maggio | 2016 | Binary options robots

Centument Review - Centument Assets Trading Software By Gerald Reed Review Binary Options Trading System 2016 Centument LTD Reviews

submitted by NicholasHellings to NicholasHellings [link] [comments]

Vault 7 - CIA Hacking Tools Revealed

Vault 7 - CIA Hacking Tools Revealed
March 07, 2017
from Wikileaks Website


https://preview.redd.it/9ufj63xnfdb41.jpg?width=500&format=pjpg&auto=webp&s=46bbc937f4f060bad1eaac3e0dce732e3d8346ee

Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency.
Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (below image) in Langley, Virgina.
It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including,
  1. malware
  2. viruses
  3. trojans
  4. weaponized "zero day" exploits
  5. malware remote control systems

...and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.
The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include,

  1. Apple's iPhone
  2. Google's Android
  3. Microsoft's Windows
  4. Samsung TVs,

...which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA).
The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers.
The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI - below image), had over 5000 registered users and had produced more than a thousand,
hacking systems trojans viruses,
...and other "weaponized" malware.


https://preview.redd.it/3jsojkqxfdb41.jpg?width=366&format=pjpg&auto=webp&s=e92eafbb113ab3e972045cc242dde0f0dd511e96

Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more codes than those used to run Facebook.
The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that,
"There is an extreme proliferation risk in the development of cyber 'weapons'.
Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.
But the significance of 'Year Zero' goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to Redact (see far below) and Anonymize some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout,
Latin America Europe the United States

While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs
CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation).
The DDI is one of the five major directorates of the CIA (see above image of the CIA for more details).
The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS.
After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.
CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year.
"Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of, WhatsApp
  1. Signal
  2. Telegram
  3. Wiebo
  4. Confide
  5. Cloackman
...by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
CIA malware targets Windows, OSx, Linux, routers
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.
This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ("Brutal Kangaroo") and to keep its malware infestations going.
Many of these infection efforts are pulled together by the CIA's Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as "Assassin" and "Medusa".
Attacks against Internet infrastructure and webservers are developed by the CIA's Network Devices Branch (NDB).
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section far below.
CIA 'hoarded' vulnerabilities ("zero days")
In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis - rather than hoard - serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability.
If the CIA can discover such vulnerabilities so can others.
The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities.
The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.
The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability.
As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers.
By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
'Cyberwar' programs are a serious proliferation risk
Cyber 'weapons' are not possible to keep under effective control.
While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber 'weapons', once developed, are very hard to retain.
Cyber 'weapons' are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
Securing such 'weapons' is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces - sometimes by using the very same 'weapons' against the organizations that contain them.
There are substantial price incentives for government hackers and consultants to obtain copies since there is a global "vulnerability market" that will pay hundreds of thousands to millions of dollars for copies of such 'weapons'.
Similarly, contractors and companies who obtain such 'weapons' sometimes use them for their own purposes, obtaining advantage over their competitors in selling 'hacking' services.
Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information.
The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.
The instructions for incoming CIA hackers make Germany's counter-intelligence efforts appear inconsequential: "Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport" Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate. Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.
Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area - including France, Italy and Switzerland.
A number of the CIA's electronic attack methods are designed for physical proximity.
These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace.
The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media.
For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use.
To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos).
But while the decoy application is on the screen, the underlying system is automatically infected and ransacked.
How the CIA dramatically increased proliferation risks
In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7", the CIA's, weaponized malware (implants + zero days) Listening Posts (LP) Command and Control (C2) systems, ...the agency has little legal recourse.
The CIA made these systems unclassified.
Why the CIA chose to make its cyber-arsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.
To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet.
If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet.
Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution.
This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Conventional weapons such as missiles may be fired at the enemy (i.e. into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts.
Ordnance will likely explode. If it does not, that is not the operator's intent.
Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams.
For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired.
However the analogy is questionable.
Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target.
To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers.
But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.
A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system.
If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation.
Evading forensics and anti-virus
A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as, Apple
  1. Microsoft
  2. Google
  3. Samsung
  4. Nokia
  5. Blackberry
  6. Siemens
  7. anti-virus companies,
...attribute and defend against attacks.
"Tradecraft DO's and DON'Ts" contains CIA rules on how its malware should be written to avoid fingerprints implicating the "CIA, US government, or its witting partner companies" in "forensic review".
Similar secret standards cover the, use of encryption to hide CIA hacker and malware communication (pdf) describing targets & exfiltrated data (pdf) executing payloads (pdf) persisting (pdf), ...in the target's machines over time.
CIA hackers developed successful attacks against most well known anti-virus programs.
These are documented in, AV defeats Personal Security Products Detecting and defeating PSPs PSP/DebuggeRE Avoidance For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM".
CIA hackers discussed what the NSA's "Equation Group" hackers did wrong and how the CIA's malware makers could avoid similar exposure.

Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.
The majority of these projects relate to tools that are used for,
penetration infestation ("implanting") control exfiltration
Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants.
Special projects are used to target specific hardware from routers to smart TVs.
Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks' "Year Zero".
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency.
Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible.
As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover,
keyloggers
  1. password collection
  2. webcam capture
  3. data destruction
  4. persistence
  5. privilege escalation
  6. stealth
  7. anti-virus (PSP) avoidance
  8. survey techniques

Fine Dining
Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out.
The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations.
The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff.
The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are,
  • 'Asset'
  • 'Liason Asset'
  • 'System Administrator'
  • 'Foreign Information Operations'
  • 'Foreign Intelligence Agencies'
  • 'Foreign Government Entities'
Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types.
The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained.
This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Improvise (JQJIMPROVISE)
  1. 'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector
  2. selection for survey/exfiltration tools supporting all major operating systems like,
  3. Windows (Bartender)
  4. MacOS (JukeBox)
  5. Linux (DanceFloor)
  6. Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools
based on requirements from 'Fine Dining' questionnaires.
HIVE
HIVE is a multi-platform CIA malware suite and its associated control software.
The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider.
The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients.
It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant.
If a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?
WikiLeaks published as soon as its verification and analysis were ready. In February the Trump administration has issued an Executive Order calling for a "Cyberwar" review to be prepared within 30 days.
While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.
Redactions
Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
Archive attachments (zip, tar.gz, ...), are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
Attachments with other binary content, are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
Tens of thousands of routable IP addresses references, (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
Binary files of non-public origin, are only available as dumps to prevent accidental invocation of CIA malware infected binaries.
Organizational Chart
The organizational chart (far above image) corresponds to the material published by WikiLeaks so far.
Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far.
It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.
Wiki pages
"Year Zero" contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian.
Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.
The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).
What time period is covered?
The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).
WikiLeaks has obtained the CIA's creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order.
If it is critical to know the exact time/date contact WikiLeaks.
What is "Vault 7"
"Vault 7" is a substantial collection of material about CIA activities obtained by WikiLeaks.
When was each part of "Vault 7" obtained?
Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
Is each part of "Vault 7" from a different source?
Details on the other parts will be available at the time of publication.
What is the total size of "Vault 7"?
The series is the largest intelligence publication in history.
How did WikiLeaks obtain each part of "Vault 7"?
Sources trust WikiLeaks to not reveal information that might help identify them.
Isn't WikiLeaks worried that the CIA will act against its staff to stop the series?
No. That would be certainly counter-productive.
Has WikiLeaks already 'mined' all the best stories?
No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They're there.
Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.
Won't other journalists find all the best stories before me?
Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.
submitted by CuteBananaMuffin to conspiracy [link] [comments]

Временно бесплатные курсы Udemy

Временно бесплатные курсы Udemy

https://preview.redd.it/se7zt100k9c31.jpg?width=700&format=pjpg&auto=webp&s=b7d9eb97754935764b044d2dd31900c6106efab5
Подборка временно бесплатных курсов Udemy.122 шт. Промокоды, вшиты в ссылки.Все курсы на английском.

  1. Agile Retrospective: Continuous Improvement + Kaizen Wth Scrum
  2. Artificial Intelligence Concepts - AI 101
  3. Build Interactive Apps Using VueJS, Vuex And VueRouter
  4. C Programming 2019
  5. CloverETL Data Integration
  6. Create A SHMUP With Unity 3D
  7. Google Cloud Platform Associate Cloud Engineer Practice Test
  8. How To Create Android Apps Without Coding Advance Course
  9. How to Install Linux Mint (Cinnamon) on a Virtual Machine
  10. How to Install Ubuntu Linux on a Virtual Machine
  11. How To Uv Unwrap Models In Blender
12. Introduction To SAS
13. iOS 12 Chat Application Like WhatsApp And Viber
14. iOS App Grocery List (Swift 3.1, iOS10.3) From 0 To AppStore
  1. iOS12 Animations, Learn Swift Animation With UIKit
16. iOS12 Bootcamp From Beginner To Professional iOS Developer
  1. JavaScript & LeetCode | The Ultimate Interview Bootcamp
  2. Learn Angular 8 By Creating A Simple Full Stack Web App
  3. Learn How To Make Trading Card Game Menus With Unity 3D
20. Learn React JS And Web API By Creating A Full Stack Web App
  1. Learn To Code Trading Card Game Battle System With Unity 3D
  2. Learn To Code With Python 3!
  3. Linux For Absolute Beginners!
  4. Linux Shell Terminal Command Basics
  5. Machine Learning iOS 11
  6. MapReduce Architecture For Big Data
  7. QuickChat 2.0 (WhatsApp Like Chat) iOS10 And Swift 3
  8. Random Forest Algorithm In Machine Learning
  9. Scrum Advanced: Software Development & Program Management
  10. Scrum Certification Prep + Scrum Master + Agile Scrum Training
  11. Simple And Advanced Topics Of Animating 2D Characters
  12. SSL Complete Guide: HTTP To HTTPS
  13. Start your own online store now for FREE
  14. Swift Weather (Meteorology) Application With REST API
  15. The Complete jQuery Course 2019: Build Real World Projects!
  16. Understanding On Google Charts
  17. User Stories For Agile Scrum + Product Owner + Business Analysis
  18. WP Plugin Development - Build Your Own Plugin!
  19. Double Your Office Productivity Using Google Apps
  20. How to become a much better & safer driver & avoid accidents
  21. Leadership Wisdom - Advanced Leadership Strategies
  22. Use your perfectionism to be more successful at work
  23. 3D Animation Film-Making With Plotagon: Ultra-Speed 2019 Design
  24. Blender Beginners Guide To 3D Modeling Game Asset Pipeline Design
  25. Citrix 1Y0-371 Designing Deploying Managing Citrix Exam IT & Software
  26. Complete Whiteboard Video Creation With VideoScribe: 2019 Design
  27. Create Lightning Fast Videos With InVideo: AI Video Making Design
  28. Learn Cinema 4D: Low Poly Tree Design
  29. Learn Illustrator CC: Create Simple Flat Vector Characters Design
  30. The Illustration Masterclass Design
  31. The Open Source Multimedia Masterclass Design
  32. Camtasia Studio 9: Become a Video Editing Guru With Camtasia
  33. 10 Copywriting Hacks That Work In 2019
  34. 10 Facebook Marketing Hacks That Work In 2019
  35. Certified Facebook Marketing 2019 (Complete Masterclass)
  36. Certified Network Marketer (Network Marketing & MLM Mastery)
  37. ClickBank Affiliate Marketing Secrets Home Business Success
  38. ClickBank Affiliate Marketing: NO Cost, No Website - Proven
  39. Competitor Analysis Tools For 2019: Part 1
  40. Digital Marketing Secrets For Beginners
  41. Email Blasting For Commissions [CPA & Affiliate Marketing]
  42. Email Marketing Mastery to Earn More & Build a Huge List
63. Facebook Ads 101. Complete Facebook Ads & Marketing Course
  1. Facebook Marketing: Advanced Targeting Strategies
  2. Facebook Marketing: How To Build A List With Lead Ads
  3. Facebook Marketing: How To Build A Targeted Email List
  4. Fraud Analytics Using R & Microsoft Excel
  5. Gamification: Use Gamification In Marketing
  6. Google Analytics For Beginners 2019
  7. Google Analytics For WordPress to Track Your Website Traffic
  8. Home Business: CPA Marketing From Scratch
  9. How To Get Your First 1,000 Facebook Fans: For Beginners
  10. How To Promote CPA Offers With Bing Ads
  11. Influencer Content Marketing: Killer Tactics For 2019
  12. Instagram Marketing Growth Tips [Influencer Shortcuts]
  13. Marketing Analytics Using R And Excel
  14. Master ClickFunnels & Create Sales Funnels Like a Boss
  15. Modern Social Media Marketing - Complete Certificate Course
  16. Powerpoint 4 Video Part A - Introduction + Character Animation
  17. Secrets Exposed: Find The Most Profitable Niches Of 2019
  18. Talking Robots: Artificial Intelligence Audiobook Creation
  19. The Complete Social Media Marketing Agency Masterclass
  20. VideoScribe: Whiteboard Animation From Zero To Hero
  21. VideoScribe Whiteboard Animation: Create Amazing Promo Video
  22. Viral Content Buzz - Killer Tactics For Blog Promotions
  23. YouTube Creator Tips [Grow A Channel-Get More Subs & Views]
  24. Youtube SEO Course: How TO Rank # 1 On YouTube In 2019
  25. YouTube Video Marketing For Domination: ViralNomics 2019
  26. Artificial Intelligence Music Creation & Remixing 2019
  27. STRUMMING SIMPLIFIED: 51 Guitar Rhythms For All Styles!
  28. Agile Project Management: Scrum Step By Step With Examples
  29. Amazon Dropship Mastery
  30. Amazon FBA Tycoon - The Ultimate Private Label Masterclass
  31. Artificial Intelligence And Predictive Analysis Using Python
  32. Binary Options Trading Ninja: The Bandit Strategy
  33. Bitcoin Valuation: Methods And Frameworks
  34. Business Education: Guide To Blockchain And Cryptocurrencies
  35. Certified Network Marketer (Network Marketing & MLM Mastery)
  36. ClickBank Affiliate Marketing Secrets Home Business Success
  37. Dropshipping With WordPress: Create A Dropship Business Fast
  38. eCommerce Business: Set Up Your Own Business From Home
  39. Entrepreneurship: Complete Guide To Business Model Creation
  40. Entrepreneurship Bootcamp: Create Work At Home Business
  41. Entrepreneurship Tips For Success
  42. Futures Trading Ninja: DIY Futures Trading Course (12 Hour)
  43. Gamification: Use Gamification In Marketing
  44. Home Business: CPA Marketing From Scratch
  45. How To Be Lucky In Business And Life
  46. Lean Six Sigma Applications In Information Technology
  47. Online Business: How I Make 5 Figure Passive Income on JVZoo
  48. Pandas With Python Tutorial
  49. Personal / Business Networking Skills For Maximum Success!
  50. Project Management: Deliver On Time + Scrum Project Delivery
  51. Scrum Master Training: Case Studies And Confessions
  52. Start Making Passive Income Online: The Complete Bundle
  53. The BeLive Studio2 Course For Live Broadcasters
  54. The Complete Personal Productivity Course - Business & Life
  55. Transformational Leadership - Ultimate Leadership Course
  56. Ultimate Time Management - BEST Time Management Course
  57. User Stories For Agile Scrum + Product Owner + Business Analysis
  58. Your Complete Guide To Agile, Scrum, Kanban
  59. Your Ultimate Blueprint To Sell Products Online


