Connect with us

Blockchain

Crypto OPSEC [2020]: Accounts, Cell Phones, 2FA & Security

Staying up to date with security best practices is vital as a cryptocurrency investor, trader or user. This guide will help you learn how to minimize the risk associated with using cryptocurrency websites, exchanges, and services. If you are a public figure involved in cryptocurrency, the importance of following proper security practices is even more critical. […]

Crypto OPSEC [2020]: Accounts, Cell Phones, 2FA & Security was originally found on Blokt – Privacy, Tech, Bitcoin, Blockchain & Cryptocurrency.

Republished by Plato

Published

on

Staying up to date with security best practices is vital as a cryptocurrency investor, trader or user. This guide will help you learn how to minimize the risk associated with using cryptocurrency websites, exchanges, and services.

If you are a public figure involved in cryptocurrency, the importance of following proper security practices is even more critical. You should consider yourself an active target for hackers. Many vloggers, bloggers, hedge fund managers and other individuals who have spoken or written publicly about cryptocurrency have had funds stolen, or at the very least, thefts have been attempted. This, however, is not a reason to slack if you’re not a public figure, there are numerous ways bad actors can find crypto holders and choose a mark, it’s not exclusive to those in the spotlight.

1 Accounts

AccountsThe accounts you set up and use for cryptocurrency related matters are a potential security concern. Bad actors can use information found via these accounts to home in on the identity of the person behind them.

For example, let’s imagine you always use the username “crazy_crypto_fiend.” Even if your e-mail address is not visible on a target website, an attacker can search for your username on other sites, which might publicly display their users’ e-mail addresses, and locate yours. Once they have your e-mail from this third party website (perhaps with lower security standards), they can use it as a starting point to get into your accounts on crypto exchanges.

Let’s look at the options for remaining as anonymous as possible when creating accounts on any website or platform:

Unique Usernames

Noone cares how much you love it, drop it. Start using random usernames for accounts on websites, social media and in particular, crypto-related sites. As mentioned above, your username can be used as an attack vector if it’s plastered all over the internet so make sure you are using unique usernames for every website or service.

Random Passwords

This should go without saying. Do not re-use passwords across multiple websites. There are regular database dumps of usernames, e-mails, passwords and personal data made available to hackers, sometimes from prominent sites such as Yahoo. Use a long password which contains numbers, uppercase letters, lower case letters, and punctuation. The length is extremely important, so use passwords that are as long as possible. It would take considerably longer for a hacker to brute force a thirty letter password than a five letter password. Your password manager should have an option to generate and store these passwords for you, more on password managers further down.

Crypto-Specific E-Mail Address

Use an e-mail address specific to your crypto dealings. This way, it is harder for attackers to locate your e-mail address from social accounts, database dumps and through other means. Don’t include your name in your crypto e-mail address, something generic would be much more secure.

Stay Informed to Hacks & Dumps

Knowing when your e-mail, username, password, or personal data has been compromised is useful when trying to keep your online identity secure. Sign up with have i been pwned to receive notifications when your information is contained within a dump. It’s advisable to sign up with your personal e-mail and your crypto-specific e-mail.

2 Password Managers

Password ManagersWondering how on earth you are going to remember multiple random, long, and unique passwords? Have no fear; password managers are here. A password manager allows you to sign with a single password and then automatically fill passwords on other sites from an encrypted database. You can view some of the available password managers here. The issue here is that you have one single password as a point of failure. If your password manger’s password is compromised, everything is compromised. To further secure your password manager you must set up 2-factor authentication on it.

3 Two-Factor Authentication

Two-Factor AuthenticationIn today’s climate, two-factor authentication, or 2FA, is essential to keeping your accounts safe from hackers. There are two main options when considering which software to use for your 2FA needs:

The Options

  1. Google Authenticator
  2. Authy

The 2FA software runs on a mobile device and can be downloaded from the Google Play Store or the Apple Store depending on your handset. Never download apps from a third-party website. Avoid using SMS as 2FA at all costs. Your telco could unknowingly port your phone number to a hackers SIM which would allow them to take over your accounts. More on this later.

