BitMark [Zuckerberg]
Facebook + Coinbase, Square + Twitter, Instagram + Bitmark (IFTTT), IBM ,Visa, Mastercard, American Express, Bank of America, Izerocoin + Bitcoin, IXcoin + Bitcoin Cash… The future of payment and digital property
If you have been reading the news the last two days you have seen the rumor “Facebook looks to acquire Coinbase” or some similar headline. When things happen like that, I take notice. Facebook would be taking over a company that seeks a banking license in the United States and is the most secure place to put fiat into Bitcoin. I say Bitcoin because up until lately all crypto ads were banned on Facebook. Mark Zuckerberg was recently in Washington D.C. getting absolutely shredded for selling people’s privacy away on Capitol Hill. Was this all an act?
That’s up for you to decide. But I tend to think that Bitcoin drama once again stole the headlines to distract from the truth — Facebook is probably already involved with Coinbase, and there’s plenty of reasons to think that. Why would Facebook want to buy Coinbase and who is pushing these rumors anyway? We must assume that someone from Facebook or Coinbase is leaking the rumors — otherwise a denial would’ve been issued already.
Mark Zuckerberg, Facebook, & Coinbase: The Rumor and The Facts
People are speculating about this move in the open:
“It wouldn’t surprise me if Facebook made an attempt to acquire Coinbase,” tech entrepreneur Oliver Isaacs said. “Whether [Coinbase CEO] Brian Armstrong and the team would agree is another question.”
Why would Oliver Isaacs, who I have never heard of until this article, be saying this? Who is Oliver Isaacs?
Oliver is also well known for running a large network of pages and partnerships in different niches on Facebook and Instagram reaching 15 million users each month.
Oliver Isaacs has a lot of success on social media. It’s plausible he knows people at Facebook having run his business through Facebook and other forms of social media. In fact it’s downright likely. So we are seeing the “rumor” spread by someone with insider ties at Facebook.
Facebook just lifted its ban on cryptocurrency ads this week:
The rumors come the same week that Facebook abruptly reversed its ban on cryptocurrency advertising.
So the combination of Zuckerberg getting scolded for leaking people’s privacy on Capitol Hill plus Facebook’s January ban on crypto ads have made most people ignore the association between crypto and Facebook. An interesting quote about distraction from Coinbase CEO Brian Armstrong:
After many years of this, I’ve come to enjoy the down cycles in crypto prices more. It gets rid of the people who are in it for the wrong reasons, and it gives us an opportunity to keep making progress while everyone else gets distracted.
Everyone is distracted, Bitcoin prices and Facebook stock has taken a nose dive in recent months. Would prices not be booming if the public had a positive association between Facebook and Bitcoin or a marriage of Facebook and Coinbase? Would Coinbase be booming with people rushing into Bitcoin because of all the positive news? The answer to all hypothetical questions above is simply — yes.
Who has ever heard of Cambridge Analytica anyhow? I pay attention to business headlines. They were completely off my radar and now the center of a Mark Zuckerberg scandal? While everyone hated the pariah, I had adopted a filter on my thoughts in relation to crypto — assume nothing is impossible and ignore the noise. White noise is static — to see through the static helps us hear the clear message. Mark Zuckerberg is defintiely involved in Bitcoin.
Why would Coinbase and Facebook want to distract the public from their marriage?
Despite Coinbase continuing to experience highly-publicized technical and customer support problems, revenues continue to skyrocket, totaling $1 billion for 2017 alone. In April, the exchange valued itself at $8 billion — claiming it was also a “self-sustaining” company.
