Blockchain 2018 – Disrupting Legacy Industries

Blockchain 2018 – Disrupting Legacy Industries

Transferring value, funds, or money, we are usually forced to rely on “old-fashioned”, centralized financial establishments like traditional banks.

Online payment systems such as PayPal, still require integration with a bank.

You need a bank account or credit card to be able to use these services, thus a big percentage of the developing world is still considered unbanked even though they are widely using services over the internet.

With blockchain technology, beginning with the notoriety of Bitcoin, offers a disruptive possibility of being able to eliminate the “middle man”, also known as disintermediation.

Disintermediation, by definition, is the reduction in the use of intermediaries between producers and consumers, for example by investing directly in the securities market rather than through a bank.

Blockchain technology does this by fulfilling three important roles – recording transactions, establishing identity, and establishing contracts – something usually done by the banks or financial services’ providers.

Blockchain technology may allow peer-to-peer trading of energy or ride sharing such as commuters may be capable to directly hire car services via a mobile application.

In Germany, blockchain is being used to enable electric vehicle charging where hundreds of charging stations “charge” by using the Ethereum Smart Contract.

With blockchain, the potential to disrupt legacy industries is limited only by the human imagination.


Recording transactions

Blockchain is a public record of transactions, and it’s also a distributed database.

Instead of just one person or organization controlling everything, there are thousands of computers globally connected to a network, thus it’s this network which is required for an agreement on which transactions are valid.

Whenever someone makes a transaction, it is broadcast to the network, and the network runs complex algorithms to determine if the transactions are valid, only then are they added it to the record of transactions, linking it to the previous transaction, a growing list of sequential records, called blocks.

Each block is date and time stamped to link to a previous block, this chain of linked transactions is known as the blockchain.

Since the transactions all reference the one before them, one can figure out which ones came first, thus eliminating which is the correct sequence.

One can think of the blockchain as a very long “spreadsheet” you have a copy of the spreadsheet and your friend “John Smith” has another copy.


Establishing identity

Since all the activities or transactions are recorded in a “block chain” of data, it’s easier to establish identity by incorporating the details of a person in the recorded transaction.

Imagine a digital medical record: each entry is a block.

It has a timestamp, the date when the record was created, and by design, that entry cannot be changed retroactively, because we want the record of diagnosis, treatment, etc. to be clear and unmodified.

Only the physician, that has one private key, and the patient, who has the other, can access the information.

Only then is information shared when one of those users shares their private key with a third party: a hospital, clinic, specialist, or potentially- a clinical trial.

This establishes identify for that patient, and with this technology the patient continues to own their personal information and they can access it anytime without going through a “middle man” thus maintaining complete control over the records.

This security is built into a blockchain system through the distributed timestamping server and peer-to-peer network, and the result is a database that is managed autonomously in a decentralized way.


Establishing Contracts

A unit of a value (like a bitcoin), blockchain can be used to store any kind of digital information, including computer code.

That snippet of code could be programmed to execute whenever certain parties enter their keys, thereby agreeing to a contract-these are known as “smart contracts,” and the possibilities for their use are endless.

For example, it might be put to use in the regulation of intellectual property, controlling how many times a user can access, share, or copy something.

While the potential uses for blockchain are vast, the technology is not yet perfect. It requires more experimentation by businesses and governments before scale these solutions are widely accepted.


How blockchain may impact education

Imagine a digital native student receiving a customized learning experience from a dozen institutions located around the globe. The student enrolls in their primary University and is assigned a knowledge facilitator, who works with the student enabling and assisting in desired outcomes. The student might enroll in a primary University in Brussels and register to take a machine learning course from a University in the US or the UK.

This potentiality of next-generation faculty may create a context in which students from around the world can participate via online discussions, forums, and wikis to discover, learn, and produce knowledge as a community of learners who are engaged directly in addressing some of the world’s most complex issues.

Blockchain will be the underlying technology that allows this integration of learning, and records from different institutions for each subject and each module completed, steadily building an individual student’s list of academic accomplishments.



