Fake stake POS issue …

There was a recent study done by a group of student researchers that found a vulnerability in proof of stake (POS) crypto’s. It looks like 26 different crypto coins could be affected.

They called the vulnerability, “fake stake” and it allows malicious actors to crash a network node running PoS, without having a majority stake. Makes sense they called it fake stake.

From the researchers report,

“Essentially, [Fake Stake attacks] work because PoSv3 implementations do not adequately validate network data before committing precious resources (disk and RAM). The consequence is that an attacker without much stake (in some cases none at all) can cause a victim node to crash by filling up its disk or RAM with bogus data. We believe that all currencies based on the UTXO and longest chain Proof-of-Stake model are vulnerable to these Fake Stake attacks.”

It seems Qtum, which tries to combine Bitcoin and its UTXO model and Ethereum and its account model was vulnerable but fixed the issue.

Cardano doesn’t seem to be vulnerable to this issue , probably because it wasn’t built based on UTXO nor just cloned and forked from some other blockchain. Ethereum plans a POS, but who knows when that’ll actually be ready vs tested in a sandbox.

https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806

IOT devices need blockchain

Cryptocurrency and tokenization has little to do with IOT device security, but some form of PKI and Blockchain would be useful in the IOT and smart city space.

The State of IoT Security Report reveals systemic security and privacy problems, which were discovered through testing of consumer smart home devices that are readily available from major retailers like Walmart.

And this from same report ….

If we do not address the problem of insecure consumer IoT devices and the lack of respect for consumer privacy soon, it is going to be too late,” said Vince Crisler, CEO of Dark Cubed, in a statement. “Just because the space is complex and rapidly developing is not an excuse for retailers and regulators to turn a blind eye. In fact, the opposite is true. Retailers must consider security as a part of their buying processes and government must consider regulations that focus on consumer protections.”

Security is always the ignored elephant in the room. It’s never sexy. It creates performance and optimization issues. People complain about policies and procedures that make life and work more difficult . And people always try to find loopholes. That’s normal everyday people, not just hackers and cyber security experts.

And offshore platforms is a huge warning. There are good and bad offshore firms just as there are good and bad consulting companies from the US. But globally, there has been way too many 25 year olds with 20 years experience on two year old technology contractors and consultants on some visa or offshore resources. The trust factor with the TCS and Wipro and cognizant and IBMs and Accenture’s of the world are at an all time low. The resources are based on Hype and keywords over real substance and experience.

Especially when reading things like this …

Many (potentially most) consumer-connected devices available in U.S. retail today are managed by offshore platforms that have no motivation to protect user data or ensure high security standards.

Or this …

Dark Cubed said that there are a large number of IoT companies and startups, but many appear not to care about security, and neither, apparently, do the retailers who sell these devices to consumers. The researchers also said there is cause for concern about China’s role in IoT, and using cloud infrastructure does not mitigate security threats.

Or worse is IOT devices and retail chains disregarding security altogether now.

The companies said that patching will not fix the systemic issues they uncovered. But the reason that these devices are being shoved into the market anyway is because of the explosive growth of the IoT market. Prices for the devices are cratering, and that evidently leads many companies to disregard security

And it’s not just the IOT hardware. IOT is protocols, platforms and communication layers. Open and closed ports. Remote access capabilities. Security is lacking and with something like a shortage of 3 million cybersecurity experts coming , who do you need think will sell more BS? These big multinational firms selling companies on their 20 year old cyber security expert who happens to be 25 years old. Yeah no wonder the tech space is filled with so much vaporware and buggy vulnerable software.

Identity of things and internet of everything will need to include device firmware, data encryption, data privacy, data ownership, blockchain, PKI and private and public keys, decentralization, micropayments, secure messaging and streaming channels, closed ports, as well as a more robust and secure communications infrastructure with authenticated governance and security policies and procedures.

Think about this ..

“Lack of visibility into privacy and security is a clear and present danger: The testing found that there is no easy way for a consumer to know whether his or her device is safe, or if its communications platform is trustworthy. Worse, the companies saw examples of established brands being adopted by companies with strong ties to foreign counties including China.

Pagarba is working with clients to provide an end to end identity of things platform for security on blockchain for IOT.