There are pros and cons for each of these 2FA options. Google Authenticator is more secure out of the box, but Authy can be backed up to multiple devices which means you are not locked out of accounts should you lose your primary handset. I’ll explain how to secure Authy so that you have the benefit of multi-device backup, without the security flaws that can be present in some configurations. You will need a backup device to install Authy on too.

  1. Install the Authy app on your main handset
  2. Add 2FA to your chosen websites using the Authy app
  3. In the settings on your main handset, allow multi-device
  4. Install the Authy app on your backup device
  5. Check that your accounts have synced across both devices
  6. In the settings on your main handset, turn off multi-device
  7. Setup a PIN number for the Authy app on both devices

Now both devices will sync, but further devices cannot be added to sync. This means that if an attacker was to compromise your mobile number, (it happens much more than you might think) they will not be able to add Authy to their device and sync your accounts.

If you choose to use Google Authenticator, you will be required to print and store backup codes for each website you decide to add.

Secure Your Accounts

Now that you have 2FA setup, you need secure your accounts. It’s best practice to secure everything that allows it. Most decent websites support 2FA these days, so get it enabled. Here’s a list to get you started, securing all of the below is extremely IMPORTANT:

  • Add 2FA to your password manager
  • Add 2FA to your Google account(s)
  • Add 2FA to your e-mail accounts
  • Add 2FA to your crypto exchange accounts
  • Add 2FA everywhere else you can

4 Mobile Phones

Mobile PhonesYour mobile phone is a weakness in your security armor. Hackers regularly trick telcos into porting their victims’ numbers to their SIM cards by simply calling up, and playing it dumb. They could have also obtained personal details about you from a dump, hack, social network or some other means which will give them extra sway with your telco when they’re trying to pass themselves off as you. This is the main reason it is a bad idea to use SMS as a 2FA option.

There are some steps you can take to secure your mobile account, but sometimes these options may not be available, it depends on your telco. It’s advisable to do as many of the below as possible to secure your account:

  • Set up an account PIN number
  • Ensure this PIN number must be used to talk to a representative or make any changes at all on your account
  • Memorize your PIN
  • Ask your telco what would happen if you forget your PIN and ensure it is secure
  • Use a telco specific e-mail address for your account (similar method as using a crypto-specific e-mail)

5 Think Like a Nasty Hacker

HackerIf you were a career hacker, whose income revolved around finding and exploiting information relating to a person, e-mail account, or phone number, what lengths would you go to? The answer is probably “any,” and this is why you need to put yourselves in a hackers shoes to make sure you are secure.

Being security aware is more of a mindset than a method, but the following steps should get your started to thinking like a hacker:

  • Dox yourself – use Google, social media and other resources to try to find your personal information online.
  • Do the above for names, addresses, e-mails, phone numbers and any other personal information you can think of.

There are many ways a hacker can infiltrate your online identity, and it’s important to stay in the mindset that it could, and might, happen to you.

I’ll leave you with the eeriest example:

The photos on your mobile phone may contain EXIF data. This data includes the make and model of your phone, the software version (hacker jackpot), the date and time you took the photo and the GPS coordinates of where you took the photo (amongst other things). Yes, you heard me right, your uploaded photos could give a hacker or thief pinpoint directions to your house, bedroom or office. Scary right?

Luckily, most major social networks strip this data away from uploaded images, but there are plenty of smaller sites, blogs, and services that don’t. Something as simple as uploading a photo could lead a hacker to your address. If this doesn’t drive the importance of OPSEC and good security practices home, then I don’t know what will.

If you want to learn more about to secure your crypto holdings, then grab yourself a hardware wallet and read our in-depth guide.

Feel free to debate the methods discussed in this article below. If I’ve missed anything, please let me know.

Blokt is a leading independent privacy resource that maintains the highest possible professional and ethical journalistic standards.

Source: https://blokt.com/guides/opsec

Blockchain

Coinbase Targets Direct Nasdaq Listing of its Class A Common Stock

Republished by Plato

Published

on

After the confidential submission of a draft registration statement to become a publicly-traded company announced last year, Coinbase has taken a major step to be listed on the giant US stock exchange – Nasdaq.

