Blog

Streaming music and royalties for Akon on stellar blockchain

Blockchain being used for music and streaming and payments . Grammy-nominated singer Akon will launch his forthcoming token using Stellar’s blockchain.

According to an update , the Akoin cryptocurrency ecosystem will use Stellar’s network as its basis. Akoin co-founder and president Jon Karas said the decision was made in part due to the shared values between his project and Stellar.

“ Akoin selected Stellar’s distributed, hybrid blockchain due to a shared vision for creating global financial inclusion, particularly in areas such as Africa.”

The update claims Akoin will be compatible with Stellar wallets and interoperable with all digital assets and currencies currently supported by the Stellar network. Karas highlighted the Stellar Network’s “efficient cross-asset transfers of value” as a benefit for Akoin and said users will be able to instantly swap from one currency to another.

In addition, users will be able to exchange mobile phone minutes, which have become a popular means for exchange in certain parts of Africa, for Akoin and other currencies on Stellar’s network.

According to a spokesperson for the project, Akoin will not be a stablecoin and instead have a fluctuating price. He said,

“ Akoin is not a stablecoin, but we will provide access to other leading stablecoin offerings within our eco-system.”

Read More
Eliminate passwords

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

“Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them,” said Jack Gold, president and principal analyst at J. Gold Associates. “Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

“FIDO now has enough momentum that I assume Apple is feeling the pressure to join in,” he said. “Especially in a cloud-based world, FIDO is a key initiative to authentication that companies really can’t ignore.”

Formed in 2012, FIDO’s purpose is to push two-factor authentication for services and apps because passcodes are innately insecure. Research backs the group’s claim, as 81% of all security breaches from hackers can be traced to stolen or poor passwords, according to Verizon’s Data Breach Investigations Report.

“If you are relying on username/email address and password, you are rolling the dice as far as password re-usage from other breaches or malware on your customers’ devices are concerned,” Verizon said in its report.

Along with W3C, FIDO wrote and is using the emerging Web Authentication API (better known as WebAuthn). The WebAuthn specification is already supported – to different degrees – by major browsers such as Google’s Chrome, Mozilla’s Firefox and Microsoft’s Edge. Those browsers also support cloud credential creation using a U2F Token, which can use Bluetooth, NFC or USB to provide two-factor authentication to online services and apps.

In 2018, Apple announced it was adding “experimental” support for the WebAuthn protocol on Safari. In December, Apple added native support for FIDO-compliant security keys, such as those from Yubicoand Feitian, which use the WebAuthn standard over near-field communication (NFC), USB, or Lightning in iOS 13.3.

“FIDO is like Bluetooth for authentication – meaning that we have a number of devices with features and functions that can be used to provide authentication,” said Mahdi.

For example, Mahdi said, mobile devices or laptops may use fingerprint readers or facial recognition technology to enable log-in. Either technology could be leveraged for authentication, but without a common language, it was difficult to do and required proprietary drivers and software.

“As such, it was much more complex to reliably enable strong authentication,” Mahdi said. “FIDO, like Bluetooth, allows application developers and security leaders that want to enable strong authentication (say, in a mobile app or a website) to cover a wide range of authentication methods that are available in devices with minimal code [and without having to worry about many proprietary drivers].”

Overall, FIDO’s specification means digital services from banks, ecommerce sites and others can recognize users through their devices, rather than with usernames and passwords. For example, users could register for an online service, create a username, register their devices, and select a preferred authentication method (i.e. finger, or face, and/or PIN). No password would be needed, Mahdi said.

How FIDO’s spec works

FIDO’s specification works by enabling anyone using it to gain access to an app or online service with a private and public key pair.

When a user registers with an online service, such as PayPal, the authenticator device (a server) creates a unique private/public key pair. The private key is stored on the user’s device, while the public key becomes associated with that device through the online service or app.

Authentication is performed by the client server sending an electronic challenge to the user’s device. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a secure action such as a biometric reader (i.e., a fingerprint scan or facial recognition), entering a PIN, speaking into a microphone, or inserting a second–factor device.

U2F is an open-authentication standard that enables internet users to securely access with one security key instantly and with no drivers or client software needed, according to FIDO member and authentication vendor YubicoFIDO2 is the latest generation of the U2F protocol.

