xBORDER Network Search Result

33 items found for ""

Events (1)

  • April 25, 2020 | 5:00 PM
    171 S Whisman Rd, Mountain View, CA 94041, United States 9WPP+QM Mountain View, California, United States
View All

Blog Posts (6)

  • Finding an investment that’s right for you

    Create a blog post subtitle that summarizes your post in a few short, punchy sentences and entices your audience to continue reading. Welcome to your blog post. Use this space to connect with your readers and potential customers in a way that’s current and interesting. Think of it as an ongoing conversation where you can share updates about business, trends, news, and more. Design with Ease Do you have a design in mind for your blog? Whether you prefer a trendy postcard look or you’re going for a more editorial style blog - there’s a stunning layout for everyone. Every layout comes with the latest social features built in. Readers will be able to easily share posts on social networks like Facebook and Twitter, view how many people have liked a post, made comments and more. With the Wix, building your online community has never been easier. Create Relevant Content You’ll be posting loads of engaging content, so be sure to keep your blog organized with Categories that also allow readers to explore more of what interests them. Each category of your blog has its own page that’s fully customizable. Add a catchy title, a brief description and a beautiful image to the category page header to truly make it your own. You can also add tags (#vacation #dream #summer) throughout your posts to reach more people, and help readers search for relevant content. Using hashtags can expand your post reach and help people find the content that matters to them. Go ahead, #hashtag away. Stun Your Readers Be original, show off your style, and tell your story. Blogging gives your site a voice, so let your business’ personality shine through. Are you a creative agency? Go wild with original blog posts about recent projects, cool inspirational ideas, or what your company culture is like. Add images, and videos to really spice it up, and pepper it with slang to keep readers interested. Are you a programmer? Stay on the more technical side by offering weekly tips, tricks, and hacks that show off your knowledge of the industry. No matter what type of business you have, one thing is for sure - blogging gives your business the opportunity to be heard in a way in a different and unconventional way. Get Inspired To keep up with all things Wix, including website building tips and interesting articles, head over to to the Wix Blog. You may even find yourself inspired to start crafting your own blog, adding unique content, and stunning images and videos. Start creating your own blog now. Good luck!

  • 5 Facts to remember when choosing a markets consultant

    Create a blog post subtitle that summarizes your post in a few short, punchy sentences and entices your audience to continue reading. Cloud-x Partner of Acronis & Google. The future is Decentralized You’ll be posting loads of engaging content, so be sure to keep your blog organized with Categories that also allow visitors to explore more of what interests them. About Cloud-x : https://www.cloud-x.app

  • xBORDER eCommerce ⭐ Block-Chain Automated API Intelligent Cloud Network Introduction

    xBORDER eCommerce ⭐ Block-Chain Automated API Intelligent Cloud Network!! Another participant signt the contacts today! More News wil follow soon! XBORDER Welcome! April 07, 2020, AMsterdam, Netherland. The concept of decentralized digital currency, as well as alternative applications like property registries, has been around for decades. The anonymous e-cash protocols of the 1980s and the 1990s, mostly reliant on a cryptographic primitive known as Chaumian blinding, provided a currency with a high degree of privacy, but the protocols largely failed to gain traction because of their reliance on a centralized intermediary. In 1998, Wei Dai's b-money became the first proposal to introduce the idea of creating money through solving computational puzzles as well as decentralized consensus, but the proposal was scant on details as to how decentralized consensus could actually be implemented. In 2005, Hal Finney introduced a concept of reusable proofs of work, a system which uses ideas from b-money together with Adam Back's computationally difficult Hashcash puzzles to create a concept for a cryptocurrency, but once again fell short of the ideal by relying on trusted computing as a backend. In 2009, a decentralized currency was for the first time implemented in practice by Satoshi Nakamoto, combining established primitives for managing ownership through public key cryptography with a consensus algorithm for keeping track of who owns coins, known as "proof of work". Peter

View All

Pages (26)

