Unfortunately, This Needs to be Reiterated

in security •  last year

There is no such thing as a fully secure and online device.

You can sandbox, you can encrypt, you can obfuscate,
but you will never be invulnerable.

The only way you can guarantee that your sensitive information is never stolen though the internet is to never put that information on a device connected to it (now or in the future).

The latest example

Coin Telegraph, Bleeping Computer, and others have begun making their reports based on the advisory paper by MWR Labs titled "Screen Capture via UI Overlay in MediaProjection". This latest exploit effects around 77.5% of all Android devices, and allows attackers to record screen contents and audio playback without any notification to the user.

This exploit is only one in a series of potential attacks effecting Android devices. From this year alone, we've seen Cloak & Dagger and the revised toast overlay attack that have the capability of complete takeover of the device without user notice or intervention.

Android is far from being the only one with security issues. Both Android and iOS devices are vulnerable to attack as demonstrated by the "BroadPWN" Broadcom Wi-Fi chip exploit that allows an attacker to execute code without any user interaction.

The crypto effect

I've written several time before about how cryptocurrencies are redefining the hacking world. All the right ingredients are exist in this relatively new and rapidly growing space:

• Lots of ignorant and new users
• Lots of money
• Low risk / high reward for hackers
• No centralized protections
• Tons of new, non-audited code in use

Unfortunately, the only good way of avoiding being compromised these days is to have an understanding of security at a technical level. The old "3 things to stay secure" paradigm just doesn't work. You have to know why those 3 things are effective so that you can accurately judge if they still apply when new software comes along.

Check out my Advanced Crypto Security Guide (part 1, part 2, part 3) and my ongoing "Computer Hygiene" series (part 1, part 2, part 3, part 4) for some useful information about computer security as it applies to cryptocurrencies.

Leave a like or resteem if you found this helpful. You can also support me by sending ETH or ERC20 tokens to Tomshwom.eth. Leave your thoughts below about what you think and on which content you'd like to see in the future!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hello @tomshwom, I'm a steemit noob and don't know how to contact you directly. Your guide to using crypto API's in an excel spreadsheet was very helpful. Now I'm trying to use the GDAX API to get market data in my trading spreadsheet and I just don't know enough. I can't find API url examples that I can use in the GDAX API docs and I do not know python or other languages well enough to write something that will work. I'm strictly script-kiddy level. Any tips or hints that might help? Thanks, Rick


Tagging me like you did works just fine, or you can PM me on reddit at /u/atleastsignificant.

What kind of market data are you looking to get? The GDAX API might not be best depending on what you want. Hit me up in a PM on reddit and we can talk more about this!


@tomshwom, thanks but I found some urls and snippets that let me get a basic live ticker from GDAX running in my trading spreadsheet. Used them while still leveraging your basic how to for Excel.

I trade on GDAX only, at present, so GDAX data is all I want for now.

I'm not on reddit yet. Not sure if I will. Most social media seems more effort for little gain to me. I guess that makes me kinda anti-social?



Reddit is less of a traditional social media platform like Facebook or Twitter and more like a big internet forum with tons of niche communities (subreddits) for every little topic. It can be a great place if you want to find tons of information about something, and there's a whole community who can help you if you have questions (as long as you are following the subreddit's etiquette).