Firm Hopes to Fight Crypto Ad Ban With ICO Website Designed For Companies and Consumers

Firm Hopes to Fight Crypto Ad Ban With ICO Website Designed For Companies and Consumers

Firm Hopes to Fight Crypto Ad Ban With ICO Website Designed For Companies and Consumers

A website that tracks initial coin offerings (ICOs) says its platform can help crypto startups reach potential investors amid a recent clampdown on advertising imposed by some of the biggest players in Silicon Valley.

Facebook fired the starting pistol at the end of January by declaring it will start banning ads for cryptocurrencies and ICOs which deploy “misleading or deceptive promotional practices.” Last month, Google announced it was updating its Financial Services policy- meaning no crypto-related ads will be accepted from June. Twitter then followed suit and said it was motivated by user safety.

ICObazaar says the ban is impeding exciting projects at a time when the market is flourishing, with fledgling businesses losing access to one of the cheapest ways of reaching the public at large.

These “new challenges” in advertising come as investors struggle to navigate opportunities amid regulation concerns, but ICObazaar argues trackers like its own bring compelling advantages for consumers and companies alike.

Benefits of ICO trackers for businesses

The company says crypto startups which use an ICO tracking website to publicize their offering have a greater chance of ensuring that only accurate information makes its way to prospective investors. This is because every project has the chance to submit details about their crowdsale to the platform directly.

Although the latest restrictions on advertising by internet giants caused jitters in the crypto markets, ICObazaar argues that using niche websites could be more effective in yielding results, in part because dedicated investors are likelier to visit specialized platforms. By contrast, traditional campaigns through Internet giants can be seen by millions of people, even though just a small percentage might be interested in making a financial commitment.

Finally, many ICO tracking websites independently rate the projects on their platforms and a good score can improve their standing and result in greater levels of investment. The company says these advantages can be obtained at a “reasonable price.”

Goal to help consumers find viable ICOs

For prospective investors, ICObazaar claims its platform can prove invaluable because of how it performs due diligence to determine whether ICOs are viable. The company says this is achieved through the use of expert analysis on past, current and future offerings, as well as reviews from engaged and impartial investors who use the website regularly.

The website says it wants to alert users to the most trusted and promising crowdsales as determined by their peers, helping reduce the risk that someone will risk their capital on a fraudulent project.

Every listed project is accompanied by a rating in five areas, with the highest score being five: the team, the project’s website, their idea and white paper, media and community, and technical implementation. An independent expert provides a sixth rating using their own criteria. The best rating that can be achieved by an ICO is AAA- representing an investment-grade opportunity with a “reasonable potential to return profit.”

Projects can also be categorized as speculative, high-risk and default. The lowest score is D, and visitors to ICOs with such a poor rating are warned these startups are “major investment red flags” with flaws in their business model and a “minimal chance that projects will develop profitably.”

Crunching the numbers on ICOs

According to ICObazaar’s website, more than $1.7 bln has been pledged in ICO campaigns to date with more than 90 crowdsales taking part over the past month. The ICO which broke the most records was Status Network, an open-source messenger and browser allowing users to interact with Blockchain-based apps running on Ethereum.

ICObazaar says its goal is to guide cryptocurrency holders to successful initiatives, making its platform “perfect” for businesses seeking input from informed investors.

‘Colored Coins’ Startup Coinprism Is Shutting Down This Weekend

‘Colored Coins’ Startup Coinprism Is Shutting Down This Weekend

Coinprism, an online wallet service for “colored coins” founded in 2014, is closing its doors this weekend.

The startup said in a message on its website that it would shut down on Saturday and advised users to “withdraw your funds and export your private keys before this date.”

Coinprism was arguably ahead of its time. By using the bitcoin blockchain to create tokens representing other assets, its colored coins presaged the rise of ethereum and other networks built explicitly for such use cases.

But as founder and chief executive Flavien Charlon pointed out in an email to CoinDesk, much has changed since 2014, both on the tech and regulatory fronts.

“While we have been one of the first in the area of blockchain tokens, long before ethereum was even released, the ecosystem has since shifted towards ERC-20, which is more flexible and more powerful than bitcoin-based systems,” he wrote, adding:

“The unpredictability of transactions fees and confirmation times in the past couple of years have also made it hard to argue bitcoin is a good platform for this.”

