Securify: practical security analysis of smart contracts

Securify: practical security analysis of smart contracts Tsankov et al., CCS’18

Sometimes the perfect is the enemy of the good. When we’re talking about securing smart contracts, we need all the help we can get! Bugs can cost millions of dollars. Securify uses a set of expert heuristics (patterns) to help identify issues in smart contracts. It’s available at https://securify.ch, has analysed over 18K uploaded contracts, and is used by security auditors as part of their arsenal.

The increased adoption of smart contracts demands strong security guarantees. Unfortunately, it is challenging to create smart contracts that are free of security bugs. As a consequence, critical vulnerabilities in smart contracts are discovered and exploited every few months. In turn, these exploits have led to losses reaching millions worth of USD in the past few years…. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts.

Too right! We’ve examined some of the challenges involved in creating correct smart contracts in previous editions of The Morning Paper, as well as tools such as Zeus that help with verification.

It’s not a solvable problem in the general case (i.e., ‘perfect’ Continue reading

Large-scale network simulations in Kubernetes, Part 2 – Network topology orchestration

In the previous post I’ve demonstrated a special-purpose CNI plugin for network simulations inside kubernetes called meshnet. I’ve shown how relatively easy it is to build a simple 3-node topology spread across multiple kubernetes nodes. However, when it comes to real-life large-scale topology simulations, using meshnet “as is” becomes problematic due to the following reasons:

  1. Uploading topology information into etcd requires a lot of manual effort.
  2. Any customisation like startup configuration injection or exposure of internal ports is still a manual process.

That is why I built k8s-topo - an orchestrator for network simulations inside kubernetes. It automates a lot of these manual steps and provides a simple and user-friendly interface to create networks of any size and configuration.

k8s-topo overview

k8s-topo is a Python script that creates network topologies inside k8s based on a simple YAML file. It uses syntax similar to docker-topo with a few modifications to account for the specifics of kubernetes environment. For instance, the following file is all what’s required to create and configure a simple 3-node topology:

etcd_port: 32379
links:
  - endpoints: ["host-1:eth1:12.12.12.1/24", "host-2:eth1:12.12.12.2/24"]
  - endpoints: ["host-1:eth2:13.13.13.1/24", "host-3:eth1:13.13.13.3/24"]
  - endpoints: ["host-2:eth2:23.23. Continue reading

Customer Data Isn’t Always an Asset: Lessons from the Marriott Data Breach

As data analytics have improved, the massive amounts of data that companies acquire from their customers has only gained in economic value. In the corporate world of today, this data can be a real asset for companies. However, as today’s news, that the records of over 500 million guests of Marriott International’s Starwood division hotels were involved in a data breach, makes clear, corporate thinking about the value of customer data needs to be reevaluated.

Especially when it comes to corporate acquisitions, companies need to start treating customer data as a potential liability, as well as an asset.

In September 2016, Marriott International acquired Starwood for $13.6 billion. When Marriott International sought to buy the Starwood hotel chain, Starwood’s customer data, played a central role in their reasoning for the acquisition. Citing higher income and better brand loyalty among program members,  Arne Sorenson, the Marriott CEO, specifically referred to Starwood’s loyalty program as a “central, strategic rationale for the transaction.” Loyalty programs, in addition to attracting repeat customers, also “provide hotels with a wealth of information on their guests” which hotels can use to “create laser focused marketing campaigns for various different kinds of guests.”

While Continue reading

Weekend Reads 113018

You might not know the name, but you probably haven’t missed their work — highly targeted credit card skimming attacks, hitting Ticketmaster and British Airways, as well as consumer electronics giant Newegg and likely many more sites that have been silently hacked to scrape consumer credit card data at the checkout. —Zack Whittaker @Tech Crunch

Given this level of concentration, the notion of a “free and open” internet now seems almost quaint. Most information transmitted online today is sieved through a few large search engines, social media networks, and streaming video services. These firms may collectively be referred to as “edge companies”: they provide online content or services over a network, but they do not own the network themselves. —Travis Kavulla @American Affairs

Google is increasingly divided over supporting the news industry, either through direct funding, or with a set of initiatives directly aimed at improving publishers’ bottom line. —Frederic Filloux @Monday Note

To hear the moans on Wall Street, you’d think the end of the world is no longer coming—it has arrived. Successive waves of selling have pushed share prices down this year. To about where they were at the beginning of the year. Hardly a catastrophe for investors. Continue reading

