This Week In Blockchain and CyberSecurity News - November 30, 2018

Amazon Adopting Blockchain Technology with Two New Products

Amazon gets busy with Blockchain tech as they announce two new services, Amazon Quantum Ledger Database (QLDB), and Amazon Managed Blockchain. Based on the same service that AWS teams have been using for years at scale, QLDB ledger technology was shown to meet numerous company requirements that arise every day. QLDB takes advantage of blockchain tech to produce a ledger database designed to provide a transparent, immutable, and cryptographically verifiable logs of transactions overseen by a central trusted authority. Amazon Managed Blockchain (AMB), which can operate with QLDB, is a service that allows for the rapid deployment and scaling of blockchain networks. Using Hyperledger Fabric and Ethereum, AMD makes it easy to create and manage scalable blockchain networks. This service will automatically scale depending on the needs of the specific applications. Amazon’s implementation of these two new products looks to be a big step forward in bringing blockchain tech to the masses.

Read more about Amazon's new products here

Nasdaq Pursues Bitcoin Futures

Despite cryptocurrencies dramatic plunge over the past year, Nasdaq Inc. is moving ahead with a plan to list bitcoin futures. Reportedly, Nasdaq has been eyeing bitcoin futures since last year but had to work with the Commodity Futures Trading Commission before launching the contracts. They hope to allow trading within the first quarter of 2019. The Nasdaq futures are told to be based on Bitcoins prices on numerous exchanges. It also seems like Nasdaq is not the only one implementing Bitcoin futures as the New York Stock Exchange owner, Intercontinental Exchange Inc., said they would launch their own contracts on Jan.24. Whether or not the bitcoin futures will have large effects on the price is not known yet, however, it is exciting to see crypto adoption by large companies.

Get more information here

Personal Data Of Over 57 Million U.S. Citizens Leaked

Thanks to another cloud misconfiguration error, the personal data of over 57 million US citizens information was exposed. Researchers discovered the ElasticSearch server (an open source search engine used for private networks) via a simple shodan search. The researchers stated the ElasticSearch server was leaking over 73GB of data, and that several databases were cached in the server’s memory. The Server was not password protected which ultimately allowed the researcher to find 56,934,021 records which contained personal information such as first name, last name, email address, home address, state, ZIP code, phone number, and IP address. To make things worse, the leaky ElasticSearch server contained a second cached database called “Yellow Pages”. The Yellow Pages held an additional 25,917,820 records containing names, company details, ZIP codes, carrier routes, latitude/longitude coordinates, census tracts, phone numbers, web addresses, email addresses, employees counts, revenue numbers, NAICS codes, SIC codes, and a few other fields. The idea of server administrators not setting up passwords for servers seems unimaginable, however as more incidents like this occur it is important to highlight the significance of having strong password protection.

Read more here

Critical Ethereum Gas Limit Vulnerability

A group of researchers unearthed a critical vulnerability in the Ethereum network which could have resulted with malicious users draining exchanges and minting their own GasTokens. The vulnerability primarily impacted exchanges that allow parties to withdraw ETH to various addresses without setting gas usage limits. In using this vulnerability, an attacker could force the exchange to pay increased transaction fees, thus draining its reserves. The attacker could also mint the GasToken for considerable profits by imposing a small amount of GasToken as a tax for “naïve users.” The researches have contacted numerous vulnerable exchanges and have advised them to implement reasonable gas limits on all transactions to defend against this vulnerability.

Read more on the vulnerability here

Bitcoin Cash ABC Update Exposes Potentially Catastrophic Vulnerability

The recent Bitcoin Cash ABC software update put its entire network at risk of 51-percent attacks from rogue miners. In the update, ABC developers introduced a special line to its code changing how the network enforces trust in transactions that are submitted for processing. Instead of using the classic Proof-Of-Work algorithm to validate blocks on the network, they introduced a heavily controversial  “checkpoint,” that miners can use to ensure they are on the most valid blockchain. In the checkpoint model, ABC uses every 10th block miner as an instrument for accuracy, if it is not valid, it will automatically be rejected. The vulnerability comes into play if an attacker controls more than 50 percent of the overall processing hashrate of the ABC blockchain. The attacker could then submit a set of 10 blocks to the network by reorganizing 9 “valid” blocks at the same exact time as the network finds the 10th block in that submitted sequence (“and thereby selecting it as an “honest checkpoint”). This can cause a chainsplit, allowing a malicious hard fork of ABC to occur. It is estimated that for as little as $27,000, attackers can control ABC with any normal cryptocurrency miner.

Read more about Bitcoin Cash’s update vulnerability here