Bitcoin Wallets are Under Siege from the ‘Large Collider’ Attack. Luckily, There is an Easy Solution.

This should be a trivial problem for anyone who is properly managing his or her Bitcoins. A group called the “Large Bitcoin Collider” claims it can smash open bitcoin wallets by using a so-called brute force attack, which directs mass amounts of computer power at individual wallets in order to guess their private keys.

A “trophy list” on the home page of Collider (an apparent reference to the Hadron Collider) suggests the group has successfully opened over a dozen wallets, though only three had any Bitcoins in them.

You can read more in an article in the Fortune web site at http://fortune.com/2017/04/15/bitcoin-collider/ although that article appears to be written by someone who doesn’t know much about Bitcoins.

The ‘Large Collider’ Attack appears to only work on Bitcoin wallets that store their information online or in a cell phone or tablet computer. Indeed, there are dozens of such wallets for Android, Apple iOS, Windows, Macintosh, and Linux systems. Online wallets are very convenient to use and are apparently quite popular. However, only a Bitcoin novice will ever store a significant number of Bitcoins in an online or cellphone wallet.

Continue reading

The Latest Dump of Alleged NSA Tools puts Millions of Windows Computers at Risk

Thanks to The Shadow Brokers, any hacker can now easily attack and take over millions of Windows computers on the Internet. Actually, the risk has existed for years although probably only the NSA knew about the majority of these weaknesses in the Windows operating system. However, with the latest release of all the previously confidential information by The Shadow Brokers, everyone now has access to the same hacking tools.

The systems affected include Windows XP, Vista, Windows 7, and Windows 8 along with Windows Server versions NT, 2000, 2003, 2008 and up to 2012.

Microsoft says the company already has patched the majority of the exploits released by The Shadow Brokers. However, most of those “patches” require an upgrade to Windows 10. If you are using Windows XP, Vista, Windows 7, or Windows 8, that isn’t such a simple “fix.” If you are using aversion of Windows older than Windows 10, hackers all over the world the tools can easily break into your computer and into millions of other older Windows computers.

Some security experts are recommending that Windows users, even those running Windows 10, should power off their computers right now and disconnect them from the Internet. Permanently. “It’s not safe to run an internet facing Windows box right now,” said a hacker who used to work in the US Department of Defense.

Continue reading

The Environmental Protection Agency is Being Sued for Using Encrypted Messages

The conservative group Judicial Watch is suing the Environmental Protection Agency under the Freedom of Information Act, seeking to compel the EPA to hand over any employee communications sent via Signal, the encrypted messaging and calling app. In its public statement about the lawsuit, Judicial Watch points to reports that EPA staffers have used Signal to communicate secretly, in the face of an adversarial Trump administration.

But encryption and forensics experts say Judicial Watch may have picked a tough fight. Delete Signal’s texts, or the app itself, and virtually no trace of the conversation remains. “The messages are pretty much gone,” says Johns Hopkins crypotgrapher Matthew Green, who has closely followed the development of secure messaging tools. “You can’t prove something was there when there’s nothing there.”

Continue reading

VPN Downloads Spiked After Congress Rolled Back Privacy Rules

Last month, after Congress rolled back Obama-era FCC protections meant to stop Internet Service Providers (ISPs) from harvesting your private data without permission, consumers quickly hustled to find other ways to protect their privacy. New data reveals that many of those consumers turned to virtual private network (VPN) software, which effectively extends a protected network over a public network like the internet.

For consumers, the best line of defense is to install VPN software on their web-connected devices. And that’s exactly what’s happening: According to data from Google Trends and App Annie, interest in VPN apps spiked significantly in late March as the privacy protections were repealed.

Continue reading

WikiLeaks Reveals Grasshopper, the CIA’s Windows Hacking Tool

Are you reading this on a Windows computer? If so, you may be sharing the information with the CIA, even if you are outside the United States and even if you are using a VPN, Tor, or other encrypted connection.

WikiLeaks released new information concerning a CIA malware program called “Grasshopper,” that specifically targets Windows. The Grasshopper framework was (is?) allegedly used by the CIA to make custom malware payloads. According to the user guide: “Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating systems.” Grasshopper is designed to detect the OS and protection on any Windows computer on which it’s deployed, and it can escape detection by anti-malware software. If that was enough for you to put your computer in stasis, brace yourself for a doozy: Grasshopper reinstalls itself every 22 hours, even if you have Windows Update disabled.

Continue reading

How to Obtain True Online Private Web Browsing Despite Trump’s Recent Repeal of US Broadband Privacy Rules

I assume you do not want your Internet Service Provider (ISP) to snoop on your online activities and then to sell your web surfing information to commercial companies. Your data should be valuable, private, and most important, it’s yours. You should be the owner of your data and no one else, especially not a commercial company interested in selling your private data, should have access to your data.

Luckily, there are easy ways to block the snooping. I have already written about using a Virtual Private Network (see https://privacyblog.com/?s=vpn for my articles). However, that may require a bit more technical knowledge that may scare away computer novices.

A second solution is to use the Tor web browser and networking package. See https://www.torproject.org/ for details. Tor is a well-known and reliable privacy solution. However, Tor does slow your network connections significantly and does require a bit of technical knowledge to use it effectively.

Continue reading

Security Professionals Scoff at Trump’s Position on Privacy

Attendants of this year’s RSA Conference—an event drawing thousands of digital security professionals, cryptographers, engineers, as well as tech companies and intelligence agencies looking to recruit—expressed skepticism of President Trump’s commitment to privacy.

Details may be found in an article by Rebecca Jeschke And Rainey Reitman in the Electronic Freedom Foundation web site at: http://bit.ly/2oKOHkd.