What is Cryptocurrency?

A cryptocurrency is a medium of exchange like normal currencies such as USD, but designed for the purpose of exchanging digital information through a process made possible by certain principles of cryptography. Cryptography is used to secure the transactions and to control the creation of new coins. The first cryptocurrency to be created was Bitcoin back in 2009. Today there are hundreds of other cryptocurrencies, often referred to as Altcoins.

Put another way, cryptocurrency is electricity converted into lines of code with monetary value. In the simplest of forms, cryptocurrency is digital currency.

Unlike centralized banking, like the Federal Reserve System, where governments control the value of a currency like USD through the process of printing fiat money, government has no control over cryptocurrencies as they are fully decentralized.

Most cryptocurrencies are designed to decrease in production over time like Bitcoin, which creates a market cap on them. That’s different from fiat currencies where financial institutions can always create more, hence inflation. Bitcoin will never have more than 21 million coins in circulation. The technical system on which all cryptocurrencies are based on was created by Satoshi Nakamoto.

While hundreds of different cryptocurrency specifications exist, most are derived from one of two protocols; Proof-of-work or Proof-of-stake. All cryptocurrencies are maintained by a community of cryptocurrency miners who are members of the general public that have set up their computers or ASIC machines to participate in the validation and processing of transactions.


History of Cryptocurrency

The first cryptocurrency was Bitcoin. Bitcoin was created in 2009 by a pseudonymous developer named Satoshi Nakamoto. Bitcoin uses SHA-256, which is a set of cryptographic hash functions designed by the U.S National Security Agency. Bitcoin is a cryptocurrency that is based on the proof-of-work system.

In April 2011, Namecoin, the first altcoin, was created to form a decentralized DNS to make internet censorship more difficult. In October 2011, Litecoin was released and became the first successful cryptocurrency to use scrypt as its hash function rather than SHA-256. This gave the general public the ability to mine for litecoins without the purchase of specific hardware such as the ASIC machines used to mine Bitcoin.

Litecoin began receiving media attention in late 2013 – reaching a market cap of $1 billion. Ripplecoin, created in 2011, was built on the same protocol as Bitcoin but services as  a payment system – think of it like a Paypal for cryptocurrencies that supports any fiat currency, cryptocurrency, commodity or even frequent flier miles.


Cryptocurrencies & Market Capitalization

Bitcoin is the largest cryptocurrency in both market capitalization, volume, acceptance and notoriety, but it’s not the most valuable coin. NEMstake, while only having a market cap of $1,116,720, trades at $1,117 a coin. Looking at the market cap, Litecoin takes second place after Bitcoin with Ripple close behind.

One coin that you are more than likely familiar with is Dogecoin. Dogecoin ranks, on average, thirds in trading volume, but has a relatively low market cap – ranking number six in the largest cryptocurrency.


What is a Cryptocurrency Hash?

Cryptocurrency mining power is rated on a scale of hashes per seconds. A rig with a computing power of 1kH/s is mining at a rate of 1,000 hashes a second, 1MH/s is a million hashes per second and a GH/s is one billion hashes per second. Every time a miner successfully solves a block, a new hash is created. A hash algorithm turns this large amount of data into a fixed-length hash. Like a code if you know the algorithm you can solve a hash and get the original data out, but to the ordinary eye it’s just a bunch of numbers crammed together and remains practically impossible to get the original data out of.


SHA vs. Scrypt

While Bitcoin and a several other coins are mined using SHA-256, Litecoin and many other coins, use Scrypt. This are the two major hashing functions, but several different kinds exists and are used by other cryptpcurrencies such as scrypt-N and x11. The different hashing functions were adopted to answer concerns with the SHA-256. Before, individuals were able to mine Bitcoin with their GPU’s, which require a large amount of energy. But as Bitcoin grew in popularity, ASIC SHA-256 machine were built which  made GPU mining obsolete.