  • CryptoPotato reported earlier that Coinbase had submitted a confidential draft registration statement to the US Securities and Exchange Commission (SEC) to go public via a direct listing instead of an IPO. Initial estimations suggested that the potential valuation was at about $28 billion. 
  • Earlier today, the company announced that it had filed a registration statement on Form S-1 with the Commission “relating to a proposed public direct listing of its Class A common stock.” 
  • This signifies a vital step towards becoming a publicly-traded company. Coinbase plans to list its Class A common stock on the Nasdaq Global Select Market under the ticker symbol “COIN.” 
  • It’s worth noting, though, that while the registration statement has been filed, it has yet to become effective. As the company explained it:  
  • “These securities may not be sold, nor may offers to buy be accepted, prior to the time the registration statement becomes effective.” 

  • Furthermore, Coinbase asserted that its filing doesn’t “constitute an offer to sell or the solicitation of an offer to buy any securities, nor shall there be any sale of these securities in any state or jurisdiction in which such offer, solicitation, or sale would be unlawful prior to registration or qualification under the securities laws of any such state or jurisdiction.” 
  • The company reported that its net revenue results for 2020 were substantially larger than the 2019 numbers – $1.1 billion against $483 million. The expenses had also increased from $580 million in 2019 to nearly $870 million last year. 
SPECIAL OFFER (Sponsored)
Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

You Might Also Like:


Source: https://cryptopotato.com/coinbase-targets-direct-nasdaq-listing-of-its-class-a-common-stock/

Continue Reading

Blockchain

Polkadot, Ethereum Classic, IOST Price Analysis: 25 February

Republished by Plato

Published

on

Polkadot saw a bounce to $36 after touching $28 over the past few days, but it has once again sunk beneath the $34 mark. Ethereum Classic also found some resistance at the $12 mark, and IOST showed rising bearish pressure.

Polkadot [DOT]

Polkadot, Ethereum Classic, IOST Price Analysis: 25 February

Source: DOT/USDT on TradingView

The Supertrend indicator showed a sell signal for DOT after it slipped beneath the descending channel (cyan) and plunged to $28. However, since then it has made a recovery toward $34-but whether this is more of a bounce rather than a recovery is a pertinent question.

At the time of writing, trading volume did not really back the recent price rise, indicating that it was indeed a bounce. The Awesome Oscillator showed bearish momentum, but no real strength over the past few hours.

Key levels to watch out for are $34.5 and $36 above it. A rejection would indicate bearish strength, while a flip to support can be used to enter a long position on a retest.

Ethereum Classic [ETC]

Polkadot, Ethereum Classic, IOST Price Analysis: 25 February

Source: ETC/USDT on TradingView

Using the Fibonacci retracement tool for ETC’s drop from $18 to $9, some levels of importance are highlighted. The RSI showed bears were in control of the market over the past couple of days, as the RSI stayed beneath the neutral 50 value.

The Parabolic SAR climbed into overbought territory even as the price slipped beneath the 38.2% retracement level- which was not an encouraging sign for the bulls.

It is likely that ETC would continue to move lower, toward the $10.75 mark once more.

IOST

Polkadot, Ethereum Classic, IOST Price Analysis: 25 February

Source: IOST/USDT on TradingView

IOST was in a steady short-term decline. It attempted a recovery, on strong trading volume, to $0.059 from the depths of $0.039. However, bears were able to force the price lower once more.

An interesting aspect is a lack of buying strength when IOST began to slip after a rejection at $0.059. This showed that bears were in control. The levels that bulls would try to defend are the $0.044 and $0.039 levels.

A defense of either of these levels over the next couple of days would point toward weakening bearish pressure in the short-term, and another possible recovery back toward $0.059.


Sign Up For Our Newsletter


Source: https://ambcrypto.com/polkadot-ethereum-classic-iost-price-analysis-25-february

Continue Reading

Blockchain

Inside the blockchain developer’s mind: Koinos approaches testnet

Republished by Plato

Published

on

Cointelegraph is following the development of an entirely new blockchain from inception to mainnet and beyond through its series, Inside the Blockchain Developer’s Mind. In Part Four, Andrew Levine of Koinos Group discusses some of the challenges the team has faced since identifying the key issues they intend to solve.

Earlier in this series I outlined three of the “crises” that are holding back blockchain adoption; upgradeability, scalability, and governance.

