• Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
Sunday, April 2, 2023
  • Login
  • Register
Coin24h.com
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
No Result
View All Result
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
No Result
View All Result
Coin24h.com
No Result
View All Result
Ledger Nano X - The secure hardware wallet
ADVERTISEMENT

Security Researchers Slam Voatz Over Stance on White Hats

6 October 2020
in Blockchain
Reading Time: 6 mins read
A A
0
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter
cryptotrader
ADVERTISEMENT
Cryptohopper
ADVERTISEMENT


A pending U.S. Supreme Court case has the potential to fundamentally change white-hat hacking. The case looks at the Computer Fraud and Abuse Act (CFAA) and could determine whether good-faith security researchers, also known as white-hat hackers, could be subject to criminal penalties for researching vulnerabilities in systems. 

If a broad interpretation of the CFAA is decided on, it would impact not just blockchain technology, exchanges, and crypto, but the field of security research as a whole. 

And then blockchain voting company Voatz waded into the discourse. 

Van Buren v. the United States

The Supreme Court is currently hearing Van Buren v. United States, in which a former Georgia police officer was convicted under the CFAA for looking up a license plate in a law enforcement database in exchange for money. The charge under the CFAA centered around the law’s definition of what “exceeds authorized access,” which is notoriously vague. 

The CFAA is an anti-hacking law that went into effect in 1986.  If the court sides with a broad interpretation of the law (as the government is arguing for) it could have a chilling effect on important security research, according to experts. 

A broad interpretation would allow companies to lay out what “authorized access” means in their terms of service, rather than implementing a technical barrier (like a password) in a system that would alert security researchers when they’ve gone too far. 

Enter Voatz

Voatz has repeatedly been the subject of critical security research, which CoinDesk has previously documented. In one instance, MIT students reverse-engineered the Voatz app and found security vulnerabilities. Voatz initially refuted these findings, though some of the issues were later confirmed by Trail of Bits, a security firm hired by Voatz. The company even went so far as to refer the student security researcher to state authorities for alleged “unauthorized activity” under the CFAA. 

The Electronic Frontier Foundation (EFF) criticized Voatz by name in a brief filed with the court, as an example of a company that takes an aggressive approach to good-faith security researchers. Voatz also reported a University of Michigan student to the Federal Bureau of Investigation “because the student conducted research into Voatz’s mobile voting app for an undergraduate election security course,” according to the brief.

Voatz has since filed an amicus brief in the Van Buren case (to which it is not a party) making the case for keeping the CFAA’s scope broad. It suggested that white-hat hackers should conduct their investigations into potential vulnerabilities only once they have alerted the company they are evaluating and received its blessing. 

Such practices are not common in the security community, though white-hat hackers do alert companies to vulnerabilities if they’re found. 

Security researchers clap back

In response to Voatz’s filing, a bevy of security researchers and organizations penned an open letter to publicly correct the record. 

The letter was spearheaded by Jack Cable, one of the world’s top ethical hackers. Cable is also an undergraduate at Stanford University “doing incredible work” in the cybersecurity and elections space, according to Reed Loden, Chief Open Source Security Evangelist at HackerOne, a platform that previously cut ties with Voatz, and whose founder was a signatory to the letter. It was the first time HackerOne has removed a company who used it to host a bug-bounty program.

“We wanted to make it clear that Voatz’s position is not supported by the cybersecurity and security researcher community, emphasize that security researchers contribute greatly to the security of our digital society, and underscore that a broad interpretation of the CFAA, which is what Voatz is advocating for, threatens security research activities at a national level,” said Loden in an email. 

The letter lays out the ways that Voatz’s filing was allegedly self-serving, and an indicator of how companies like Voatz might use a broad interpretation of the CFAA to further crack down on critical security researchers. 

Voatz did not respond to CoinDesk’s requests for comment.

The extent of ‘authorized access’

The Center for Democracy and Technology’s (CDT) is one of the signatories to the open letter. Stan Adams, the CDT’s deputy general counsel and Open Internet counsel, broke the case down into two arguments in a phone call with CoinDesk. 

According to Adams, if a broad ruling is made on the CFAA, security researchers would likely be discouraged from conducting research for fear of violating the “exceeds authorized access” part of the law. 

A broad interpretation would allow companies to lay out what “authorized access” might mean in their terms of service, which can be easily changed and altered, putting security researchers at greater risk. 

“Vague laws like the CFAA can kill security research,” said Adams. “The United States government wants access to be able to be limited by things like terms of use and other written expressions of access limitations, rather than what we would prefer, which is some sort of technical barrier.”