To give you an idea of just how powerful these machines are, a mining rig running 4 GPU’s would get a hash rate of around 3.4 MH/s and consume 3600kW/h while an ASIC machine can mine 6 TH/s and consume 2200kW/h. This effectively killed GPU mining and left many individuals worried about the security of the network. With less individuals being able to profitably mine from their home computer, the network become less decentralized. Scrypt mining was implemented with the promise of being ASIC resistant due to the memory problem it introduced.

Scrypt hashes require lots of memory, which GPU’s are already designed to handle and ASIC machines were not. However, Scrypt mining require a lot of energy and eventually scrypt-ASIC machines were designed to address this problem. At this point Litecoin considered changing their proof-of-work function to avoid ASIC mining. Scrypt also taut that their proof-of-work is much more energy efficient than SHA-256. Bitcoin blocks are solved at a rate of 1 per 10 minutes while Litecoin blocks are solver at a rate of 1 per 2.5 minutes.


Cryptocurrency Security

The security of cryptocurrencies is two part. The first part comes from the difficulty in finding hash set intersections, a task done by miners. The second and more likely of the two cases is a “51%” attack“. In this scenario, a miner who has the mining power of more than 51% of the network, can take control of the global blockchain ledger and generate an alternative block-chain. Even at this point the attacker is limited to what he can do. The attacker could reverse his own transactions or block other transactions.

Cryptocurrencies are also less susceptible to seizure by law enforcement or having transaction holds placed on them from acquirers such as Paypal. All cryptocurrencies are pseudo-anonymous, and some coins have added features to create true anonymity.


Cryptocurrency Legality & Taxes

While cryptocurrencies are legal in most countries, Iceland and Vietnam being an exception – Iceland mainly due to their freeze on foreign exchange, they are not free from regulations and restrictions. China has banned financial institutions from handling bitcoins and Russia, while saying cryptocurrency is legal, has made it illegal to purchase goods with any currency other than Russian rubles.

In the U.S., the IRS has ruled that Bitcoin is to be treated as property for tax purposes, making Bitcoin subject to capital gains tax. The Financial Crimes Enforcement Network (FinCEN) has issued guidelines for cryptocurrencies. The issued guidelines contain an important caveat for Bitcoin miners: it warns that anyone creating bitcoins and exchanging them for fiat currency are not necessarily beyond the reach of the law. It states:

“A person that creates units of convertible virtual currency and sells those units to another person for real currency or its equivalent is engaged in transmission to another location and is a money transmitter.”

Miners seem to fall into this category, which could theoretically make them liable for MTB classification. This is a bone of contention for bitcoin miners, who have asked for clarification. This issue has not been publicly addressed in a court of law to date.


Cryptocurrency Services

There are a host of services offering information and monitoring of cryptocurrencies. CoinMarketcap is an excellent way check on the market cap, price, available supply and volume of crypto currencies. Reddit is a great way to stay in touch with the community and follow trends and CryptoCoinCharts is full of information ranging from a list of crytocoins, exchanges, information on arbitrage opportunities and more. Our very own site offers a list of crypto currencies and their change in value in the last 24hrs, week or month.

Liteshack allows visitors to view the network hash rate of many different coins across six different hashing algorithms. They even provided a graph of the networks hash rate so you can detect trends or signs that the general public is either gaining or losing interest in a particular coin.

A hand website for miner is CoinWarz. This site can help miners determine which coin is most profitable to mine given their hash rate, power consumption, and the going rate of the coins when sold for bitcoins. You can even view each coins current and past difficulty.


https://www.cryptocoinsnews.com/cryptocurrency/

Anti-money laundering software (AML)

Anti-money laundering (AML) software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions.

Anti-laundering systems filter customer data, classify it according to level of suspicion and inspect it for anomalies. Such anomalies would include any sudden and substantial increase in funds or a large withdrawal. In both the United States and Canada, all transactions of $10,000 or greater must be reported.