Источник: Телеграм-канал WScoupon
submitted by abbelrus to Pikabu [link] [comments]

[uncensored-r/Bitcoin] /r/Bitcoin FAQ - Newcomers please read

The following post by BinaryResult is being replicated because some comments within the post(but not the post itself) have been silently removed.
The original post can be found(in censored form) at this link:
reddit: /Bitcoin/comments/6jlop4
The original post's content was as follows:

Welcome to the /Bitcoin Sticky FAQ

You've probably been hearing a lot about Bitcoin recently and are wondering what's the big deal? Most of your questions should be answered by the resources below but if you have additional questions feel free to ask them in the comments.
The following videos are a good starting point for understanding how bitcoin works and a little about its long term potential:
For lots of additional video resources check out the videos wiki page or /BitcoinTV.
Key properties of bitcoin
  • Limited Supply - There will only ever be 21,000,000 bitcoins created and they are issued in a predictable fashion, you can view the inflation schedule here. Once they are all issued Bitcoin will be truly deflationary.
  • Open source - Bitcoin code is fully auditable. You can read the source code yourself here.
  • Accountable - The public ledger is transparent, all transactions are seen by everyone.
  • Decentralized - Bitcoin is globally distributed across thousands of nodes with no single point of failure and as such can't be shut down similar to how Bittorrent works.
  • Censorship resistant - No one can prevent you from interacting with the bitcoin network and no one can censor, alter or block transactions that they disagree with, see Operation Chokepoint.
  • Push system - There are no chargebacks in bitcoin because only the person who owns the address where the bitcoins reside has the authority to move them.
  • Low fee - Transactions fees can vary between a few cents and a few dollars depending on network demand and how much priority you wish to assign to the transaction. Most wallets calculate the fee automatically but you can view current fees here.
  • Borderless - No country can stop it from going in/out, even in areas currently unserved by traditional banking as the ledger is globally distributed.
  • Trustless - Bitcoin solved the Byzantine's Generals Problem which means nobody needs to trust anybody for it to work.
  • Pseudonymous - No need to expose personal information when purchasing with cash or transacting.
  • Secure - Encrypted cryptographically and can’t be brute forced or confiscated with proper key management such as hardware wallets.
  • Programmable - Individual units of bitcoin can be programmed to transfer based on certain criteria being met
  • Nearly instant - From a few seconds to a few minutes depending on need for confirmations. After a few confirmations transactions are irreversible.
  • Peer-to-peer - No intermediaries with a cut, no need for trusted third parties.
  • Portable - Bitcoins are digital so they are easier to move than cash or gold. They can even be transported by simply remembering a string of words for wallet recovery.
  • Scalable - Each bitcoin is divisible down to 8 decimals allowing it to grow in value while still accommodating micro-transactions.
  • Designed Money - Bitcoin was created to fit all the fundamental properties of money better than gold or fiat
Some excellent writing on Bitcoin's value proposition and future can be found here. Bitcoin statistics can be found here, here and here. Developer resources can be found here and here. Peer-reviewed research papers can be found here. The number of times Bitcoin was declared dead by the media can be found here. Scaling resources here, and of course the whitepaper that started it all.

Where can I buy bitcoins?

BuyBitcoinWorldwide.com and Howtobuybitcoin.io are helpful sites for beginners. You can buy or sell any amount of bitcoin and there are several easy methods to purchase bitcoin with cash, credit card or bank transfer. Some of the more popular resources are below, also, check out the bitcoinity exchange resources for a larger list of options for purchases.
Bank Transfer Credit / Debit card Cash
Coinbase Coinbase LocalBitcoins
Gemini Bitstamp LibertyX
GDAX Bitit Mycelium LocalTrader
Bitstamp Cex.io BitQuick
Kraken CoinMama WallofCoins
Xapo BitcoinOTC
Cex.io
itBit
Bitit
Bitsquare
Here is a listing of local ATMs. If you would like your paycheck automatically converted to bitcoin use Cashila or Bitwage.
Note: Bitcoins are valued at whatever market price people are willing to pay for them in balancing act of supply vs demand. Unlike traditional markets, bitcoin markets operate 24 hours per day, 365 days per year. Preev is a useful site that that shows how much various denominations of bitcoin are worth in different currencies. Alternatively you can just Google "1 bitcoin in (your local currency)".

Securing your bitcoins

With bitcoin you can "Be your own bank" and personally secure your bitcoins OR you can use third party companies aka "Bitcoin banks" which will hold the bitcoins for you.
  • If you prefer to "Be your own bank" and have direct control over your coins without having to use a trusted third party, there are many software wallet options here. If you want easy and secure storage without having to learn computer security best practices, then a hardware wallet such as the Trezor or Ledger is recommended. A more advanced option is to secure them yourself using paper wallets generated offline. Some popular mobile and desktop options are listed below and most are cross platform.
Android iOs Desktop
Mycelium BreadWallet Electrum
CoPay AirBitz Armory
  • If you prefer to let third party "Bitcoin banks" manage your coins, try Coinbase or Xapo but be aware you may not be in control of your private keys in which case you would have to ask permission to access your funds and be exposed to third party risk.
Another interesting use case for physical storage/transfer is the Opendime. Opendime is a small USB stick that allows you to spend Bitcoin by physically passing it along so it's anonymous and tangible like cash.
Note: For increased security, use Two Factor Authentication (2FA) everywhere it is offered, including email!
2FA requires a second confirmation code to access your account, usually from a text message or app, making it much harder for thieves to gain access. Google Authenticator and Authy are the two most popular 2FA services, download links are below. Make sure you create backups of your 2FA codes.
Google Auth Authy
Android Android
iOS iOS

Where can I spend bitcoins?

A more comprehensive list can be found at the Trade FAQ but some more commons ones are below.
Store Product
Gyft Gift cards for hundreds of retailers including Amazon, Target, Walmart, Starbucks, Whole Foods, CVS, Lowes, Home Depot, iTunes, Best Buy, Sears, Kohls, eBay, GameStop, etc.
Steam, HumbleBundle, Games Planet, itch.io, g2g and kinguin For when you need to get your game on
Microsoft Xbox games, phone apps and software
Spendabit, The Bitcoin Shop, Overstock, Rakuten, DuoSearch, The Bitcoin Directory and BazaarBay Retail shopping with millions of results
ShakePay Generate one time use Visa cards in seconds
NewEgg, TigerDirect and Dell For all your electronics needs
Cashila, Bitwa.la, Coinbills, Piixpay, Bitbill.eu, Bylls, Coins.ph, Bitrefill, Pey.de, LivingRoomofSatoshi, Hyphen.to, Coinsfer, GetPaidinBitcoin, Coins.co.th, More #1, #2 Bill payment
Foodler, Menufy, Takeaway, Thuisbezorgd NL, Pizza For Coins Takeout delivered to your door!
Expedia, Cheapair, Lot, Destinia, BTCTrip, Abitsky, SkyTours, Fluege the Travel category on Gyft and 9flats For when you need to get away
BoltVM, BitHost VPS service
Cryptostorm, Mullvad, and PIA VPN services
Namecheap For new domain name registration
Stampnik and GetUSPS Discounted USPS Priority, Express, First-Class mail postage
Reddit Gold Premium membership which can be gifted to others
Coinmap, 99Bitcoins and AirBitz are helpful to find local businesses accepting bitcoins. A good resource for UK residents is at wheretospendbitcoins.co.uk.
There are also lots of charities which accept bitcoin donations, such as Wikipedia, Red Cross, Amnesty International, United Way, ACLU and the EFF. You can find a longer list here.

Merchant Resources

There are several benefits to accepting bitcoin as a payment option if you are a merchant;
  • 1-3% savings over credit cards or PayPal.
  • No chargebacks (final settlement in 10 minutes as opposed to 3+ months).
  • Accept business from a global customer base.
  • Increased privacy.
  • Convert 100% of the sale to the currency of your choice for deposit to your account, or choose to keep a percentage of the sale in bitcoin if you wish to begin accumulating it.
If you are interested in accepting bitcoin as a payment method, there are several options available;

Can I mine bitcoin?

Mining bitcoins can be a fun learning experience, but be aware that you will most likely operate at a loss. Newcomers are often advised to stay away from mining unless they are only interested in it as a hobby similar to folding at home. If you want to learn more about mining you can read more here. Still have mining questions? The crew at /BitcoinMining would be happy to help you out.
If you want to contribute to the bitcoin network by hosting the blockchain and propagating transactions you can run a full node using this setup guide. Bitseed is an easy option for getting set up. You can view the global node distribution here.