In other words, Coinbase is just refining its operation. If you have read my previous articles, you understand why. Coinbase is one of the few non-hacked cryptocurrency exchanges and Coinbase is also a wallet. Coinbase is launching their index fund which must include index coins (I0Coin and Ixcoin) to give exposure to all of their offered cryptos by being the root or birth of each crypto offered in the fund. I was promptly banned from Twitter when I shared this article:
Then I wrote this to confirm those facts and beliefs:
Coinbase offers the Shift card, which is a Visa backed crypto debit card. Unless Bitcoin Core starts minting its own coins and adopts Open SSL 1.0.1k to be compliant with the June 30, 2018 deadline for Payment Card Industry Data Security Standard v 3.2.1 it cannot have a future as a Visa backed payment. It will not be able to run through the Visa network. I wrote about I0Coin and how it’s current v 0.12.0.1 runs on Open SSL 1.0.1k and could run through any PCI DSS v 3.2.1 network by meeting the security standards. This allows I0Coin and Ixcoin (when merged) to run on Visa, Mastercard, American Express, and Discover payment networks.
Five different programs: Visa’s Cardholder Information Security Program, MasterCard’s Site Data Protection, American Express’s Data Security Operating Policy, Discover’s Information Security and Compliance, and the JCB’s Data Security Program were started by card companies. The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.
Bitcoin Core runs on libsecp256k1. It does not meet the PCI DSS v 3.2.1 standards. Thus, a Bitcoin/Visa backed Shift debit card cannot exist. Coinbase has not addressed this but it absolutely makes it obvious Coinbase is aware of I0Coin and Ixcoin. Coinbase needs to use I0Coin for the Shift card. Coinbase has to use I0Coin and Ixcoin for the Index Fund. It is absolutely obvious. Bitcoin Core is not minting its own coins. It receives its coins from Devcoin and there is proof in the code, facts are just facts. Bitcoin Core is a ledger:
Coinbase is certainly aware of I0Coin and Ixcoin. If it is being acquired by Facebook, wouldn’t Facebook know the facts of operation? Perhaps there is even a way that Facebook is involved in crypto currency at this very moment.
Facebook Messenger allows people to send and receive money using a US debit card or Paypal account:
You can send or receive money in Messenger (example: send your friend $10 for lunch or receive $500 from your roommate for rent) after you add a US bank issued debit card or a PayPal account.
Coinbase only allows people to receive the Shift Visa debit card within the United States:
The Shift Card is a VISA debit card that currently allows Coinbase users in select states and territories (see list below) in the U.S. to spend bitcoin anywhere VISA is accepted.
So Facebook and Coinbase only allow/offer use of debit cards within the United States. Here is Coinbase’s explanation:
Why isn’t the Shift Card available in my state yet?
Coinbase and Shift are working through legal and regulatory matters in other jurisdictions. Stay tuned!
Facebook unveiled their Send Money feature on March 17, 2015 to the United States. The Send Money feature introduction clearly states use of the Visa and Mastercard network, which is a part of PCI DSS v 3.2.1:
The first time you send or receive money in Messenger, you’ll need to add a Visa or MasterCard debit card issued by a US bank to your account.
They also spoke about their secure network:
Secure Network
A dependable and trusted payments processor for game players and advertisers since 2007, Facebook processes more than one million transactions daily on the site and also handles all the payments processed on Messenger.
Most people do not realize that Facebook processed its own payments since 2007.
On the same day as the Send Money feature annoncment (March 17, 2015), Forbes published an article about Facebook “poaching” Paypal’s former president, David Marcus (the previous June).
So on the same day in March 2015, Facebook announces a US based feature to send money from a Visa or Mastercard debit card and is written about in Forbes (by a crypto journalist) about its acquisition of a Paypal executive and an intention to take over payments. That is too much of a coincidence.
Send Money now allows one to use Paypal. The likely scenario is former Paypal president David Marcus went to Facebook to oversee integration of Paypal into the Send Money feature. Theoretically, could Send Money run on a collective network formed by PCI DSS compliant credit card companies and Paypal using a form of cryptocurrency payment capable for transfer on all payment networks? First we must examine each specific network.
Visa and Mastercard are both PCI DSS compliant networks. For PCI DSS v 3.2.1 I already wrote that I0Coin v 0.12.0.1 (its most current version) could run on those payment channels because it complies with the PCI DSS standards via its use of Open SSL 1.0.1k. The 1.0.1k patch is what makes Open SSL secure enough to comply with PCI DSS v 3.2.1 as I wrote about in previous entries.