Cryptocurrencies like Bitcoin have serious supporters, and detractors too, not just those who got into them early.

Currency may be considered as the storage of money as such it can be exchanged, whereas Crypto implies secret.

When someone uses their credit card, which is usually electronic, everyone – the buyer, seller and third-party processor – knows everybody else.

The difference is that Bitcoin uses the blockchain technology, which may make it less expensive and easier to do the transaction-bitcoin and with the other 1,658 cryptocurrencies as of March 16, 2018.

It may be crypto, but it is not currency-our Euros, Dollars, Yen, etc., can be exchanged for goods and services-cryptos however, are not readily exchangeable universally.

In summary, and until that changes, cryptos are deemed by some as a speculative investment that may or may not make a profit.

Perhaps some of the “excitement” of the cryptos comes from knowing crypto wealth might be part of the nearly $1 billion stolen by computer hackers in 2018.

Welcoming 2015: New Year, New Security Threads

Welcoming 2015: New Year, New Security Threads

In December, 2014 Sony was attacked, according to the FBI, by North Korea, and possibly an “insider” and was threatened by the cyber attackers who requested them not to release a movie, pay ransom, or the hackers would post damaging private Sony data.

This incident showed that no matter how secure we may think that we are, unfortunately, an incident such as this demonstrates, that cyber security, is not an option, it’s an enterprise attitude, and if not implemented, can be so devastating-it is estimated that 100TB of Sony data was exfiltrated, including sensitive medical files on employees, their families and children.

Sony’s reported revenues in 2014 showed an approximately $1.26 billion net loss, and $1.21 loss per share, had only 11 people working in cyber security.

This should be a wakeup call for all!

Moreover, the risk of many attack vectors for cyber-attacks may put a company’s reputation in danger and worst of all, lose credibility, loyalty, and tarnish their brand.

The news about the Sony breach, closed 2014 and left many with a higher awareness with the fact that we need to give more attention and devote more resources to cyber security, and the predictions are that this massive breach, and subsequent breaches will only worsen in 2015.

Some experts predict that in 2015, there will be more attacks on online payment systems, among other potential targets.

 “We expect to see cyber criminals focus more on new payment systems as they are adopted and the potential for criminal financial gain thus increases. This will be in the shape of attacks against banks/virtual currency operators, the end users and their devices, and everything in-between. In fact, we already have some examples of malware stealing virtual wallets from users’ devices, and very high-profile incidents of banks themselves being infiltrated,” said Patrick Nielsen, a senior security research at Kapersky Lab.

Another trend is that is Malware is spreading at alarming rates, it is predicted that malware will be harder to detect and remediate.

It’s time we stopped thinking about malware as a nuisance that has to be kept out of our systems  and networks, and  recognize what it actually is – big business.

Most business want to grow stronger and increase their earnings, malware developers will continue to create  products that will be sneakier, with far more stealth, one step ahead of law enforcement,  and harder to detect, for their financial gain.

Businesses, large and small, need to know where their critical information is at all times and who is accessing it.

Flagging content and communication before it leaves the office is a good start, but it is not enough and due to the tactics used in recent cyber-attacks, it is crucial to build a strong infrastructures to protect company data.


To subscribe to our UFI News Letter-click here!

Financial Services Are Still The Most Targeted Victim

Financial Services Are Still The Most Targeted Victim

Are you sure that bank is a secure place to safe your money? Think twice! Our money in the bank is changed to numbers that is written on the paper. It is technically digitally printed, instead of physical money. The bad news is, when digital criminals screw up the number, then boom! We lose our money.

What even worse is, based on IBM report index, finance and insurance are still the number one industry that potentially being attacked by the hackers. As expected, the most favorite thing is still credit card identity stolen, with United States as the number one market of this type of criminality as the target. The probable reason is that American use credit card a lot for daily transaction.