Earning bitcoins

Just like any other form of money, you can also earn bitcoins by being paid to do a job.
Site Description
WorkingForBitcoins, Bitwage, XBTfreelancer, Cryptogrind, Bitlancerr, Coinality, Bitgigs, /Jobs4Bitcoins, Rein Project Freelancing
OpenBazaar, Purse.io, Bitify, /Bitmarket, 21 Market Marketplaces
Watchmybit, Streamium.io, OTika.tv, XOtika.tv NSFW, /GirlsGoneBitcoin NSFW Video Streaming
Bitasker, BitforTip, WillPayCoin Tasks
Supload.com, SatoshiBox, JoyStream, File Army File/Image Sharing
CoinAd, A-ads, Coinzilla.io Advertising
You can also earn bitcoins by participating as a market maker on JoinMarket by allowing users to perform CoinJoin transactions with your bitcoins for a small fee (requires you to already have some bitcoins)

Bitcoin Projects

The following is a short list of ongoing projects that might be worth taking a look at if you are interested in current development in the bitcoin space.
Project Description
Lightning Network, Amiko Pay, and Strawpay Payment channels for network scaling
Blockstream and Drivechain Sidechains
21, Inc. Open source library for the machine payable web
ShapeShift.io Trade between bitcoins and altcoins easily
Open Transactions, Counterparty, Omni, Open Assets, Symbiont and Chain Financial asset platforms
Hivemind and Augur Prediction markets
Mirror Smart contracts
Mediachain Decentralized media library
Tierion and Factom Records & Titles on the blockchain
BitMarkets, DropZone, Beaver and Open Bazaar Decentralized markets
Samourai and Dark Wallet - abandoned Privacy-enhancing wallets
JoinMarket CoinJoin implementation (Increase privacy and/or Earn interest on bitcoin holdings)
Coinffeine and Bitsquare Decentralized bitcoin exchanges
Keybase and Bitrated Identity & Reputation management
Bitmesh and Telehash Mesh networking
JoyStream BitTorrent client with paid seeding
MORPHiS Decentralized, encrypted internet
Storj and Sia Decentralized file storage
Streamium and Faradam Pay in real time for on-demand services
Abra Global P2P money transmitter network
bitSIM PIN secure hardware token between SIM & Phone
Identifi Decentralized address book w/ ratings system
Coinometrics Institutional-level Bitcoin Data & Research
Blocktrail and BitGo Multisig bitcoin API
Bitcore Open source Bitcoin javascript library
Insight Open source blockchain API
Leet Kill your friends and take their money ;)

Bitcoin Units

One Bitcoin is quite large (hundreds of £/$/€) so people often deal in smaller units. The most common subunits are listed below:
Unit Symbol Value Info
millibitcoin mBTC 1,000 per bitcoin SI unit for milli i.e. millilitre (mL) or millimetre (mm)
microbitcoin ?BTC 1,000,000 per bitcoin SI unit for micro i.e microlitre (?L) or micrometre (?m)
bit bit 1,000,000 per bitcoin Colloquial "slang" term for microbitcoin
satoshi sat 100,000,000 per bitcoin Smallest unit in bitcoin, named after the inventor
For example, assuming an arbitrary exchange rate of $500 for one Bitcoin, a $10 meal would equal:
  • 0.02 BTC
  • 20 mBTC
  • 20,000 bits
For more information check out the Bitcoin units wiki.
Still have questions? Feel free to ask in the comments below or stick around for our weekly Mentor Monday thread. If you decide to post a question in /Bitcoin, please use the search bar to see if it has been answered before, and remember to follow the community rules outlined on the sidebar to receive a better response. The mods are busy helping manage our community so please do not message them unless you notice problems with the functionality of the subreddit. A complete list of bitcoin related subreddits can be found here
Note: This is a community created FAQ. If you notice anything missing from the FAQ or that requires clarification you can edit it here and it will be included in the next revision pending approval.
Welcome to the Bitcoin community and the new decentralized economy!
submitted by censorship_notifier to noncensored_bitcoin [link] [comments]

10-06 18:33 - '“Bitcoin Code Review Australia” - Is “Bitcoin Code Australia” Scam? My SHOCKING Results!' (self.Bitcoin) by /u/thebitcoincode786 removed from /r/Bitcoin within 15-25min

'''
“Bitcoin Code Review Australia” [link]6 Click left to read my full detailed story and shocking results of using this Bitcoin Code Australia system now!
My Short To The Point Bitcoin Code Review Australia & Results!
So, I signed up with [Bitcoin Code Review Australia]1 , deposited the minimum of $500 into their recommended broker account to start off with. Today is my 5th day using it, and when I checked my account last night it was almost at $12,900+, so I’m hoping I go will over that magic $19K mark by the end of the week! So, if you are in a hurry & don’t want to read my complete story & full review then Click this link to get started making $13000 in 24 hours with this secret [bitcoin code australia]2 system easily now! [link]6
My detailed review and results about Bitcoin Code Review Australia software:
Bitcoin Code Review Australia features a super-fast computer which processes millions of trades each day. The system uses the existing market infrastructure and the high-speed computer, which gives this binary program an advantage over other systems.
This software has only lost one trade in 4 years of 1478 trades. The accuracy of trades is very high, so it’s no wonder that most reviews are positive for Bitcoin Code Review Australia Trading App.
The system signals performs trades with 163 exchanges in 35 nations and the number of trades it processes each year is astounding — 4 million!
The company behind this signals system is very good. This company plans to release its second IPO (Initial Public Offering) on the 14th April 2018. In 2017, this Trading App earned $723 million in profits, which was 11% higher than the profits of 2016.
This year, even though it is already April passing, the software Company has calculated that it will earn $650 million in profits even though there are only six weeks left to trade in.
From past 2 years I was desperately searching for a any legal way to earn money online from home. Following a dream of not having to be stuck in the 9 to 5 job by working my own hours and doing what I wanted in my life and to achieve financial freedom.
Do you know the saying “seek and you shall find?” Despite being told otherwise for most of my adult life I never lost hope and finally found what I was searching for and it’s called Bitcoin Code Review Australia my new way to financial freedom.
With that said I’m not going try to force it on you and say that this is what you have been seeking for, as I don’t know you. But if you’re here then it means you’re looking for a way to earn money online and I’ll gladly help you decide if this is for you in my Bitcoin Code Review Australia Review.
Bitcoin Code Review Australia Binary Options System generates at least $2,000+ a day without putting in any hard work or investing more than 1 hour per day.Well, to be more exact you can spend 2 hours a day and double these pure profits, this is up to you. Bitcoin Code Review Australia is a money-making program currently being offered for free online.
How does Bitcoin Code Review Australia work? To use Bitcoin Code Review Australia , you begin by opening an account at a binary options broker and depositing $500 into your account. You then connect Bitcoin Code Review Australia to your account by following the instructions inside Bitcoin Code Review Australia members area. Bitcoin Code Review Australia then makes trades for you.
Having used Bitcoin Code Review Australia for a few days, I’m really excited with the results. Sitting at your laptop and waiting for Bitcoin Code Review Australia to make trades is incredibly boring (it will only make a trade when the conditions are right, so most of the time it does nothing, but you have to leave your laptop running so that it can make a trade whenever it needs to, so I just leave Bitcoin Code Review Australia alone and see what it’s done at the end of the trading day. Click this link to get started making $13000 in 24 hours with this secret bitcoin code australia system easily now! [[link]6 ]3
[[link]9 [[link]10
#BitcoinCodeAustralia #BitcoinCodeReviewAustralia
'''
“Bitcoin Code Review Australia” - Is “Bitcoin Code Australia” Scam? My SHOCKING Results!
Go1dfish undelete link
unreddit undelete link
Author: thebitcoincode786
1: t*e*itco*nc*des.d*/en 2: t*e*itcoincod*s.*e*en 3: thebitc**n*odes.d**en 4: www.y*ut*be.c*m/wat****=pWu*NG*2lME 5: y**tu.b*/*Wu*NGK2lME 6: the*i*c*inc*des.de*en 7: t*e*it*oinc*des.de/e* 8: th*bit*o**codes**e/en]^^3 9: w*w.*o*tu*e.com/**tch?v=pW*zNGK2lM***^4 10: y*u*u.be*p*u*N*K2lME]^^5
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

Can I classify myself as a "trader" and use IRS form 4797?

I am a software developer, but I do my actual work in the evenings, and during the day, I day trade.
I placed 1087 trades within the last year. Some of this was with forex (currency trading), and some was with stock trading.
Some days I only placed no trades; others, I placed several dozen. I traded 119 days in 2016. So if there were about 250 trading days this year, I averaged 4.3 trades per day (675 binary options, 206 stock buys, 206 stock sells).
Unfortunately I suffered $15,000 in loss.
Considering my trading activity, would it make sense to classify myself as a trader, use IRS Form 4797, and claim all $15,000 of loss when filing my personal taxes?
submitted by chaddjohnson to Accounting [link] [comments]

The Strange Birth & History of Monero, Part IV: Monero "as it is now"