The idea is that a researcher, if governed by a technical barrier such as a password or encryption device, would know they’ve reached the limits of their authorized access. Laying out the limits of authorized access in a hard-to-find and even harder-to-read terms of service would leave security researchers guessing and create a chilling effect on research overall, he added. 

A chilling effect on fintech and crypto researchers?

The impact on research doesn’t just apply to companies like Voatz, though one would be hard pressed to argue that a company engaging in digital voting doesn’t warrant intense scrutiny. 

Tech across the board would be impacted. Matt Hill, CEO of open-source, privacy-tech startup Start9 Labs, said white-hat hacking is key for any kind of tech. Without it, simple software bugs could become systemic infections, ones that could be exploited by malicious actors. The cryptocurrency world has seen such actors empty exchanges and steal people’s cryptocurrencies. 

“An honest organization determined to build secure products will encourage white-hat attacks, no matter how bad the results, because that is the only way for their system to become secure,” said Hill. 

“An organization trying to sell a lump of clay packaged as security, also known as vaporware, or a scam, will do everything it can to prevent attacks – to maintain the internal delusion and external illusion for as long as possible.”

A white-hat safe harbor

Jason Gottlieb, a partner at Morrison Cohen LLP and Chair, White Collar and Regulatory Enforcement Practice Group, said that in his view, until Congress amends the CFAA to clarify what “unauthorized access” means, the CFAA should be interpreted in a way that provides a safe harbor for white-hat hacking. 

To be clear though, he said the hacking must be truly white hat and the burden should lie with the white hats to demonstrate that their intentions were to help rather than harm.    

“White-hat hacking is a key component of any data security program implementation, and has been for a very long time,” said Gottlieb. “Given the increasing importance of cybersecurity in the blockchain and cryptocurrency industries, we should be encouraging transparent white hat hacking as a way to make all systems better.”

Adams confirmed a broad ruling could encourage fintech companies and crypto exchanges to come down hard on white-hat hackers, given “they have strong incentives to not be perceived as flawed.” That being said, he also recognized that companies could also want to be secure, given it’s the public’s money on line at the end of the day. 

“Regardless, security by obscurity is not the way forward,” said Adams. “The CFAA is a pretty heavy hammer to wield.”



Source link

Related articles

Over 7,000 Players Successfully Converged in Yuga Labs’ Otherside Metaverse ‘Second Trip’

Over 7,000 Players Successfully Converged in Yuga Labs’ Otherside Metaverse ‘Second Trip’

31 March 2023
Crypto Market March Roundup: Bitcoin Rises Amid Banking Uncertainties, Macro Headwinds

Crypto Market March Roundup: Bitcoin Rises Amid Banking Uncertainties, Macro Headwinds

31 March 2023
[crypto-donation-box]
Tags: HatsResearchersSecuritySlamStanceVoatzWhite
Share76Tweet47
Ledger Nano X - The secure hardware wallet
Previous Post

First Mover: Bitcoiners May Not Care if Dollar Keeps Its Reserve Status

Next Post

Bullish Bitcoin Case Could Be Due To CFTC Scramble

Related Posts

Over 7,000 Players Successfully Converged in Yuga Labs’ Otherside Metaverse ‘Second Trip’

Over 7,000 Players Successfully Converged in Yuga Labs’ Otherside Metaverse ‘Second Trip’

31 March 2023
0

Voyagers’ outfits transformed into their assigned team colors, and players began to assemble into groups. Moments later, a wormhole to...

Crypto Market March Roundup: Bitcoin Rises Amid Banking Uncertainties, Macro Headwinds

Crypto Market March Roundup: Bitcoin Rises Amid Banking Uncertainties, Macro Headwinds

31 March 2023
0

Mask Network’s MASK token surged over 68%, becoming the top-performing token for the month. XRP rose 41%. Source link

Crypto Exchange Trader Joe Nears Launch of Upgraded Trading Engine

Crypto Exchange Trader Joe Nears Launch of Upgraded Trading Engine

31 March 2023
0

Liquidity Book V2.1 will make it more efficient for depositors to add tokens to Trader Joe’s liquidity pools and also...

Crypto Exchange Bittrex to Wind Down U.S. Operations Next Month

Crypto Exchange Bittrex to Wind Down U.S. Operations Next Month

31 March 2023
0

“It’s just not economically viable for us to continue to operate in the current U.S. regulatory and economic environment,” said...

Decentralized Liquidity Platform Synthetix Sees Jump in Fees Collected Amid Incentive Campaign

Decentralized Liquidity Platform Synthetix Sees Jump in Fees Collected Amid Incentive Campaign

31 March 2023
0

Synthetix generated more than $730K in fees on March 30 ahead of the start of its allocation of 200,000 OP...

