Search This Blog

Showing posts with label $50000. Show all posts

Bitcoin Sinks Below the $50,000 Mark

 

Bitcoin and other cryptocurrencies lost a lot of money on Friday when investors worried that US President Joe Biden's decision to lift capital gains taxes will discourage them from investing in digital assets. The selloff followed news that the Biden administration was considering a raft of tax reform proposals, including a measure to almost increase capital gains rates to 39.6% on those making more than $1 million.  

Bitcoin, the world's largest and most successful cryptocurrency, dropped 7% to $48,176, slipping below $50,000 for the first time since early March, while smaller rivals Ether and XRP both fell about 10%. Markets were jolted by the tax plans, forcing investors to book gains in stocks and other risk assets, which had soared in anticipation of a strong economic rebound. Investment gains levy rates are expected to rise to new highs. 

"Bitcoin headed South today after President Biden signalled that he wanted to raise capital gains tax in the US," said Jeffrey Halley, senior market analyst, Asia Pacific, at OANDA. "Now whether that happens or not, many Bitcoin investors are probably sitting on some substantial capital gains if they stayed the course over the past year." 
"I firmly believe that developed market regulation and/or taxation remain the crypto markets' Achilles Heel," he added. 

Bitcoin is set to lose 15% this week, but it is still up 65 percent from the beginning of the year. Ether fell more than 10% on the day to as low as $2,107 (roughly Rs. 1.5 lakhs), despite climbing to a new high of $2,645.97 the day before (roughly Rs. 2 lakhs). 

"I don't think Biden's taxes plans will have a big impact on Bitcoin," said Ruud Feltkamp, CEO at automated crypto trading bot Cryptohopper. "Bitcoin has only gone up for a long time, it is only natural to see a consolidation. Traders are simply cashing in on winnings." 

"There are reasons to believe the overall trend will remain bullish unless the price drops below $40k," said Ulrik Lykke, executive director at crypto hedge fund ARK36. "At the moment, we are not convinced that the trend will reverse into a bear market but we acknowledge it may take some time before the demand overtakes the supply again in the medium to short term."

Researcher Laxman Muthiyah Awarded with $50,000 for Detecting a Flaw in Microsoft Account

 

A bug bounty hunter was awarded $50,000 by Microsoft for revealing a security vulnerability leading to account deprivation. The expert says that only ‘user accounts’ have an effect on vulnerabilities. The vulnerability has to do with launching a brute force attack to estimate that the seven-digit security code is sent via email or SMS in a reset password checking process. 

Microsoft has granted $50,000 to the Security Researcher Laxman Muthiyah for revealing a vulnerability that could allow anyone to hijack the accounts of users without permission. Researcher Laxman Muthiyah informed in a blog post on Tuesday 2nd March, about the possibility of the particular security flaw. 

“To reset a Microsoft account’s password, we need to enter our email address or phone number in their forgot password page, after that, we will be asked to select the email or mobile number that can be used to receive security code,” researcher Laxman Muthiyah wrote in the blog. “Once we receive the 7-digit security code, we will have to enter it to reset the password. Here, if we can brute force all the combination of 7-digit code (that will be 10^7 = 10 million codes), we will be able to reset any user’s password without permission.” 

In the past, Muthiyah found an Instagram-rate flaw that might contribute to take-up and then use the same tests to secure Microsoft's account. The researcher found out that the rates are set to reduce the number of tries and safeguard the accounts. Examination of an HTTP POST application sent to verify the code showed that the code was encrypted before it was sent, which suggests that the authentication was broken in order to optimize brutal force attacks. 

The analyst sent 1000 code requests, but only 122 were accepted, the remaining (1211 error code), resulted in an error, and all other requests prevented establishing the limit rate used for account protection. The analyst bypassed the blocking and encryption process by submitting simultaneous requests. It was found that, if all requests sent don't really arrive at the server simultaneously, the mechanism blacklists the IP address.

That being said, in an actual scenario, the attacker must submit security codes possible, about 11 million request attempts, simultaneously required to modify a Microsoft account password (including those with 2FA enabled). In order to successfully complete the attack, such an attack would need several computer resources and 1000s of IP address. 

Muthiyah has reported the problem to Microsoft that was immediately discovered and solved in November 2020. 

“I received the bounty of USD 50,000 on Feb 9th, 2021 through hacker one and got approval to publish this article on March 1st. I would like to thank Dan, Jarek, and the entire MSRC Team for patiently listening to all my comments, providing updates, and patching the issue. I also like to thank Microsoft for the bounty.” concluded Muthiyah