You can read here part III.
You can read this whole story translated into Spanish here
This is part IV, the last but not least.
Monero - A secure, private, untreceable cryptocurrency
https://bitcointalk.org/index.php?topic=583449.0
Notable comments in this thread:
-201: “I would like to offer 1000 MRO to the first person who creates a pool”
(https://bitcointalk.org/index.php?topic=583449.msg6422665#msg6422665)
[tacotime offers bounty to potential pool developer. Bytecoin devs haven’t released any code for pools, and the only existent pool, minergate (in the future related to BCN interests) was closed source]
-256: “Adam back seems to like CryptoNote the better than Zerocash https://twitter.com/adam3us/status/453493394472697856”
(https://bitcointalk.org/index.php?topic=583449.msg6440769#msg6440769)
-264: “update on pools: The NOMP guy (zone117x) is looking to fork his open source software and get a pool going, so one should hopefully be up soon.”
(https://bitcointalk.org/index.php?topic=583449.msg6441302#msg6441302)
-273: “Update on GUI: othe from VertCoin has notified me that he is working on it.”
(https://bitcointalk.org/index.php?topic=583449.msg6442606#msg6442606)
-356: “Everyone wanting a pool, please help raise a bounty with me here:
https://bitcointalk.org/index.php?topic=589533.0
And for the GUI:
https://bitcointalk.org/index.php?topic=589561.0”
(https://bitcointalk.org/index.php?topic=583449.msg6461533#msg6461533)
[5439 MRO + 0.685 BTC + 5728555.555 BCN raised for pool and 1652 XMR, 121345.46695471 BCN for the GUI wallet. Though this wallet was "rejected" as official GUI because wallet still has to be polished before building a GUI]
-437: “Yes, most Windows users should see a higher hashrate with the new build. You can thank NoodleDoodle. ”
(https://bitcointalk.org/index.php?topic=583449.msg6481202#msg6481202)
-446: “Even faster Windows binaries have just been uploaded. Install for more hash power! Once again, it was NoodleDoodle.”
(https://bitcointalk.org/index.php?topic=583449.msg6483680#msg6483680)
-448: “that almost doubled my hashrate again! GREAT STUFF !!!”
(https://bitcointalk.org/index.php?topic=583449.msg6484109#msg6484109)
-461: “Noodle only started optimization today so there may be gains for your CPU in the future.”
(https://bitcointalk.org/index.php?topic=583449.msg6485247#msg6485247)
[First day of miner optimization by NoodleDoodle, it is only May 1st]
-706: “The unstoppable NoodleDoodle has optimized the Windows build again. Hashrate should more than double. Windows is now faster than Linux. :O”
(https://bitcointalk.org/index.php?topic=583449.msg6549444#msg6549444)
-753: “i here tft is no longer part of the project. so is he forking or relaunching bytecoin under new name and new parameters (merged mining with flatter emission curve.) also. what is the end consensus for the emission curve for monero. will it be adjusted."
(https://bitcointalk.org/index.php?topic=583449.msg6561345#msg6561345)
[May, 5th 2014. TFT is launching FANTOMCOIN, a clone coin which its "only" feature was merged mining]
-761: (https://bitcointalk.org/index.php?topic=583449.msg6561941#msg6561941) [May, 5th 2014 – eizh on emission curve and tail emission]
-791: “As promised, I did Russian translation of main topic.”
(https://bitcointalk.org/index.php?topic=583449.msg6565521#msg6565521)
[one among dozens of decentralized and “altruist” collaborators of Monero in minor tasks]
-827: image
(https://bitcointalk.org/index.php?topic=583449.msg6571652#msg6571652)
-853: (https://bitcointalk.org/index.php?topic=583449.msg6575033#msg6575033)
[some are not happy that NoodleDoodle had only released the built binaries, but not the source code]
-950: (https://bitcointalk.org/index.php?topic=583449.msg6593768#msg6593768)
[Rias, an account suspected to be related to the Bytecoin scam, dares to tag Monero as “instamine”]
-957: “It's rather bizarre that you're calling this an "instamine" scam when you're so fervently supporting BCN, which was mined 80% before entering the clearnet. Difficulty adjustments are per block, so there is no possibility of an instamine unless you don't publish your blockchain (emission is regular at the preset interval, and scales adequately with the network hash rate). What you're accusing monero of is exactly what ByteCoin did.”
https://bitcointalk.org/index.php?topic=583449.msg6594025#msg6594025
[Discussion with rias drags on for SEVERAL posts]
-1016: “There is no "dev team". There is a community of people working on various aspects of the coin.
I've been keeping the repo up to date. NoodleDoodle likes to optimise his miner. TFT started the fork and also assists when things break. othe's been working on a GUI. zone117x has been working on a pool.
It's a decentralized effort to maintain the fork, not a strawman team of leet hackers who dwell in the underbellies of the internet and conspire for instamines.”
(https://bitcointalk.org/index.php?topic=583449.msg6596828#msg6596828)
-1023: “Like I stated in IRC, I am not part of the "dev team", I never was. Just so happens I took a look at the code and changed some extremely easy to spot "errors". I then decided to release the binary because I thought MRO would benefit from it. I made this decision individually and nobody else should be culpable”
(https://bitcointalk.org/index.php?topic=583449.msg6597057#msg6597057)
[Noodledoodle gets rid of the instaminer accusations]
-1029: “I decided to relaunch Monero so it will suit all your wishes that you had: flatter emission curve, open source optimized miner for everybody from the start, no MM with BCN/BMR and the name. New Monero will be ready tomorrow”
(https://bitcointalk.org/index.php?topic=583449.msg6597252#msg6597252)
[people trying to capitalize mistakes is always there.]
-1030: "Pull request has been submitted and merged to update miner speed
It appears from the simplicity of the fix that there may have been deliberate crippling of the hashing algorithm from introduction with ByteCoin."
https://bitcointalk.org/index.php?topic=583449.msg6597460#msg6597460
[tacotime “officially” raises suspects of possible voluntarily crippled miner]
-1053: "I don't mind the 'relaunch' or the merge-mining fork or any other new coin at all. It's inevitable that the CryptoNote progresses like scrypt into a giant mess of coins. It's not undesirable or 'wrong'. Clones fighting out among themselves is actually beneficial for Monero. Although one of them is clearly unserious and trolling by choosing the same name.
Anyway, this sudden solidarity with BCN or TFT sure is strange when none of these accounts were around for the discussions that took place 3 weeks ago. Such vested interests with no prior indications. Hmm...? "
https://bitcointalk.org/index.php?topic=583449.msg6599013#msg6599013
[eizh points out the apparent organized fudding]
-1061: "There was no takeover. The original developer (who himself did a fork of bytecoin and around a dozen lines of code changes) was non-responsive and had disappeared. The original name had been cybersquatted all over the place (since the original developer did not even register any domain name much less create a web site), making it impossible to even create a suitably named web site. A bunch of us who didn't want to see the coin die who represented a huge share of the hash power and ownership of the coin decided to adopt it. We reached out to the original developer to participate in this community effort and he still didn't respond over 24 hours, so we decided to act to save the coin from neglect and actively work toward building the coin."
(https://bitcointalk.org/index.php?topic=583449.msg6599798#msg6599798)
[smooth defends legitimacy of current “dev team” and decisions taken]
-1074: “Zerocash will be announced soon (May 18 in Oakland? but open source may not be ready then?).
Here is a synopsis of the tradeoffs compared to CyptoNote: […]"
(https://bitcointalk.org/index.php?topic=583449.msg6602891#msg6602891)
[comparison among Zerocash y Cryptonote]
-1083: "Altcoin history shows that except in the case of premine (Tenebrix), the first implementation stays the largest by a wide margin. We're repeating that here by outpacing Bytecoin (thanks to its 80% mine prior to surfacing). No other CN coin has anywhere near the hashrate or trading volume. Go check diff in Fantom for example or the lack of activity in BCN trading.
The only CN coin out there doing something valuable is HoneyPenny, and they're open source too. If HP develops something useful, MRO can incorporate it as well. Open source gives confidence. No need for any further edge."
(https://bitcointalk.org/index.php?topic=583449.msg6603452#msg6603452)
[eizh reminds everyone the “first mover” advantage is a real advantage]
-1132: "I decided to tidy up bitmonero GitHub rep tonight, so now there is all valuable things from latest BCN commits & Win32. Faster hash from quazarcoin is also there. So BMR rep is the freshest one.
I'm working on another good feature now, so stay tuned."
(https://bitcointalk.org/index.php?topic=583449.msg6619738#msg6619738)
[first TFT apparition in weeks, he somehow pretends to still be the "lead dev"]
-1139: "This is not the github or website used by Monero. This github is outdated even with these updates. Only trust binaries from the first post."
(https://bitcointalk.org/index.php?topic=583449.msg6619971#msg6619971)
[eizh tries to clarify the community, after tft interference, which are the official downloads]
-1140: “The faster hash is from NoodleDoodle and is already submitted to the moner-project github (https://github.com/monero-project/bitmonero) and included in the binaries here.
[trying to bring TFT back on board] It would be all easier if you just work together with the other guys, whats the problem? Come to irc and talk like everyone else?
[on future monero exchangers] I got confirmation from one."
(https://bitcointalk.org/index.php?topic=583449.msg6619997#msg6619997)
[8th may 2014, othe announces NoodleDoodle optimized miner is now open source, asks TFT to collaborate and communicates an exchanger is coming]
-1146: "I'll be impressed if they [BCN/TFT shills] manage to come up with an account registered before January, but then again they could buy those.”
(https://bitcointalk.org/index.php?topic=583449.msg6620257#msg6620257)
[smooth]
-1150: “Ring signatures mean that when you sign a transaction to spend an output (coins), no one looking at the block chain can tell whether you signed it or one of the other outputs you choose to mix in with yours. With a mixing factor of 5 or 10 after several transactions there are millions of possible coins all mixed together. You get "anonymity" and mixing without having to use a third party mixer.”
(https://bitcointalk.org/index.php?topic=583449.msg6620433#msg6620433)
[smooth answering to “what are ring signatures” in layman terms]
-1170: "Someone (C++ skilled) did private optimized miner a few days ago, he got 74H/s for i5 haswell. He pointed that mining code was very un-optimized and he did essential improvements for yourself. So, high H/S is possible yet. Can the dev's core review code for that?"
(https://bitcointalk.org/index.php?topic=583449.msg6623136#msg6623136)
[forums are talking about an individual or group of individuals with optimized miners - may 9th 2014]
-1230: "Good progress on the pool reported by NOMP dev zone117x. Stay tuned, everyone.
And remember to email your favorite exchanges about adding MRO."
(https://bitcointalk.org/index.php?topic=583449.msg6640190#msg6640190)
-1258: "This is actually as confusing to us as you. At one point, thankful_for_today said he was okay with name change: https://bitcointalk.org/index.php?topic=563821.msg6368600#msg6368600
Then he disappeared for more than a week after the merge mining vote failed.”
(https://bitcointalk.org/index.php?topic=583449.msg6645981#msg6645981)
[eizh on the TFT-issue]
-1358: “Jadehorse: registered on 2014-03-06 and two pages of one line posts:
https://bitcointalk.org/index.php?action=profile;u=263597
https://bitcointalk.org/index.php?action=profile;u=263597;sa=showPosts
Trustnobody: registered on 2014-03-06 and two pages of one line posts:
https://bitcointalk.org/index.php?action=profile;u=264292
https://bitcointalk.org/index.php?action=profile;u=264292;sa=showPosts
You guys should really just stop trying. It is quite transparent what you are doing. Or if you want to do it, do it somewhere else. Everyone else: ignore them please."
(https://bitcointalk.org/index.php?topic=583449.msg6666844#msg6666844)
[FUD campaign still ongoing, smooth battles it]
-1387: "The world’s first exchange for Monero just opened! cryptonote.exchange.to"
(https://bitcointalk.org/index.php?topic=583449.msg6675902#msg6675902)
[David Latapie announces an important milestone: exchanger is here]
-1467: "image"
(https://bitcointalk.org/index.php?topic=583449.msg6686125#msg6686125)
[it is weird, but tft appears again, apparently as if he were in a parallel reality]
-1495: “http://monero.cc/blog/monero-price-0-002-passed/”
(https://bitcointalk.org/index.php?topic=583449.msg6691706#msg6691706)
[“trading” milestone reached: monero surpassed for first time 0.002 btc price]
-1513: "There is one and only one coin, formerly called Bitmonero, now called Monero. There was a community vote in favor (despite likely ballot stuffing against). All of the major stakeholders at the time agreed with the rename, including TFT.
The code base is still called bitmonero. There is no reason to rename it, though we certainly could have if we really wanted to.
TFT said he he is sentimental about the Bitmonero name, which I can understand, so I don't think there is any malice or harm in him continuing to use it. He just posted the nice hash rate chart on here using the old name. Obviously he understands that they are one and the same coin."
(https://bitcointalk.org/index.php?topic=583449.msg6693615#msg6693615)
[Smooth clears up again the relation with TFT and BMR. Every time he appears it seems to generate confusion on newbies]
-1543: "Pool software is in testing now. You can follow the progress on the pool bounty thread (see original post on this thread for link)."
(https://bitcointalk.org/index.php?topic=583449.msg6698097#msg6698097)
-1545: "[on the tail emission debate] I've been trying to raise awareness of this issue. The typical response seems to be, "when Bitcoin addresses the problem, so will we." To me this means it will never be addressed. The obvious solution is to perpetually increase the money supply, always rewarding miners with new coins.
Tacotime mentioned a hard fork proposal to never let the block reward drop below 1 coin:
Code: if (blockReward < 1){ blockReward = 1; }
I assume this is merely delaying the problem, however. I proposed a fixed annual debasement (say 2%) with a tx fee cap of like 0.001% of the current block reward (or whatever sounds reasonable). That way we still get the spam protection without worrying about fee escalation down the road."
(https://bitcointalk.org/index.php?topic=583449.msg6698879#msg6698879)
[Johnny Mnemonic wants to debate tail emission. Debate is moved to the “Monero Economy” thread]
-1603: “My GOD,the wallet is very very wierd and too complicated to operate, Why dont release a wallet-qt as Bitcoin?”
(https://bitcointalk.org/index.php?topic=583449.msg6707857#msg6707857)
[Newbies have hard times with monero]
-1605: "because this coin is not a bitcoin clone and so there isnt a wallet-qt to just copy and release. There is a bounty for a GUI wallet and there is already an experimental windows wallet..."
(https://bitcointalk.org/index.php?topic=583449.msg6708250#msg6708250)
-1611: "I like this about Monero, but it seems it was written by cryptographers, not programmers. The damned thing doesn't even compile on Arch, and there are several bugs, like command history not working on Linux. The crypto ideas are top-notch, but the implementation is not."
(https://bitcointalk.org/index.php?topic=583449.msg6709002#msg6709002)
[Wolf0, a miner developer, little by little joining the community]
-1888: "http://198.199.79.100 (aka moneropool.org) successfully submitted a block. Miners will be paid for their work once payments start working.
P.S. This is actually our second block today. The first was orphaned. :/"
(https://bitcointalk.org/index.php?topic=583449.msg6753836#msg6753836)
[May 16th: first pool block]
-1927: "Botnets aren't problem now. The main problem is a private hi-performance miner"
(https://bitcointalk.org/index.php?topic=583449.msg6759622#msg6759622)
-1927: "Evidence?"
(https://bitcointalk.org/index.php?topic=583449.msg6759661#msg6759661)
[smooth about the private optimized miner]
-1937: “[reference needed: smooth battling the weak evidence of optimized miner] Yes, I remember that. Some person on the Internet saying that some other unnamed person said he did something hardly constitutes evidence.
I'm not even doubting that optimized asm code could make a big difference. Just not sure how to know whether this is real or not. Rumors and FUD are rampant, so it is just hard to tell."
(https://bitcointalk.org/index.php?topic=583449.msg6760040#msg6760040)
[smooth does not take the "proof" seriously]
-1949: "image
One i5 and One e5 connected to local pool:
image"
(https://bitcointalk.org/index.php?topic=583449.msg6760624#msg6760624)
[proof of optimized miner]
-1953: "lazybear are you interested in a bounty to release the source code (maybe cleaned up a bit?) your optimized miner? If not, I'll probably play around with the code myself tomorrow and see if I can come up with something, or maybe Noodle Doodle will take an interest."
(https://bitcointalk.org/index.php?topic=583449.msg6760699#msg6760699)
[smooth tries to bring lazybear and his optimized miner on board]
-1957: "smooth, NoodleDoodle just said on IRC his latest optimizations are 4x faster on Windows. Untested on Linux so far but he'll push the source to the git repo soon. We'll be at 1 million network hashrate pretty soon."
(https://bitcointalk.org/index.php?topic=583449.msg6760814#msg6760814)
[eizh makes publics NoodleDoodle also has more miner optimizations ready]
-1985: “Someone (not me) created a Monero block explorer and announced it yesterday in a separate thread:
https://bitcointalk.org/index.php?topic=611561.0”
(https://bitcointalk.org/index.php?topic=583449.msg6766206#msg6766206)
[May 16th, 2014: a functional block explorer]
-2018: “Noodle is doing some final tests on Windows and will begin testing on Linux. He expects hashrate should increase across all architectures. I can confirm a 5x increase on an i7 quad-core + Windows 7 64-bit.
Please be patient. These are actual changes to the program, not just a switch that gets flicked on. It needs testing.”
(https://bitcointalk.org/index.php?topic=583449.msg6770093#msg6770093)
[eizh has more info on last miner optimization]
-2023: “Monero marketcap is around $300,000 as of now”
(https://bitcointalk.org/index.php?topic=583449.msg6770365#msg6770365)