Theoretically, if Facebook is already in cahoots with Coinbase they would be aware of I0Coin and could use a secret conversion from fiat via US debit card to I0Coin, then run I0Coin through the Visa or Mastercard network, and convert back into fiat when transferring to the receiving end.
If that isn’t enough, Facebook has gone on to officially announce its involvement in blockchain, using none other than Messenger’s David Marcus.
The article above is absolutely full of more puzzle pieces in the Facebook + Coinbase + I0Coin love triangle (at this point with Visa, Mastercard, and other PCI DSS compliant channels its more like a love dodecagon). Some revealing quotations include:
As the former president of PayPal, Marcus has a lot of payments expertise and has been in charge of Messenger through a lot of significant changes over the years. In fact, Facebook’s decision to split Messenger out of the core app so that users had to download the standalone app in order to receive messages on mobile happened during Marcus’s first month on the job. He oversaw Messenger’s push into customer service bots, shopping and, more recently, advertising. His departure from that role is notable, especially since Messenger is just starting to ramp up its advertising business.
I have written about I0Coin splitting off certain parts of the network. It is protected and minted as the source of merge mining, but its value does not rise with Bitcoin Core’s. Why exactly is that? Bitcoin is merely a ledger at this point tied to the AuxPow block reward of Devcoin’s. I have stressed this here over and over. Devcoin’s are sent via OP_codes to a BTC address and incorrectly identified as newly generated coins, which is entirely false. Devcoin is currently being merge mined through I0Coin. It is important to mention I0Coin should be minting only 0.023 I0C per block reward. It is in fact minting 12.5 coins per block reward, yet the fact that 12.5 is identical to what BTC is supposed to mint goes right over people’s heads. Go figure. No one looks at raw block data. Here is an example of I0C raw block data. With BTC acting as a ledger via OP_code what people truly buy as BTC with fiat has to be minted as I0Coins. Bitcoin Core does not mint coins. By using Devcoin as an intermediary to send coins out to BTC, I0Coin is not tied to BTC’s ledger — yet. It will tie to the BTC ledger at one point in the near future — perhaps when ETC is supported at Coinbase, as I previously wrote. Because I0C is the coinbase (source of merge mining) and Coinbase, the company, is aware of it. Coinbase has to use I0Coin to offer the Visa debit Shift Card. Shift uses I0Coin, not Bitcoin Core, to make crypto payment directly through the Visa network. Coinbase is effectively the coinbase (I0Coin).
Once ETC goes live on Coinbase we may see I0Coin and Ixcoin go through the roof with all unspent and invalid coded transactions reverting back to the root source of those coins via merge mining. Ixcoin will receive equal value with I0Coin once the two are merged together for one index coin and 42 million 99.99% minted coins. Ixcoin used to be 3–4 times as expensive as I0Coin but in recent days the two have reached parity in their USD price. To me this signifies a merge of some sort. Then I saw that Ixcoin raw block data now shares the same merge mining information in chainmerklebrach as I0Coin:
"chainmerklebranch": [
"0000000000000000000000000000000000000000000000000000000000000000",
"f98c4e9736d8eb8bb46299798906695c755369a3df99a93ffdded1713f1cf6e2",
"48e55233b9707330def98c80a2105eaa5fac8f687d872ffb4b4741fa2bdb247d",
"539aeecf38a6e67c757e2ccd3e562aaa277a4a562aff08d501e89e44dbd7cd5a",
"8dac24307f1e2287d9e4b59082d07283e1c7f8c23eae34157ca92f802ecf33bc",
"fa978c6bd13cc92e1d97c796fdf7c2e7d834d2f57d27e6570f75be7293659f35",
"369d3c4c4dddcaa46ee320316bc6d29fce24067affdcfc73f16f8dd44952b3f4"
],I had not noticed that weeks before, so there in fact may be your merge — even with Ixcoin only mining transaction fees. This could also explain why its total has crept over 21 million coins, because it is still reflecting the total of I0Coin’s being minted. These two coins are both Index: (0) in code.
