Wednesday, February 13, 2019

Top 7 Cloud Security Threats You Need to be Ready for in 2019




As we approach the end of the second decade in the 21st century, more and more of our virtual world is moving to the cloud. Cloud computing has made possible what was once only dreamed of. With this revolutionary new way of storing and managing data has come countless advantages.

Companies can now have remote access to their most vital data. Teams no longer need to share the same physical space in order to collaborate. We now rely less on physical hardware, saving workspace and reducing the need for creating new computing devices that tend to become obsolete in a few years or less.

But with this increased convenience has come challenges as well. The greatest of those challenges has, without a doubt, been the new security concerns that cloud-based solutions have created.

The Cloud Security Alliance has noted that cloud servers are easily accessed while also being high-priority targets for hackers because of their tendency to contain veritable mountains of important and valuable information.


In other words, cloud providers are a hacker’s most whimsical wish – a honeypot of data just waiting to be plundered. Many people fail to consider this fact when contemplating the top cloud security threats this year. 

Fortunately, there are some simple ways to mitigate the threats that cloud-based systems and others face.

Begin by using two-factor authentication (2FA) such as security keys or 2FA apps. Use strong passwords and password managers. Use threat modeling apps, keep an eye on your security audits, and exercise due diligence when it comes to installing routine software upgrades and security patches. 

All of these little things combine to make a big difference.

Here are the top 7 cloud security threats you should be prepared for in 2019.

Data Breaches


The last few years have seen a slew of data breaches on a scale the world has never seen before. Some of these, such as the Cloudflare incident happened as a direct result of increased usage of cloud providers.

Using two-factor authentication such as an authenticator app or security key is a vital security measure that many people neglect to make use of. 

While it’s not a cure-all, it definitely makes compromising an account much more difficult. Instead of just obtaining a password, attackers have to go the extra mile to also compromise the second method of authentication, which is much more difficult to accomplish.

 
A security key is the most secure method of 2FA – the physical key creates a unique code for every log-in. Some security keys require you to push a button with every log-in, others do not.

Security keys are like small flash drives that have to be connected to your device in order to generate a unique code that allows you to log in securely. So the one drawback is that they can’t be used on mobile devices.

Another drawback of security keys is that they are supported by a limited number of services at the moment and require the Google Chrome browser (which is the worst browser available in terms of privacy). But you can still use a security key for your Facebook, Dropbox, and Gmail accounts.

A back-up method of 2FA, such as SMS text or an authenticator app can be set up as an alternative. This way, if you want to log in via mobile or you don’t have your key on hand, you’re not locked out of your accounts.

Authenticator apps are also very secure because they create a locally-stored, unique one-time code that is good for 30 seconds from its creation time. Having the code generated locally means you can retrieve it even if your phone is offline or in airplane mode.

 
While each code expires after 30 seconds, you don’t have to open the app and rush to enter the code before the next one appears or anything like that. This method of 2FA can seem foreign to someone who has never used it, but it’s no different than receiving a new text twice every minute.

Choose one of these methods over SMS text whenever you can. An SMS message can be intercepted before it reaches the server that sends it to you. An attacker can forward the message to their own phone, at which point they can log-in as long as they have cracked your password first.  

However, no approach is 100% perfect, and even if it does approach perfection it might not be the case tomorrow.

Credentials Being Compromised


A significant number of security threats can be avoided just by using secure passwords.
For best results, choose unique passwords with a minimum of 14 characters including lower-case and upper-case letters, numbers, and special characters. 

Remember that length is more important than complexity. This is due to the fact that using password cracking programs requires time. A password with eight characters might take a day or two to crack. A password with 14 characters or more might take years.

Never use the same password twice – if a single account becomes compromised, and you use that password elsewhere, you’re screwed. Secure password managers come in handy here.

 

Personally, I’m a fan of the Blur password manager. Blur allows you to create masked emails for new accounts and will automatically generate secure passwords for you. The paid version allows you to sync your data across multiple devices and browsers through the cloud. All you need is the Blur browser extension. Blur also has its own privacy-focused browser for mobile devices.

