Coinbase delisted Ethereum Classic (ETC) after detecting “a deep chain reorganization of Ethereum Classic blockchain.” Put another way, nearly $500,000 was spent twice. As pointed out by ZDNet, Bitfly confirmed there had been a successful 51 percent attack on ETC. Coinbase later updated the post, saying, “The total value of the double spends that we have observed thus far is 219,500 ETC (~$1.1M).”
Other cybersecurity news
Even bigger bounty payouts for zero-days that will be used by LEA
Zerodium upped its game when it comes to bounties for zero-day exploits. For example, you could become a millionaire by finding a remote code execution hole in WhatsApp, iMessage, or SMS/MMS. The payout for a remote iOS jailbreak that takes zero clicks also doubled, meaning you could make a $2 million.
All the bounty payouts jumped considerably, so happy big payday if your thing is discovering zero-days that will ultimately be used by law enforcement or three-letter agencies.
Announcement: We are increasing our bounties for almost every product.
We’re now paying $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp/iMessage/SMS/MMS RCEs, and $500,000 for Chrome RCEs.
More information at: https://t.co/0NBRnq4I4y pic.twitter.com/vXDyxC3Q4v
— Zerodium (@Zerodium) January 7, 2019
What you can’t write about WikiLeaks or Assange
On Sunday, WikiLeaks announced 140 “false and defamatory” things that journalists are not supposed to say about Julian Assange or WikiLeaks. WikiLeaks also tweeted a link to a version of those no-nos, but journalist Emma Best claimed it was not the same version that was sent to journalists.
Security tidbits and oddities
• Watch out for a new phone-based phishing scam that spoofs Apple Inc, warned Krebs on Security. Brian Krebs said it “is likely to fool quite a few people.”
• From the snicker-worthy department, the Chicago Police bragged about using “cutting edge technology to fight crime” to which Microsoft Program Manager Ned Pyle replied:
In the 007th District Officers are using cutting edge technology to fight crime. pic.twitter.com/4tsyTC12TJ
— Chicago Police (@Chicago_Police) January 7, 2019
The cutting edge of an operating system that will no longer be supported in 2020 because it’s at the end of its 10 year lifecycle.
Don’t argue with me on this, I helped make that OS
— Ned Pyle (@NerdPyle) January 7, 2019
• Never disregard good OPSEC:
#OPSEC Arrested German political hacker 0rbit apparently used a VPN & Tor & partial disk encryption (perhaps has now tried to physically destroy the PC) for GMX email password recovery => social media doxxing , but ignored the #STFU advice from @thegrugq by chatting via Telegram https://t.co/qcymVRy4AM
— Spy Blog 🇬🇧 (@spyblog) January 8, 2019
Haha. The German BTLeaks hacker got busted by Telegram having his real number? Hahaha
This was an issue I cited in my Telegram security guide, and it is hilarious that ppl tried to say it was outdated. The first principles of security don’t get outdated!
💥 Compartmentation 💥 https://t.co/W8Qo08BrhI
— the grugq (@thegrugq) January 8, 2019
— andreasgal (@andreasgal) January 7, 2019
• Yesterday, the National Counterintelligence and Security Center (NCSC) began sharing material that is supposed “to help U.S. industry guard against growing counterintelligence and security threats.”
• It may be Patch Tuesday, but please don’t fall too far behind when it comes to patching. US-CERT recently warned about critical vulnerabilities in Windows and Window Server, flaws that Microsoft patched in December. The advisory states, “A remote attacker could exploit these vulnerabilities to take control of an affected system.”
• The BBC reported that for the first time, Amazon is now the world’s most valuable listed company – stealing the numero uno position from Microsoft.
• The EFF said, “You should have the right to sue companies that violate your privacy.” A big AMEN to that.
• EPIC, the Electronic Privacy Information Center, pointed out that thousands of emails on surveillance programs were released by the National Archives.
• GitHub announced GitHub Free, which includes unlimited private repositories, and GitHub Enterprise, which “is the new unified product for Enterprise Cloud (formerly GitHub Business Cloud) and Enterprise Server (formerly GitHub Enterprise).”
• Netflix got in a little dig during the Golden Globes, tweeting:
shoutout to everyone who is watching commercials for the first time in several months
— Netflix US (@netflix) January 7, 2019