In fact, Facebook’s decision to split Messenger out of the core app so that users had to download the standalone app in order to receive messages on mobile happened during Marcus’s first month on the job.
So now we see that like I0Coin splitting off BTC (the ledger) — Messenger split off the “core app” (Facebook). Why the two apps split may explain a time where I0Coin split off of BTC and BTC became a ledger that received new coins from Devcoin via I0Coin AuxPow reward. Taking a look at an old I0Coin block from July 2014, before Messenger split off the Facebook core app we see I0C was still minting BTC’s 25 coin block reward when it was supposed to be minting 1.5 I0Coin’s:
What is also missing from the raw block data from this I0C block (1200000) is an OP_Return script sig (under asm) that would revert all coins sent via Devcoin to BTC. The latest I0Coin block shows this OP_Return script sig as:
If I0Coin didn’t need to use an OP_Return code in 2014 to retrieve its coins from BTC via Devcoin we can make some theories based on code and FACT:
- When Messenger and Facebook’s core app were one application in 2014, I0coin was still minting BTC block rewards of 25 coins and not its own rate of 1.5 I0C. To me, this shows I0Coin was Bitcoin at that point in time. I0Coin and Bitcoin were connected. However, on the same day in 2014, Devcoin was still sending it’s AuxPow output to BTC at address “1CjPR7Z5ZSyWk6WtXvSFgkptmpoi4UM9BC”:
2. What is proven here is that even when I0Coin didn’t need to include OP_Return to retrieve its BTC from Devcoin “vouts” it still acted as the coinbase of merge mining — BTC was not minting its own coins in 2014 even while connected to I0C. That is because AuxPow put I0Coin’s AuxPow reward into the BTC ledger.
3. I0Coin split off Bitcoin Core’s ledger sometime around when Messenger split off Facebook’s core app in 2015. Thus, it had to include OP_Return for the value it needs to retrieve once it connects back to BTC’s ledger.
4. To function as a payment on Visa and Mastercard, Open SSL 1.0.1k or 1.0.0p must be implemented by June 30, 2018 to comply with PCI DSS v 3.2.1. By now one knows I0Coin complies and the Bitcoin Core ledger does not (it uses libsecp256k1). Messenger’s Send Money feature uses Visa and Mastercard. Messenger split off Facebook’s core app when I0Coin split off of Bitcoin’s core ledger. In early 2015, Open SSL was abandoned by Bitcoin Core but not I0Coin as I wrote previously. The same spring Facebook offers Send Money with Messenger. If Messenger allows payments through the Visa and Mastercard network, it is reasonable to think these payments run with a secret transition to I0Coin (for its security feature) and is converted back to fiat on the other end where it is received.
To tie these Messenger payments to crypto, I present the theory that David Marcus, who split Messenger off of the core app, also knew of the splitting of I0Coin off BTC when I0Coin chose to keep a secure Open SSL (1.0.1k) and BTC abandoned SSL. The reason OP_codes do not translate well today on the BTC ledger is because of the difference — Open SSL has a hard time translating OP_codes to other cryptographic algorithms like libsecp256k1. Bitcoin dev Pieter Wiulle wrote this word for word in 2015:
This on itself would not be a problem, as full nodes on the network
currently use OpenSSL. However, while researching what was needed to
make libsecp256k1 compatible with it, I discovered that OpenSSL is even
inconsistent with itself across different platforms.
Coinbase also had to know about I0Coin being the only compatible version of Bitcoin compatible on Visa through its Shift Visa debit card offering. David Marcus recently teamed up with Coinbase, joining its board of directors in December 2017 :
The blockchain, which serves as the technical foundation for all cryptocurrencies — like bitcoin — is all the rage. Facebook’s decision to pursue blockchain technology will most certainly add some validity to the crypto industry, which has been very chaotic. This doesn’t mean that Facebook will build its own cryptocurrency, but there are many ways that blockchain technology could be used that have nothing to do with cryptocurrencies, including encrypted data storage. Marcus does have a personal interest in cryptocurrencies, though. He joined the board of cryptocurrency exchange Coinbase in December.
