![](\"https:\/\/images.idgesg.net\/images\/article\/2019\/02\/blockchain_crypotocurrency_bitcoin-by-akinbostanci-getty-100787953-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Lucas Mearian| Date: Thu, 25 Jul 2019 14:06:00 -0700<\/strong><\/p>\n Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm \u00a0Kudelski Security next week plans to launch the industry\u2019s first “purposefully vulnerable” blockchain \u2013 and will demo it at next month’s Black Hat<\/a>\u00a0conference.<\/p>\n Kudelski Security\u2019s FumbleChain project<\/a> is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.<\/p>\n The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it’s modular \u2013 allowing users to hack and add new challenges to promote continuous learning.<\/p>\n The Kudelski blockchain will be available as both a code download on GitHub and as a demo on the company’s website<\/a>, allowing testers to play with its features and learn how it works without having to download code.<\/p>\n \u201cFor the most part, blockchains aren\u2019t inherently secure,\u201d Hamiel said. \u201cThere\u2019s an entire ecosystem around blockchain, just like there is around traditional applications. Quite often you\u2019ll have vulnerabilities that crop up in places that are rather unexpected. What we wanted to do was create this pre-made blockchain, create this educational framework around it so you can learn more about it and more about blockchain security.\u201d<\/p>\n The concept is similar to other open-source projects, such as creating web applications so developers can test their skills attacking them to expose vulnerabilities.<\/p>\n As a write-once, append-many technology, blockchain itself is highly secure, but experts point out<\/a> the distributed ledger technology does not live in a vacuum. In order to be of use, applications such as cryptocurrencies are embedded into the blockchain \u2013 making it vulnerable to certain attack vectors.<\/p>\n At its most basic, the technology is a peer-to-peer-based distributed ledger<\/a>, or database, organized by a set of protocols combined with a blockchain; in essence, it’s \u00a0a series of encrypted sets of data that record immutable changes over time. While that may be relatively straightforward, how the technology is implemented can lead to a variety of permutations.<\/p>\n “Like most things, the devil is in the details,” said Jack Gold, principal research analyst at J. Gold Associates. “Blockchain is a specification more than a technology, and a relatively loose spec at that. …There are various ways to implement it…, so if you implement in a insecure fashion, it can be broken.”<\/p>\n James Wester, research director for IDC Worldwide Blockchain Strategies, said he\u2019s often tasked with defining blockchain along with a “basket of technologies” that fall under the general heading of “blockchain,” including\u00a0tokenized assets<\/a>, cryptocurrencies,\u00a0crypto wallets<\/a>, smart contracts, and\u00a0self-sovereign identity<\/a>; all of the latter group are applications or architectures that can run on top of a blockchain network, but are not a native part of the technology.<\/p>\n \u201cIt’s possible to have relatively smart discussions about the technology without actually knowing some of those differences, so many semi-informed people don’t even bother to learn the terms and technology,\u201d Wester said.<\/p>\n Both public and private blockchains \u2013 ones that require pre-approval to join \u2013 are natively secure because they’re immutable (i.e., each record or block is unchangeable and tied to all others), and adding new blocks requires a consensus among users. (How large that consensus must be depends on the blockchain in use; for some, it’s 50%, for others, it’s more.)<\/p>\n The immutability and consensus requirements of blockchains make them natively more secure than most other networking technologies. But, depending on the architecture and who’s running the nodes and where, blockchains are vulnerable to attack, as has been seen time and time again.<\/p>\n While blockchain provides security for the integrity of the data recorded on it, the blockchain alone, without additional technologies or systems, cannot protect against unauthorized access such as a data breach, according to the report from Federal Reserve Bank of Minneapolis.<\/p>\n For example, a recent “51% attack” on the\u00a0Ethereum Classic token exchange<\/a>\u00a0showed why even blockchain is not impermeable to gaming. A 51% attack refers to a bad actor who gains control of the majority of CPUs in a cryptocurrency mining pool. Such attacks are generally limited to smaller blockchains with fewer nodes, because they’re more susceptible to a single person seizing control based on a Proof of Work (PoW) consensus mechanism.<\/p>\n Cryptocurrency wallets, which store private keys enabling access to bitcoin and other digital currencies, have also been vulnerable to attacks<\/a>.<\/p>\n “If you\u2019re a company looking to use blockchain \u2013 and not just for crypto currency \u2013 \u00a0the amount of time and effort you put into securing the various components of the ledger and process are key,” Gold said.<\/p>\n Data transparency, or the ability for all parties on a blockchain to view transactions, is part of its appeal because bad actors can quickly be identified if they attempt to add unverified data. That transparency, however, can also be a threat. For example, in a settlement or clearing system for financial institutions where confidentiality may be a key component of security, system data transparency is a security risk, the Federal Reserve report noted.<\/p>\n Blockchain, Hamiel said, is a technology steeped in hype that often leads to contradictory claims: advocates praise it and claim it will change the world while \u00a0\u201chaters\u201d \u2013 no matter what problem blockchain does actually solve \u2013 refuse to ever adopt it.<\/p>\n \u201cThe truth is somewhere in the middle,\u201d Hamiel said. \u201cThere are certainly problems blockchain solves, and I think it\u2019s an interesting area that people have a lot of questions about. People are curious about the technology, but they don\u2019t have a way to easily gain access to information about it without spending a lot of time to learn about it. I\u2019m hoping this solves that.\u201d<\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Lucas Mearian| Date: Thu, 25 Jul 2019 14:06:00 -0700<\/strong><\/p>\n Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm \u00a0Kudelski Security next week plans to launch the industry\u2019s first “purposefully vulnerable” blockchain \u2013 and will demo it at next month’s Black Hat<\/a>\u00a0conference.<\/p>\n Kudelski Security\u2019s FumbleChain project<\/a> is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.<\/p>\n<\/p>\n