-2059: I was skeptical of this conspiracy theory at first but after thinking about the numbers and looking back at the code again, I'm starting to believe it.
These are not deep optimizations, just cleaning up the code to work as intended.
At 100 H/s, with 500k iterations, 70 cycles per L3 memory access, we're now at 3.5 GHz which is reasonably close. So the algorithm is finally memory-bound, as it was originally intended to be. But as delivered by the bytecode developers not even close.
I know this is going to sound like tooting our own horn but this is another example of the kind of dirty tricks you can expect from the 80% premine crowd and the good work being done in the name of the community by the Monero developers.
Assuming they had the reasonable, and not deoptimized, implementation of the algorithm as designed all along (which is likely), the alleged "two year history" of bytecoin was mined on 4-8 PCs. It's really one of the shadiest and sleaziest premines scams yet, though this shouldn't be surprising because in every type of scam, the scams always get sneakier and more deceptive over time (the simple ones no longer work)."
(https://bitcointalk.org/index.php?topic=583449.msg6773168#msg6773168)
[smooth blowing the lid: if miner was so de-optimized, then BCN adoption was even lower than initially thought]
-2123: (https://bitcointalk.org/index.php?topic=583449.msg6781481#msg6781481)
[fluffypony first public post in Monero threads]
-2131: "moneropool.org is up to 2KHs, (average of 26Hs per user). But that's still only 0.3% of the reported network rate of 575Khs.
So either a large botnet is mining, or someone's sitting quietly on a much more efficient miner and raking in MRO."
(https://bitcointalk.org/index.php?topic=583449.msg6782192#msg6782192)
[with pools users start to notice that “avg” users account for a very small % of the network hashrate, either botnets or a super-optimized miner is mining monero]
-2137: “I figure its either:
(https://bitcointalk.org/index.php?topic=583449.msg6782852#msg6782852)
-2192: “New source (0.8.8.1) is up with optimizations in the hashing. Hashrate should go up ~4x or so, but may have CPU architecture dependence. Windows binaries are up as well for both 64-bit and 32-bit."
(https://bitcointalk.org/index.php?topic=583449.msg6788812#msg6788812)
[eizh makes official announce of last miner optimization, it is may 17th]
-2219: (https://bitcointalk.org/index.php?topic=583449.msg6792038#msg6792038)
[wolf0 is part of the monero community for a while, discussing several topics as botnet mining and miner optimizations. Now spots security flaws in the just launched pools]
-2301: "5x optimized miner released, network hashrate decreases by 10% Make your own conclusions. :|"
(https://bitcointalk.org/index.php?topic=583449.msg6806946#msg6806946)
-2323: "Monero is on Poloniex https://poloniex.com/exchange/btc_mro"
(https://bitcointalk.org/index.php?topic=583449.msg6808548#msg6808548)
-2747: "Monero is holding a $500 logo contest on 99designs.com now: https://99designs.com/logo-design/contests/monero-mro-cryptocurrency-logo-design-contest-382486"
(https://bitcointalk.org/index.php?topic=583449.msg6829109#msg6829109)
-2756: “So... ALL Pools have 50KH/s COMBINED.
Yet, network hash is 20x more. Am i the only one who thinks that some people are insta mining with prepared faster miners?”
(https://bitcointalk.org/index.php?topic=583449.msg6829977#msg6829977)
-2757: “Pools aren't stable yet. They are more inefficient than solo mining at the moment. They were just released. 10x optimizations have already been released since launch, I doubt there is much more optimization left.”
(https://bitcointalk.org/index.php?topic=583449.msg6830012#msg6830012)
-2765: “Penalty for too large block size is disastrous in the long run.
Once MRO value increases a lot, block penalties will become more critical of an issue. Pools will fix this issue by placing a limit on number and size of transactions. Transaction fees will go up, because the pools will naturally accept the most profitable transactions. It will become very expensive to send with more than 0 mixin. Anonymity benefits of ring signatures are lost, and the currency becomes unusable for normal transactions.”
(https://bitcointalk.org/index.php?topic=583449.msg6830475#msg6830475)
-2773: "The CryptoNote developers didn't want blocks getting very large without genuine need for it because it permits a malicious attack. So miners out of self-interest would deliberately restrict the size, forcing the network to operate at the edge of the penalty-free size limit but not exceed it. The maximum block size is a moving average so over time it would grow to accommodate organic volume increase and the issue goes away. This system is most broken when volume suddenly spikes."
(https://bitcointalk.org/index.php?topic=583449.msg6830710#msg6830710)
-3035: "We've contributed a massive amount to the infrastructure of the coin so far, enough to get recognition from cryptonote, including optimizing their hashing algorithm by an order of magnitude, creating open source pool software, and pushing several commits correcting issues with the coin that eventually were merged into the ByteCoin master. We also assisted some exchange operators in helping to support the coin.
To say that has no value is a bit silly... We've been working alongside the ByteCoin devs to improve both coins substantially."
(https://bitcointalk.org/index.php?topic=583449.msg6845545#msg6845545)
[tacotime defends the Monero team and community of accusations of just “ripping-off” others hard-work and “steal” their project]
-3044: "image"
(https://bitcointalk.org/index.php?topic=583449.msg6845986#msg6845986)
[Monero added to coinmarketcap may 21st 2014]
-3059: "You have no idea how influential you have been to the success of this coin. You are a great ambassador for MRO and one of the reasons why I chose to mine MRO during the early days (and I still do, but alas no soup for about 5 days now)."
(https://bitcointalk.org/index.php?topic=583449.msg6846509#msg6846509)
[random user thanks smooth CONSTANT presence, and collaboration. It is not all FUD ;)]
-3068: "You are a little too caught up in the mindset of altcoin marketing wars about "unique features" and "the team" behind the latest pump and dump scam.
In fact this coin is really little more than BCN without the premine. "The team" is anyone who contributes code, which includes anyone contributing code to the BCN repository, because that will get merged as well (and vice-versa).
Focus on the technology (by all accounts amazing) and the fact that it was launched in a clean way without 80% of the total world supply of the coin getting hidden away "somewhere." That is the unique proposition here. There also happens to be a very good team behind the coin, but anyone trying too hard to market on the basis of some "special" features, team, or developer is selling you something. Hold on to your wallet."
(https://bitcointalk.org/index.php?topic=583449.msg6846638#msg6846638)
[An answer to those trolls saying Monero has no innovation/unique feature]
-3070: "Personally I found it refreshing that Monero took off WITHOUT a logo or a gui wallet, it means the team wasn't hyping a slick marketing package and is concentrating on the coin/note itself."
(https://bitcointalk.org/index.php?topic=583449.msg6846676#msg6846676)
-3119: “image
[included for the lulz]
-3101: "[…]The main developers are tacotime, smooth, NoodleDoodle. Some needs are being contracted out, including zone117x, LucasJones, and archit for the pool, another person for a Qt GUI, and another person independently looking at the code for bugs."
(https://bitcointalk.org/index.php?topic=583449.msg6848006#msg6848006)
[the initial "core team" so far, eizh post]
-3123: (https://bitcointalk.org/index.php?topic=583449.msg6850085#msg6850085)
[fluffy steps-in with an interesting dense post. Don’t dare to skip it, worthwhile reading]
-3127: (https://bitcointalk.org/index.php?topic=583449.msg6850526#msg6850526)
[fluffy again, worth to read it too, so follow link, don’t be lazy]
-3194: "Hi guys - thanks to lots of hard work we have added AES-NI support to the slow_hash function. If you're using an AES-NI processor you should see a speed-up of about 30%.”
(https://bitcointalk.org/index.php?topic=583449.msg6857197#msg6857197)
[flufflypony is now pretty active in the xmr topic and announces a new optimization to the crippled miner]
-3202: "Whether using pools or not, this coin has a lot of orphaned blocks. When the original fork was done, several of us advised against 60 second blocks, but the warnings were not heeded.
I'm hopeful we can eventually make a change to more sane 2- or 2.5-minute blocks which should drastically reduce orphans, but that will require a hard fork, so not that easy."
(https://bitcointalk.org/index.php?topic=583449.msg6857796#msg6857796)
[smooth takes the opportunity to remember the need of bigger target block]
-3227: “Okay, optimized miner seems to be working: https://bitcointalk.org/index.php?topic=619373”
[wolf0 makes public his open source optimized miner]
-3235: "Smooth, I agree block time needs to go back to 2 minutes or higher. I think this and other changes discussed (https://bitcointalk.org/index.php?topic=597878.msg6701490#msg6701490) should be rolled into a single hard fork and bundled with a beautiful GUI wallet and mining tools."
(https://bitcointalk.org/index.php?topic=583449.msg6861193#msg6861193)
[tail emission, block target and block size are discussed in the next few messages among smooth, johnny and others. If you want to know further about their opinions/reasonings go and read it]
-3268: (https://bitcointalk.org/index.php?topic=583449.msg6862693#msg6862693)
[fluffy dares another user to bet 5 btc that in one year monero will be over dash in market cap. A bet that he would have lost as you can see here https://coinmarketcap.com/historical/20150524/ even excluding the 2M “instamined” coins]
-3283: "Most of the previous "CPU only" coins are really scams and the developers already have GPU miner or know how to write one. There are a very few exceptions, almost certainly including this one.
I don't expect a really dominant GPU miner any time soon, maybe ever. GPUs are just computers though, so it is certainly possible to mine this on a GPU, and there probably will be a some GPU miner, but won't be so much faster as to put small scale CPU miners out of business (probably -- absent some unknown algorithmic flaw).
Everyone focuses on botnets because it has been so long since regular users were able to effectively mine a coin (due to every coin rapidly going high end GPU and ASIC) that the idea that "users" could vastly outnumber "miners" (botnet or otherwise) isn't even on the radar.
The vision here is a wallet that asks you when you want to install: "Do you want to devote some of you CPU power to help secure the network. You will be eligible to receive free coins as a reward (recommended) [check box]." Get millions of users doing that and it will drive down the value of mining to where neither botnets nor professional/industrial miners will bother, and Satoshi's original vision of a true p2p currency will be realized.
That's what cryptonote wants to accomplish with this whole "egalitarian mining" concept. Whether it succeeds I don't know but we should give it a chance. Those cryptonote guys seem pretty smart. They've probably thought this through better than any of us have."
(https://bitcointalk.org/index.php?topic=583449.msg6863720#msg6863720)
[smooth vision of a true p2p currency]
-3318: "I have a screen shot that was PMed to me by someone who paid a lot of money for a lot of servers to mine this coin. He won't be outed by me ever but he does in fact exist. Truth."
(https://bitcointalk.org/index.php?topic=583449.msg6865061#msg6865061)
[smooth somehow implies it is not botnets but an individual or a group of them renting huge cloud instances]
-3442: "I'm happy to report we've successfully cracked Darkcoin's network with our new quantum computers that just arrived from BFL, a mere two weeks after we ordered them."
[fluffy-troll]
-3481: “Their slogan is, "Orphaned Blocks, Bloated Blockchain, that's how we do""
(https://bitcointalk.org/index.php?topic=583449.msg6878244#msg6878244)
[Major FUD troll in the topic. One of the hardest I’ve ever seen]
-3571: "Tacotime wanted the thread name and OP to use the word privacy instead of anonymity, but I made the change for marketing reasons. Other coins do use the word anonymous improperly, so we too have to play the marketing game. Most users will not bother looking at details to see which actually has more privacy; they'll assume anonymity > privacy. In a world with finite population, there's no such thing as anonymity. You're always "1 of N" possible participants.
Zero knowledge gives N -> everyone using the currency, ring signatures give N -> your choice, and CoinJoin gives N -> people who happen to be spending around the same amount of money as you at around the same time. This is actually the critical weakness of CoinJoin: the anonymity set is small and it's fairly susceptible to blockchain analysis. Its main advantage is that you can stick to Bitcoin without hard forking.
Another calculated marketing decision: I made most of the OP about ring signatures. In reality, stealth addressing (i.e. one-time public keys) already provides you with 90% of the privacy you need. Ring signatures are more of a trump card that cannot be broken. But Bitcoin already has manual stealth addressing so the distinguishing technological factor in CryptoNote is the use of ring signatures.
This is why I think having a coin based on CoinJoin is silly: Bitcoin already has some privacy if you care enough. A separate currency needs to go way beyond mediocre privacy improvements and provide true indistinguishably. This is true thanks to ring signatures: you can never break the 1/N probability of guessing correctly. There's no additional circumstantial evidence like with CoinJoin (save for IP addresses, but that's a problem independent of cryptocurrencies)."
(https://bitcointalk.org/index.php?topic=583449.msg6883525#msg6883525)
[Anonymity discussions, specially comparing Monero with Darkcoin and its coinjoin-based solution, keep going on]
-3593: "Transaction fees should be a fixed percentage of the block reward, or at the very least not be controllable by the payer. If payers can optionally pay more then it opens the door for miner discrimination and tx fee bidding wars."
(https://bitcointalk.org/index.php?topic=583449.msg6886770#msg6886770)
[Johnny Mnemonic is a firm defender of fixed fees and tail emission: he see the “fee market” as big danger to the usability of cryptocurrencies]
-3986: (https://bitcointalk.org/index.php?topic=583449.msg6930412#msg6930412)
[partnership with i2p]
-4373: “Way, way faster version of cpuminer: https://bitcointalk.org/index.php?topic=619373”
(https://bitcointalk.org/index.php?topic=583449.msg6993812#msg6993812)
[super-optimized miner is finally leaked to the public. Now the hashrate is 100 times bigger than originally with crippled miner. The next hedge for "cloud farmers" is GPU mining]
-4877: “1. We have a logo! If you use Monero in any of your projects, you can grab a branding pack here. You can also see it in all its glory right here:
logo […] 4. In order to maintain ISO 4217 compliance, we are changing our ticker symbol from MRO to XMR effective immediately."
(https://bitcointalk.org/index.php?topic=583449.msg7098497#msg7098497)
[Jun 2nd 2014]
-5079: “First GPU miner: https://bitcointalk.org/index.php?topic=638915.0”
(https://bitcointalk.org/index.php?topic=583449.msg7130160#msg7130160)
[4th June: Claymore has developed the first CryptoNight open source and publicly available GPU miner]
-5454: "New update to my miner - up to 25% hash increase. Comment and tell me how much of an increase you got from it: https://bitcointalk.org/index.php?topic=632724"
(https://bitcointalk.org/index.php?topic=583449.msg7198061#msg7198061)
[miner optimization is an endless task]
-5464: "I have posted a proposal for fixed subsidy:
https://bitcointalk.org/index.php?topic=597878.msg7202538#msg7202538"
(https://bitcointalk.org/index.php?topic=583449.msg7202776#msg7202776)
[Nice charts and discussion proposed by tacotime, worth reading it]
-5658: "- New seed nodes added. - Electrum-style deterministic wallets have been added to help in the recovery of your wallet should you ever need to. It is enabled by default."
(https://bitcointalk.org/index.php?topic=583449.msg7234475#msg7234475)
[Now you can recover your wallet with a 24 word seed]
-5726: (https://bitcointalk.org/index.php?topic=583449.msg7240623#msg7240623)
[Bitcoin Pizza in monero version: a 2500 XMR picture sale (today worth ~$20k)]
-6905: (https://bitcointalk.org/index.php?topic=583449.msg7386715#msg7386715)
[Monero missives: CryptoNote peer review starts whitepaper reviewed)]
-7328: (https://bitcointalk.org/index.php?topic=583449.msg7438333#msg7438333)
[android monero widget built]
This is a dense digest of the first several thousand messages on the definitive Monero thread.
A lot of things happened in this stressful days and most are recorded here. It can be summarized in this:
  • 28th April: Othe and zone117x assume the GUI wallet and CN pools tasks.
  • 30th April: First NoodleDoodle's miner optimization.
  • 11th May: First Monero exchanger
  • 13th May: Open source pool code is ready.
  • 16th May: First pool mined block.
  • 19th May: Monero in poloniex
  • 20th May: Monero +1100 bitcoin 24h trading volume in Poloniex.
  • 21st May: New official miner optimization x4 speed (accumulated optimization x12-x16). Open source wolf0's CPU miner released.
  • 25th May: partnership with i2p
  • 28th May: The legendary super-optimized miner is leaked. Currently running x90 original speed. Hedge of the "cloud farmers" is over in the cpu mining.
  • 2nd June: Monero at last has a logo. Ticker symbol changes to the definitive XMR (former MRO)
  • 4th June: Claymore's open source GPU miner.
  • 10th June: Monero's "10,000 bitcoin pizza" (2500 XMR paintig). Deterministic seed-based wallets (recover wallet with a 24 word seed)
  • March 2015 – tail emission added to code
  • March 2016 – monero hard forks to 2 min block and doubles block reward
There basically two things in here that can be used to attack Monero:
  • Crippled miner Gave unfair advantage to those brave enough to risk money and time to optimize and mine Monero.
  • Fast curve emission non-bitcoin-like curve as initially advertised and as it was widely accepted as suitable
Though we have to say two things to support current Monero community and devs:
  • The crippled miner was coded either by Bytecoin or CryptoNote, and 100% solved within a month by Monero community
  • The fast curve emission was a TFT miscalculation. He forgot to consider that as he was halving the block target he was unintentionally doubling the emission rate.
submitted by el_hispano to Monero [link] [comments]

