You may have heard the term ‘blockchain’ and dismissed it as a fad, a buzzword, or even technical jargon. But I believe blockchain is a technological advance that will have wide-reaching implications that will not just transform the financial services but many other businesses and industries.

A blockchain is a distributed database, meaning that the storage devices for the database are not all connected to a common processor.  It maintains a growing list of ordered records, called blocks. Each block has a timestamp and a link to a previous block.

Cryptography ensures that users can only edit the parts of the blockchain that they “own” by possessing the private keys necessary to write to the file. It also ensures that everyone’s copy of the distributed blockchain is kept in synch.

Imagine a digital medical record: each entry is a block. It has a timestamp, the date and time when the record was created. And by design, that entry cannot be changed retroactively, because we want the record of diagnosis, treatment, etc. to be clear and unmodified. Only the doctor, who has one private key, and the patient, who has the other, can access the information, and then information is only shared when one of those users shares his or her private key with a third party — say, a hospital or specialist. This describes a blockchain for that medical database.

Blockchains are secure databases by design.  The concept was introduced in 2008 by Satoshi Nakamoto, and then implemented for the first time in 2009 as part of the digital bitcoin currency; the blockchain serves as the public ledger for all bitcoin transactions. By using a blockchain system, bitcoin was the first digital currency to solve the double spending problem (unlike physical coins or tokens, electronic files can be duplicated and spent twice) without the use of an authoritative body or central server.

The security is built into a blockchain system through the distributed timestamping server and peer-to-peer network, and the result is a database that is managed autonomously in a decentralized way.  This makes blockchains excellent for recording events — like medical records — transactions, identity management, and proving provenance. It is, essentially, offering the potential of mass disintermediation of trade and transaction processing.


ROUTERS, BOTH THE big corporate kind and the small one gathering dust in the corner of your home, have long made an attractive target for hackers. They're always on and connected, often full of unpatched security vulnerabilities, and offer a convenient chokepoint for eavesdropping on all the data you pipe out to the internet. Now security researchers have found a broad, apparently state-sponsored hacking operation that goes a step further, using hacked routers as a foothold to drop highly sophisticated spyware even deeper inside a network, onto the computers that connect to those compromised internet access points.

Researchers at security firm Kaspersky on Friday revealed a long-running hacking campaign, which they call "Slingshot," that they believe planted spyware on more than a hundred targets in 11 countries, mostly in Kenya and Yemen. The hackers gained access to the deepest level of victim computers' operating system, known as the kernel, taking full control of target machines. And while Kaspersky's researchers haven't yet determined how the spyware initially infected the majority of those targets, in some cases the malicious code had been installed via small-business-grade routers sold by the Latvian firm MikroTik, which the Slingshot hackers had compromised.

Unlike previous router-hacking campaigns that have used routers themselves as eavesdropping points—or the far more common home router hacks that use them as fodder for distributed-denial-of-service attacks aimed at taking down websites—the Slingshot hackers appear to have instead exploited routers' position as a little-scrutinized foothold that can spread infections to sensitive computers within a network, allowing deeper access to spies. Infecting a router at a business or coffee shop, for instance, would then potentially give access to a broad range of users.



Americans were targeted on social media by Russian agents on a mission to harvest personal information, The Wall Street Journal reported Wednesday.

The agents pretended to work for organizations promoting African-American businesses as a ruse to obtain personal information from black business owners during the 2016 presidential election campaign, according to the report.

Using names like "BlackMattersUS" and "Black4Black," the agents set up hundreds of accounts on Facebook and Instagram, the WSJ said.

As part of its efforts to address the abuse of its platform during the election, Facebook introduced a tool that would enable its members to determine if they had contact with Russian propaganda during that period. The tool doesn't address the problem of Kremlin agents masquerading as Americans, however.

Facebook did not respond to our request to comment for this story.

The Journal story came on the heels of President Donald Trump's Tuesday announcement that his administration was doing a "very, very deep" study of election meddling and would make "very strong" recommendations about the 2018 elections.

However, Adm. Michael Rogers, chief of the U.S. Cyber Command and head of the National Security Agency, last week told the Senate Armed Services Committee that the White House had not directed him to take any actions to counter potential Russian meddling in the 2018 elections.

"The impact of social media is very real," said Ajay K. Gupta, program chair for computer networks and cybersecurity at the University of Maryland.

"The lack of real attribution for social media content means that elections are being impacted by people who we don't know who they are," he told TechNewsWorld.


It's a truism that just like organizations adapt, so too do criminals. For example, anyone who has ever seen a Wells Fargo commercial knows that there was a time when stagecoaches were a normative method for transporting cash and valuables. But what modern criminals in their right mind would attempt robbing a Brink's truck on horseback? While that strategy might have worked well in the days of the Pony Express, attempting it in now would be out of touch and inefficient.

This is an intentionally extreme example to make a point: Criminals adapt to keep pace in the same way that organizations adapt. With a veritable renaissance in technology use under way, criminals have been advancing their methods of attack just like organizations have been advancing their methods for conducting business.

One of the more recent developments in attacker tradecraft is so-called "fileless malware." This trend -- which emerged a few years ago but gained significant prominence in late 2016 and throughout 2017 -- refers to malware that is designed specifically and architected to not require -- or in fact interact with at all -- the filesystem of the host on which it runs.

It is important for technology pros to be alert to this, because it impacts them in several different ways.

First, it alters what they should watch for when analyzing attacker activity. Because fileless malware has different characteristics from traditional malware, it requires looking for different indicators.

Second, it impacts how practitioners plan and execute their response to a malware situation. One of the reasons attackers employ this method is that it circumvents many of the techniques that typically are employed to mitigate attacks.

However, there are some things practitioners can and should do to keep their organizations protected.