Of course, Blur suffered a breach of its own in late 2018. It’s exactly this kind of thing that prevented me from using password managers of any kind for quite some time.

You have to feel bad for them, it must be rather embarrassing for a cybersecurity-focused company to suffer a breach like that. Fortunately, the company claims that only encrypted passwords were stolen, meaning it’s unlikely that the hackers gained any actionable information.

In addition, put your most important passwords on a regular rotation schedule. If your passwords change constantly, they become a whole lot more difficult to compromise.

Direct Denial of Serivce (DDoS) Attacks


While DDoS attacks are nothing new, the widespread use of cloud providers has coincided with an increase in their use.
Cloud providers often have existing security protocols to prevent these kinds of attacks. Yet they still happen.
Keeping constant eyes on your security audits and sharing crucial information with administrators can help to mitigate this threat.

Hacked APIs and Interfaces


The majority of cloud apps and services utilize APIs for cross-cloud communications.
The Cloud Service Alliance recommends implementing threat modeling apps and performing thorough code reviews to harden your systems against this threat.

Lack of Due Diligence


This one applies not just to cloud services, but technology in general.

Failure to conduct routine maintenance such as software updates and security audits is one of the main reasons for major hacks.

It’s not about how hackers win – it’s about how those who get hacked lose.

Account Hijacking


This often happens as a result of phishing attempts.
Hackers have figured out that sometimes, they don’t even have to hack anything – simply using social engineering tactics can gain them account credentials. At that point, nothing else matters.


 
Phishing comes in many forms. Sometimes it can be as simple as tricking an individual into sending an unknown party some information. All an attacker needs to do is spoof their email and speak with authority in order to get someone to send the requisite info.

Other times it may mean getting someone to click a link, download a file, or visit a malicious website that appears to be legitimate. All of these methods have been used in the past and seem to be increasing in number and severity.

Educating employees about how to spot and avoid phishing tactics is an investment every company ought to make. Simply being aware of the potential for phishing emails and phone calls greatly reduces the chances of such attacks being successful.  

Malicious Insiders


This may be a somewhat less common threat, but when it happens, it can be devastating.
A malicious insider is like a spy – they can roam about your data undetected and steal it from right under your nose.


Even the National Security Agency (NSA) – a government agency tasked with cybersecurity matters – saw a major leak of confidential documents in 2013 due to an insider threat. For months, a certain someone was snooping around opening classified documents and no one had any idea this was happening.

A way to avoid this is to set up adequate detection methods that alert you to the presence of someone poking around in your system. Simply using canary tokens will give you better detection than most companies today.

Canary tokens are files that alert you when opened. They look and act just like regular word documents, images, PDF files, or other file formats. But what an attacker doesn’t know is that the moment he or she opens that file, an alert will be sent to your email inbox.

Of course, it’s preferable to make those files inaccessible in the first place. But in the event of a breach or an insider threat, knowing what has just happened allows you to mitigate further damage and take measures to better protect yourself in the future.

Top 7 Cloud Security Threats You'll Possibly Combat This 2019 Reviewed

While these may be the top 7 cloud security threats you’ll possibly combat this 2018, this is by no means a complete list. It does, however, give you a good idea of the types of vulnerabilities inherent in cloud-based systems.

When it comes to preventing these threats, remember the little things – complex, unique passwords, multifactor authentication, network isolation, regular backups and software updates, and so on.

A large proportion of major breaches don’t occur as a result of some super sophisticated hacking method – rather, they happen because someone failed to take simple measures to protect their systems.

This often takes the form of an individual falling victim to a phishing attack, someone using a password like “p@ssw0rd,” or failing to install routine software updates that include the latest security fixes.   

Make sure that doesn’t happen to you by remembering the top 7 cloud security threats you’ll possibly combat in 2019.

Tuesday, January 8, 2019

3 Reasons to Use a Crypto Social Network




 Blockchain-based social media platforms will overtake all other forms of social media in the future.


