Wednesday, 18 January 2012

New Facebook attack targets e-cash users

Security firm says variant of Carberp Trojan aimed at tricking Facebook users into handing over Ukash electronic payments

By , Network World
January 18, 2012 10:21 AM ET
Security firm Trusteer Wednesday said it's identified a new browser-based malware attack against Facebook users that's aimed at stealing money through e-cash payment system Ukash.
Amit Klein, CTO at Trusteer, says this new variant on the Carberp Trojan tries to steal money by tricking victims into divulging payment information for the Ukash electronic voucher payment system.
According to Trusteer, the Carberp botnet malware works by replacing any Facebook page the user navigates to with a fake page that then tells the victim that the Facebook account is "temporarily locked," asking for personal information, such as name, e-mail, date of birth, password and a Ukash 20 Euro (about $25) voucher number to "confirm verification" of their identity and unlock the account.
This fake Facebook page then claims the cash voucher will be "added to the user's main Facebook account balance." This scam, says Klein, is the first spotted so far related to Facebook and the Ukash payment system, and Facebook users should recognize it and be wary if they see it.
"You should always be suspicious of odd or unconventional requests," Klein says.
Read more about security in Network World's Security section.
Posted by at No comments:

Bitcoin's comeback: should Western Union be afraid?

By  Published 27 days ago


Bitcoin's comeback: should Western Union be afraid?







The last time we wrote about Bitcoin, in October, the currency's future looked grim. A series of security incidents had created an avalanche of bad press, which in turn undermined public confidence in the currency. Its value fell by more than 90 percent against the dollar.
We thought Bitcoin's value would continue to collapse, but so far that hasn't happened. Instead, after hitting a low of $2, it rose back above $3 in early December, and on Monday it rose above $4 for the first time in two months. It's impossible to predict where the currency will go next, but at a minimum it looks like the currency will still be around in 2012.
This presents a bit of a puzzle for Bitcoin skeptics. The original run-up in prices could easily be explained as a speculative bubble, and the subsequent decline as the popping of that bubble. But if that were the whole story, then the value of Bitcoins should have continued to decline as more and more people lost confidence in the currency. That hasn't been happening.
bitcoincharts.com
Of course, the value of Bitcoin could resume falling at any time, but the currency's apparent stability over the last month has inspired us to give it a second look. How can an ephemeral currency without the backing of any large institution be worth $30 million, as the world's Bitcoins currently are? In the short run, a currency's value can be pumped up by a speculative bubble, but in the long run it must be backed up by "fundamentals"—properties that make holding it objectively valuable.
Dollars are valuable because they're the official medium of exchange for the $14 trillion US economy; euros and yen are valuable for similar reasons. Bitcoin boosters have traditionally suggested that Bitcoin is an alternative to these currencies. But we'll suggest an alternative explanation: that Bitcoin is not so much an alternative currency as a "metacurrency" that allows low-cost and regulation-free transfer of wealth between nations. In other words, Bitcoin's major competitors aren't national currencies, but wire-transfer services like Western Union.

