Weekend Reads 062218: Bitcoin and Security Flaws

But, as with all new technology, security risks can be found beneath the hype. Indeed, threat actors are finding new targets amid the rise of blockchain as they serve up social-engineering attacks, malware, and exploits to businesses and consumers, according to a recently published report by McAfee’s Advanced Threat Research Team. —Kelly Sheridan @Dark Reading

After last Thursday’s regulatory news that bitcoin and ether were not considered securities, which was widely considered a win for crypto enthusiasts, digital currencies had failed to hold on to gains, a sign the bear market is firmly intact. However, investors were hoping Monday’s move above the post-SEC-statement high will be the start of a more fruitful period for digital currency owners. —Aaron Hankin @MarketWatch

Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in order to fix the flaw and keep their customers protected. The company has not yet released technical details about the vulnerability, but since the vulnerability resides in the CPU, the flaw affects all devices running Intel Core-based microprocessors regardless of the installed operating systems, except some modern versions of Windows and Linux distributions. —Mohit Kumar @The Hacker News

GnuPG, Enigmail, GPGTools and potentially other applications using GnuPG can be attacked with in-band signaling similar to phreaking phone lines in the 1970s (“Cap’n Crunch”). We demonstrate this by creating messages that appear to be signed by arbitrary keys. —Marcus Brinkmann @neopg

Earlier this month the New York Times reported that Facebook had provided highly privileged access to the social network’s platform to more than 60 device makers to allow them to build their own “Facebook experiences” in the era prior to smartphone apps became popular and that this access continued at least in part through earlier this year. Facebook pushed back on the report, arguing that the device makers were acting as extensions of itself, rather than as third parties. Making matters worse, one of those partners has been flagged by the US intelligence community as a national security threat. What can we learn from this latest revelation about Facebook’s approach to user privacy and security? —Kalev Leetaru @Forbes

The number of Resource Certificates and Route Origin Authorizations (ROAs) is steadily growing. However, it remains unclear how widely BGP speakers on the Internet are actually using Route Origin Validation (ROV) to drop or de-preference invalid announcements. —Andreas Reuter @APNIC

Apple Inc. was fined in Australia for refusing to offer free fixes for iPhones and iPads that were previously serviced by non-Apple stores, the latest episode in a global dispute between companies and consumers about the right to repair. —Mike Cherney @MarketWatch

Netflix Open Connect is our purpose-built Content Delivery Network (CDN) responsible for serving 100% of our video traffic. Close to 95% of our traffic globally is delivered via direct connections between Open Connect and the residential ISPs our members use to access the Internet. Most of these connections are localized to the regional point of interconnection geographically closest to the member watching. —Nihit Tandon @APNIC