This concept applies to all sorts of things. You can replace the words “social media platforms” with whatever blockchain tech-based concept you like, and the statement will probably be true. The reasons are simple.

The blockchain is decentralized. There is no central overseer or oligarch. The advantages of this kind of system are so numerous that no one will ever be able to articulate all of them. Many of them still have yet to be discovered.

The data is distributed equally with no prejudices. The unalterable construction of content within the blockchain cannot be changed, controlled, modified, erased, or otherwise tampered with in any way, shape, or form.

This, in part, is why blockchain-based social media platforms allow for an as-yet-unheard-of degree of editorial freedom and come with a substantial degree of built-in censorship resistance.

 Some of the reasons why blockchain-based social media platforms are better than traditional networks are:
  •  Crypto social networks reward users for sharing content
  • They are more fun to use
  • They provide greater privacy and security and disallow the misuse of data.




Let’s look at why crypto social networks will abolish the existing social media regime.

Reason #1 – Blockchain-Based Social Media Platforms Reward Users for Sharing Content




This one is self-explanatory. Who wants to waste time building a database of personal information on a social media site?

Apparently, billions do, given that’s what’s happening right now.

Maybe that wasn’t the right question to ask. But think about it this way.

 Once people figure out that they can choose to either create content on an old social network so that someone else can get paid for it, or create the same content on a crypto social network and have a chance to get paid for it themselves, what do you think they will do?

Stay on the same old dinosaur social networks?

Or migrate to a new crypto social network?

Steemit.com and Minds.com both pay users for their activity on the platform. Posters can earn crypto tokens according to their interaction with the broader community as well as the activity their own content generates.

While Minds and Steemit use different reward methods and structures, the basic concept is the same. It’s a safe bet that future platforms will adopt similar features.


 It’s even more certain that as people learn about and grow accustomed to these new types of platforms, they will disengage from traditional social media and begin spending all of their online time engaging with sites that reward them.




Reason #2 – Crypto Social Networks are More Fun and Less Trolled

 It’s just more fun interacting with a crypto social network than the dinosaur blogging and social media platforms. Part of this has to do with the fact that the communities are more engaging and less trolling.

For the time being, there are far fewer trolls on Minds and Steemit than elsewhere on social media.

 Of course, you’re bound to run into one here and there. And while there aren’t as many troll bots, there are legions of content bots who post constantly in an attempt to generate income.

Many people criticize these platforms because of this, but hey, that’s how a free market works.



crypto social network
I remember one of my first comments on Minds was a response to someone who quoted an Onion piece about Edward Snowden talking about bitcoin in 2014. The post suggested the comments were serious and not satirical. I pointed this out and got trolled.

 The difference was that it was only one troll, and he or she made a feeble attempt at changing the subject before it was dropped. The account has since been banned.

 If that happened on Twitter, for example, that troll might have had a veritable army of fellow trolls following it.

Reason #3 – Crypto Social Networks Allow for Greater Privacy and Anonymity

 Recently, there has been an uproar about big data being misused on some major social media networks (not naming names). This shouldn’t be surprising, considering that’s how they make their money – data collection.

There is no such need, incentive, or ability in a crypto social network.
For starters, Minds and Steemit don’t require you to fill out all your personal information. All you need is an email address. The same holds true for any other crypto social network.

That’s the most obvious way they allow for greater privacy. You can stay 100% anonymous if you so choose.

Due to the nature of the blockchain, no editorial team or censorship police force can exist. Instead, it’s up to users to flag inappropriate content.

This creates the perfect environment for users and groups that have been censored elsewhere. Free speech thrives on networks like Steemit and Minds.

On these networks, each user is in full control of their content, data, and monetization. There is no need for centralized control.

Decentralization also lends itself to better privacy practices.

Privacy Concerns Not Present on These Decentralized Social Media Platforms


Much has been made of recent invasions of privacy and data mining by the largest social media networks today.



While it’s no secret that these companies have been in the business of bulk data collection for the entirety of their existence, public outrage seems to have been growing in response to a broader awareness of this fact. This is yet another factor that will drive people to rewards-based social media and blogging platforms.