David Marcus is now in charge of Facebook’s blockchain initiative and is saddled up with Coinbase. He is responsible for splitting Messenger from Facebook core to make 2 apps that were once the same. Coinbase offers Visa backed crypto debit Shift cards in the United States and Messenger began to offer Send Money as a way to send payments with US-based Visa or Mastercard debit cards with David Marcus. David Marcus connects Coinbase and Facebook in being actively employed as Facebook’s head of blockchain after being head of Messenger development since 2015 and joining Coinbase’s board of directors in 2017. Both organizations are connected to the I0Coin split from the BTC ledger in early 2015 when the two differentiated between cryptographic security certificate algorithms. Facebook’s 2015 announcement of its payment system security came after the I0Coin update to a secure patch of Open SSL 1.0.1k in client v 0.12.0.1. I0Coin hash rate has always been top 5% and it keeps on growing to the present day. Price has not followed its hash rate because BTC is getting all of the value since 2015 and previously by stealing I0Coin’s AuxPow reward. The truth is, by not minting the coin, BTC can lose that value at any time when it is claimed by a Zerocoin type process where it is a “bulletin board” holding the value until OP_Return script sig can be read and reclaim the funds to the I0Coin blockchain. The connection is right there in the “bulletin board” (a.k.a. BTC ledger) section of the Zerocoin whitepaper:
The direct connection mentions Zerocoins sent to the BTC ledger are secured from theft and double spends by a distributed digital backing currency. Unspent value going back to I0Coin via OP_Return are backed by Visa or Paypal, possibly, as mentioned in subscript-2 above in the Zerocoin whitepaper. This would also be a remarkable coincidence.
Now Facebook and Coinbase are being mentioned in the same headlines by acquisition just days before a truth has to be revealed about I0Coin being the truly minted Bitcoin, because it uses Open SSL 1.0.1k cryptography which complies with Visa and Mastercard security standards from PCI DSS v 3.2.1 (in effect June 30, 2018). To cover this reality up would be criminal.
The association between Messenger and I0Coin could also extend not only to Coinbase, but to Square, which is owned by Twitter CEO Jack Dorsey. Square is making plenty of moves in crypto from Bitcoin purchases being offered on its Cash app as well as a recent June 18, 2018 award of a New York state cryptocurrency license. The Square Cash app has a very similar logo to the Messenger Send Money feature:
Perhaps an association of insider, institutional awareness of I0Coin being used as a crypto PCI DSS v 3.2.1 compliant payment is where we can draw the connection from Twitter CEO Jack Dorsey’s Square to Coinbase and Facebook, where David Marcus has executive level roles. Assuming New York state is not issuing its licenses to just anybody (it is actually very hard to get such a patent in New York state) — we assume the government is also aware of I0Coin. I wrote a little bit about the government being connected to I0Coin before, I think. You do not get a world digital cryptocurrency without the government signing off on it.
If the ties were not apparent enough the article above mentions how private sector rivals like IBM and Microsoft work together under the umbrella of the Linux Foundation, where Bitcoin code is being merged from multiple separate companies. Peter Wiulle’s message about the BTC split off Open SSL and conversion to libsecp256k1 is hosted on the Linux Foundation website.
Facebook owns Instagram, which has a beta Bitmark your Instagram app feature rolled out publicly through IFTTT (from IBM Watson). Bitmark happens to be a cryptocurrency. To say that Instagram and Twitter are involved in crypto but Facebook is not would be denying all relevant facts of private sector cooperation and Facebook allowing crypto over Instagram, which it owns, and not over Facebook.
