kalenjin shared this story from Quartz.
Blockchain tech has been a buzzword for much of the last two years, as industries ranging from big banks to utilities try to shoehorn it into their existing infrastructures. Now IBM is announcing two new projects that finally put the technology to the test in the marketplace.
The first deal involves Canada’s major banks, telcos, and government agencies, who are using digital identity services from a firm called SecureKey. Later this year, customers of these services can opt-in to a blockchain-powered system, provided by SecureKey and IBM, which will verify their identities. They can then decide how much and what personal data to share with other companies who use the digital identity system. As an example of how the system works, SecureKey says a bank customer would be able to share his data with a utility to open an account, removing the need to go through a separate verification process.
The second deal uses an IBM blockchain for a carbon-trading platform in China, jointly developed with a company called Beijing Energy-Blockchain Labs. The platform is touted as a more efficient way to trade carbon assets because it provides a cheaper way to audit the transactions while keeping everyone compliant. The system was trialled last November and will be available later this year, IBM says.
The SecureKey project is the more interesting one. Digital identity has long been discussed as a particularly powerful use of blockchain technology, but no prototype has been released for public use yet. If Canada’s SecureKey and IBM make their promised system easy enough for consumers to use, it would be a clear demonstration of blockchain technology’s utility. It would also illustrate the difference between these so-called private blockchains, or distributed ledgers, and public blockchains exemplified by cryptocurrencies like bitcoin and ethereum.
IBM has been promoting the commercial viability of its blockchain tech forcefully. Last month, it announced its blockchain-powered solution for a major private equity funds administrator, Northern Trust, probably the first project using the technology commercially. Blockchain tech is just one of the services that IBM provides through its cloud. The cloud divisions of Microsoft and Amazon offer their own variants, and a major enterprise software provider is expected to announce its entry to the space this week. IBM’s first-mover advantage, however, may serve it well.
kalenjin shared this story from Quartz.
Each year, the European Commission releases a report of the withdrawn or recalled products that triggered the most notifications on the European Rapid Alert system. The bad news is that this year, toys set off the most alerts because they are choking hazards. The good news is that the total number of alerts is slightly down, and alerts for products made in China, the biggest source of dangerous products, is significantly down.
These are the most dangerous non-food consumer goods in Europe for 2016:
These are the hazards posed by toys, the product category with the most safety alerts:
These are the most common risks posed by dangerous products in Europe. According to the commission, the “injuries” category is mainly linked to motor vehicles.
Where are all those dangerous goods from? China by a long shot, but of course, China makes most of the world’s stuff. Slightly more disturbing is the high number of alerts of “unknown” origin.
Here’s a historical snapshot of the types of danger posed by these products over time. From 2007 to 2013 clothes were the most dangerous products, mainly because of a crackdown on the drawstrings on childrens’ trousers by national authorities and because of an EU ban on an anti-mold chemical used in shoes called dimethyl fumarate, according to an earlier commission report (pdf).
kalenjin shared this story from Bitcoin Magazine.
<img alt="This Security Researcher Found the Bug That Knocked Out Bitcoin Unlimited" height="444" src="https://fs.bitcoinmagazine.com/img/images/BU_bug.width-800.jpg" width="800"><p>For over a year, attackers have had the ability to crash<a href="https://www.bitcoinunlimited.info/"> Bitcoin Unlimited</a> and<a href="https://bitcoinclassic.com/"> Bitcoin Classic</a> nodes. Yesterday, someone actually did it. According to websites like<a href="https://coin.dance/nodes/unlimited"> Coin Dance</a>, the number of Bitcoin Unlimited nodes fell sharply from almost 800 to less than 250 in a matter of hours. Bitcoin Classic was hit shortly after.<br/></p><p>One day earlier, the security researcher who found the vulnerability had reached out to <i>Bitcoin Magazine</i>.</p><p>“I am quite beside myself at how a project that aims to power a $20 billion network can make beginner’s mistakes like this.”