Blindspot Whitepaper: Specialized Threat Assessment and Protection (STAP) for the Blockchain

BlindSpot™
Stop attacks before ”zero day” and stop the Advanced Persistent Threat (APT)
We live in a dangerous world — our information technology systems face that danger every single day. Hackers are constantly attempting to infiltrate systems, steal information, damage government and corporate reputations, and take control of systems and processes.
Hackers share and use a variety of tools and techniques to gain access to, and
maintain access to, IT systems, including groups and techniques so dangerous
they have their own category - the Advanced Persistent Threat (APT). At the
center of the APT are sophisticated techniques using malware to exploit vulnerabilities in systems. Traditional cyber security technologies use file signatures to locate these tools and hacker malware, but hackers are now actively camouflaging their tools by changing, customizing, and “morphing” them into new files that do not match any known signatures (‘Polymorphic Malware’). This introduces a massive gap in malicious file detection which leaves the enterprise open to exploitation — and it’s just not possible for traditional signature-based systems to keep up. In fact, signature-based anti-virus and anti-malware systems are only around 25% effective today. BlindSpot™ sees through it all, even as the files morph and change in a futile attempt to remain camouflaged.
Digital File Fingerprints
Any File Type, Any Language, Partial Matches, Exact Matches
BlindSpot™, the adaptive security solution from BlindSpot™, can see through the
Polymorphic camouflage used by the worlds most advanced hackers by utilizing
digital file fingerprints and our proprietary adaptive BlindSpot™ ‘brain’ that constantly analyzes the fingerprints of known malicious files and tools to locate partial matches within the files on your systems - servers, laptops, desktops, USB drives, and even mobile devices. BlindSpot™ can cut right through the Polymorphic files, revealing the true hacking tools underneath, even if they are only fragments or pieces of a more complete set of hacking tools and technologies.
Most cyber attacks happen weeks or even months after their initial penetration and access to a network or system, and even the simplest attacks tend to have a fuse that is typically several days. It takes them time to map out a system, probe for the information they want, and obtain or forge credentials with the type of access they need. But from the moment their tools first land on your network and systems, BlindSpot™ sees them. If fact, BlindSpot™ can see them sitting on a newly inserted USB drive even if the files are not copied to your systems. This means BlindSpot™ can identify and alert you to malicious files and potential illicit activities before the attack happens - before zero day!
How does BlindSpot™ work? BlindSpot™ sits on the endpoint and continuously monitors file activity. Digital fingerprints, which can be used to find partial matches of any file type in any language, are reported back where they are kept forever in a temporal repository.
BlindSpot™ looks through all of the digital fingerprints — both those from files on your systems and those in a constantly updated database of known malicious files and hacking tools, to locate and alert you to any indication of hacking, malicious files, or illicit activity. BlindSpot™ is a disruptive technology that can see polymorphic malware and stop attacks before zero day.
Digital File Fingerprints are created from a file or a piece of digital data/information by using advanced mathematics to look at all of the small pieces of data that make up the file to create a very small, unique piece of mathematical data — a digital file fingerprint. Files may be of any file type and in any language - digital fingerprints can find partial and exact matches regardless of what is in the file itself.
Just like with humans, once a fingerprint has been taken, you no longer need the
person to identify them. The fingerprint is enough. Even a partial fingerprint is
enough, and sometimes a smudge will do. Digital fingerprints work on the same
principle. Once BlindSpot™ has taken a digital fingerprint of a file, the file is no longer needed to identify it or to compare it with other files. And because digital fingerprints are tiny, they are easy to store. Even a multi-gigabyte file has a digital fingerprint that is no larger than 10k bytes.
Once you have two sets of digital fingerprints, you can compare them. Because BlindSpot™ starts with full fingerprints of known malicious files, it can identify matching files even when the digital fingerprint is only partially there. And with BlindSpot™’s advanced processing capabilities, file fragments, recovered data from a hard drive, partially downloaded documents, damaged files (both intentional and accidental) and other incomplete file structures can be properly fingerprinted in a way that still allows matches to be found.
Other technologies and software use static signatures, which do not work if any part of a file, regardless of how small, is different from another, or if the file is damaged in any way. BlindSpot™ and digital fingerprints enable partial matching, and can see through the camouflage that has become the industry standard for hackers across the globe. Static signature based solutions simply cannot do this.
Imagine your favorite detective drama on TV. The prosecutor says “This partial
fingerprint was found at the crime scene and the video camera across the
street recorded a perfect image of the person’s face.” The jury deliberates and
compares the picture and fingerprints of the defendant that were taken the day
before. They conclude, because the fingerprint was not all there and was not 100% identical, and because one picture showed a mustache that looked identical but was one millimeter longer than the other picture, that the two people were not identical - and set the criminal free. Well, that show wouldn’t be on TV long because crime would run rampant. Now imagine they had BlindSpot™. Criminals would be caught, the town would be a much safer place, and the show would be on for years to come.
Now imagine your network and systems without BlindSpot™, where traditional
exact match signature software is on your front line of defense. All kinds of
malicious files could walk right through and sit down on your hard drives, just
waiting for hackers to activate them. But you don’t have to imagine what your
systems would be like with BlindSpot™ — instead, simply contact us, get BlindSpot™ in place, and we’ll work with you to show you what’s really on your systems and help you keep those systems safe.
Ensuring System Compliance
Take the guesswork out of compliance assessment
All Government systems go through Certification and Accreditation. BlindSpot™ can help you with malicious code protection, for both security considerations and required compliance. Guidelines found in NIST 800-53 Revisions 3+ Security Requirements for System Integrity, SI-3 Malicious Code Protection, state that malicious code protection mechanisms must be employed at information system entry and exit points, including workstations, notebook computers, and mobile devices, to detect and eradicate malicious code.
BlindSpot™, with its continuous monitoring of the files on your endpoints and its
continuous updating of its known malicious file repository, will provide the
required real-time and full monthly re-scans of your files, will alert your
administrative staff when malicious code is found, will provide reports on
potential malicious files, illicit activity, and follow-up with very short false positive reports. BlindSpot™’s false positive rate is less than 0.01%. BlindSpot™ helps organizations meet the security requirements set forth and ensure compliance.
Intellectual Property Protection
Track sensitive information as it changes and moves around the enterprise
BlindSpot™ uses digital file fingerprints to identify partial and exact matches between files, regardless of file type or language. This ability can be used to track movements of and changes to files on a network of computers.
Government entities and corporations need to addresses the issue of monitoring
documents and files that contain sensitive information intellectual property, and it
is no longer sufficient to simply store them on a secure server and require specific credentials to access the information. People, both unintentionally and sometimes with malicious intent, copy and paste parts of documents, move files to USB drives, and otherwise edit and transfer files in order to get them on to a laptop, share them with a co-worker, or exfiltrate confidential information to outside networks and systems. BlindSpot™ carefully watches all of the files on your network, including what’s going with USB drives. If someone copies part of a file that has sensitive data to another file, BlindSpot™ sees it. Furthermore, BlindSpot™ can alert you when it sees questionable activity with certain documents/files or with specific computers/individuals.
Your sensitive files now have a watchdog that catches both unintentional and
malicious exposure to non-secure systems. Use BlindSpot™ to set up a custom
database of the locations where your sensitive files are stored, and BlindSpot™ will create a set of digital file fingerprints that can be used to track those files across your network and systems. This ensures that an organization can know where its proprietary and sensitive information is 365/7/24, in real-time.
Supervisory Control and Data Acquisition (SCADA) Systems
Supervisory Control and Data Acquisition (SCADA) is a system for remote monitoring and control that operates with coded signals over communication channels (using typically one communication channel per remote station).
SCADA networks contain computers and applications that perform key functions in providing essential services and commodities (e.g. electricity, natural gas, gasoline, water, waste treatment, transportation) to all Americans. They are part of the nation’s critical infrastructure, provide great efficiency, are widely used, and require protection from a variety of cyber threats.
One of the most significant threats is benign files residing on the computers on
the network that morph into tools that hackers can use to gain access to the
network and the equipment it monitors and/or controls. These files might be part
of the operating system (binary files), might be a normal file that includes
scripting, or can even be a general data file moved onto the computer through a
network or a USB drive. By morphing, these files circumvent detection and
countermeasures. This is just one example of how a hacker can compromise and
exploit the system and the worst part is that you will never know until it is too late!
The recent Department of Justice announcement charging Iranian hackers
believed to be tied to the 2013 hacking of a New York dam illustrates this threat
clearly.
Enter BlindSpot™’s BlindSpot™ Adaptive Security — BlindSpot™ monitors all files of all types (any format or language) without the requirement of a translator or human operator. BlindSpot™ can see right through the hacker’s camouflage of
morphing files to quickly identify problems and threats before hackers have the
opportunity to active and use their tools. For U.S. and foreign based systems,
BlindSpot™ is a must have cyber security solution.
The BlindSpot™ team has extensive experience with SCADA systems and critical infrastructure. Our BlindSpot™ solution is critical to the overall security framework of such systems as it was designed to find the morphing, malicious files and associated illicit file activity that can lead to compromise of the integrity, confidentiality and/or availability of the system. Threats loom on both the inside and outside, and the dynamic nature of these systems require continuous, temporal monitoring to stop cyber attacks before they happen.
Stop Ransomware
Identify and remove Ransomware before it encrypts your files
Ransomware attacks are on the rise and affect Fortune 500 companies, Federal
organizations, and consumers. This vicious type of attack affects your user’s ability to get their work done and prevents users from accessing files on a device or network by making the device or network unusable, by encrypting the files your users need to access, and/or by stopping certain applications from running (e.g. the web browser). A ransom is then demanded (an electronic payment of currency or bitcoins) with the promise that your data will be unencrypted and accessible again following the payment.
If the ransom payment is made, there is no guarantee that the data will be
unencrypted or returned to a state of integrity and/or availability. Furthermore,
there is also no guarantee that the people behind the ransom will not re-infect
your systems again with a variant of what was initially used. Payment encourages future attacks because they know you cannot detect it and will pay again next time. Surprisingly, there are only a handful of known ransomware files in use today (e.g. Crowti, Fakebsod). Safeguards exist that use static signatures to find exact matches for these known files, but the moment these files morph or are changed in any way they become undetectable by these solutions. BlindSpot™ digs deeper with digital file fingerprints and can find the new files, enabling you to analyze, quarantine, or delete them before they activate. This pro-active approach can be the difference between a system being protected and a system being made completely unavailable with encrypted data being held hostage for a ransom. The image below is an actual Fakebsod notification message.
BlindSpot™ uses digital file fingerprints to detect the ransomware by looking at
both partial and exact matches and can report the problem before it happens.
Ransomeware of the past attacked your personal computer and today’s variant
attacks the servers — BlindSpot™ can detect both.
Case Study: March 2016 - Two more healthcare networks are hit by ransomware targeting servers. Advice from law enforcement — pay the ransom! (They did). File backups are insufficient. Paying ransoms is costly and only encourages repeat attacks.
BlindSpot™ is the most comprehensive solution available to detect and root out
ransomware. Take charge of the situation and put BlindSpot™ to work continuously monitoring your systems.
Get BlindSpot™ Now
Commercial or Government, with multiple contract vehicles available
How Can I Get BlindSpot™?
CYBR develops and sells its adaptive enterprise cyber security software product, BlindSpot™, and provides professional services and support for BlindSpot™ implementations.
Product
BlindSpot™ Adaptive Security is a continuous monitoring enterprise solution that tracks file-based activity on the endpoint using digital file fingerprints, can identify problems and cyber threats before zero day, and can see through morphing, camouflaged (polymorphic) files to make accurate determinations of malicious files and illicit activity.
Deployment Options
BlindSpot™ can deployed as a secure cloud application for maximum flexibility, a standalone Enterprise implementation for maximum security, or the two combined in an Enterprise implementation augmented through a secure cloud gateway.
Professional Services and Training
BlindSpot™’s team of cyber security experts have the expertise to support
you by creating a holistic, enterprise security framework that consists of people,
policy, procedures and technology that will ensure a security posture that implements the best risk management strategies, tactics and operations available.
Email us at [[email protected]](mailto:[email protected]) for more information.
BlindSpot Solution Brief
June 29, 2018
POC: Shawn R. Key CEO, President
[[email protected]](mailto:[email protected])
Executive Summary and Estimated Pricing
CYBR’s BlindSpot is an enterprise cyber security solution that pro-actively identifies unknown and known malicious files and circumventive activity on endpoint devices. It is designed to interact with the CYBR Ecosystem and associated Web Portal. Distributed clients serve as the connection to the various BlindSpot server tiers.
BlindSpot identifies Illicit File Activity (IFA) and associated hacker activity via perceptive, industry standard algorithms. BlindSpot identifies exact AND similar files regardless of file type and/or language. This applies to ALL file types (e.g. documents, images, audio and video, carrier, etc.). Currently implemented safeguards and counter measures (such as anti-virus (AV), content filters and malware analysis tools) cannot address polymorphic/adaptive files and emerging threats. This introduces a massive gap in illicit file detection and leaves the enterprise open to exploitation. BlindSpot fills that void.
Additionally, corporations and government entities have a need to address known files and associated activity with regards to content and data management. The uncertainty of Intellectual Property (IP) location and propagation poses significant risk to the organization. The ability to identify the life cycle of a file (origin, source, destination, attributes and proliferation) ensures an organization knows where its proprietary, sensitive and privacy information is 365/24/7, in near real-time.