Bitcoin is a bad currency

While Bitcoin isn't a very good currency, it has the potential to serve as a "metacurrency": a medium of exchange among the world's currencies.
The traditional argument for Bitcoins has positioned the peer-to-peer currency as an alternative to conventional currencies like dollars, euros, and yen. Bitcoin boosters point to two major advantages Bitcoins have over dollars: price stability and lower transaction costs. As we'll see, neither of these advantages is compelling for ordinary consumers.
The argument from stability mirrors the traditional argument for a gold standard. The dollar has lost about 95 percent of its value over the last century. The Bitcoin protocol is designed to never allow more than 21 million Bitcoins to enter circulation, and supporters argue that this guarantees the currency maintains its value over time.
The obvious problem with this argument is that Bitcoins have lost more than 90 percent of their value in five months. It would be pretty foolish for someone worried about the dollar's 3 percent inflation rate to put their life savings into a currency with that kind of volatility.
Bitcoin boosters forget that the value of a currency is determined by supply and demand. Demand for dollars is driven by the size of the US economy, which doesn't change very much from year to year. But the demand for Bitcoins is primarily driven by speculative forces, causing its value to fluctuate wildly.
Another oft-touted benefit of Bitcoin is lower transaction fees. Banks make a tidy profit charging merchants to complete credit- and debit-card transactions, and these fees raise the price consumers pay for goods and services. Fans tout Bitcoin payments as a low-cost alternative to traditional credit card transactions.
But this argument ignores the fact that credit cards provide important benefits in exchange for those transaction fees. If you buy something with a credit card and get ripped off, you can dispute the charge and get your money back. In contrast, Bitcoin transactions are irreversible. If you pay a merchant in Bitcoins and he rips you off, (or someone hacks into your computer and makes a fraudulent payment), you're out of luck.
Of course, third parties may offer Bitcoin-based payment services that offer features such as chargebacks and fraud protection. But such services don't come free; consumers or merchants would have to pay fees to use them. And there's no reason to think Bitcoin-based banking services would be any cheaper than traditional ones in the long run.
Paying with Bitcoins also introduces the inconvenience of fluctuating prices. When people buy things with cash or credit cards, their purchases are denominated in the local currency. Dealing in Bitcoins means customers and businesses must regularly convert between dollars and Bitcoins, and must therefore worry about the fluctuating exchange rate between them. That's a headache few people want.
So Bitcoins are not a compelling alternative to conventional currencies. Although there are a few isolated examples of traditional businesses accepting Bitcoins as payment, these seem to be driven more by the novelty of the concept than by compelling economic or technical advantages.

Bitcoin as a metacurrency

While Bitcoin isn't a very good currency, it has the potential to serve as a "metacurrency": a medium of exchange among the world's currencies. In this role, it has the potential to be a powerful competitor to wire transfer services like Western Union.
The longer Bitcoins continue to exist, the more confidence people will have in its continued existence.
The wire transfer industry is much less consumer-friendly than the credit card industry. Wire transfer fees can be much higher than credit card fees, and wire-transfer networks offer much less robust fraud protection services than do credit card networks.
Moreover, the flow of funds across national borders is heavily regulated. Governments monitor the flow of funds in an effort to stop a variety of activities they don't like. In the US, the focus is on terrorism, tax evasion, gambling, and drug trafficking. (Carrying cash across borders in a suitcase invites similar government scrutiny.)
Bitcoin allows wealth to be transferred across international borders without the expense or government scrutiny that comes with traditional wire transfers. An American immigrant wanting to send cash to his family in India needs only to find someone in the United States to trade his dollars for Bitcoins. He can then transfer the Bitcoins to his relatives in India, who then need to find someone willing to take Bitcoins in exchange for rupees.
This decentralized money-transfer process will be much harder for governments to control than a centralized money-transfer company like Western Union. And that will make the world's governments upset, since the same technology can be used by an American drug dealer to send profits back to his partners in Latin America.
But there may be little governments can do about this. They can attempt to mandate the reporting of Bitcoin transactions, but there's no obvious way to enforce such a regulation, since Bitcoin transactions are easy to obfuscate. At most, governments could prohibit the conversion of funds between local currencies and Bitcoins, but this will merely push the currency underground, not eliminate it altogether.
If Bitcoin's value stabilizes, it will also become a way to store wealth beyond the reach of any government. Cash and gold are bulky, hard to move, and subject to confiscation. In contrast, the encrypted credentials of a Bitcoin wallet can be stored securely on a server anywhere in the world. This could make the currency appealing to anyone wanting to place his wealth beyond the reach of the law—a corrupt government official wanting to hide ill-gotten gains, a political dissident who fears his life savings will be taken, or an ordinary citizen worried about the solvency of traditional banks.
Bitcoin's role as a way to move and store wealth does not depend on Bitcoins being widely used for commerce. For Bitcoin to work as a viable "metacurrency" only requires that there be a liquid market between Bitcoins and national currencies. Such a market already exists for several major currencies.