</p><p><b>The Vulnerabilities</b></p><p>Bitcoin Unlimited and Bitcoin Classic are forks of<a href="https://bitcoincore.org/"> Bitcoin Core</a> that intend to increase Bitcoin’s block size limit. Both launched in 2015 and have been maintained by their own development teams since. While Bitcoin Classic was a relatively popular alternative to Bitcoin Core last year, Bitcoin Unlimited has been gaining traction lately. The world’s largest mining pool — <a href="https://www.antpool.com/">AntPool</a> —<a href="https://www.bloomberg.com/news/articles/2017-03-13/bitcoin-miners-signal-revolt-in-push-to-fix-sluggish-blockchain"> announced</a> it would switch to Bitcoin Unlimited, as have <a href="https://bitcoinmagazine.com/articles/where-bitcoin-mining-pools-stand-on-segregated-witness-1480086424/">several smaller pools</a>.</p><p>But not everyone believes that is a good idea.</p><p>“I am rather dismayed at the poor level of code quality in Bitcoin Unlimited and I suspect there [is] a raft of other issues,” a security researcher identifying herself only as “Charlotte Gardner” told <i>Bitcoin Magazine</i> on Monday. </p><p>Communicating over email, Gardner said she was auditing the software for her own use, but quickly came to the conclusion that it’s highly unsafe: “What concerns me is that this software is now being used by a huge portion of the Bitcoin mining ecosystem.”</p><p>Gardner revealed that she had submitted two vulnerabilities — “critical remote crash vulnerabilities” to be exact — to the Bitcoin Unlimited development team.</p><p>The first one is known as a “<a href="https://cwe.mitre.org/data/definitions/476.html">NULL pointer dereference</a>,” the second a “<a href="https://cwe.mitre.org/data/definitions/617.html">reachable assertion</a>.” In both cases, attackers can send especially crafted messages to Bitcoin Unlimited or Bitcoin Classic nodes to make these nodes crash. On an open peer-to-peer network like Bitcoin’s, this means that an attacker can get a list of Bitcoin Unlimited and Bitcoin Classic nodes from publicly available sources, like<a href="https://bitnodes.21.co/nodes/?q=/BitcoinUnlimited:188.8.131.52/"> Bitnodes</a>, and simply knock every single one of them offline.</p><p>“I’m surprised no one has noticed them yet,” Gardner told <i>Bitcoin Magazine</i> one day before the attack took place. “I guess not many people actually use the Bitcoin Unlimited software. But with their ‘rise,’ attackers may take more interest.”</p><p><b>The Disclosure</b></p><p>When contacting <i>Bitcoin Magazine</i> on Monday, Gardner did not immediately want to make the vulnerabilities public. That would have been irresponsible, she explained, as the bugs could still be exploited before the Bitcoin Unlimited development team had the chance to fix it.</p><p>But she did also submit the vulnerabilities to <a href="https://cve.mitre.org/">Mitre’s Common Vulnerabilities and Exposures (CVE) database</a>. This ensures that Mitre discloses the bugs in one month from now, which pressures the developers to actually fix the problem in time.</p><p>However, even following this responsible disclosure, Gardner thought there was a risk that the vulnerabilities would be abused as soon as they were fixed in the Bitcoin Unlimited code repository. After all, at that point the problem isn’t really solved: anyone running the released Bitcoin Unlimited software is still vulnerable until they download and run the new, revised version. This opens a window for attackers.</p><p>“The problem is, the bugs are so glaringly obvious that when fixing it, it will be easy to notice for anyone watching their development process,” she said.</p><p>It now appears that is exactly what has happened. While the Bitcoin Unlimited developers did indeed fix the issue shortly after it was pointed out to them, they did so with far too conspicuous a GitHub<a href="https://github.com/BitcoinUnlimited/BitcoinUnlimited/pull/371/commits/99d4062c570471d43b36b2ad0d416f36817a1743"> commit message</a>, Gardner told <i>Bitcoin Magazine</i> once it appeared the bugs seemed fixed and before the attacks began.</p><p>“Their commit message does ring alarm bells. I’m not sure if anyone will notice, but they probably should have obfuscated the message a bit more. The wording might attract closer scrutiny. But if it went unnoticed for this long, maybe it will go unnoticed.”</p><p>Clearly, it did not.