BlindSpot, is significantly different from solutions in the emerging Specialized Threat Assessment and Protection (STAP) marketplace, as it scales to meet the needs of enterprise organizations and the commercial marketplace. BlindSpot’s proprietary database consists of millions of unique, digital identifiers (hash values) that identify exact AND similar, modified files. This ensures that files existing in their original state or those which have been intentionally modified, do not circumvent detection. Our algorithms ensure near zero false positive return rates. The combinatory effect and the rare expertise of our executives and development thwarts potential competition as BlindSpot is an enterprise solution; not a tool.
The enterprise solution is provide as a license per IP address with associated appliance and/or server hardware requirements.
CYBR BlindSpot Technical Deep Dive
CYBR’s BlindSpot product is currently available as a Software as a Service) (SaaS) deployment blockchain solution and will be available as a full enterprise-install by Q2 2019. In both implementations, end-point agent software monitors the hard drive(s) of a computer or server, analyses any files that change, and reports [multiple] file hashes back to the main system. This enables the main system to effectively monitor which files could be malicious or represent intellectual property on the computers and servers within the customer’s network. By using fuzzy hashing algorithms, the system can detect polymorphic malware and intellectual property that has been partially hidden or obfuscated.
Applications
End-point (client) agent: native to each major OS as a fat client. Currently we have end-point agents for Microsoft Windows-based systems using MS .NET c# 2.0/4.5 and C++, although the c# portion will be replaced with all c++ code to increase scalability, efficiency, and security, in Q1 2016. End-point agents for Mac OS (written in Objective-C) and popular Linux platforms (written in c++) will ship in Q1/Q2 2016. Development work on the CentOS linux agent will begin in December 2015.
The Control Application enables system administrators to configure each end-point agent, the system itself, and to actively monitor and access reports on files that have been identified by the system as problematic or of interest. At this time the Control Application is able to provide configuration and monitoring services but is not yet ready for customer on-site deployment and is therefore only available in a SaaS model.
The middle-tier of the system, the Portal sever, currently runs in MS .NET and is written in c#. This tier will be upgraded to a full c++ implementation to increase scalability, efficiency, and security, in Q1 2016, and will run as a standard web server extension on a Linux platform (CentOS/Apache).
The data-tier of the system currently is running in MS SQL Server 2008/2012 and uses transact-SQL tables, but does not use any stored procedures or transactions. Although this tier is sufficient for scalability through mid to late 2016, a no-SQL version of the data tier will be developed in 2016.
The Crush server (hashing services) currently runs on MS Server 2008/2012, is written in c#/c++ and is a) being ported to run as a (c++) daemon on a standard Linux (CentOS) server, and b) being re-engineered to function as a massively parallel application (c/c++) running on NVIDIA Tesla GPU accelerated systems. The Crush server communicates with the data-tier directly and the C2 server indirectly. Multiple Crush servers can run simultaneously and are horizontally scalable and fault-tolerant.
The C2 (Command and Control) server, written in c# and being moved to c++, communicates with the data-tier directly and the Crush server and Control Application indirectly to provide scheduling, system health and integrity, and prioritization services, as well redirecting jobs to maintain fault tolerance of the back-end server components. Multiple C2 servers can run simultaneously and are horizontally scalable.
Hardware and Network:
The basic architecture of the system has two different stacks of software. First, a typical 3-tier approach isolates data storage from end-point and Control Application access with a middle-man protocol altering Portal server. In the SaaS model, the end-point and Control Application software reside on-site with the customer, and the remaining stack components reside at the SaaS hosting datacenter. The second stack consists of multiple horizontally-scalable server components that run entirely in the backend as daemons and interact primarily through the data area to provide the services that are being marketed and sold to the customers. The two stacks are kept somewhat separate from each other in order to buffer one against the other in times of extreme load and for enhanced security.
Following is a description of each software module in the system and how it relates to the others:
The system has one component for data collection (the end-point agent software, which resides on the desktop computers and servers within a deployed customer site), one component for system administration (the Control Application, which resides on a desktop computer that the customer has access to or that an analyst can access through the SaaS system), and a collection of software processes/daemons and a data storage area that comprise the back-end.
The end-point agent collects data from the end-point computer, passes it to the Portal server, which in turn stores it in the data area.
The C2 server monitors the in-flow of data from the end-points, and tasks the Crush server(s) to analyze the data and compare it to databases of known good, known bad, and watch list files, in an efficient manner.
The C2 server also provides notification to the customer of any problematic or watch-list files following the completion of the Crush server tasks.
The Crush server monitors the data area, and performs batch or real-time processing of data as instructed to by the C2 server.
Technology
CYBR’s BlindSpot software is a commercially available product that combines a small footprint end-point agent with a centralized monitoring and management system to track files and file changes on the end-point using partial-match digital fingerprints rather than rigid full-match-only file signatures. As files and data buffers are created, edited/altered, and moved either through the network or via removable media devices including USB drives, the product uses its unique and proprietary technologies in combination with industry standard technologies to identify and locate both known malware and unknown [polymorphic] malware on end-points that are continuously monitored by the product. Staff is notified, depending on the urgency or type of digital fingerprint identified, through integrations with 3rd party SIEM solutions, email/SMS transmissions, and reports that are available using the central management system. A false positive rate of partial digital fingerprint matching of ~1 in 10-12 means staff will not be bombarded with unnecessary alerts, maintaining staff efficiency.
Overview: Traditional anti-malware products use static file signatures to locate known malware but have no means of detecting unknown malware, CYBR’s product uses digital file fingerprints that can identify both partial file matches as well as full file signature matches and in doing so can locate and identify both known and unknown malware within the deployed enterprise. A combination of industry standard and publicly available algorithms and CYBR’s own proprietary algorithms, trade secrets, methods, optimizations, and intellectual property for which a patent is currently pending (which is owned solely by CYBR) are combined to form a comprehensive anti-malware platform and continuous end-point monitoring product that is completely unique in the marketplace. Through the use of our proprietary algorithms and optimizations, the product has the ability to scale to the enterprise level and can track desktops/servers as well as mobile/phone/tablet/Internet of Things (IoTs) devices.
Project Implementation: The implementation of this product would include both the commercially available BlindSpot product as well as prototypes of integration packages to connect with the on-site Security Information and Event Management (SIEM) and other systems and prototypes of end-point agents running on operating systems that are not yet available in the currently available version of the product. Both the integration and end-point agent prototypes would be based on existing modular code/functionality and would extend functionality past the currently available modules to ensure the full needs and requirements of the project are met. A full version of BlindSpot would be deployed on servers at/on the enterprise site, and prototypes of both SIEM integrations and new end-point agents would be deployed to augment the full production system. Information flow between all areas of the full system and prototypes would be tested and verified with increasing scale to ensure the level of performance required is available prior to the completion of the project.
End-point Agents: Each end-point is installed with native low-profile proprietary agent software that minimizes both its file system footprint and CPU use. The current product has a native end-point available for Microsoft Windows OSs (both desktops/tablets and servers) in production, and has native end-point agents in development/prototype stage for iOS, Android, MacOS, and RHEL/CentOS, with additional popular Linux derivatives to follow. The main job of the end-point agent is to communicate with the OS and monitor the file system for any changes in files that occur. When changes are detected, a digital file fingerprint of the file is taken and reported to the centralized data store, or cached until a later time if the centralized data store is unreachable (e,g, no cell coverage, laptop not connected to internet). The agent normally runs in “stealth-mode” and uses minimal CPU, RAM, and file system footprint so as not to disrupt the end-user’s workflow or impact system performance. Taking a digital fingerprint of a file and reporting it is very fast and thus the main job of the end-point agent is not system resource intensive. The “heavy lifting” is done on the back-end and does not burden the users or the end-point devices. Configuration of each end-point agent is conducted through the centralized management system, and changes in configuration are transmitted to the end-point agent within a few seconds (provided there is network connectivity).
Central Data Store: A collection of databases on the back end store file watch lists, known good and known bad digital file fingerprints (whitelists and blacklists containing digital file fingerprints of known malware), priority lists and configurations, end-point configurations, last-seen lists, and the full temporal accounting of all digital file fingerprints reported by end-point agents. As new threats are identified they are added to the central data store. As files on end-points change or are edited, their new digital fingerprints are added to the central data store as well. As new threats are identified though polymorphic partial matching, they are added to the known bad list as well.
Identification of Known and Unknown Malware: By comparing the databases of digital file fingerprints of known malware and digital file fingerprints of files on end-points, the product’s Crush server(s) use sophisticated algorithms to compare the partial digital file fingerprints, regardless of content of the files themselves. The product looks at the raw data (bytes) in the files when creating the digital file fingerprints and as such all file types/formats/languages are handled. This means that all file types and data in any and all languages can be compared with similar files. Binary DLLs, MS Word documents and spreadsheets (MS Excel, csv, …), JPEG images, Javascript, HTML, Executable files (.exe) — all of these files are handled by the product and known/unknown malware within them can be located using the digital file fingerprints in the centralized data store and Crush server’s analysis.
Scale, System Throughput, and Priority: A single Crush server can serve a small enterprise (100s or 1,000s of end-points), and a horizontally scalable array of Crush servers can be used to provide identification of malware for large enterprises. Similarly, databases in the central data store can be split and maintained/mirrored on several servers or run in a monolithic configuration. This makes the system highly scalable and able to be adapted to enterprises of varying sizes/scales while maintaining a good price/performance ratio. Priority lists can be designated for Crush servers such that high-priority end-points and/or high-priority malware fingerprints can be compared and identified in real-time, and similarly, low-priority lists (e.g. malware fingerprints that have not been seen in months or years) can be run in the evenings or when the system is running below normal load to ensure both immediate analysis of high-priority threats and comprehensive analysis of low-priority threats.
Integration: Several modular integration points within the product enable the straight-forward integration with 3rd party SIEM software and other reporting/management tools and systems. Distinct “notification channels” within the product are used based on the type of threat detected, the priority level of the specific threat detected, the confidence of the match (low percentage match of digital fingerprint vs high), and the location of the match (specific end-point list). Each notification channel has integration points that can be linked in with 3rd party systems so that staff are notified using software and procedures they are already familiar with and trained on (i.e., through a SIEM solution that is already begin monitored by dedicated, trained staff). Prototypes of each specific integration would need to be developed as a part of this project to match/communicate with the exact SIEM (or other) system that is in use at the deployment site in the mannemethod desired. Such a prototype would be developed for the purpose of evaluating the technical interconnectivity between systems to meet the requirements of the deployment, and following the prototype testing period, would be load-tested and stress-tested to ensure it’s performance meets the demands of a highly scalable environment, leading to a mature integration over a period of 3-6 months following the initial prototype period of 1-3 months.
Technology Section Summary: With end-points being continuously monitored by the product, both known and unknown malware threats delivered by the network and removable media will be detected and reported through SIEM system integration and direct email/SMS messages with minimal impact to the end-point (on all major OSs, including desktop and mobile). Centralized management and temporal monitoring of digital fingerprints enables the system to proactively locate and identify malware threats before zero day as well as enabling the staff to conduct their own investigations of systems either in the present or the past for forensic investigations. This makes CYBR’s BlindSpot a complete product that reaches all of the end-point devices to ensure safety and security from all types of malware threats.
Defense Utility
The blockchain’s cyber security posture will be greatly enhanced by BlindSpot. CYBR’s executive team works with various military and federal organizations and has a deep understanding of the cyber security challenges that face the enterprise today including advanced persistent threat (APT), polymorphic and pleomorphic malware, zero day attacks and the need to locate white and black files in real time. These threats have now permeated to the blockchain and must be secured.
Company and Customers
The proposed team includes CYBR, Inc. executive management and staff. The company is a works closely with its sister company, 21st Century Technologies, Inc. (21CT), which is a HUBZone certified, Small Business entity. 21CT serves as a value added reseller (VAR) for CYBR, Inc. and is currently a teammate on the DOMino classified DHS contract as a subcontractor to Raytheon.
Existing, paying customers include Stratford University, Test Pros and Devitas. The company also has integrator and VAR partner relationships with Anomali (formerly Threatstream), Lockheed Martin (Cyber and Space) and various commercial entities, which the company believes will become paying customers in 2019.
Transition and Commercialization
Our technology is a commercially available product and commercial sales have been made. The company is actively working to scale this solution to hundreds of thousands of users, which the company has deemed do-able and is in the process of horizontally scaling.
Data Rights Assertions
CYBR, Inc. currently holds a provisional patent and incorporates other trade secrets into the solution. No unreasonable restrictions (including ITAR) are placed upon the use of this intellectual property with regards to global sales.
submitted by CYBRToken to u/CYBRToken [link] [comments]