Latin America and Blockchain

We hear stories about blockchain organizations and companies trying to get the unbanked in parts of Africa to use crypto. And thus, be their own bank. Cardano and IOHK founder , Charles H, is always speaking to this nature. Stellar and their founder Jed do the same. It’s a great idea and holds massive amount of potential. But we rarely hear anything about other parts of the world with similar circumstances.

Dig deeper and you’ll realize many countries in South and Central America have something like 70%  of their populations unbanked or underbanked. So access to basic financial services like digital payments, affordable fair money transfers , consumer and small business lending , and the ability to invest their money on stocks or even something like a 401k.

A discussion around how Blockchain and crypto based fintech solutions could offer many financial alternatives and advantages to this unbanked segment of the world residing in central and South America. But it needs to be more decentralized and legit versus what happened in Venezuela and the petro crypto situation.

Beyond just some form of banking and fintech for almost half a billion human beings on planet earth , possibilities to improve people’s lives through political transparency, small business peer to peer lending , better real estate authenticity and transparency , as well as ways blockchain and the internet of everything can help improve fraud and rain deforestation and other economic challenges south and Central America face. A few companies like R3, Ministry of Energy and even IBM have started looking into better ways blockchain can help and improve.

Blockchain, fake drugs and SAP

https://thenextweb.com/hardfork/2019/01/18/saps-new-blockchain-project-helps-weed-out-counterfeit-drugs/

SAP has launched a blockchain-based supply chain tracking system to allow drug wholesalers to authenticate pharmaceutical packaging returned by pharmacies and hospitals. That should help them weed out counterfeit drugs from their supply chain.

SAP has done some interesting things trying to integrate blockchain and their HANA platform. They use hyperledger, are part of the hyperledger foundation and alliance and consortium, but it works a little different than ethereum or bitcoin. It’s private or permissionEd. Thus, the entire decentralized nature is lost. There is no real token or crypto involved with the hyperledger dlt or even a private ethereum blockchain really. In all honesty some aspects of these private token-less DLT systems and platforms help us move away from the “buy my useless pointless token.”

The hard part is that the immutable nature of Blockchain is just a pseudo “not really true” immutability for these private blockchains. Trust IBM or SAP or a big bank or a big pharma or retail or whomever instead. It’s centralized. It’s not transparent. And We do that already with normal databases and nosql. And In what world should anybody trust Mark Zuckerberg and the Facebook staff to build their own blockchain and token ? Or IBM or SAP or Goldman Sachs or Wal-mart?

In a way it becomes a poor database solution. There are tons of distributed databases and platforms that would be far more efficient and effective vs a centralized private blockchain with no tokenization or incentives built in. Sell you on the immutable nature of Blockchain, but ignore the fact hadoop and HDFS and others were a write once, can’t update file system that is far more scalable and adaptable. True they work differently, but if you don’t trust a Pfizer or IBM or SAP to do right by your Hadoop filesystem, how are you suddenly trusting them with some version of a centralized hyperledger like blockchain ?

Now if it’s every or most big pharma companies who join this blockchain consortium platform and are competing with one another and don’t trust each other , there is a built in incentive to be more transparent. But the world doesn’t really work that way. Many of these people switch sides all the time , merge , get acquired and it becomes a nepotistic like family where it’s more important to protect the big pharma or whatever industry as a whole vs direct competition. So it gets back to who trusts any of the big pharma companies to operate a transparent immutable private blockchain ? Do you ?

How SAP blockchain works ….

https://blogs.sap.com/2018/06/13/sap-hana-blockchain-a-technical-introduction/

Edge computing big in 2019

https://www.zdnet.com/article/get-ready-for-edge-computings-rise-in-2019/

IoT — sensor data analysis and aggregation. This is clearly the most prominent use case and one that is by no means exclusive to manufacturers. Every government needs to prioritize smart city programs and sensor data AI expansion in its military, transportation, and security agencies. And every financial services, healthcare, and education organization should tie sensor data into their business values. And every SaaS and data software company needs to empower their customers to aggregate sensor data…”

Interesting read. IOT and smart cities are coming and here to stay. But will they be secure ? And easy to use and analyzed by everyday citizens and organizations ?