Knowing this fact, it is important for every bank to check their system on regular basis. Financial institutions must meet regulatory requirements, and this is frequently the driver for contracting a penetration test. Penetration testing should identify vulnerabilities that arise from improper configuration and patch management processes.  This is not an indictment that corporations cannot manage their infrastructure, but a testament to the reality that attackers only need to be right one time to exploit a vulnerability, whereas the IT organization needs to be right 100% percent of the time when managing vulnerabilities.  Penetration testing is a tool in the vulnerability management arsenal that helps bridge the gap between human fallibility and the need to be right 100% percent of the time.

Banking has to take care of their web based application and their internal banking application. Web-based applications should be coded using secure coding practices and should be tested using automated  code scanners that can identify vulnerabilities.  There are a number of vendors that provide automated web -application testing suites, as characterized by the growing maturity and functionality of tools in this space.   Also, to compliment the efficiency of automated scanners, manual code review of high risk Web based banking applications is a necessity.   Automated scanners should be used to test code in the development phase. Internal banking applications can be compromised in the same fashion as Web -base banking applications.  Secure coding practices, application testing and t he use of strong authentication mechanisms are methods to minimize the risk of running internal banking applications.  In this case we also have to consider enforcing segregation of duties as a vital control necessary to protect the financial institution.

Testing is costly, so companies may perform a thorough penetration test once a year and then rotate between other firms for the remaining quarters of the year. This allows the hiring financial institution to compare results between vendors, and to confirm previous results by doing a retest to ensure that new faults have not been introduced or uncovered as a result of changes to the environment.   All penetration testing artifacts should be stored securely and encrypted, including hard -copies that should b e shredded after a period of time.  Hard copies are helpful when making comparisons from quarter to quarter  when regression testing is done.

Home Isn’t Safe Anymore

Home Isn’t Safe Anymore

House that knows what to do to serve us, gets dinner ready by the time we arrive home, or turns on the light when it is too dark – which is known as smart house – has become a forever dream for many people. With the current development of IoT (Internet of Things), it is not impossible anymore to have all of our devices connected and monitor our house from distance. At the moment, there are smart devices that are available in the market already, such as smart washing machines, smart TV, smart LED, or a garden sprinkler control.

As everything else in the world, these sophisticated devices come with some holes, which is privacy and security concerns. Since its development, many security firm, experts, and researchers studied the effect of privacy and security of these devices.

As reported by HP experiment and research, one of biggest concerns was that most devices did not require consumers to use hard-to-hack log-ins. usually, password used are the standard combination, such as pass123. Moreover, a lack of encryption – the digital scrambling of data to make it unreadable without a special key – was also flagged as a worry. As these personal devices require log-in, it will also store our personal data, such as name, birth, health details, email, phone, and even financial information. Even more, it becomes a higher concern when it is stored in the cloud. Once hackers have the access to these devices, all our information will leak. In addition, with many devices transmitting this information unencrypted on the home network, users are one network misconfiguration away from exposing this data to the world via wireless networks.

Few times ago, BBC conducted an experiment of smart house with seven computer security experts involved to find out how easy it is to hack a smart house. The answer was not surprising: it was easy for all of them. The vulnerabilities in the device emerged from the very basic web server software it used to post images online. That insecure software is currently being used by more than five million gadgets that are also already online.

The work that Microsoft and other PC software vendors were doing to make a better security was already making dedicated cyber criminals look elsewhere for targets. This explained the rise in ransom-ware, technical support scams and attacks on computers at checkout points in shops.

The “ridiculously easy” way it was possible to subvert many smart gadgets was likely to make them a candidate for attack in the near future. There had already been examples of attackers looking to subvert domestic hardware in a bid to grab online banking data.

So, the question is, when it comes to smart house, are you sure that your home is safe and secured? Looks like home is not a secured place anymore!

How Company Deals with Data Breach

How Company Deals with Data Breach

Data breaching incidents are the inevitable. We need to prepare two actions: the prevention,and the solution to solve the incident.

With many digital crimes happening maybe it is good to take some cases as our learning point and references:

  • Trip Advisor’s Viator

Card payment and account details were stolen and risked 1.4 million of Viator customers of being exposed. The data breach was discovered in the bookings made through Viator’s websites and mobile offerings that could potentially affect payment card data. According to Viator, debit card PIN and CVV numbers were not included on the breaching.