Last April, Google joined the Alliance as part of its creation of new online identity management tools. Google added two-factor authentication through FIDO’s specification for Android 7 and above devices.

Jamf, a provider of multi-factor enterprise authentication management software for the Mac platform, joined FIDO last month.

“As we were supporting a lot of these multi-factor devices and different identity providers, it got to be complicated pretty quickly,” said Joel Rennich, director of Jamf Connect, an Apple Mac authentication and identity management product. “And we still had the problem that we needed to go back to having a password. On the Mac, there’s no built-in way of supporting your user credentials without typing in a password. However, Apple does have a pretty robust smart card installation.”

Rennich said Jamf is embracing the FIDO authentication protocol because it’s “incredibly” secure and allows a lot of flexibility because of wide-ranging industry support. In particular, because of FIDO’s use of highly-secure elliptical curve cryptography – the same used by Apple Secure Enclave – Jamf can now leverage the technology to create enterprise-class access to the iPhone, for example.

“So, we can use that hardware already in the device to work with the FIDO protocols with minimal amount of effort. …That made the development really quick,” Rennich said.

While it’s not yet shipping, Jamf also created a virtual smart card that allows users to sign into Mac devices from the cloud using elliptic-curve cryptography pairing keys in the same way FIDO’s specification does.

“We’re not here to speak for Apple…, but certainly you can see they’re doing a lot more work in this environment. I do think it’s a solid base. It’s a great standard,” Rennich said. “We do hope Apple does more with it. But in the meantime, we expect to be able to bring log-in at the log-in window with a FIDO authenticator to the Mac.”

https://fidoalliance.org/how-fido-works/

Read More
Australia all in on blockchain, sort of

https://dailyhodl.com/2020/02/07/beyond-bitcoin-australia-releases-52-page-blockchain-roadmap-to-power-its-future-economy/

” Australia is going all-in on blockchain. The Australian Department of Industry today released a 52-page framework detailing how industry can drive the adoption of blockchain tech to empower the future and remain competitive. Australia joins a growing list of governments around the world that are embracing the technology to streamline processes, cut costs, reduce friction in trade and transactions, and stimulate the domestic economy.”

Read More
Telnet IOT vulnerability hacked

The internet of things (IOT) vulnerabilities strike again. A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons.

The list — spotted by Ankit Anubhav, a security researcher with New Sky Security — includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of “admin:admin”, “root:root”, and other formats.

The list has grown to over 500k credentials now. And Dated from 2019 too.

Read More
Square crypto lightning wallet sdk api released

Square Crypto—the Bitcoin-focused, crypto venture led by Twitter CEO Jack Dorsey—today released the company’s first official product: a Lightning Development Kit (LDK)

The Lightning Development Kit (LDK) gives wallet and application developers a chance to create custom experiences and applications.

LDK will include an API, language bindings, demo apps, and anything else that makes integrating Lightning easy, safe, and configurable.

The API is based on the Rust-Lightning project, which offers clean interfaces and minimal system dependencies.

Rust is also among the safest systems languages, one that will attract developers who can sustain LDK independently of us.

Here’s just some of what LDK will simplify:

  • Adding Lightning capabilities to existing bitcoin wallets — no need to create a separate wallet just for Lightning.
  • Supporting multi-device, multi-application access to a single wallet.
  • Allowing wallets to make UX/security/privacy tradeoffs such as external transaction signing and customizing their state backup to a cloud service.

Today’s Lightning infrastructure is incomplete without features like these. 

https://decrypt.co/17248/square-crypto-releases-lightning-development-kit-for-bitcoin-devs

Read More
Supply chain security and automation

Supply chain and logistics is a complex and complicated space. But supply chain mechanisms and supply chain automation and supply chain security isn’t a simple conversation or easy button solution. It’s a global supply chain society.

Can blockchain help ? Can IOT help ? Can Big data analytics help ? Can robotics and automation help ?

But of course blockchain can sort of help when you think about it. As Bruce Schneier said about the supply chain and public policy, “you have to trust everyone yet you can’t trust anyone.”

Read More