Elusive Thoughts

Introduction  This article is going to focus on Smart Contract upgradability, why this important and how can we achieve it. When dealing with Smart Contracts we need to be able to upgrade our system code. This is because if security critical bugs appear , we should be able to remediate the bugs. We would also want to enhance the code and add more features. Smart Contract upgradability is not as simple as upgrading a normal software due to the blockchain immutability.   As already mentioned by design, smart contracts are immutable. On the other hand, software quality heavily depends on the ability to upgrade and patch source code in order to produce iterative releases. Even though blockchain based software profits significantly from the technology’s immutability, still a certain degree of mutability is needed for bug fixing and potential product improvements.   Preparing for Upgrades    In order to properly do the upgrade we should be focusing in the followi...

Introduction Hello everybody, it has been a while since I made a post, but this time is going to be a really long long post (that is why I am going to brake it in many parts). Lately my interest has significantly increased as far as the iOS platform is concerned.  The iOS is becoming more and more popular among the financial business sector companies so it came for me the time to expand my knowledge on IPhone devices. Plus since the complete industrialization of hacking (mostly because of the Chinese government, unit something is doing a good job) nowadays knowledge in iOS platforms is critical (they pay good money for iHacking). This post is going to include only hardening information and explain what the security measures are to block exploits and prevent buffer overflows etc. The second post is going to include network attacks and the third post is going to include attacks in the data of an iDevice. Note: iOS the most advanced OS for mobile devices ever created (ju...

Introduction Cybercrime has evolved into an industry whose value in fraud and stolen property exceeded one trillion dollars in 2009. By contrast, in 2007, professional hacking represented a multibillion-dollar industry. What explains this rapid growth? Industrialization. Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today’s cybercrime industry has similarly transformed and automated itself to improve efficiency, scalability, and profitability. The industrialization of hacking coincides with a critical shift in focus. Previously, hackers concentrated attacks on breaking perimeter defences. But today, the goal has changed. The objective is no longer perimeter penetration and defense. Today’s hacker is intent on seizing control of data and the applications that move this data. This is why attacks against Web applications constitute more than 60 percent of total attack attempts observed on the Internet. ...

USB nowadays   Now days most of us have a USB flash drive (sometimes also referred to as a USB stick, USB memory stick or simply a flash drive) that what we use when we want to store data temporarily. They are really small and lightweight and are very practical when you want to move files from one computer to another. That is all fine, but what happens when none trusted USB’s are inserted in our USB stick drives, how difficult is it for someone to steal and e-mail all our passwords within seconds? Well the answer for someone that knows is simple, a few seconds is more than enough for someone to collect all your passwords from your laptop. USB flash drives are used when data is moved between home and office. They are also often used when data is moved inside an office, for example when moving data to/from a computer that is not connected to a network. Obviously that is the main reason that a PC not connected to internet can be infected with Trojans, viruses and other malicious...

Intro Nowadays the only people that can actually do a decent Mal-ware analysis are ONLY antivirus research vendors such as Symantec and McAfee. The only thing a Security administrator or an Information Security Consultant can do is Mal-ware behavior analysis. That it is the initial stage of lets say a high profile Mal-ware analysis, but that might not be enough. There are no more than 1000 human beings in this planet that can properly reverse engineer a worm such as Confliker and start writing disinfection tools from scratch (or maybe there are, who knows) or they cannot do it in a reasonable amount if time. So the next best think from fully reverse engineering a Trojan horse is to do a behavioral analysis and try to confine or mitigate the malicious software. But to me it seems that it is not clear to many people on how to do that or what disinfection really means. For me disinfection means to completely identify how a virus behaves and use proprietary tools to restrain it in s...