Furthermore, there is now a feature that was not available in my previous article (The Space Between) where one can Bitmark their Facebook (jaw dropped):
Bitmark links to other social media Facebook owns, like Instagram. It also links to Jack Dorsey’s Twitter. Or Google’s Youtube. The list goes on and on. In Bitmark’s use of IFTTT, offered by Linux Foundation member IBM and Watson A.I., we have found the Social Media version of the Linux Foundation. All companies connected via one cryptocurrency (Bitmark). This is a remarkable and irrefutable correlation. All Bitmark applications to Facebook do not involve the Messenger app — split off Facebook core’s app since 2015. Bitmark claims to run parallel off Bitcoin (which we know to be I0Coin) in its white paper and in the last FAQ question on the FAQ section of Bitmark.com:
The Bitcoin blockchain enables digital currency. The Ethereum blockchain enables building apps. Bitmark’s open source blockchain enables the making of property from digital data. You don’t need to know how blockchain works to use Bitmark for claiming your property rights. What’s key to know is that blockchain is a decentralized, immutable public ledger. This means data is unique and unforgeable. That’s why the blockchain currency, Bitcoin, is significant. It’s money that can’t be forged. Similarly, the provenance of a bitmarked digital asset can’t be forged either, ensuring your property right to your data.
The default payment method to fund Bitmark transactions and purchases is the bitcoin currency. Other than that, the two are separate with different functions.
And there you will see the explanation I argued for I0Coin (as Bitcoin) and Bitmark (using Ixcoin as a new asset ownership ledger) from this previous entry where I talk a lot about Bitmark:
Remember, Coinbase only adds crypto according to it’s Digital Asset Framework. Bitmark is about digital asset ownership. Bitmark offers social media applets which uses Bitmark cryptocurrency. Bitmark also links separate social media companies together that use its applets and cryptocurrency. Bitmark is now linked to Facebook which is rumored to buy Coinbase. I0Coin is likely the secure source of Facebook payments which shares an executive who came from Paypal, headed Messenger’s Send Money development, moved to Facebook’s blockchain team, and became a board member at Coinbase. Twitter CEO Jack Dorsey also has approved of Bitmark cryptocurrency use via a Twitter applet, and his company Square, has been awarded a cryptocurrency license in New York state. The government links to crypto through Square to Twitter to Bitmark to Facebook to Messenger to David Marcus to Coinbase. Coinbase, because of the Visa backed Shift debit card, has to offer I0Coin and not the coins on BTC’s ledger because it is the source of minted coins and uses Open SSL 1.0.1k security certificates which is acceptable in Visa, Mastercard, American Express, and Discover payment networks.
When I wrote about the Coinbase Index Fund here for the first time I was permanently suspended from Twitter for tweeting about it. No explanation, just permanent cut throat. Now we have a reason why from Twitter’s connection to literally everything in the picture above. I am fine with it, but if asked back I will let bygones be bygones :). Perhaps it was just more drama, but I do not even acknowledge drama for a second in my research. That is how we get facts and revelations, my friends.
Vlad2Vlad: More Subtle Truth
When I look at posts from Ixcoin dev Vlad2Vlad and conversations with him, I read the clues conveyed. He has been amazing in leading me to the right places in his posts I read on bitcointalk.org dating back to 2013. This one about Bitmark, which I previously wrote about, struck me today while I was driving home:
After Vlad2Vlad and I discussed I0Coin being compliant with PCI DSS v 3.2.1 and the rumors in the news about Coinbase being acquired by Facebook — this engagement took place between the two of us on bitcointalk.org:
What we will see is two sequences of events. First, the Bitcoin state reorganization, which is underway, and even showed through when the much discussed Bitcoin Alert Key triggered its message on I0Coin’s block explorer this week — which gives even more proof to the real root source of Bitcoin and its relatives in I0Coin:
But we also now know what I have suspected. Facebook acquiring coinbase links the worlds and mass social and payment adoption is ready to go on social media, tech, and payment channels run by Visa, Mastercard, American Express, Discover, and more. Vlad happens to be the one who pointed me towards this article on PCI DSS compliance for June 30, 2018. It took me awhile to research and understand this week, but here we are. A bigger picture is revealed. I know the truth. The wait is almost over. The crypto summer has almost arrived.
2 billion adoption overnight - indeed - Vlad.
Wallet Security: We Can Learn So Much About What Lies Ahead For BTC With Open SSL 1.0.1k Security Patch Fixes!
