Investors Hangout Stock Message Boards Logo
  • Mailbox
  • Favorites
  • Boards
    • The Hangout
    • NASDAQ
    • NYSE
    • OTC Markets
    • All Boards
  • Whats Hot!
    • Recent Activity
    • Most Viewed Boards
    • Most Viewed Posts
    • Most Posted
    • Most Followed
    • Top Boards
    • Newest Boards
    • Newest Members
  • Blog
    • Recent Blog Posts
    • Recently Updated
    • News
    • Stocks
    • Crypto
    • Investing
    • Business
    • Markets
    • Economy
    • Real Estate
    • Personal Finance
  • Market Movers
  • Interactive Charts
  • Login - Join Now FREE!
  1. Home ›
  2. Stock Message Boards ›
  3. Stock Boards ›
  4. Zerify Inc (ZRFY) Message Board

ITS LIKE TAKING CANDY FROM A BABY, ONLY THE ONE TA

Message Board Public Reply | Private Reply | Keep | Replies (1)                   Post New Msg
Edit Msg () | Previous | Next


Post# of 82686
(Total Views: 626)
Posted On: 06/18/2018 9:01:36 PM
Avatar
Posted By: CyberC
ITS LIKE TAKING CANDY FROM A BABY, ONLY THE ONE TAKING THE CANDY IS THE BABY .....


Teenager hacks crypto-currency wallet


A hardware wallet designed to store crypto-currencies, and touted by its manufacturer as tamper-proof, has been hacked by a British 15-year-old.

Writing on his blog, Saleem Rashid said he had written code that gave him a back door into the Ledger Nano S, a $100 (£70) device that has sold millions around the world.

It would allow a malicious attacker to drain the wallet of funds, he said.

The firm behind the wallet said that it had issued a security fix.

It is believed the flaw also affects another model - the Nano Blue - and a fix for that will not be available "for several weeks", the firm's chief security officer, Charles Guillemet told Quartz magazine.

Crypto-currencies such as Bitcoin use an encryption method known as public key cryptography to protect funds. Users can spend the money stored only if they have access to the private key.

'No bounty'
Hardware wallets store these private keys and can be connected to a PC via a USB port.

The attack targets the device's micro-controllers, one of which stores the private key, while the other acts as its proxy to support display functions and the USB interface.

The latter is less secure and is not able to differentiate between genuine firmware - software programmed into a device - and code written by an outsider.

One big caveat for the method discovered by the teenager is that the attacker would need physical access to a wallet before it got into the hands of the victim - so, for instance, by buying one, altering it and then selling it on eBay or a similar online site.

In his blog, Rashid said that he had sent the code he had developed to Ledger "a few months ago", adding that he had not been paid a bounty.

He said that he chose to publish after Ledger's chief executive Eric Larcheveque made comments on Reddit which, according to the teenager, "were fraught with technical inaccuracy".

Danger 'exaggerated'
"As a result of this, I became concerned that this vulnerability would not be properly explained to customers," he wrote.

In his Reddit comments, Mr Larcheveque said that the security issue had "been greatly exaggerated".

"While possible, this proof of concept ranks by no means as a critical severity level and has never been demonstrated," he wrote.

He accused the teenager of becoming "visibly upset" when the firm did not share the fix as a "critical security update" and said his decision to go public had "generated a lot of panic".

Craig Young, a researcher at security firm Tripwire commented: "It is very difficult to thoroughly secure any device from attackers with physical access. This is why it is so critical to have trusted component makers, merchants, and repair facilities.

"In this particular case, it was discovered that anyone with physical access could modify the Ledger hardware wallet to gain access to funds. In effect, this would mean that someone selling this hardware wallet would be able to steal funds from their customers.

"Fortunately for Ledger owners, the problem was responsibly reported to the vendor and a co-ordinated disclosure minimised risk to end users."

A few weeks ago, Ledger confirmed that a separate flaw made its wallets susceptible to another attack in which malware could trick users into unknowingly sending their crypto-currency to hackers.


CRYPTODEFENDER COMING SOON



(1)
(0)




Zerify Inc (ZRFY) Stock Research Links


  1.  
  2.  


  3.  
  4.  
  5.  


WORDS TO LIVE BY:

Never argue with stupid people, they will drag you down to their level and then beat you with experience.


Get .... PrivacyLok https://cyberidguard.com/

Try SafeVchat: https://cyberidguard.com/

My comments are only my opinion and are not to be used for investment advice.

Please conduct your own due diligence before choosing to buy or sell any stock.

xgqbj600g2g.jpg




Investors Hangout

Home

Mailbox

Message Boards

Favorites

Whats Hot

Blog

Settings

Privacy Policy

Terms and Conditions

Disclaimer

Contact Us

Whats Hot

Recent Activity

Most Viewed Boards

Most Viewed Posts

Most Posted Boards

Most Followed

Top Boards

Newest Boards

Newest Members

Investors Hangout Message Boards

Welcome To Investors Hangout

Stock Message Boards

American Stock Exchange (AMEX)

NASDAQ Stock Exchange (NASDAQ)

New York Stock Exchange (NYSE)

Penny Stocks - (OTC)

User Boards

The Hangout

Private

Global Markets

Australian Securities Exchange (ASX)

Euronext Amsterdam (AMS)

Euronext Brussels (BRU)

Euronext Lisbon (LIS)

Euronext Paris (PAR)

Foreign Exchange (FOREX)

Hong Kong Stock Exchange (HKEX)

London Stock Exchange (LSE)

Milan Stock Exchange (MLSE)

New Zealand Exchange (NZX)

Singapore Stock Exchange (SGX)

Toronto Stock Exchange (TSX)

Contact Investors Hangout

Email Us

Follow Investors Hangout

Twitter

YouTube

Facebook

Market Data powered by QuoteMedia. Copyright © 2025. Data delayed 15 minutes unless otherwise indicated (view delay times for all exchanges).
Analyst Ratings & Earnings by Zacks. RT=Real-Time, EOD=End of Day, PD=Previous Day. Terms of Use.

© 2025 Copyright Investors Hangout, LLC All Rights Reserved.

Privacy Policy |Do Not Sell My Information | Terms & Conditions | Disclaimer | Help | Contact Us