Load More
Next Post

Bullish Bitcoin Case Could Be Due To CFTC Scramble

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

We publish a comprehensive news feed covering all news relevant to the crypto user, covering main industry news, politics and regulation as well as consumer-level “news you can use” (practical stuff), including handy DIY tips, links to useful tools, unbiased reviews and opinions revolving around cryptocurrency. Simple logic and real-world examples are preferred before technical jargon and personal rants.

Categories

  • Altcoin
  • ApeCoin
  • Bitcoin
  • Blockchain
  • BNB
  • Cardano
  • Cryptocurrency
  • DOGE
  • DOT
  • Ethereum
  • HBAR
  • Litecoin
  • Market
  • Meta News
  • Mining
  • NFT
  • QNT
  • Regulation
  • SHIBA
  • Solano
  • Tether
  • Uncategorized
  • XDC
  • XLM
  • XRP

What’s New Here!

  • Shiba Inu (SHIB) Breaks Out From Triangle, Here’s Next Target
  • After Manhattan Indictment, Trump’s NFT Trading Cards See Sharp Rise in Value – Here’s Why
  • Big Eyes Coin First NFT Collection Goes Live, Innovating the Presale Scene, Metacade Continues to Grow in Web3 Gaming – CryptoMode

Newsletter

  • About Us
  • Privacy Policy
  • Contact Us

© 2022 coin24h.com

No Result
View All Result
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining

© 2020 coin24h.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • bitcoinBitcoin(BTC)$28,434.00-0.18%
  • ethereumEthereum(ETH)$1,822.36-0.35%
  • tetherTether(USDT)$1.000.15%
  • binancecoinBNB(BNB)$315.330.11%
  • usd-coinUSD Coin(USDC)$1.000.11%
  • rippleXRP(XRP)$0.521.48%
  • cardanoCardano(ADA)$0.385497-1.50%
  • dogecoinDogecoin(DOGE)$0.0826928.02%
  • staked-etherLido Staked Ether(STETH)$1,815.16-0.42%
  • matic-networkPolygon(MATIC)$1.120.98%
  • solanaSolana(SOL)$21.09-0.01%
  • polkadotPolkadot(DOT)$6.371.15%
  • binance-usdBinance USD(BUSD)$1.000.11%
  • litecoinLitecoin(LTC)$93.900.62%
  • shiba-inuShiba Inu(SHIB)$0.0000113.24%
  • tronTRON(TRX)$0.066210-0.72%
  • avalanche-2Avalanche(AVAX)$17.760.28%
  • daiDai(DAI)$1.000.05%
  • uniswapUniswap(UNI)$6.04-2.13%
  • wrapped-bitcoinWrapped Bitcoin(WBTC)$28,433.00-0.18%
  • chainlinkChainlink(LINK)$7.47-1.47%
  • cosmosCosmos Hub(ATOM)$11.442.67%
  • ToncoinToncoin(TON)$2.25-0.28%
  • leo-tokenLEO Token(LEO)$3.390.26%
  • ethereum-classicEthereum Classic(ETC)$21.082.31%
  • stellarStellar(XLM)$0.1101471.52%
  • moneroMonero(XMR)$159.081.53%
  • okbOKB(OKB)$41.79-0.12%
  • bitcoin-cashBitcoin Cash(BCH)$126.020.73%
  • filecoinFilecoin(FIL)$5.720.58%
  • hedera-hashgraphHedera(HBAR)$0.0755537.12%
  • AptosAptos(APT)$12.057.32%
  • lido-daoLido DAO(LDO)$2.410.39%
  • true-usdTrueUSD(TUSD)$1.000.03%
  • quant-networkQuant(QNT)$127.452.40%
  • crypto-com-chainCronos(CRO)$0.0695660.46%
  • nearNEAR Protocol(NEAR)$2.000.95%
  • vechainVeChain(VET)$0.0235921.29%
  • ArbitrumArbitrum(ARB)$1.28-4.91%
  • apecoinApeCoin(APE)$4.322.17%
  • algorandAlgorand(ALGO)$0.222258-0.36%
  • internet-computerInternet Computer(ICP)$5.242.01%
  • eosEOS(EOS)$1.200.52%
  • fantomFantom(FTM)$0.4695030.55%
  • the-graphThe Graph(GRT)$0.143235-0.45%
  • blockstackStacks(STX)$0.89-1.48%
  • the-sandboxThe Sandbox(SAND)$0.641.69%
  • decentralandDecentraland(MANA)$0.624.72%
  • theta-tokenTheta Network(THETA)$1.081.06%
  • elrond-erd-2MultiversX(EGLD)$42.580.25%