Appears that I0C is on wallet 0.11.9 (v.110900) on Cryptopia. Right now I prefer to use the most up to date wallet v 0.12.0.1 because of it uses Open SSL v 1.0.1k which is said to be secure and compliant with PCI DSS v 3.2.1. I like to control my private keys and backup my own wallet data. I offer this advice not completely understanding, but with a lot of confidence in I0Coin’s devs and Open SSL v 1.0.1k being secure. Always encrypt your wallet and backup on usb drives a couple of times. Izerocoin.org has the latest QT wallet for download. You can also find nodes on the block explorer for your i0coin.conf file.
Izerocoin.org has an https prefix and shows as “Non-Secure” in chrome. The site runs on Rapid SSL issues SSLv3 which has the POODLE vulnerability from 2014:
RapidSSL is aware and currently investigating CVE-2014–3566 SSLv3 POODLE vulnerability. This vulnerability centers around cipher block chaining (CBC) encryption implementation and allow attackers with a Man-in-the-Middle (MITM) position to derive the contents of a secure payload based on responses received from requests sent from a compromised browser to a legitimate server.
This is a vulnerability with the SSL protocol; existing SSL certificates are not affected and do not need to be replaced.
RapidSSL is disabling support for SSLv3 effective October 16, 2014.
SSLv3 was disabled from HTTPS internet connected websites in 2014. Open SSL 1.0.1k, used in I0C wallet v 0.12.0.1, came out in the middle of 2016 and is updated to fix that vulnerability with January 2015 Open SSL patch 1.0.1k. It also seems that this wallet update will rectify the issues we see on the Bitcoin ledger, once enabled (read the fixes quoted in the following paragraphs). My particular hypothesis as to why Cryptopia didn’t update to I0C qt v 0.12.0.1, and runs instead on v 0.11.9 is due to the fact that once Cryptopia goes to v 0.12.0.1 it will have a secure patch that will correct the BTC transactions that are essentially “man in the middle” taking away I0Coin’s via DVC and AuxPow. The second part of that correction has to be that libsecp256k1 for BTC does not correctly translate OP_codes from Open SSL. It’s a two step process, but Cryptopia is the only exchange one can get their I0C from on the open market. Therefore, something can probably be said about the purposeful non-updating to the secure Open SSL 1.0.1k using wallet (v. 0.12.0.1).
My reasoning to believe that website certificates matter in relation to Bitcoin and others is that we are buying “bits” of space. Or we buy things using bits of space. A website may run on the very bits you are buying or plainly run on a wallet version of a particular crypto. Pretty much a hypothesis at this point for me, but I have seen a little proof so far. I did find some info on website certificates and SCT Lists:
Anyone can submit certificates to certificate logs for public
auditing; however, since certificates will not be accepted by TLS
clients unless logged, it is expected that certificate owners or
their CAs will usually submit them. A log is a single, ever-growing,
append-only Merkle Tree of such certificates.When a valid certificate is submitted to a log, the log MUST
immediately return a Signed Certificate Timestamp (SCT). The SCT is
the log's promise to incorporate the certificate in the Merkle Tree
within a fixed amount of time known as the Maximum Merge Delay (MMD).
If the log has previously seen the certificate, it MAY return the
same SCT as it returned before. TLS servers MUST present an SCT from
one or more logs to the TLS client together with the certificate.
TLS clients MUST reject certificates that do not have a valid SCT for
the end-entity certificate.Periodically, each log appends all its new entries to the Merkle Tree
and signs the root of the tree. Auditors can thus verify that each
certificate for which an SCT has been issued indeed appears in the
log. The log MUST incorporate a certificate in its Merkle Tree
within the Maximum Merge Delay period after the issuance of the SCT.Log operators MUST NOT impose any conditions on retrieving or sharing
data from the log.
It appears Izerocoin.org simply does not have a SCT List. It could be the root of the tree needing to be signed. But that is speculation from someone who just started studying website certificates this week. I think that something has to do with I0Coin being the “attacker” or poison attacker from the end of the Bitcoin whitepaper. Something Satoshi, or the group known as Satoshi, planned to save Bitcoin and prove its security in transitioning it back to a decentralized peer to peer currency.