Smaller transactions that meet certain criteria may be also be flagged as suspicious. For example, a person who wants to avoid detection will sometimes deposit a large sum as multiple smaller sums within a brief period of time. That practice, known as "structuring," will also lead to flagged transactions. The software flags names that have been blacklisted and transactions involving countries that are thought to be hostile to the host nation. Once the software has mined data and flagged suspect transactions, it generates a report.

A human will investigate and evaluate flagged transactions. Often, when a flag is investigated, the customer involved can explain the transaction and the flag is dismissed. For example, a customer whose banking typically consists of regular weekly paycheck deposits and smaller withdrawals may suddenly deposit an unusually large sum of money. That transaction will be flagged. Upon examination, however, the deposit may turn out to be from the sale of a car or other property.

The U.S Treasury's Financial Crimes Enforcement Network researches almost five million suspicious activity reports a year. Wes Gill, enterprise risk manager for SAS Canada, estimates that $500-billion to $1.5-trillion (U.S.) is laundered, globally, on a yearly basis. Most of that money comes from drugs and organized crime.


http://searchfinancialsecurity.techtarget.com/definition/anti-money-laundering-software-AML

8 Ways to Launch Your New Online Startup Idea in Less Than a Week

You’ve spent months mulling over your great new startup idea and prepared the business plan plus done all the initial groundwork. Now, it’s time for actual launch.

By leveraging all the incredible tools and technology out there, you can actually launch your new startup idea in less than a week.

Here’s how to make this happen:

1. Corporate Identity.

Create a logo and possible tagline for your startup. This will take some thought and may require the use of a freelance artist to make your brand’s defined attributes come to life through the graphics.

You will want to spend some time reviewing the various designs that the artist creates and even send the options around to your network to get their vote. Having others provide their impressions can be a good way to gauge how your audience will react.


2. Domain and Hosting.

Secure your domain name so you can set up your website. If you can’t get a .com, there are plenty of other extensions that are now perfectly acceptable and often can set your brand apart from the rest in your industry.

Try a company like Yola that gives you a free domain name and free website hosting.


3. Social Media.

Since you are putting your website together, you will want to have buttons on your site for all your social media profiles in an easily accessible location. This means setting up an account with sites like Facebook, Twitter, Instagram, and Snapchat.

It is also a good idea to have a LinkedIn company page that links to the individual profile you should already have on the LinkedIn site, as an entrepreneur.

You most likely have some contacts in your network that would love to hear about your new business and get a link to your new website and social media sites.


4. Website and Graphics.

While it used to take weeks with a crack graphic designer to get your website done, new companies like BoldGrid have an intuitive, attractive site ready for you quickly so you can start on your marketing efforts immediately.

As Todd Robinson said “BoldGrid allows Entrepreneurs to focus on what matters most, their business. A website should not be a hurdle to launching the next great idea.”


5. Initial Marketing.

Create an initial email that introduces everyone to your new business and shares the key benefits you offer that set you apart. Use a service like MailChimp to send and track your email marketing campaigns as you will be doing more in the coming months as your business ramps up.


Any responses received can form the basis of future emails and marketing campaigns so it’s important to seek out a CRM software solutions that let you build a database of contacts and record specific insights about each prospect to personalize and craft better marketing content.
This particular solution also offers a project management tool that gets you organized from launch point to keep you focused and organized.


6. Automation and Tools

It’s time to set up very necessary tools that help you automate a lot of the work going forward so you can focus on prospects and customers. Some ideal technology to add to your business launch includes things like Hootsuite where you can schedule all your social media posts as well as Mention that tells you when people are talking about your company and what they are saying in real time so you can get involved with your burgeoning audience.

You may also want to consider adding a chatbot tool to your customer conversations to handle some of the basic inquiries. Tools like ChattyPeople can be integrated with various instant messaging systems like Facebook Messenger, which saves you time and labor costs while offering round-the-clock customer service features.


