Reader's Corner No. 96: Under the Hood of Password Managers, OpenStreetMap as Google Maps Alternative, and "Unhackable" Blockchains Now Getting Hacked

February 21, 2019

If you've ever been curious about password managers work, thought about switching from the paid Google Maps API to an alternative service, or have been suspicious of cryptocurrency security...this is the perfect Reader's Corner edition for you! Read on to find out what the buzz around the office is today.

Password Managers: Under the Hood of Secrets Management

Allen Freeman

Source: Independent Security Evaluators

Takeaway: Password managers better than nothing, but security concerns exist in the space.

Tags: #Security, #Privacy

OpenStreetMap — In-House alternative to Google Maps

Jay Roberts

Source: SoftwareMill Blog - Krzysztof Grajek

Takeaway: Krzysztof provides a straightforward introduction to using Open Street Maps with a Docker-based self-hosted tile server. This is a greta alternative to other mapping providers and offers a large degree of flexibility and control.

Tags: #Programming, #Docker, #Maps

Once Hailed as Unhackable, Blockchains are Now Getting Hacked

Michael Nicholson

Source: Technology Review

Takeaway: Blockchain technology has been hailed as a secure form of decentralized currency. And so far, that's been largely true. But that's starting to change. As the article describes, yes, some exchanges have been impacted. That's more or less like a bank being robbed. But now the blockchains themselves are starting to be attacked.

Over the past year the idea of a 51% attack has gone from theoretical, to real. In such an attack, a bad actor takes over 51% (or more) of the blockchain nodes. They can then spend money, but create a fork of the blockchain where the money was never spent. Since they own the majority of the chain, that fiction (that the money was never spent) becomes reality. It one instance, $1.1 million was nearly stolen (Ethereum claims that the forked blockchain was detected and prevented it from populating into the active chain).

Another level of potential attack is 'smart contracts' that enable a variety of functionalities on the blockchain networks. An attacker stole more than $60 million due to a fault in a smart contract that allowed them to request money repeatedly from accounts without the system actually registering that the money had been withdrawn.

And one of the biggest challenges is that once these transactions are part of the blockchain, they are difficult to reverse. You can restore to an earlier version of the chain (which impacts more than just the incorrect transactions) and fork a new chain off of that, but that doesn't restore the stolen money. You can add additional smart contracts to mitigate errors in existing ones. But as with any software, bugs happen; just last month (January 2019) the entity that had $60 million stolen nearly put a new update into effect that would have allowed the same sort of vulnerability.

While new organizations have been created to help control the hacks and bad actors, anyone who works in software development knows that bugs happen. And we've all seen enough to know that one of the best ways to get someone to try to hack something is to advertise how unhackable it is...

Tags: #Technology, #Security

Are you positive your website is secure? Our developers can answer that for you.

Add new comment