The POODLE vulnerability was fixed just before 1.0.1k came out in 1.0.1j in late 2014 — so it should not be a problem for I0C qt-wallet v 0.12.0.1 which uses Open SSL 1.0.1K. Below are security fixes in Open SSL 1.0.1k which is used in I0C qt-wallet v 0.12.0.1 (note that BTC dev Peter Wiulle is even mentioned as well as Blockstream). These fixes tell a tale about the future of both I0C and BTC:
CVE-2015–0206 (OpenSSL advisory) 08 January 2015:
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. Reported by Chris Mueller.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1–1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p
CVE-2015–0205 (OpenSSL advisory) 08 January 2015:
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered. Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1–1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p
CVE-2014–3570 (OpenSSL advisory) 08 January 2015:
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined: *) The probability of BN_sqr producing an incorrect result at random is very low: 1/2⁶⁴ on the single affected 32-bit platform (MIPS) and 1/2¹²⁸ on affected 64-bit platforms. *) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. *) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. *) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail — either the attacker cannot control when the bug triggers, or no private key material is involved. Reported by Pieter Wuille (Blockstream).
Fixed in OpenSSL 1.0.1k (Affected 1.0.1–1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p, OpenSSL 0.9.8zd
CVE-2015–0204 (OpenSSL advisory) 06 January 2015:
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session. Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1–1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p, OpenSSL 0.9.8zd
CVE-2014–8275 (OpenSSL advisory) 05 January 2015:
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate’s fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. Reported by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program/Konrad Kraszewski from Google.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1–1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p, OpenSSL 0.9.8zd
CVE-2014–3572 (OpenSSL advisory) 05 January 2015:
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite. Reported by Karthikeyan Bhargavan of the PROSECCO team at INRIA.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1–1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p, OpenSSL 0.9.8zd
And most importantly, we must reject the null with I=0. The nulltx is rejected and all value floods back to I0Coin 😉:
CVE-2014–3569 (OpenSSL advisory) 21 October 2014:
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. Reported by Frank Schmirler.
Fixed in OpenSSL 1.0.1k (Affected 1.0.1j)
This issue was also addressed in OpenSSL 1.0.0p, OpenSSL 0.9.8zd
Bitcoin doesn’t even list a version for its wallet on Cryptopia. This is true for other cryptos on Cryptopia’s CoinInfo section, but we are talking about Bitcoin — you would think someone would update the wallet version for Bitcoin. My fact based theory is that Bitcoin is a ledger; therefore, what you trade as “Bitcoin” on Cryptopia could very well be I0Coin:
Ixcoin is currently using its current wallet 0.14.1 (v. 140100) on Cryptopia. Still you should checkout ixcoin.net for the latest qt-wallet so you can encrypt your wallet and control your private keys.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Institutional donations accepted (Twitter I’m looking at you! jk) for well done research and are very, very appreciated. I would love to do my best to continue building upon the work passed on from dev to dev by pushing adoption and generosity via crypto for those in need in the near future. Free crypto articles and research to the future public influx into crypto coming from someone that cared enough to tip the public off in advance. I hope people from the public that benefit from this research are unselfish with their wealth and remember what its like to struggle. Help others and be generous. When you join another class financially, do not forget where you came from. The world can be a much better place if you use your new financial capability to make a positive impact on the many people you will meet in the future. I know it sounds a little “kumbaya” but its how I am built. Evidence — these research articles are not easy. For my motives, just read Generation Z it’s a heartfelt reality of how I view the past and what we can accomplish in the future to live happier and more prosperous lives while extending peace wherever we go. Drop me an email dtreccia@hotmail.com if you wanna chat after a donation or just in general. I love talking about crypto with everyone and anyone.
Again, insiders, appreciate your donations and extraordinary efforts.
I0C: jXnrLkdpY6t9WuQ94bUcQoecRHnBtwieyr
IXC: xYWFvHhN8kDCuAoKytyQupWSawXjnoEKxj
BCH: bitcoincash:qz6jlw7x2wnjfzfrhyglmqrlgdrlpwashcnkd8nul6