In this post I will summarize the solutions we’ve developed to these problems, which we will be showcasing in the upcoming Koinos testnet planned for the second quarter of 2021.

Since that series Koinos Group has successfully launched a token, KOIN, as a proof of work mineable token on Ethereum. By using proof of work to distribute the initial token supply we were able make the token accessible to early adopters and forgo an ICO.

Assessing the ICO model

ICOs and similar token sale tools, while not without their use cases, have created their own crisis within the space by misaligning incentives before development even begins. The issue is not with the ICO as a tool, but what happens when a team is financially rewarded before they have even shipped a product.

While so many projects have followed in the footsteps of Bitcoin, it’s surprising how few have replicated arguably the most successful aspect of its launch; a token distribution exclusively through proof of work.

The benefit of this approach is that it ensures with algorithmic certainty that the people behind the blockchain have no advantage in acquiring the token. In short, everyone, no matter who they are, has to make a financial sacrifice in order to acquire that token and the scale of that sacrifice is determined by some neutral third party. In the case of proof of work, that neutral third party is the manufacturer of hardware.

For Koinos Group, that means we had to spend money to acquire our token just like everyone else. In fact, because we have to spend most of our time developing the product, we are even at a disadvantage relative to professional miners. So we have to keep working to add value to the protocol if we’d like to get a return on our investment.

Proof of work algorithms are not without their problems, but we mitigated those in a few ways.

  • First, the mainnet will be governed by a totally different consensus algorithm that won’t be proof of work or proof of stake, so any attempt to develop an ASIC would be a waste of resources.
  • Second, we made the algorithm GPU resistant.
  • Third, we released this token long before releasing our mainnet. In fact, we released the token long before we had even completed development of our framework. Without a functional product, this token becomes a way for people who believe in our team and who share our vision for a fee-less smart contract platform to acquire the token at a reasonable cost.

Rapid rate of improvement

Part of what makes this launch strategy work is the innovative property set of Koinos. We built Koinos totally from scratch, not around any single feature like transactions per second or sharding, but with the goal of creating a blockchain that would improve at a much more rapid rate than any other blockchain out there.

In our experience developing the Steem blockchain, the need to execute hard forks was the single biggest factor holding back progress. If we wanted to eliminate that bottleneck, we reasoned, moving as much of the system code as possible into smart contracts that could be upgraded in-band would do the trick.

That’s why the Koinos blockchain framework contains only the most basic blockchain features (called “thunks”) like contract input/input, getting parameters, and writing to the database. All of the more complex features that people are more familiar with (consensus algorithm, accounts, resource management, governance, etc.) have been moved into modular WASM smart contracts running in the virtual machine that can be upgraded without a hard fork.

Because all behaviors are now coded in distinct “modules” that can be individually “upgraded” we call this feature modular upgradeability.

As a result of modular upgradeability, any behavior can be added to the blockchain without a hard fork because individual upgrades can be distributed in blocks and transactions that are pushed to the network much like an operating system patch, but with the added benefit of an on-chain record of the entire upgrade path.

By moving nearly all of the system code of the blockchain to smart contract modules that can be upgraded without a hard fork we have made Koinos into a blockchain that derives its strength not from the features it is born with, but based on its ability to rapidly acquire new and better features faster than anything else out there.

This is why we call Koinos the first blockchain capable of evolution.

Microservices

Modular upgradeability was just the first major technical innovation that we developed to make Koinos less monolithic and an order of magnitude more upgradeable. Just like there is code that does not need to be implemented natively (in the blockchain itself) but that can be implemented as smart contracts (most of it in fact), there is plenty of code that does not need to be implemented either natively or as smart contracts and can instead be implemented as microservices.

Microservice architectures have many benefits which is why this has become the industry standard for modern software development, but one major benefit is scalability because individual services can be scaled up without having to scale up the entire system. This can dramatically reduce the cost of running a network while improving both the speed and quality of improvements to that network. As a result of historical accidents, blockchain stacks appear to be the last to adopt this new standard as Koinos will be the first blockchain built on a microservice architecture.