Chicken and egg

Of course, there's a circularity to this argument. Bitcoin's value as a way to move and store wealth depends on the value of Bitcoins being relatively stable against conventional currencies. And the continued value of Bitcoins depends on people finding nonspeculative uses for it. But if the currency continues to retain its value in the coming months (a big if, admittedly) this would be a sign that the chicken-and-egg problem has been solved. And the longer Bitcoins continue to exist, the more confidence people will have in its continued existence.
Western Union moved $70 billion across borders in 2010, earning about $1 billion in profits. There's no Bitcoin Inc. to compete directly with Western Union, but the owners of Bitcoins can be thought of as shareholders in a decentralized Western Union alternative. If the Bitcoin network captures a small fraction of Western Union's money-transfer business, the currency's current "market capitalization" of around $30 million could wind up looking downright puny.
Posted by at No comments:

Could Virtual Currency be the Future of Internet Betting?

Hartley Henderson



By Hartley Henderson - Exclusive to OSGA
Jan 13, 2012, 14:45
Bookmark and Share            

I recently spoke with someone in the industry who was confident that bitcoins or a variation thereof was the future of internet betting. The man, who works for an offshore sportsbook said that he has tried to convince the owner of the sportsbook to accept bitcoins as a payment option but the owner has balked at the idea claiming he doesn’t understand them.
“If I had any say, all transactions at our book would be done in bitcoins,” the man said. “They are untraceable and totally out of the control of any government. And most importantly they are an investment which someday I’m confident will rival silver prices.”
Hearing that, I decided to do some research of bitcoins to see what the fuss was about. The idea sounded somewhat intriguing although the complexity of how they are made left me somewhat confused. Apparently programmers (known as miners) run an application that allows them to create bitcoins. The code to create the bitcoins is then verified by other miners and once all miners agree that the code is correct that code is stored in a computerized warehouse. The coins themselves are stored in the miner’s digital wallet. There is a maximum of 21 million coins that can be produced but each coin is divisible to 8 digits. So in actuality there are several quadrillion bits of coins that can be used for transactions. A video at weusecoins.com gave a useful explanation but I still wasn’t sure how bitcoins, or possibly another one devised by the industry could ever replace physical currency at a sportsbook, casino or poker room. However, after talking with others it was clear that they are already being used for that purpose. In November, Switchpoker.com based in Costa Rica decided to accept Bitcoins as payment. All poker games at Switchpoker.com are played in Euros so the site converts bitcoins to the current value of Euros to be played in the poker room. Cashouts are sent back to the players in bitcoins. The current exchange rate posted at Mtgox.com is used for the exchange rate. But one site in particular, BTCSportsBet.com operates exclusively using bitcoins. I spoke to the site’s manager who wanted to be referred to as R.C. for this article to explain why he believed this could be the future of the industry.
The first question I asked R.C. is what makes bitcoins a better option than cash for online gambling.
“As you know, money transfer is vital to the sports betting, casino, and online poker industries. Bitcoin is an amazing solution. Through a combination of math and cryptography - it is a completely decentralized currency/commodity. That means no entity is in control, it is managed by all the nodes of the network, collectively. You can think about it like bitorrent, if you are familiar with the file sharing protocol; purely peer to peer with no central management.
Through this cryptography and decentralized design, each node on the network is a 'bookkeeper' of which bitcoin addresses own which coins. You cannot fake or forge a transaction or create coins outside of the system. Each node has a record and will not accept forgeries. So, even though there is a public record of all bitcoin transactions, the key is that nobody knows who owns a particular address and thus those bitcoins. So on the one hand it is completely transparent - all coins and transactions are public, but on the other hand nobody knows who owns those coins/bitcoin addresses. You can see how it could be useful to gamblers.
Currently bitcoins are worth about 6$ each, the value fluctuates with supply and demand like any other currency or commodity. Part of the value is in their utility. I can send bitcoins to any user in the world, for essentially no cost. And it is fast. Transactions are verified by the network in minutes, and can be processed automatically. BTCSportsBet.com handles dozens of bitcoin transactions daily, with no human intervention. All deposits and withdrawals are processed automatically. This is incredibly efficient. Players at BTCSportsBet.com can deposit in the morning, bet a game, win, and withdraw right after the game. Deposit again later, bet more games, and then withdraw again. All quickly and with no fees - and most importantly no banks, credit card companies, Western Union, PayPal, or any other third parties being involved! What other sportsbook in the world can run that efficiently with processing transactions? And once bitcoins are sent, they cannot be reversed or charged-back like credit cards. What merchant, vendor or sportsbook would not love non-reversible payments where fraud is not possible? From the user point of view, the user does not need to verify or even give identity to the merchant (unless something is to be shipped), so they would not be subject to identity theft.”