7. Adding to the Team

Despite automating much of what you have to do, this may be an opportune time to look into adding to your team by bringing in freelancers to handle marketing content, social media, and any of your IT needs. Sites like Upwork, Remote, and Toptal are great places to find some of the world’s best talent that are eager and passionate about working with new companies on all types of projects as well as offer budget-friendly pricing.


8. Invoicing and Payments.

It’s important to have a process for invoicing/billing and payment acceptance in place from the beginning to encourage purchases immediately from your audience. The best option is to use an online invoicing platform like Due Invoicing or Flint that also provides a low-cost way to process credit card payments, which will draw more customers from the beginning because of the convenience and security of this payment form. Having this system in place will help you gain that immediate cash flow you need.

All these startup launch tasks can be completed within days on a minimal budget and don't require a significant amount of technical knowledge to check them off your list. In return, you'll be able to start generating interest and dollars.



https://www.forbes.com/sites/johnrampton/2017/04/20/8-ways-to-launch-your-new-online-startup-idea-in-less-than-a-week

What Is Big Data?

Big data is new and “ginormous” and scary –very, very scary. No, wait. Big data is just another name for the same old data marketers have always used, and it’s not all that big, and it’s something we should be embracing, not fearing. No, hold on. That’s not it, either. What I meant to say is that big data is as powerful as a tsunami, but it’s a deluge that can be controlled . . . in a positive way, to provide business insights and value. Yes, that’s right, isn’t it?

Over the past few years, I have heard big data defined in many, many different ways, and so, I’m not surprised there’s so much confusion surrounding the term. Because of all the misunderstanding and misperceptions, I have to ask:

CMOs, when you talk about “big data” in the C-suite, do you know if everyone’s on the same page? And even closer to home, are you certain there’s consensus within your marketing organization?

You won’t get far untangling your big data hairball if, for example, half of your company is forgetting to include traditional data in the calculus or if some don’t think social network interactions “really” matter. So, please, take a minute to get back to basics and do a simple self-check. Ask yourself, your team, the C-suite:

How do we define big data?

While I fully expect your company to add its own individual tweaks here or there, here’s the one-sentence definition of big data I like to use to get the conversation started:

Big data is a collection of data from traditional and digital sources inside and outside your company that represents a source for ongoing discovery and analysis.

Some people like to constrain big data to digital inputs like web behavior and social network interactions; however the CMOs and CIOs I talk with agree that we can’t exclude traditional data derived from product transaction information, financial records and interaction channels, such as the call center and point-of-sale. All of that is big data, too, even though it may be dwarfed by the volume of digital data that’s now growing at an exponential rate.

In defining big data, it’s also important to understand the mix of unstructured and multi-structured data that comprises the volume of information.

Unstructured data comes from information that is not organized or easily interpreted by traditional databases or data models, and typically, it’s text-heavy. Metadata, Twitter tweets, and other social media posts are good examples of unstructured data.

Multi-structured data refers to a variety of data formats and types and can be derived from interactions between people and machines, such as web applications or social networks. A great example is web log data, which includes a combination of text and visual images along with structured data like form or transactional information.  As digital disruption transforms communication and interaction channels—and as marketers enhance the customer experience across devices, web properties, face-to-face interactions and social platforms—multi-structured data will continue to evolve.

Industry leaders like the global analyst firm Gartner use phrases like “volume” (the amount of data), “velocity” (the speed of information generated and flowing into the enterprise) and “variety” (the kind of data available) to begin to frame the big data discussion. Others have focused on additional V’s, such as big data’s “veracity” and “value.”

One thing is clear: Every enterprise needs to fully understand big data – what it is to them, what is does for them, what it means to them –and the potential of data-driven marketing, starting today. Don’t wait. Waiting will only delay the inevitable and make it even more difficult to unravel the confusion.