2016 LIVE Binary Trading Options Prediction Software Results Free Binary Options Software For 2016 Binary Options Trading System 2016- Best Binary Options ... One of the Best Binary Options Trading Software Systems of 2016 Binary Options Trading System 2016 - Best Binary Option Trading Automated Software Robot Review

Binary.com is an award-winning online trading provider that helps its clients to trade on financial markets through binary options and CFDs. Trading binary options and CFDs on Synthetic Indices is classified as a gambling activity. Remember that gambling can be addictive – please play responsibly. Learn more about Responsible Trading. Some Read more Options Trading in Oil as prices go up in 2016. Robot Trading. May 16, Profit Booster is a so called binary trading options software which claims to be very easy to use and earn instant money from it. It claims to offer a 1,419$ profit from your first investment amount of 250$. Is it … Best Binary Options Broker 2016 "The company’s mission is to provide customers with the best trading environment possible, free of any hidden charges, misleading terms and unfair treatment. The company strives to build trusting long-term relationships with its clients and become a #1 binary options broker choice." The Amissio Formula binary options software has just launched in the forex trading industry. It has developed by Craig Phillips, founder, and CEO of Amissio Holdings. In this review of The Amissio Formula, we will show you some points that show that this software is a scam. The Ted and Chris Dwite Confirmed Profits binary options trading software located at website: www.confirmed-profits.com, which claims that online users can generate $2000 a day using an abandoned government project, is another binary trading software scam. There is no such binary option trading software.

[index] [169] [5164] [15425] [11755] [3885] [14615] [449] [2185] [12702] [11040]

2016 LIVE Binary Trading Options Prediction Software Results

https://binarysignalspro.com Binary Options Trading System 2016 – Best Automated Trading Software 2016 Binary Options System binary options trading system - In this video I explain how to use my free binary tools and software in 2016. The goal is to help traders better analyze trades so they can get the most out of the binary defender, binary ascend ... Published on May 20, 2016 60 Seconds trades using BOIS_60s. Winners gained on losses by 1st re-entry winner at double 1st entry. 31% solid gain in just over 15 minutes achieved. In next few minutes you are going to discover how to use this Binary Trading Options Prediction Software to exploit an unknown and un-closable loophole I discovered that results in winning trades ... Try watching this video on www.youtube.com, or enable JavaScript if it is disabled in your browser.