</p><p>As Gardner warned, it didn’t take long for attackers to exploit one of the vulnerabilities: the first attacks<a href="http://pbs.twimg.com/media/C66GImZWkAE74sD.jpg"> happened</a> shortly after the bugs were fixed. A little later, user “shinobimonkey” took the issue to<a href="https://www.reddit.com/r/Bitcoin/comments/5zdkv3/bitcoin_unlimited_remote_exploit_crash/"> Reddit</a>, Bitcoin Core developer Peter Todd<a href="https://twitter.com/petertoddbtc/status/841702092687450113"> tweeted</a> about the bug and social media blew up. </p><p>Someone then even published<a href="https://ghostbin.com/paste/36hhq"> exploit code</a> for anyone to use, and before long most Bitcoin Unlimited nodes were down, to be followed by many Bitcoin Classic nodes. </p><p>“This is exactly why there is supposed to be a ‘responsible disclosure’ protocol,” Gardner told <i>Bitcoin Magazine</i> after the attacks took place. “But then it doesn’t help if the software project is not discreet about fixing critical issues like this.”</p><p><b>Code Quality</b></p><p>This is not the first time the code quality of Bitcoin Unlimited or Bitcoin Classic has been scrutinized.</p><p>As the best-known example, the<a href="https://pool.bitcoin.com/index_en.html"> bitcoin.com</a> mining pool, which runs Bitcoin Unlimited, mined an<a href="https://www.reddit.com/r/Bitcoin/comments/5qwtr2/bitcoincom_loses_132btc_trying_to_fork_the/"> invalid block</a> caused by a bug last January. All energy invested to produce the block was wasted, while mining pools that<a href="https://bitcoinmagazine.com/articles/why-bitcoin-mining-pools-aren-t-incentivized-to-broadcast-blocks-quickly-1475249510/"> spy mined</a> on top of the invalid block wasted some energy as well.</p><p>Before that, Bitcoin Core developers had already warned about buggy code on several occasions. On the Bitcoin-development mailing list, Matt Corallo<a href="https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-October/013241.html"> said</a> that he had found Bitcoin Classic’s flexible transactions codebase to be “riddled with blatant and massive security holes.” On Reddit, Gregory Maxwell<a href="https://www.reddit.com/r/Bitcoin/comments/5dkb6o/a_short_tour_of_bitcoin_core/da5d3x3/"> pointed out</a> that Bitcoin Unlimited nodes were crashing because the development team removed code that shouldn’t have been removed.</p><p>Addressing Bitcoin Unlimited lead developer Andrew Stone in response to yesterday’s events, Maxwell<a href="https://www.reddit.com/r/btc/comments/5zdrru/peter_todd_bu_remote_crash_dos_wtf_bug_assert0_in/dexfs5l/"> suggested</a> there are more problems with Bitcoin Unlimited’s codebase that have not yet been abused:</p><p>“There are vulnerabilities in Unlimited which have been privately reported to you in Unlimited by Bitcoin Core folks which you have not acted on, sadly. More severe than this one, in fact.”</p><p>Perhaps the main problem for Bitcoin Unlimited, as <a href="https://twitter.com/i/moments/841932734465495041">pointed out</a> by information security expert Andreas Antonopoulos, is that it lacks a significant development community to perform proper quality analysis. The number of developers working on Bitcoin Unlimited and Bitcoin Classic is relatively small, and the code that included the exploited vulnerability was merged after being reviewed by only one person — not a lot for security-critical code protecting people’s money.</p><p>Gardner agreed with this assessment:<br/><br/>“In this case, the vulnerabilities are so glaringly obvious, it is clear no one has audited their code because these stick out like a sore thumb,” she said. “I’m astounded the mining industry are running this software. But since they are, and a lot of people could get harmed, the best I can do, other than recommending they don’t use Bitcoin Unlimited, is to disclose the issues and hope they are competent enough to fix it.”<br/></p><p><i>Bitcoin Magazine</i> reached out to Bitcoin Unlimited developers Andrew Stone and Andrea Suisani, but received no response at time of publication.</p>
The post This Security Researcher Found the Bug That Knocked Out Bitcoin Unlimited appeared first on Bitcoin Magazine.
kalenjin shared this story from The Big Picture.
China’s Continuing Credit Boom Jeff Dawson, Alex Etra, and Aaron Rosenblum Liberty Street Economics, Feb 27, 2017 Debt in China has increased dramatically in recent years, accounting for roughly one-half of all new credit created globally since 2005. The country’s share of total global credit is nearly 25 percent, up from…
kalenjin shared this story from naked capitalism.
Can changes in ownership rules tame the bad features of capitalism?
kalenjin shared this story from WIRED.
They hang from ropes hundreds of feet in the air, washing windows and cleaning wind turbines. And they post it all to Instagram. The post The Workers Who Snap Selfies Dangling From Skyscrapers appeared first on WIRED.
kalenjin shared this story from WIRED.