Once you start tackling big data, you’ll learn what you don’t know, and you’ll be inspired to take steps to resolve any problems. Best of all, you can use the insights you gather at each step along the way to start improving your customer engagement strategies; that way, you’ll put big data marketing to work and immediately add more value to both your offline and online interactions.


https://www.forbes.com/sites/lisaarthur/2013/08/15/what-is-big-data/#3c6a673a5c85

Vulnerability Assessments Versus Penetration Tests

As information security professionals, most of you are familiar with vulnerability assessments and penetration testing (pen tests for short).

Both are valuable tools that can benefit any information security program and they are both integral components of a Threat and Vulnerability Management process.

Are These Information Security Services the Same?

The two are often incorrectly used interchangeably due to marketing hype and other influences which has created confusion and wasted resources for many enterprises. With that in mind, I'd like to try to clarify the distinctions between vulnerability assessments and pen tests and hopefully eliminate some of the confusion.

What is a Vulnerability Assessment?

Defined, a vulnerability assessment is the process of identifying and quantifying security vulnerabilities in an environment. It is an in-depth evaluation of your information security posture, indicating weaknesses as well as providing the appropriate mitigation procedures required to either eliminate those weaknesses or reduce them to an acceptable level of risk.

Vulnerability Assessments Follow These General Steps

1. Catalogue assets and resources in a system
2. Assign quantifiable value and importance to the resources
3. Identify the security vulnerabilities or potential threats to each resource
4. Mitigate or eliminate the most serious vulnerabilities for the most valuable resources

What is a Penetration Test?

A penetration test simulates the actions of an external and/or internal cyber attacker that aims to breach the information security of the organization. Using many tools and techniques, the penetration tester (ethical hacker) attempts to exploit critical systems and gain access to sensitive data.

Additional Penetration Testing Services and Types

Depending on the scope, a pen test can expand beyond the network to include social engineering attacks or physical security tests. Also, there are two primary types of pen tests: "white box", which uses vulnerability assessment and other pre-disclosed information, and "black box", which is performed with very little knowledge of the target systems and it is left to the tester to perform their own reconnaissance.

Penetration Testing Follow These General Steps

1. Determination of scope
2. Targeted information gathering or reconnaissance
3. Exploit attempts for access and escalation
4. Sensitive data collection testing
5. Clean up and final reporting

Which Information Security Service Is Best for My Organization?

Well, the answer to that question should be determined by your current security posture. Unless both leadership and technical personnel are very confident in their security posture and already have a vulnerability assessment process in place, most organizations will be much better served by having a third-party conduct a vulnerability assessment. This is because of the fundamental difference in approach between a vulnerability assessment and penetration test. A vulnerability assessment answers the question: "What are our weaknesses and how do we fix them?" Penetration testing simply answers the questions: "Can someone break-in and what can they attain?" A vulnerability assessment works to improve security posture and develop a more mature, integrated security program, whereas a pen test is only a snapshot of your security program's effectiveness. Because of its approach, a vulnerability assessment is going to yield much more value for most enterprises than a pen test.

With all of that to consider, most organizations should start with a vulnerability assessment, act on its results to the best of their abilities and then opt for a "white box" pen test if they are confident in their improved security posture. Once an organization has gone through these steps successfully, they should then consider having a "black box" penetration test performed by a different third-party vendor for due diligence. If you've completed these, chances are that your organization's security posture has improved dramatically.

But as with all things security, it doesn't end there. As processes within a Threat and Vulnerability Management program, both vulnerability assessments and pen tests need to be performed periodically to ensure continuous security posture improvement.


https://www.secureworks.com/blog/vulnerability-assessments-versus-penetration-tests

Seven Cyber Security Predictions

Cyber-attacks have become commonplace. In many ways, the only "news" is that they continue to grow in frequency and variety. When dealing with the day-to-day, it can be difficult to tally the mounting toll associated with this awful state of affairs—and even more challenging to predict what surprises lie ahead. Based on industry trends, legal framework changes, expert insights and technological evolution, Radware makes seven cyber security predictions.

