Daily Byte: Monday, November 5, 2018November 6, 2018
Intel processors have a security hole, anonymous crypto takes a blow in Taiwan, and T.I. gets sued. Plus, Ethereum contracts may be dangerously homogeneous.
Here is some of what’s happening for Monday, November 5, 2018:
Ethereum Faces Security Risk from Lack of Diversity in Smart Contracts
According to a report from researchers at the University of Maryland and Northeastern University, the Ethereum ecosystem may be in grave danger. Due to a propensity for EDCCs (aka smart contracts) to be similar or share the same code, the ecosystem has been subject to high profile bugs that have – to date – frozen $170 million in assets.
The report, “Analyzing Ethereum’s Contact Topology,” found that contracts are three times more likely to be created by other contracts than by a user, resulting in over 60 percent of all smart contracts never being audited by a human. If an error exists in the generating Dapp, the resulting contracts would inherit the error, proliferating it. The report found that less than 10 percent of all user-created contracts are unique; under one percent of contract-created contracts are unique.
The report reads:
“Our initial findings indicate high levels of contract activity (largely independent of price), but low levels of contract diversity: most contracts are direct- or near-copies of other contracts. While this is likely a driving force behind Ethereum’s success (copying another’s contract is an easy way to start using the system), it also represents a potential risk, if buggy or vulnerable code were to be copied.”
In October, SpankChain, an adult entertainment crypto asset, suffered a security breach from its smart contracts. The breach initially caused at least $38,000 in losses (although it was later recovered with help from the attacker). In April, OKEx – the second-largest exchange by volume – suspended all ERC20 token deposits when it discovered a smart contract bug that allowed for the generation and depositing of large sums of tokens.
Rapper T.I. Sued for Participation in Alleged Crypto Scam
Celebrity gossip site TMZ is reporting that rapper T.I. is being sued by investors of a cryptocurrency that T.I. allegedly peddled as a “get-rich-quick” scheme.
T.I. and Atlanta businessman Ryan Felton created the cryptocurrency FLiK Token (FLIK, $0.000696 USD) in 2017. The duo apparently convinced investors to dump $1.3 million into the crypto asset, at six cents per coin, with the promise that the currency would hit $14.99 within 15 months. The coin did make a jump…to 21 cents before bottoming out in August 2018.
The 25-member investor class is seeking at least $5 million in damages. The suit claims that T.I. – real name Clifford Harris, Jr. – and Felton used the investor money in a “pump-and-dump” scheme to artificially inflate the crypto asset’s value. Unfortunately, this corresponded with the beginning of the bitcoin bear market, which saw a bottoming of prices across most coins. The coin also deflated due to Tip allegedly gifting “FLiK tokens to members of his family and friends who had sold massive amounts on coinexchange.com causing rapid devaluation,” as reported by VIBE.
Security Threat PortSmash Presents New Security Exploit for Intel Processors
ArsTechnica is reporting that a new Intel processor exploit, PortSmash, has been discovered that can leave sensitive data vulnerable. This exploit could potentially expose private keys in desktop-stored wallets or Intel-powered mining rigs.
The exploit reportedly takes advantage of Intel’s hyperthreading technology. Hyperthreading reduces the amount of time needed to carry out parallel computing tasks. By sending a steady stream of instructions to a logical core on the Intel chip and precisely measuring how long it takes for them to be executed, the exploit can detect when a security key is being processed by another logical core on the same chip.
“Our technique can choose among several configurations to target different configurations to target different ports in order to adapt to different scenarios, thus offering a very fine spatial granularity,” the researchers wrote in a soon-to-be-released paper about the exploit. “Additionally, PortSmash is highly portable and its prerequisites for execution are minimal, i.e., does not require knowledge of memory cache-lines, eviction sets, machine learning techniques, nor reverse engineering techniques.”
Intel, in a statement, said it believes the problem is not endemic to Intel alone and may be a problem shared by all multi-core processors.
Taiwan Targets Anonymous Crypto Transactions
Taiwan, as part of amendments passed to its anti-money laundering and terrorism financing laws, has given its Financial Supervisory Commission (FSC) the power to crack down on anonymous crypto transactions. Per Focus Taiwan, the FSC may require operators of crypto exchanges to collect the real names of users, per the new rules.
The penalty for non-registration is the rejection of crypto transactions by the banks and a report to the FSC for investigation. The Ministry of Justice said that the amendments are needed to bring Taiwan into compliance for its upcoming evaluation by the Asia/Pacific Group on Money Laundering.
Be fast, be clever, be wise. Most importantly, be here tomorrow for your Daily Byte.
Source: Read Full Article