❕NEWS – US intelligence agencies: dollar and euro under threat from Bitcoin | NewProxyLists

The intelligence community, whose short name is IC, formed by various intelligence agencies of the USA, made a statement about BTC. In the report, which is reported to be published every 4 years, warnings are made about BTC: —– Dollar and euro are under the threat of digital currencies, especially Bitcoin. Coins that can be used and extracted personally will reduce countries’ control over exchange rates and money supply. Implementing monetary policies will become complicated. —–
What do you think about this warning?

threat mitigation – Mitre ATT&CK for ICS: how to get the list of assets?

I’am using the Mitre ATT&CK CTI for ICS and I need to get all the assets
shown in this page

How can I get them through their TAXII server?
Here is a little snippet of code interacting with the CTI.

from taxii2client.v20 import Server, ApiRoot, Collection
from stix2 import TAXIICollectionSource, Filter
from stix2.v20 import AttackPattern, Malware, CourseOfAction, IntrusionSet, Tool

# Instantiate server and get API Root
server = Server("https://cti-taxii.mitre.org/taxii")
api_root: ApiRoot = server.api_roots(0)

# Isolate each collection
pre_attack: Collection = next(filter(lambda c: c.title == "PRE-ATT&CK", api_root.collections), None)
enterprise_attack: Collection = next(filter(lambda c: c.title == "Enterprise ATT&CK", api_root.collections), None)
mobile_attack: Collection = next(filter(lambda c: c.title == "Mobile ATT&CK", api_root.collections), None)
ics_attack: Collection = next(filter(lambda c: c.title == "ICS ATT&CK", api_root.collections), None)

# Navigate ICS Collection
ics_source: TAXIICollectionSource = TAXIICollectionSource(ics_attack)

print("All")
for value in ics_source.query():
    print(value)

Is it not a threat to security to have sexual predators as mods?

Arnon Weinberg is a stackexchange moderator, but also a sexual predator.
Why is this acceptable?

One Arrested, One Sought In Voyeurism Investigations

What is the impact and threat of Spectre in Javascript?

If you have looked into this demo of Spectre in JavaScript: Did I get it right that only current site memory can be accessed, due to site isolation etc? I saw there is also an addon to detect attackts (Spectroscope). Can somebody describe the potential impact of it? If I visit a site attacking me via Spectre and they can only get that site info (site isolation) what is the threat?

safety – Family with kids driving from Marrakesh to Fez – any threat of danger for daytime driving?

We are two parents with three children, a blonde, a red head and one brunette, ages 8,9,and 12 years. Why do I write that? because we look very American which may not be such a good thing in Morocco. I love everything I read about the adventure, history and beauty of Morocco and it may be ignorance, but I am afraid of driving cross country and have a fear of being pulled over by machine gun toting rebels kidnapping my children. Feels awful to say it and this is very ignorant on my part but as a mother I wonder if I am jeopardizing my children?? We have planned driving trips through many European countries and Mexico, when it was safe. We love to drive and gain our freedom and it is also economical for a family of 5. All I have read say that Morocco is safe and the people are kind to Americans. We are well traveled and enjoy simple living and immersion into the culture. My route would take us from Marrakesh over the mountains to the Kasbahs, Falls, Atlas Film Studio with a drive toward Merzouga and an overnight camel trip to the Sahara and then a drive to Fez. I want to figure out how to put Essouira into the mix as well. I know bad things can happen anywhere in the world I just don’t want to fly my family into a place where I shouldn’t. I am becoming more educated that this would be a safe journey. Please respond.

programming – Why do security-sensitive APIs prefer char[] over String when handling pass-phrases even in Java? What threat are they protecting against?

I note that in Java, the String type is immutable and safe, yet using char() for password handling is pretty common.

Two concrete examples are:

I mean, look at this code, (taken from the JAAS tutorial) … mostly avoidable if PasswordCallback#getPassword() would just return a String.

        callbackHandler.handle(callbacks);
        char() tmpPassword = ((PasswordCallback)callbacks(1)).getPassword();
        if (tmpPassword == null) {
            // treat a NULL password as an empty password
            tmpPassword = new char(0);
        }
        password = new char(tmpPassword.length);
        System.arraycopy(tmpPassword, 0,
                    password, 0, tmpPassword.length);
        ((PasswordCallback)callbacks(1)).clearPassword();

I feel like I’m missing why smart system-programmers go to such trouble (at least, they did in the late 90’s, in the infancy of Java). I suppose the above hoo-hah might achieve the characters comprising the secret from sitting next to each other on the heap. They’ve just been moved from one char() on the heap to another char() that’s presently only on the stack? (I’m not sure enough of my JVM primitive arrays to really be sure of this).

Is this:

  • just a habit brought across from C/C++ where an improperly terminated string could cause a buffer-overflow
  • a way to force programmers to avoid string literals that would be ‘interned’ by the compiler when testing for ‘does the input match the hard-coded-secret’ (which isn’t going to happen except in throwaway code anyway)
  • a strong and reasonable commitment to ensuring that ‘insofar as it depends on me’, clear-text secrets are kept clear in memory for the absolute shortest amount of time, in case of an attacker with permissions to inspect memory? (That degree of access by an attacker is basically game-over anyway: sure, we can make it just that little bit more hard for them, but really, this is called doubting the integrity of your execution environment, and that’s … a really heavy burden for an application!)

What design force am I not seeing?

What are the threat models that using a VPN for mobile data can mitigate?

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

security – Threat probability? 1 state controls >70% of miners. Other states go to war with them

This is almost certainly a silly question, but there are a lot of new bitcoin owners like me and a specific threat was made today which sounds credible to those of us who lack deep knowledge of bitcoin.

The specific threat is this one:

1: China controls 70% of the miners. SOURCE

2: They are using Hydroelectric and Nuclear Power reactors to do this. SOURCE

3: The United States (and allies) are seeking to destroy bitcoin in a war with China.

4: Bitcoin will go to 0 and US regulated coins will survive. SOURCE

So it’s kind of 2 threats rolled into 1 and I’m trying to come up with a “probability of threat number” to determine if I should even devote time to considering this.

My guess is that the probability is less than 1% but it’s just a guess and I have a high amount of uncertainty due to my current depth of knowledge.

Again, please forgive the silliness of the question, but any assistance to help improve my confidence that the threat is not to be taken seriously would be appreciated.

Threat Modeling and Risk Assessment Effort Estimation

is there any way to have a good effort time estimation of a Threat Modeling and Risk Assessment activity for an internal infrastructure (about 30 active nodes)?

In general, is it possible to find a “best practice” to estimate effort time for an activity that detects threats by using Threat Modelling and estimate the risk of threats by following a standard template, such as OWASP Risk Rating score?

Or, according to your experience, is it better to have a “time material” approach for this type of activities?
Thank you in advance

internet – How big threat if I’ll use Windows 7 these days, but visit only trusted sites?

Trusted sites very often include content from other places, like ad networks and other content providers. So you need to be protected from those sources, too.

And you are not just visiting sites. The Win7 machine is running on your network, which can get infected and seek out other nodes to infect. Other people with access to the machine can also exploit unpatched vulnerabilities (like the one announced this week)

Stores and banks will use out of date OS’s, but they also pay for extended support from Microsoft, and they typically don’t allow them access to the internet: they are most often on isolated and protected networks with a lot of monitoring.