Prediction #1

APDoS as SOP
Advanced persistent DoS (APDoS) will become hacktivists' preferred technique - and the cause of a significant portion of business outages. APDoS attacks involve massive DDoS attacks, from assaults on the network layer to focused application layer floods. Those attacks are followed by repeated SQLI and XSS attacks, which occur at varying intervals. Because APDoS is essentially a potpourri of attack types, they require diverse technology that protects both the network and application level to effectively mitigate.

Perpetrators of APDoS attacks will simultaneously use two to five attack vectors, involving up to several tens of millions of requests per second. All the while, large SYN floods attack not only the direct target but also the service provider as it implements managed DDoS mitigation. APDoS attacks can persist for weeks at a time - challenging the resources of even the most sophisticated security infrastructures.

APDoS attacks have become standard operating procedure for many hacktivist groups. Attackers in this scenario often switch tactically between several targets to create a diversion to evade defensive DDoS countermeasures while eventually directing the main thrust of the attack on a single victim.


Prediction #2

Continued Rise of RDoS
Ransomware and RansomDoS (RDoS) schemes will affect everything from traditional enterprises to cloud companies. It is reminiscent of the old joke: Why do robbers burglarize banks? Because that is where the money is! Cloud companies, beware; Radware predicts ISPs will experience significant RDoS attacks.


Prediction #3

Privacy as a Right (Not Just a Regulation)
Around the world, privacy's legal comeuppance is upon us. Some countries already recognize privacy as a human right and provide for constitutional covenants to protect its citizens. It's no longer a matter of whether or not data can be secured in pursuit of privacy, but rather if privacy is endemic to the human condition. If privacy is a human right, what must we do to protect it?

In the meantime, security professionals and businesses entrusted with data will bear the cost and responsibility of safeguarding it. Around the world, early adopters will lead the way, with this trend picking up toward the second half of 2016.


Prediction #4

More Laws Governing Sensitive Data
Many countries took notice when the US Government's PRISM program was revealed to the public. Contention exists regarding the handling and use of data and this has given rise throughout the world to special laws governing use, processing and domiciling of certain data. Some examples include the Canadian government's decree on processing sensitive Canadian data within Canada following U.S. passage of the Patriot Act. Other examples can be found in Brazil, Japan and China - and more will follow, further complicating the privacy and security officer's responsibility to technically secure data.


Prediction #5

Arrival of Permanent Denial-of-Service (PDoS) Attacks, Albeit Very Slowly
PDoS, also known loosely as phlashing, is an attack that damages a system so badly that replacement or reinstallation of hardware is required. By exploiting security flaws or misconfigurations, PDoS can destroy the firmware and/or basic functions of the system. It is a contrast to its well-known cousin, the DDoS attack, which overloads systems with requests meant to saturate resources through unintended usage.

PDoS can accomplish its damage via remote or physical administration on the management interfaces of the victim's hardware, such as routers, printers or other networking hardware. The attacker uses vulnerabilities to replace a device's basic software with a modified, corrupt or defective firmware image - a process that, when done legitimately, is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.


Prediction #6

Growing Encryption to and from Cloud Applications
A few years ago, effective technology to secure communication to and from cloud providers and user communities of companies simply did not exist. 2016 ushered in a great capability to encrypt this data en masse. It's a trend that's necessary but also wrought with folly and will ultimately prove a short-term solution to a larger problem.


Prediction #7

The Internet of Zombies
Security on Internet of Things (IoT) devices is abysmal-data will be breached at a higher rate than any other technical regime. Technical adoption is the paramount concern while security is an afterthought. These devices represent a cottage industry for privacy violators and 2016 highlighted the risks to this rich data source-transforming the Internet of Things into a dangerous Internet of Zombies.


https://security.radware.com/ddos-experts-insider/ddos-practices-guidelines/7-cyber-security-predictions/