Stepping back, Coinprism is one of a number of companies that sought to focus on colored coins, or bitcoins bearing extra pieces of data that give them a greater degree of uniqueness by way of the protocol’s scripting language.

Colored coins can serve as digitized stand-ins for real-world assets, for example, or represent things like loyalty points.

Yet as Charlon pointed out, work in this area has largely shifted to ethereum and other platforms. Many such tokens in circulation today are based on ethereum’s ERC20 standard.

Charlon also said the long-term business model of Coinprism was problematic, given the growing regulatory scrutiny of the ecosystem and around crypto assets in particular that have been sold through initial coin offerings (ICOs).

He told CoinDesk:

“We didn’t see a business model that would have been viable long term. Regulators are starting to pay attention to the space, and activities around blockchain assets (tokens exchanges, ICO tools and services, etc.) are likely to become heavily regulated in the next 5 years. That means some of these services will have to shut down or restrict their activities, some might go to prison, and only a small number of well capitalized companies will successfully adapt to the regulator’s demands.”

Reality check

Past that, Charlon said another reason Coinprism was calling it quits is because the limitations of blockchain were becoming apparent.

As he put it:

“In 99% of use cases we’re seeing, blockchain is unfortunately a sub-optimal choice as a technology. Blockchains have many disadvantages in terms of speed, scalability, costs and user experience. Unless censorship resistance is a critical requirement (which it rarely is, especially in the enterprise blockchain space where participants all know each other), blockchain is rarely the right technological choice.”

The blockchain’s vaunted transparency, privacy and cryptographic security can all be achieved “quite easily” with a traditional system, Charlon went on to argue.

“In the end it was about intellectual honesty. I didn’t like having to support projects that were trying to use blockchain for the sake of using blockchain, when I knew a centralized, more boring architecture would actually do a better job,” he concluded.

Luxury Car Dealer Teams with BitFlyer for Big Bitcoin Payments

Luxury Car Dealer Teams with BitFlyer for Big Bitcoin Payments

Luxury Car Dealer Teams with BitFlyer for Big Bitcoin Payments

L’Operaio, a Japanese car dealership that imports and sells high-end vehicles, is adding bitcoin as a payment option with technological support from the country’s largest exchange, bitFlyer.

Notably, while most of the exchange’s existing retail partnerships have a limited settlement cap for each purchase, ranging from $900 to $2,760, bitFlyer says the new partnership will allow customers to make purchases as high as 100 million yen ($1 million) in bitcoin via its digital wallet.

sportcar

Announced by bitFlyer on Tuesday, the initial phase of the partnership will see bitcoin payments being made available at the dealer’s stores at Nerima, Setagaya, and Aoyama in Tokyo, with plans being to expand the option to all stores in the future.

As reported before, bitFlyer has already integrated its cryptocurrency wallet with major electronics retailers in Japan, such as all stores at Bic Camera and selected branches of Yamada Denki.

Last year, department store operator Marui also rolled out a trial of bitcoin payments in conjunction with bitFlyer at one of its locations in Shinjuku, Tokyo.

Google is distributing more Meltdown and Spectre Patches for Chrome OS devices

Google is distributing more Meltdown and Spectre Patches for Chrome OS devices

Google announced that mitigations for devices with Intel processors that are affected by the Spectre and Meltdown vulnerabilities will be available for latest stable channel update for Google’s Chrome OS operating system.

The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data.

The Meltdown attack could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more.

The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.

The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser’s memory.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

Meltdown attacks trigger the CVE-2017-5754 vulnerability, while Spectre attacks the CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). According to the experts, only Meltdown and Spectre Variant 1 can be addressed via software, while Spectre Variant 2 required an update of the microcode for the affected processors. Software mitigations include.

Google addressed the Meltdown issue in Chrome OS with the release of the version 63 in December, tens of days before researchers at Google Project Zero disclosure the flaws.

Chrome OS Spectre patches

Google rolled out the KPTI/KAISER patch to address the flaw in 70 Intel-based Chromebook models from various vendors, including Acer, ASUS, Dell, HP, Lenovo, and Samsung.

This week the company released Chrome OS 65 release that also includes the KPTI mitigation against Meltdown for a number of Intel-based systems that were not addressed in with version 3.14 of the kernel.

