Binance Offers $10 Million Hacker Bounty (news.bitcoin.com)

In the wake of Wednesday’s market manipulation incident which caused all kinds of mischief, Binance has issued a hacker bounty. A total of $ 10 million has been earmarked towards catching hackers and other unscrupulous attackers, with $ 250,000 offered for information leading to the prosecution of last week’s viacoin pump and dump perpetrators.
Also read: 

Bitcoin

Hacker Chic; Get a Bitcoin, Periodic Table or Fibonacci Sequence Fashion Dress (news.bitcoin.com)

Crypto is going to change the world, and so are women. And women who dabble in bitcoin never want to look basic. As an answer, Shenova Fashion combined the two in a made-to-order Bitcoin Genesis Block Dress. It’s one more piece of proof bitcoin and cryptocurrency are making it into the mainstream.
Also read: How To Regain Control

Bitcoin

Authy by default will not protect you if a hacker gains access to your phone number.

I was just reading over the medium article about the guy who lost 8k$ BTC from a hacker who took over his cell # account with Verizon. I thought to myself well hey if he had Authy 2FA this vector of attack would have failed. Upon looking into that a bit more I realized I was wrong. BY DEFAULT Authy allows any mobile device with access to the phone number associated to the Authy account to download and access the private keys for that account. IE if you gain access to someones phone through Sprint / Verizon, Authy 2FA by default will do nothing to protect your accounts. If you were to ask me before I checked into this I would have been 100% sure that Authy would require the Master Password for the account to add additional devices. That is definitely not the case. Obviously the hacker would need to crack / know the associated passwords for whatever account they are trying to access but the 2FA in this scenario becomes absolutely useless.

I personally think this is an ENORMOUS security flaw in Authy design to have this feature on by default. Digging a bit more I discovered you are able to turn it off within the Authy mobile app by going to Settings > Devices > and TURN OFF "Allow Multi-device". Turning this feature off will only stop ADDITIONAL devices from adding themselves to your Authy account via the related cell phone # so add any of your own legit devices first before turning it off. All additional devices previously added will remain active.

Again I can't believe this feature stays on by default and thank you for the guy who wrote that article otherwise I would never have looked deeper into my own security and discovered this potentially fatal vector of attack. Since it would seem Sprint / Verizon don't give a shit about your cell # security it would be prudent to consider them a non-existent layer of defense. Assume that any hacker already has access to your cell number and plan your security around that knowledge.

I would implore anyone using Authy 2FA to turn off the multi-device setting ASAP.

submitted by /u/PercentEvil
[link] [comments]
Bitcoin

Hacker Who Tried To Frame Security Researcher in 2013 – Sentenced To Prison (deepd.tw)

A 31-year-old hacker from Ukraine, was sentenced to 41 months in prison for serious crimes, including ordering heroin from a narcotics vendor on the Silk Road Marketplace to security researcher Brian Krebs’ home.

The cybercriminal is known by various names (both in the “real world” and on the dark net), including Sergey Vovnenko, Sergey Vovnencko, Tomas Rimkis, Flycracker, Flyck, Fly, Centurion…

Bitcoin