IoT roundup: Retrofitting vehicle tracking, plus a new IoT standard

The Internet of Things has reached that fun phase in which everyone has started to figure out a wider array of meaningful use cases for the technology, but few of those uses are fully mature. From the industrial IoT and predictive maintenance to nebulous smart city tech the IoT’s hitting a new growth spurt, and one of the newest applications is headed to a highway near you.Or, actually, it’s coming to a really big parking lot somewhere near you. Fleet management is one of the long-promised applications of IoT tech that’s starting to take off lately, with announcements this month from companies like Silicon Labs and Cognosos, who rolled out a vehicle-tracking system for lot operators.To read this article in full, please click here

IoT roundup: Retrofitting vehicle tracking, plus a new IoT stadard

The Internet of Things has reached that fun phase in which everyone has started to figure out a wider array of meaningful use cases for the technology, but few of those uses are fully mature. From the industrial IoT and predictive maintenance to nebulous smart city tech the IoT’s hitting a new growth spurt, and one of the newest applications is headed to a highway near you.Or, actually, it’s coming to a really big parking lot somewhere near you. Fleet management is one of the long-promised applications of IoT tech that’s starting to take off lately, with announcements this month from companies like Silicon Labs and Cognosos, who rolled out a vehicle-tracking system for lot operators.To read this article in full, please click here

Stuff The Internet Says On Scalability For November 30th, 2018

Wake up! It's HighScalability time:

 

We all know the oliphant in the room this week (reinvent)

 

Do you like this sort of Stuff? Please support me on Patreon. I'd really appreciate it. Know anyone looking for a simple book explaining the cloud? Then please recommend my well reviewed (30 reviews on Amazon and 72 on Goodreads!) book: Explain the Cloud Like I'm 10. They'll love it and you'll be their hero forever.

 

  • 8: successful Mars landings; $250,000: proposed price for Facebook Graph API; 33: countries where mobile internet is faster than WiFi; 1000s: Facebook cache poisoning; 8.2 million: US Nintendo Switch sales; 40+%: Rust users feel productive; 15 terabytes: monthly measurements of third-party web transparency tracking data; $133.20: total music sales by Imogen Heap on blockchain; 8.3 million: concurrent Fortnite players; 6.2 Billion: fuel costs saved by smart car drivers; 80: salad bags assembled per minute by smart machines, 2x the output of a worker; 1/10th: power used by ebike compared to Nissan Leaf; 100,000: new micro industries; 40MW: solar plant floats on water; 20%: car crashes Continue reading

[Sponsored] Short Take – Anuta Networks

Anuta Networks joins Network Collective for a second time, again entrusting the message to those who use their products in the real world. In this Network Collective Short Take, Ryan Lynn of Trace3 joins us to talk about the general state of network orchestration and why Trace3 is excited about what Anuta’s ATOM provides to their customers.

Thank you to Anuta Networks for sponsoring today’s episode and supporting the content we’re creating here at Network Collective. If you would like to learn more about Anuta’s ATOM platform, you can head to https://anutanetworks.com/collective for lots of great information, white papers, case studies, and to try the ATOM platform out for yourself.

 

Ryan Lynn
Vice President of Emerging Architecture - Trace3
Jordan Martin
Host

The post [Sponsored] Short Take – Anuta Networks appeared first on Network Collective.

A Critical First Step for IoT Security in Senegal

As barriers to entry start to fall, the Internet of Things (IoT) industry could provide Africa with an opportunity to build a brighter economic future.

Several countries are already establishing tech hubs that could supply the infrastructure to fuel IoT, and while there is still a wide gap between the haves and have-nots of Internet access, with more than 60 per cent of Africa still offline, it’s easy to build a case for connectivity.

Mass urbanization is on the rise, and investing in the infrastructure needed to fuel future smart cities and connect more Africans to the opportunity the Internet offers is a logical step forward. But it’s also important that security is in place to support this promising new economy.

Unfortunately, many IoT devices are rushed to market with little thought for basic security and privacy protections. In a world with so many newly connected things, it’s hard for consumers to keep up – and to know if manufactures are protecting their privacy and security.

To address this, Senegal has taken a critical first step. They’ve signed a memorandum of understanding with the Internet Society to strengthen IoT security. Together, they will develop an IoT Security Framework for Senegal Continue reading

1 1,384 1,385 1,386 1,387 1,388 3,841