According to Google, all older Chromebooks with Intel processors should get the KPTI mitigation for Meltdown with the release of Chrome OS 66 that is scheduled for release on April 24.

“The Stable channel has been updated to 65.0.3325.167 (Platform version: 10323.58.0/1) for most Chrome OS devices. This build contains a number of bug fixes and security updates.” reads the Google announcement.

“Intel devices on 3.14 kernels received the KPTI mitigation against Meltdown with Chrome OS 65.

All Intel devices received the Retpoline mitigation against Spectre variant 2 with Chrome OS 65.”

Chrome OS 65 also includes the Retpoline mitigation for Spectre Variant 2 for all Intel-based devices. Google experts highlighted that for Spectre Variant 1 attack, hackers can abuse the eBPF feature in the Linux kernel, but Chrome OS disables eBPF.

Chrome OS devices running on ARM-based systems are not affected by Meltdown. Google is working to cover also Spectre issues.

“On ARM devices we’ve started integrating firmware and kernel patches supplied by ARM. Development is still ongoing so release timelines have not been finalized. ARM devices will receive updated firmware and kernels before they enable virtualization features.” concluded Google.

A flaw in Ledger Crypto Wallets could allow to drain your cryptocurrency accounts. Fix it!

A flaw in Ledger Crypto Wallets could allow to drain your cryptocurrency accounts. Fix it!

Saleem Rashi, a 15-year-old researcher from the UK, has discovered a severe vulnerability in cryptocurrency hardware wallets made by the Ledger company.

Hardware wallets enable transactions via a connection to a USB port on the user’s machine, but they don’t share the private key with the host machine impossible malware to harvest the keys.

Saleem Rashid has found a way to retrieve the private keys from Ledger devices once obtained a physical access to the device.

The researchers discovered that a reseller of Ledger’s devices could update the devices with malware designed to steal the private key and drain the user’s cryptocurrency accounts when the user will use it.

Giving a close look at the Ledger’s hardware device, Saleem Rashid discovered that they include a secure processor chip and a non-secure microcontroller chip. The nonsecure chip is used for different non-security tacks such as displaying text on the display. The problem ties the fact that the two chips exchange data and an attacker could compromise the insecure microcontroller on the Ledger devices to run malicious code in stealth mode.

Even is Ledger devices implement a way to protect the integrity of the code running on them, the expert developed a proof-of-concept code to bypass it and run malicious code on the products.

nano s ledger wallet

The PoC code was published along with the official announcement from Ledger about the availability of a new firmware update that addresses the vulnerability.

“You’re essentially trusting a non-secure chip not to change what’s displayed on the screen or change what the buttons are saying,” Rashid told to the popular cyber security expert Brian Krebs. “You can install whatever you want on that non-secure chip, because the code running on there can lie to you.”

Rashid published a research paper on the flaw and a video PoC of the attack against a Nano-S device, one of the most popular hardware wallets sold by the company.

“This attack would require the user to update the MCU firmware on an infected computer. This could be achieved by displaying an error message that asks the user to reconnect the device with the le/ button held down (to enter the MCU bootloader). Then the malware can update the MCU with malicious code, allowing the malware to take control of the trusted display and confirmation buttons on the device.” wrote the researcher.
This attack becomes incredibly lucrative if used when a legitimate firmware update is released, as was the case two weeks ago.”

“As you can tell from the video above, it is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device.” continues the expert.

The Ledger MCU exploit relies on the fact that the process for generating a backup code for a user’s private key leverages on a random number generator that can be forced to work in a predictable way and producing non-random results.

Curiously, when Rashid first reported his findings to Ledger, the company dismissed them.

“the firmware update patches three security issues. The update process verifies the integrity of your device and a successful 1.4.1 update is the guarantee that your device has not been the target of any of the patched attack. There is no need to take any other action, your seed / private keys are safe.” reads the security advisory published by the French company.

“Thimotee Isnard and Sergei Volokitin followed the responsible disclosure agreement process and were awarded with a Bounty, while Saleem Rashid refused to sign the Ledger Bounty Program Reward Agreement.”

Rashid pointed out that Ledger doesn’t include anti-tampering protection to avoid that an attacker could physically open a device, but the company replied that such kind of measures is very easy to counterfeit.

In this case, let me suggest buying the devices directly from the official vendor and not from third-party partners and update them with the last firmware release.