Researchers claim to have found a protein that makes the water bear so insanely tough. The post The Secret of the Crazy-Tough Water Bear, Finally Revealed appeared first on WIRED.
kalenjin shared this story from Quartz.
Just days after a scandal involving attempts by Chinese universities to influence academic discussion in Taiwanese classrooms was uncovered, the arrest of an alleged Chinese spy who studied here has put Beijing’s espionage efforts back in the spotlight.
While spy scandals are not uncommon in Taiwan, the news has heightened concerns that the island is inadequately prepared to deal with Chinese espionage at a time when relations across the Taiwan Strait are at their lowest point in years.
Taiwanese authorities last week arrested Chinese national Zhou Hongxu, who graduated from Taipei’s prestigious National Chengchi University last year. Zhou is accused of trying to organize a spy ring within Taiwan’s government, including a foreign ministry official. Beijing, meanwhile, has called the detention suspicious given recent controversy that some Taiwanese universities, in a bid to lure Chinese students, have signed agreements to not contradict China’s views on Taiwan’s status.
“The main issue for governmental administrative offices is that civil servants have low awareness [about espionage] and the offices lack their own information security systems to protect them from communist spies,” the Taipei Times reported, citing an anonymous official. “As they have no mechanisms for reporting suspected espionage attempts, the risk of vulnerable civil servants being turned or compromised is substantial.”
The official also said that there are an estimated 5,000 individuals harvesting classified information in Taiwan for Beijing.
Liu Fu-kuo, a research associate at the Center for Security Studies at National Chengchi University, said he thought the estimate of 5,000 Chinese spies in Taiwan was “quite exaggerated,” though he said it was likely that there were more undetected cases similar to Zhou’s. “Chinese who come here for business or to study may occasionally be of use to China’s intelligence apparatus, but categorizing them alongside full-time intelligence agents would be inappropriate,” Liu said.
China has laid claim to Taiwan since the end of the Chinese civil war in 1949, and has vowed to use force if necessary to annex Taiwan. In recent decades, self-ruled Taiwan has evolved from a closed-off dictatorship into a vibrant democracy with little interest in becoming part of China.
China cut off official communication channels with Taiwan last year after newly elected president Tsai Ing-wen skirted Beijing’s demands that she acknowledge its interpretation of the One China principle. Tsai’s presidency followed eight years of relatively warm relations between Beijing and Taipei under president Ma Ying-jeou.
Liu said that given the recent increase in tensions in the cross-strait relationship, it would be natural for there to be more Chinese spy activity in Taiwan.
“Compared with eight years ago, it’s likely that Beijing now has a greater need to understand and grasp the current situation of the Taiwanese government,” he said.
Direct travel links between China and Taiwan were established only eight years ago. With Chinese accounting for one-third of international visitors to Taiwan, it is inevitable that some of these visitors from China will be carrying out intelligence work in areas of interest to the Chinese government, Liu said.
The security official in the Taipei Times report noted that in addition to the government, Taiwan’s military is also a major target for Chinese spies.
A spokesman for the defense ministry referred Quartz to the Mainland Affairs Council (MAC). With regard to the Taipei Times report, the MAC said that Taiwan’s government has never stated figures on the current number of Chinese spies in Taiwan, but that “the Chinese mainland has never ceased to collect military secrets or information vital to the security of our society.” In the face of this sustained threat, Taiwan’s government continues to step up its vigilance, it added.
China has already had success in turning members of Taiwan’s military. The highest-level member of the military to be convicted of espionage is former one-star general Lo Hsien-che, who was initially lured into a “honey trap” while stationed in Thailand and then received payment in exchange for state secrets. Lo was sentenced to life in prison in 2012.
In 2015 four retired Taiwanese military officers and another Taiwanese citizen were indicted for espionage and leaking state secrets, including information about Taiwanese military aircraft and radar systems. The men were recruited by a former Chinese military officer who entered Taiwan as a Hong Kong resident. He paid the men with cash and trips to Southeast Asia. In the same year, Taiwan and China exchanged spies for the first time ever.
High-ranking government officials have also been convicted of spying for China. In 2010 a former official in Taiwan’s presidential office wasconvicted of passing state secrets to China, and was sentenced to three years in prison.
Liu said Taiwan is currently a divided society, with many Taiwanese supporting the current government, and a substantial number opposed to it. This will continue to provide Beijing with an opportunity to use certain people including businessmen, students, and pro-unification political parties to its own ends.