Exploring the Edges of Blockchain Technology: A Deep Dive into MEV and Oracles
Bentham's Gaze
by Arthur Gervais
1M ago
In the dynamic world of blockchain technology, a Research Note from authors at the Financial Conduct Authority (FCA) and University College London (UCL) delves into the complex territories of Maximal Extractable Value (MEV) and blockchain oracles, presenting a nuanced study that underscores both the potential and the pitfalls of these advanced concepts in cryptoasset services and Decentralised Finance (DeFi). At the heart of this exploration lies MEV, a concept that thrives on the transparency and ordering of transactions within blockchain networks. While it heralds a new era of value extracti ..read more
Visit website
A Regulatory “Trial and Error” Phase Shaping the Cryptocurrency Ecosystem
Bentham's Gaze
by Marilyne Ordekian
11M ago
In general, the broad aim of regulation is to organise the relationship between persons and to protect their rights and interests in society. However as we have discovered, this has not been the case within the cryptocurrency space. It has been almost 15 years since Satoshi Nakamoto published the Bitcoin whitepaper. Since then, this seminal document posted on a mailing list, catalysed the emergence of an entirely new-transnational field. Considering the substantial time that has passed and the widespread popularity of cryptocurrencies, one would expect regulators to have at least figured out ..read more
Visit website
Rugpull reports in the DeFi jungle
Bentham's Gaze
by Sharad Agarwal
1y ago
A rising category of cryptocurrency scams called ‘rugpulls’ accounted for 37% of all cryptocurrency scam revenue in 2021. A rugpull is an exit scam in the DeFi (Decentralized Finance) ecosystem where developers abandon a project without fully delivering and run away with investors’ funds. Thodex, a Turkish centralized exchange, ran away with $2 billion from victims. In March 2022, the U.S. Department of Justice charged two defendants for a $1.1 million NFT rugpull scam called Frosties. In our paper to be presented next week at Financial Cryptography and Data Security 2023, we analyze an u ..read more
Visit website
Return of a new version of Drinik Android malware targeting Indian Taxpayers
Bentham's Gaze
by Sharad Agarwal
1y ago
In October last year, analysts at Cyble published an article on the return of the Drinik malware that was first spotted by CERT-In in 2016. Last month during the tax-paying season of the year, I (Sharad Agarwal), a Ph.D. student at University College London (UCL) researching SMS phishing, found and identified an updated version of the Drinik malware that impersonates the Income Tax Department of India and targets the victim’s UPI (Unified Payment Interface) payment apps. The iAssist.apk malware was being spread from the URL hxxp://198[.]46[.]177[.]176/IT-R/?id={mobile number} where the user is ..read more
Visit website
The Acropalypse vulnerability in Windows Snip and Sketch, lessons for developer-centered security
Bentham's Gaze
by Steven J. Murdoch
1y ago
Acropalypse is a vulnerability first identified in the Google Pixel phone screenshot tool, where after cropping an image, the original would be recoverable. Since the part of the image cropped out might contain sensitive information, this was a serious security issue. The problem occurred because the Android API changed behaviour from truncating files by default to leaving existing content in place. Consequently, the beginning of the resulting image file contains the cropped content, but the end of the original file is still present. Image viewers ignore this data and open the file as usual, b ..read more
Visit website
A well-executed exercise in snake oil evaluation
Bentham's Gaze
by Steven J. Murdoch
1y ago
In the umpteenth chapter of UK governments battling encryption, Priti Patel in September 2021 launched the “Safety Tech Challenge”. It was to give five companies £85K each to develop “innovative technologies to keep children safe when using end-to-end encrypted messaging services”. Tasked with evaluating the outcomes was the REPHRAIN project, the consortium given £7M to address online harms. I had been part of the UKRI 2020 panel awarding this grant, and believed then and now that it concerns a politically laden and technically difficult task, that was handed to a group of eminently sensible s ..read more
Visit website
What is Synthetic Data? The Good, the Bad, and the Ugly
Bentham's Gaze
by Emiliano De Cristofaro
1y ago
Sharing data can often enable compelling applications and analytics. However, more often than not, valuable datasets contain information of sensitive nature, and thus sharing them can endanger the privacy of users and organizations. A possible alternative gaining momentum in the research community is to share synthetic data instead. The idea is to release artificially generated datasets that resemble the actual data — more precisely, having similar statistical properties. So how do you generate synthetic data? What is that useful for? What are the benefits and the risks? What are the fundament ..read more
Visit website
The legal rule that computers are presumed to be operating correctly – unforeseen and unjust consequences
Bentham's Gaze
by Steven J. Murdoch
1y ago
In this briefing note, we discuss the legal presumption that computers are operating correctly – a topic previously covered on Bentham’s Gaze, particularly in relation to the Post Office Horizon Scandal but that is also relevant to other areas like payment disputes. The briefing note is also available in PDF format, where it includes more detailed citations. Overview In England and Wales, courts consider computers, as a matter of law, to have been working correctly unless there is evidence to the contrary. Therefore, evidence produced by computers is treated as reliable unless other evidence s ..read more
Visit website
Pre-loading HSTS for sibling domains through this one weird trick
Bentham's Gaze
by Steven J. Murdoch
2y ago
The vast majority of websites now support encrypted connections over HTTPS. This prevents eavesdroppers from monitoring or tampering with people’s web activity and is great for privacy. However, HTTPS is optional, and all browsers still support plain unsecured HTTP for when a website doesn’t support encryption. HTTP is commonly the default, and even when it’s not, there’s often no warning when access to a site falls back to using HTTP. The optional nature of HTTPS is its weakness and can be exploited through tools, like sslstrip, which force browsers to fall back to HTTP, allowing the attacker ..read more
Visit website
Apple letting the content-scanning genie out of the bottle
Bentham's Gaze
by Steven J. Murdoch
2y ago
When Apple announced that they would be scanning iPhones for child sexual abuse material (CSAM), the push-back appears to have taken them by surprise. Since then, Apple has been engaging with experts and developing their proposals to mitigate risks that have been raised. In this post, I’ll discuss some of the issues with Apple’s CSAM detection system and what I’ve learned from their documentation and events I’ve participated in. Technically Apple’s CSAM detection proposal is impressive, and I’m pleased to see Apple listening to the community to address issues raised. However, the system still ..read more
Visit website

Follow Bentham's Gaze on FeedSpot

Continue with Google
Continue with Apple
OR