After  knowing this data breach, Viator hired forensic experts, notified law enforcement and have been working diligently and comprehensively to investigate the incident, identify how the systems may have been impacted, and secure the systems. At the same time, Viator warned the customers to monitor their personal credit card transaction, in order to notice suspicious transaction.

  • Albertson’sand SuperValu

Two nationwide supermarkets in the U.S confirmed that digital criminal had stolen their customers’ data and identification, especially credit card details. It is suspected that the data breach issues came from the hacked POS.

To mitigate the effects of this data breach, Third-party data forensics experts were supporting an ongoing investigation and Albertson’s and SuperValu stated that they have taken immediate state to secure their system, so customers would be able to use their credit card as payment safely again in every stores.

  • Heist

One of the biggest online games announced that they were attacked by hackers and compromised users’ credentials, including passwords, names, registration details, and personal details.  It is estimated that the hackers have used a hack tool dubbed “extractor” that would log into user accounts and steal the information.

Although this attack has been confirmed, there is no formal announcement yet on how to handle this issue.

  • Spotify

Spotify, the largest commercial music streaming service has been hacked and confirmed that there was an external intruder broke to the system and gained unauthorized data. It is stated that only users’ data has been accessed but financial details was secured.

In order to minimize the impact of this data breach, Spotify released the updated version of its application in Android and requested its users to change their passwords.

It is true that the number of data breach case keeps increasing each year. Let’s re-check our system and be ready for all digital / cyber threads that may intrude our company.

Cyber security: Business or Technical Issues?

Cyber security: Business or Technical Issues?

Despite all of the digital criminality that keeps growing for the last few years, cyber security has not become the focused of most executives, until an incident happened inside the company. Then it is damage-control mode, as the company deals with stolen customer data, disclosure of confidential information, or many other worse conditions. This reactive approach is all too common, even though the real question is not if there will be incident but when this cyber incident will happen in the company.

It is time for companies to put cyber security matters into a serious consideration. In the corporate world, the raising question is whether cyber security is considered as a purely technical matter, or whether business understands that it is the lynchpin for safeguarding the most precious assets—intellectual property, customer information, financial data, employee records, and much more. Based on the survey conducted by PwC, CIO, and CSO, the answer would depend on whom you ask. 72% of executives were reported being very confident or somewhat confident that their organization’s information security activities were effective. However, when they were asked about the real action the company has taken, it was only 43% who described themselves as ready with cyber attacks.

One of the main issues with addressing cyber security problem is that executives do not always agree in the objectives and goals of the company. Usually, executives have different ideas of what the problem with cyber security. “CEOs agreed that lack of capital funding was the problem, but CFOs indicated a lack of leadership from the CEO was the reason. Meanwhile, CIOs and security executives pointed to a lack of actionable vision or understanding within the organization.”, as stated by PwC.

As business moves to digital world, criminality does the same. It is crucial for companies to realize how important it is to be aware of thread, not only with the existing one, but also with the new type of threads. As we all may aware of, the oldest thread is nuisance hacking, in which there is little material impact to the company. A classic example is hackers defacing the company’s website. More serious and widespread is the second wave, which is hacking for financial gain, such as credit card credentials stolen. Unfortunately, this second type of hacking now goes far beyond blindly stealing customer credit card information or employee passwords. For example, hackers might target a company’s financial function in order to obtain its earnings report before it is publicly released. With such advance knowledge, they can profit by acquiring or dumping stock. Last type of hacking is the hacktivism, where hackers try to obtain sensitive information and disclose it to the public for their own interest.

With all the existing threads, company starts to get confused where to start in fighting cyber security. It is wise to start realizing that information and cyber security is not only technical aspects of the company; but also part of the core business. The point is not having CTO or CIO but it is also important that technology and cyber security issues become part of consideration in every business decision. Each department has to embrace the function of technology that can speed up their business process, for example, how secure payment transaction will speed-up monthly payroll.