This creates amazing new opportunities for developers who will be able to build application specific microservices for Koinos that will help them run their nodes, and their applications, more efficiently; and as a consequence deliver better user experiences. Best of all, this will make Koinos node operation more accessible, thereby improving decentralization, and enabling the network as a whole to run more efficiently so that developers and their end-users can get more out of their decentralized applications.

Multi-language support

Another benefit of a microservice architecture is that individual microservices (basically small programs) can be written in the best (fastest, most secure, best libraries, etc.) programming language for the job, a capability we also wanted to offer for smart contract developers. But in order to take advantage of this trait we needed to develop a way for these small programs written in different languages to “talk” to one another in a way that conformed to the unique needs of a decentralized network. To solve this problem we created a cross-language serialization framework named Koinos Types.

Koinos Types is like the Rosetta Stone for blockchain data structures. It allows programs written in different languages to talk to one another in a simple and unified way by giving them access to the same objects (the “building blocks” of modern programming languages). Koinos Types allows for the interpretation of Koinos (i.e. blockchain) data structures in practically any programming language which will be extremely useful for the development of blockchain-related microservices, clients, and smart contracts.

Koinos Types solves a number of problems. It helps us add multi-language support to Koinos more generally (including for smart contracts), it enables microservices to communicate with one another, and it makes it far easier to develop and update client-libraries. While modular upgradeability and the microservices architecture alone make Koinos far more upgradeable than any other blockchain, Koinos Types takes that upgradeability to another level. That’s why we were so excited to make Koinos Types the first piece of Koinos that we open sourced.

As you can see, ensuring that Koinos can improve at a more rapid rate than any other blockchain isn’t about any one feature.

  • It’s about getting the incentives right from the beginning.
  • It’s about ensuring that the blockchain has modular upgradeability.
  • It’s about modularizing the very architecture itself as microservices.
  • And it’s about making sure that developers operating at every level of the stack (not just smart contracts) are able to use the programming languages they already know and love.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.

Andrew Levine is the CEO of Koinos Group, where he and the former development team behind the Steem blockchain build blockchain-based solutions that empower people to take ownership and control over their digital selves. Their foundational product is Koinos, a high-performance blockchain built on an entirely new framework architected to give developers the features they need in order to deliver the user experiences necessary to spread blockchain adoption to the masses.

Source: https://cointelegraph.com/news/inside-the-blockchain-developer-s-mind-koinos-approaches-testnet

Continue Reading
Blockchain3 days ago

Ankr adds Eth2 futures (fETH) to its staking system

Blockchain4 days ago

Ripple now registered as a Wyoming business

Blockchain5 days ago

Elon Musk Explains to Peter Schiff What Money Is

Blockchain4 days ago

Former BoE, BoC Governor Mark Carney joins Stripe board of directors

Blockchain4 days ago

Litecoin, Cosmos, Tezos Price Analysis: 21 February

Blockchain3 days ago

Peter Schiff Now Discusses Bitcoin More Often Than His Beloved Gold

Blockchain4 days ago

A Review of BTCGOSU — Reviewer of Crypto Casinos

Blockchain4 days ago

Kraken Daily Market Report for February 21 2021

Blockchain3 days ago

DeFi Protocol Primitive Finance Self Hacks to Prevent Exploit

Blockchain3 days ago

Long Blockchain Corp has officially been delisted by SEC

Blockchain4 days ago

The Many Theories Of Elon Musk Being Satoshi Nakamoto

Blockchain3 days ago

NFT Platform Ethernity to Launch IDO on Polkastarter

Blockchain4 days ago

Is Ethereum heading to another ATH?

Blockchain5 days ago

3 key factors that propelled Ethereum to $2,000 for the first time ever

Blockchain4 days ago

Banks will be required to work with crypto, e-money and CBDCs to survive

Blockchain2 days ago

Bitcoin falls to $45K in sequel to 20% BTC price crash

Blockchain5 days ago

Kraken Daily Market Report for February 20 2021

Blockchain3 days ago

MoneyGram suspends Ripple partnership, citing SEC lawsuit

Blockchain4 days ago

Today 11:40 am EST: First Bitcoin Elite NFT Art Drop

Blockchain3 days ago

Kraken users demand refunds over flash-crash liquidations

Trending