Minds and Steemit do not have data-collection or advertising revenue streams. They are decentralized. There is no central authority that could possibly benefit from the harvesting of data or the distribution of ads.

All power lies in the hands of the people who use the platform. They are both its citizens and its governance structure. Outside of automated moderation for inappropriate content, no form of censorship can be implemented, either.

People Prefer Private Platforms and Value Free Speech


In this age of bulk data collection and mass surveillance, free speech and privacy have become more important than ever. The two are inextricably linked. Without an expectation of privacy, there cannot be truly free speech, as being monitored opens you up to scrutiny, exposure, and censorship.



Cultures the world over appreciate and value the right to free speech. While the same cannot exactly be said of privacy concerns, everyone wants monetary success. The combination of principles and payment will create a new dimension of online activity.

The Future of Crypto Social Media Lies Within the Blockchain

At some point, everyone will realize all of this and migrate to the newer and better crypto social networks.

There has already been a great shift away from traditional social media and toward decentralized social media. As HackerNoon reported in April of 2018,
While most digital ledgers and blockchain-based platforms still have problems scaling as more users jump on board, it seems the number of blockchain-based social media startups is increasing both in number and in usership.
– HackerNoon


The only real obstacles right now are user-friendliness and general awareness. Most people don’t even know that anything like a crypto social network exists yet.

And some of those who do might shy away from them due to their interface and how formatting works. This is truer for Steemit than for Minds. Then again, Steemit is not all that different from Reddit, and Reddit is quite popular.

All things considered, crypto social networks pwn all other social media. That’s right, PWN! (If you don’t know, pwned is video-game slang for utterly defeated – the term has its origins in a misspelling of the word “owned”).



crypto social network
What do you think? Are you interested in using a crypto social network? Do you believe such networks support freedom of speech?

Leave your thoughts in a comment below.

Wednesday, January 2, 2019

Announcement: Avesta Renaissance – Moving From CryptoNote to an Enterprise Grade Blockchain Based Financial Solution Derived from Ethereum

Announcement: Avesta Renaissance – Moving From CryptoNote to an Enterprise Grade Blockchain Based Financial Solution Derived from Ethereum


Avesta will soon move from the CryptoNote protocol to an enterprise-grade solution based on the Ethereum protocol.

Why Are We Migrating?


Avesta is committed to bringing our users the highest-quality cutting-edge technologies. To this end, we invested in a new research and development project several months ago. The purpose of this project was to investigate the potential use of a new enterprise-grade financial solution powered by the Ethereum blockchain.


The results have been a success. The Avesta blockchain will soon become even more stable, flexible and optimized. In the weeks to come, more details will be provided.

Why the Change From CryptoNote to Ethereum?


CryptoNote is an application-level protocol used by many privacy-focused cryptocurrencies. Bytecoin (BCN) and Monero (XMR), for example, use CryptoNote. This protocol works just fine so long as a relatively small number of transactions are involved. And until recently, AVE fell into this category.


For Avesta to reach its full potential, however, something more was required.


Because Avesta intends to bring the promise of cryptocurrency transactions to average users and the unbanked, the AVE blockchain needs a solution that will be able to function on an industrial scale. Point-of-sale transactions require large amounts of bandwidth – something that would not be possible with CryptoNote.

How Will User Wallets Be Affected?


In the long run, users won’t note any real change in how their wallets work on the front end. Everything will appear as seamless and easy as usual.


The migration process will take an estimated five days.


During this time, the Avesta blockchain will be offline. This means that mining AVE tokens will not be possible. Avesta wallets will also be non-functional during this time. After the migration is complete, you can use your wallet again.

New Year, New Protocol


In short, the change from CryptoNote to Ethereum promises to be positive for everyone involved.

Avesta will maintain its privacy features while also being able to scale to the extent necessary to bring crypto to the masses. From a user perspective, nothing will change, but everything will be better.

Thursday, December 13, 2018

Avesta Announces Early Launch of its Exchange Platform

The Avesta exchange opens before the end of this year and the final version will be fully operational before the end of February 2019.

