watched? Department of Homeland Security (DHS) Acting Assistant Secretary for Legislative Affairs Brian de Vallance, in a November 2013 letter to Congress, worried that “with the advent of virtual currencies and the ease with which financial transactions can be exploited by criminal organizations, DHS has recognized the need for an aggressive posture toward this evolving trend.” Infamous whistleblower Edward Snowden seems to have found a trove of heavily redacted, classified NSA documents attesting to that “aggressive posture.”
It’s fitting Mr. Snowden should share them with The Intercept, an online investigative news organization founded by his benefactor, attorney turned journalist Glenn Greenwald. Mr. Greenwald was then writing for The Guardian, and the two unleashed the largest batch of government security documents ever revealed about US and UK global surveillance.
Interestingly, the documents tracking bitcoin users stem from roughly the same period, 2013. They detail bitcoiners all over the world were targeted as powers granted the NSA under the rubric of fighting terrorism expanded, and might have even begun to play a role in early crypto prosecutions such as Ross Ulbricht and Silk Road.
American Civil Liberties Union’s Patrick Toomey, of its National Security Project, explained, “If the government’s criminal investigations secretly relied on NSA spying, that would be a serious concern. Individuals facing criminal prosecution have a right to know how the government came by its evidence, so that they can challenge whether the government’s methods were lawful. That is a basic principle of due process. The government should not be hiding the true sources for its evidence in court by inventing a different trail.”
El auge de las criptomonedas estás crean en sí mismo nuevos segmentos y nichos de mercado en la escena móvil. Los móviles ultra seguros y encriptados siempre han existido, pero con el paso del tiempo se van adaptando a las nuevas tecnologías y tendencias. Y en esta ocasión desde la compañía SIKURhan querido crear un móvil de gama media ultra seguroorientado a las criptomonedas. O lo que es lo mismo, un dispositivo tan seguro que podemos llevar en él todo lo referente a nuestras inversiones en estas monedas virtuales sin temor ataques y hackeos.
Es imposible de hackear
La mayor amenaza para nuestra cartera de criptomonedas son los hackeos, y precisamente este móvil lo que nos ofrece es una seguridad total a la hora de gestionar nuestra cartera de Bitcoin u otra criptomoneda.
Por eso desde SIKUR aseguran que su móvil no se puede hackear. De hecho ofrecieron a una empresa con grandes conocimientos en hackeos, como es HackerOne ,dos meses para hackear este móvil, y les fue imposible. Por lo demás cuenta con un procesador de gama media MediaTek, 4GB de RAM, pantalla de 5,5 pulgadas Full HD, Android 7 y la imposibilidad de instalar otras apps que no sean de SIKUR. Sólo se venderán 20000 unidades a un precio de 800 dólares, muy elevado, pero en este caso justificado, porque pagamos en seguridad para nuestras criptomonedas.
Every spring, the smartphone world revolves around Mobile World Congress. Exhibitors and attendees from more than 200 countries congregate in the halls of the Fira Gran Via in Barcelona, Spain, debuting the latest in mobile tech. MWC is the largest mobile trade show on Earth. We’ve surveyed the announcements from every major tech company at the show this week. Here are the highlights.
Samsung Galaxy S9
With the Galaxy S9, Samsung is doubling down on its winning formula. The new GS9 and S9+ have all the features Galaxy phones are known for, plus a few additions. Samsung moved the fingerprint sensor away from the camera so you won’t smudge the lens anymore, and photo performance in low light is improved thanks to the camera’s variable-aperture system. You also get Apple-inspired animated emoji and a new DeX dock that turns the phone into a desktop PC. Ships March 16 for $720. Choose the unlocked option. And did we mention it comes in Lilac Purple?
Nokia 8110 4G
Remember that phone from The Matrix where the receiver panel slid out to reveal the number pad? Take the blue pill because it’s back, courtesy of HMD Global, which now makes Nokia phones. The new Nokia 8110 comes shaped and colored like a banana too. The battery lasts over three weeks, but if you’re hoping for Android apps, look elsewhere. This is a standard old-school feature phone with its own download store—and, in true retro fashion, it comes with a copy of Snake.
Huawei MateBook X Pro
Just when you think there are no new capabilities to squeeze out of laptops, Huawei pushes the envelope. The new MateBook X Pro has a remarkable 14-inch 3,000 x 2,000 pixel touchscreen with such small bezels that it fits into a standard 12-inch notebook chassis. Huawei claims this ultraportable has the highest screen-to-body ratio of any laptop in the world. It’s also loaded with the latest Intel 8th Generation Core chips, an Nvidia GeForce MX150 graphics card, four Dolby Atmos-approved speakers, a fingerprint sensor, and 12-plus hours of battery life. The coolest detail: a webcam pops out of one of the function keys on the keyboard like the headlights on an old Corvette.
Usually, a new phone at MWC will boast a fancy new screen or camera, but the SikurPhone’s sales pitch is strong security and data encryption. It claims that the SikurPhone is “hack-proof” and that its bespoke wallet app is the perfect way to keep your cryptocurrencies safe. It’s an Android phone with encryption plastered all over it, and a custom app store that only includes vetted apps. To back its claims, the company hired bug bounty hunters HackerOne to try to crack the phone. So far, the experts have failed. Sikur is asking $850 for the device, but that price includes peace of mind.
Barcelona (enviada especial). SikurPhone es un teléfono diseñado especialmente para los que tienen (o están interesados en tener) inversiones en bitcoins. Se supone que ofrece mayor comodidad y seguridad para gestionar las criptomonedas por varios motivos.
El teléfono tiene un sistema operativo “propio”, que en realidad no es más que una versión personalizada del Android 7.0. Desde el celular no se pueden bajar aplicaciones de Google Play, sino solo aquellas que estén diseñadas especialmente dentro del ecosistema de la empresa.
Al no estar en contacto con apps de terceros, el móvil está menos expuesto a ser hackeado, destaca Alexandre Vasconcelos, vocero de Sikur. Esto es un buen punto, teniendo en cuenta que tan solo en 2017, Google tuvo que eliminar unas 700 mil aplicaciones maliciosas y expulsar a más de 100 mil desarrolladores de su tienda virtual, por intentar afectar los dispositivos de los 2 mil millones de usuarios de Android que hay en el mundo.
Los creadores del teléfono dicen que tan sólo en la última semana sometieron el equipo al testeo de un centenar de hackers y ninguno logró romper las barreras de seguridad del sistema