What R.C. didn’t mention is that in no country is peer to peer wagering illegal. There is nothing in the law that stops person A from wagering $20 with person B on the outcome of a game. What makes the transaction illegal in some countries is when an intermediary acts as the bookmaker. That is precisely why Betfair and Matchbook are seen as technically illegal by the U.S. government. Both are peer to peer wagering operations but they also take a commission on the winning bets. BTCSportsBet.com doesn’t do so. They simply have paid members. In fact clubwpt.com (owned by the World Poker Tour) does the same thing. Poker players play tournaments with each other but instead of taking rake, the WPT charges a membership fee and with that membership they are entitled to play in the tournaments to which the WPT offers a prize. And because the bitcoin peer network verifies all transactions when they happen there is no way to cheat or renege as one possibly could on the other sports betting sites.
Another obvious advantage to bitcoins is they don’t fall under the UIGEA because there is no money involved and there is no way the DoJ can effectively intrude. R.C. perhaps explained it best:
“As far as UIGEA, there are no banks or processors involved. Moving bitcoins around is just like moving an image file or other data around. I would expect to see bitcoin-specific legislation before any attempt to apply the UIGEA. But even with legislation, I expect the future of bitcoin to be bright. There is no central authority to shut down. There are laws against file sharing copyrighted works, but due to the distributed nature of bitorrent it cannot be effectively policed.
As far as pressure from the DOJ or other entity (it’s not a viable concern). Bitcoin can be classified as a commodity, or a currency, or nothing at all (it's just data). One can argue that it is like Facebook credits or World of Warcraft Gold. The government is not going after them. Also, the terms and conditions for BTCSportsBet.com states that the player is responsible for determining the legality of playing with bitcoins in his or her jurisdiction. Sign-ups are anonymous and the site does not know the origin of the players. No personal identification is requested; even an email address is optional. A player can sign up, send bitcoins, wager, and withdraw without the site ever knowing who he or she is. The properties of bitcoin allow this to happen. There can be no fraud, identity theft, or reversed transactions. All of those headaches are a massive cost to the industry - so you can see why bitcoin may be a significant factor in the future of online wagering.”
If there is one concern with bitcoins it’s the huge fluctuation in prices. When they first came out they were virtually worthless then went up steadily to about USD$1 until an online news site reported that drug dealers were using bitcoins to peddle illegal narcotics at a torrent site called Silk Road. Drug dealers and other contraband dealers were offering everything from marijuana to LSD and heroin for bitcoins. The products were then shipped in the mail. And since bitcoins are untraceable, the drug dealers likely believe they can’t be identified. At that point the price of bitcoins skyrocketed to $27 each. Of course that article also caught the eye of the U.S. government and the DEA. A senator and DEA investigator sent a letter to Attorney General Eric Holder to investigate bitcoins because of these transactions. Nevertheless the price remained high but plummeted after some hacking attacks occurred which resulted in stolen bitcoins from digital wallets and from the bitcoin trading site Mtgox.com.  But the exchange was able to successfully intervene before most of the stolen coins could be withdrawn. It’s also likely that the network will someday try to stop drug deal transactions as well although it could be quite difficult since no one knows who owns the bitcoins or what they are being used for. While many on the network are libertarian they also know that messing with the DEA could spell doom to the currency. And sending drugs through the mail is a crime in almost every country regardless of how the dealers get paid.
Another possible concern is that bitcoin’s founder Satoshi Nakamoto is unknown. It’s fairly clear that Nakomoto was a pseudonym and he hasn’t been in the news at all. It’s hard to imagine why someone that invented a potential internet changing item would not want to be public. One could never imagine Mark Zuckerberg staying on the sidelines after he invented Facebook. Nakamoto could have a very good reason for staying out of the public eye but it certainly raises flags.
Of course not everyone is enthusiastic about the idea. I spoke to a very large sports better who laughed at the idea of using bitcoins to gamble.
“I’m taking the Warren Buffet approach on this,” the gambler said. “If I don’t understand it I’m not buying it.”
But then again he and others like him probably scoffed at the opportunity to buy EBay for 25 cents a share back in the 1990s because it was a concept that made no sense at the time. But those who were willing to take the risk on Ebay or Yahoo then are likely millionaires today.
Of course the great value of bitcoins will come when more merchants accept the currency for physical items. Bitcoins are being accepted for some tech items, alpaca socks and of course the illegal drugs mentioned earlier, but there is hope that at some point places like Amazon.com will also accept the currency. In fact there are numerous vendors on Ebay that are willing to accept bitcoins as payment for goods.
As for BTCSportsBet.com, R.C. says he has hundreds of active customers and for the BCS Championship game there were about 100 wagers at an average wager of about 5 bitcoins. That number is small but the company only opened last year and all online sportsbooks started small.
R.C. is excited at the future of BTCSportsBet and the industry as a whole.
“Where else can someone in the Ukraine, China, Brazil, anywhere globally - open an account with the same trusted sportsbook, not provide any personal information, fund the account in minutes, wager, withdraw directly after the game for no fees? That is the compelling use case for online wagering with bitcoins.”
We’ll continue to monitor the site and bitcoins at OSGA to see if he is indeed correct.
Posted by at No comments:

Bitcoin online currency gets new job in web security

IT HAS been a rocky year for Bitcoin, the online peer-to-peer currency, with the exchange rate soaring from a few cents to over $30 per coin before crashing after a string of thefts, hacks and other setbacks. Coins have since regained a value of around $5. But it is becoming clear that the software could prove at least as useful as the currency itself, underpinning a number of important new technologies.
First, it could be used as a form of "carbon dating" for digital information - something that would make electronic voting more secure. This is possible because of the way Bitcoin records transactions, says Jeremy Clark, a computer scientist at Carleton University in Ottawa, Ontario, Canada.
An individual's bitcoins are registered to one or more addresses, which are alphanumeric sequences that serve as the user's identity on the P2P network. When a transaction takes place, it is broadcast on the network, effectively creating a public record. The coded address keeps the user's identity anonymous.
Clark and his colleague Aleksander Essex at the University of Waterloo, also in Ontario, realised they could convert a message - for example, a list of codes that securely link voters to their votes - into a Bitcoin address. Sending a tiny fraction of a bitcoin - a small transaction - to that address would allow the holder of that list to store it in the public record without revealing its contents. When they later publish the message for verification, anyone can repeat the conversion to a Bitcoin address and confirm its age by checking the public record.
Faking Bitcoin's public record would be very difficult as you'd need more computing power than the rest of the Bitcoin network combined - a feature that ensures the currency's security.
The pair have used their method, known as CommitCoin, to close a loophole in a voting system they helped develop. In the Scantegrity system, voters receive a confirmation code from the list that is cryptographically linked to their selected candidate and can be used to check on the election website that their vote is counted.
Now, if an unscrupulous election official tries to change votes they would be outed, because the code used to record the vote would change, and would not match up with the BitCoin network entry. "CommitCoin allows you to not trust anyone," says Clark.
"It plugs that gap," says Steve Schneider, who researches electronic voting systems at the University of Surrey, UK. He points out that, although such systems aren't yet widely used, it is important that all security problems are resolved before they replace traditional voting methods.
Another system, Namecoin, could be used to circumvent internet censorship. Launched last year, it uses modified Bitcoin software to provide decentralised domain names for websites. When you enter an address like newscientist.com into a browser, it consults a domain name system (DNS) server to find the site's numerical address. DNS servers are centrally controlled by the Internet Corporation for Assigned Names and Numbers; Namecoin offers a P2P alternative.
This allows owners of ".bit" domains to get around DNS restrictions such as those proposed in the US Stop Online Piracy Act, which if passed into law would see copyright-infringing sites struck from the DNS record.
Posted by at No comments:
Subscribe to: Posts (Atom)