Each phase of the launch incorporates the features of the previous phase while adding new functionality as well.

Exchange Roadmap

December 31: version Andromeda (Open Beta)

Andromeda Beta


  • Email Login
  • 2 Factor Authentication
  • Fixed Trading Panel
  • Single Order Type (Market Order) with Simple trading
  • User Dashboard with infoboxes
  • Funds Management (Deposit, Withdraw)
  • User Orders, Trading History, Order Table
  • User Profile and settings
  • Support tickets
  • Basic Security layer
  • Email Notification
January 31: Version Andromeda Launch (Open Beta for Cygnus Version)

Andromeda Launch


Open Beta for Cygnus Version

  • Log in with Email and Social Media
  • Multiple Order Type (Market Order, Stop Limit, Limit) with simple trading
  • User Dashboard with basic analytics
  • Dispute Management
  • Email and SMS Notification
February 15, 2019: Launch Version Cygnus (Open Beta Version Pegasus)

Cygnus Launch


Open Beta for Pegasus Version

  • Google Authenticator
  • Arbitration
  • Advance Security Layer
  • Cold Wallet integration
  • KYC (API)
  • News Management
  • Live Chat Support
  • Email, SMS and Push Notifications
  • Liquidity Provider integration (Any one)
February 28: Launch Version Pegasus

Pegasus Launch


We have moved the exchange launch dates up in order to give users a chance to experience the next generation of crypto exchanges even sooner than planned.

Why Choose the Avesta Exchange?

The Avesta exchange will offer trading in many of the most popular cryptocurrency pairs. Further details will be released soon, so be on the lookout.

The exchange will come complete with top-notch security, advanced order types, and deep liquidity.

Wallets

The exchange will offer hot wallets, cold storage wallets, and multi-signature cold storage wallets for various levels of security and convenience.

Two-factor authentication via Google Authenticator and notifications via SMS and email will be available to help secure user wallets. It’s recommended that users create random, unique passwords at least 14 characters in length and use two-factor authentication for their wallets.
E

Superior Security

You’ve seen the headlines. Another exchange got hacked. During the years of 2012 – 2016, at least 22 crypto exchanges got hacked. And that’s not to mention the several high-profile hacks that have occurred in the several years since.

Many of these hacks were inside jobs. In other words, employees of the exchange stole the funds of their users. Avesta employees won’t have access to user data. Our third-party security provider will be audited regularly to ensure the integrity of all user wallets.

The Avesta exchange will be secured by Civic, a renowned name in data security.

Civic has been featured in publications such as Fortune, Forbes, Bitcoin Magazine, Coindesk, and many more. With the Civic secure identity ecosystem, all user data will be kept under lock and key at all times.
E

Advanced Order Types

In addition to the standard stop-loss and limit orders, Avesta will provide in-depth information on both a technical and fundamental level. This market data can help traders make better decisions.

The exchange offers a comprehensive suite of tools that allow traders to make technical drawings and prediction calculations. In addition, traders can integrate social media feeds, live news events, and an array of other analysis tools into a single trading page.
E

Liquidity

In a new asset class with limited capital like cryptocurrency, liquidity is of paramount importance. It’s hard to trade without your orders being filled.

With a fast and secure payment gateway, all bank transfers and credit cards will clear quickly, ensuring a full order book. Whether you’re a whale or a newbie, you can count on sufficient liquidity to execute your trades.
E

Transparent Low Fees

The exchange will come with small fees of only 0.15% for both takers and makers.

By comparison, the majority of crypto exchanges available today charge upwards of 0.25%.
All fees are transparent with no fine print. No hidden costs. No unexpected charges.

The Avesta Exchange Provides Everything Needed for Successful Trading

On top of all this, Avesta will provide fast customer support for all user inquiries. No more waiting for weeks to get a support ticket answered. Live chat support becomes available with the launch of version Cygnus.

With low fees, high liquidity, advanced trading resources, and resilient security, the Avesta exchange aims to give the highest quality digital assets trading experience to new and experienced traders alike.