  • Blockchain KIX | Intro Funding E-Commerce Blockchain Crypto-Currency

    BLOCKCHAIN KIX .COM CONTROL ​ ​ ​ RF 007 -- ONLINE SPY SHOP: --- WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS ​ ​ ​ ​ ​ ​ ​ QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ​ ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, TBECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, DO YOU BELIEVE? ELON DOES.. ​ ​ CHINA - DE - SUA - JPN - RUSSIA - [ USA, UK, AU, NL, FR ] - THE POWER OF TECHNOLOGY AND THE PLAYERS , E-BOOK . RF 007 -- SPY SHOP: --- WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS KNOW-HOW THE STRONGEST TRANSPORTER OF DATA? DSL? 6G? SUPER-WIFI? NOPE.. VOLT.. THATS RIGHT: WHEN YOU PLUG YOUR HIGH-END PGP PHONE INTO THE POWERLINE TO CHARGE.. ALTHO THIS TECHNOLOGY IS DIFFICULT AND NEW: THIS IS HOW JEFF BESOZ GOT HACKED. YOU KNOW BLUETOOTH IS ACCESSIBLE OVER VOLT? I CAN HOP FROM DEVICE TO DEVICE. I CAN MIMIK YOUR BLEUTOOTH MAC-NUMBER, AND ID, SO THAT AN CORRUPTED DEVICE WILL SYNC WITH YOUR DEVICES, AND ACCESSIBLE TO ALL DEVICES THAT YOU CONNECTED TO POWERLINES: FROM THERE I CAN ACCESS YOUR UNIQUE MAC & SNIN NUMBERS, SPOOF THEM, AND YOU WILL CARRY A 'HOST' WITH YOU ALL THE TIMES, WHEREEVER YOU GO. PASSWORDS? LOCKS? DOESNT MATTER BECAUSE YOUR PHONE OR COMPUTER DOESNT RECONISE THE TREATH. I CAN HOP FROM YOUR BLUETOOTH, WIFI OR GMS -RF TO ALL DEVICES THAT BROADCAST RF-SIGNALS: CAMERAS, PHONES, TV'S, COMPUTERS, YOUR MOTORBIKE, YOUR ELECTRIC CAR,SCARY: I CAN GO INSIDE YOUR HEAD WHEN YOU WEAR HEARING DEVICES.. I CAN MANIPULATE YOUR PHONE APPLICATIONS, ALTER MUSIC OR JUST TAKE IT EASY: CHANGE NAME-SERVERS & ALL YOUR UPLOAD & DOWNLOAD DATA WILL BE TRANSPORTED TO MY PERSONAL COMPUTER 'A SO CALLED MIM-ATTACK' . I DID RESEARCH ON DATA OVER VOLT FOR THE PAST 3 YEARS, I GOT THE ATTENTION OF VARIOUS AGENCIES: CHINA, THE UK, AND MY FELLOW COUNTRY MEN , THE DUTCH, ARE 24/7 PRESENT. I TRIED TO LAUNCH WEBSITES BEFORE THIS ONE ON THIS SUBJECT: IMPOSSIBLE: WEB-SITES WHERE REMOVED, DOMAIN NAMES GONE, SOFTWARE PATENTS BLOCKED. WHEN I TOLD MY SISTER, SHE DID NOT BELIEVE ME. I REPORTED MORE THAN 8 TIMES AT THE POLICE STATION, I WROTE LETTERS TO THE MINISTER OF JUSTICE AND THE MINISTER OF TECHNOLOGY: SHE WROTE ME BACK: SOMETHING LIKE: FUCK OFF. THE POLICE TOLD ME I HAD MENTAL PROBLEMS, AND THAT I 'HAD TO LET THIS SUBJECT GO.. NOW 3 YEARS LATER, WHEN THIS KNOW-HOW IS GETTING OUT TO THE PUBLIC, THE DUTCH GOVERNMENT WAS FALLEN , SOME OF THEM HAVE TO GO TO COURT: 30.000 MAN, WOMAN & CHILDREN WHERE CUT ON WELL-FARE FOR MORE THAN 10 TO 15 YEARS, LOANS STOPT, LOSING THEIR HOUSING, MARKED AS CRIMINALS, BECAUSE OF WHAT THEY REFER AS 'HUMAN ERRORS', BLAMING EACH OTHER, SHOWING UP TO LATE AT HEARING COMMISSIONS, TAKE-ING NO RESPONSIBILITY, BLAMING EACH OTHER, NOT EVEN ONE SPOKE THE TRUTH, OR THEY JUST DONT FUCKING CARE ! SLAMMER OF THE MOINTH: THE JUSTICE AND COMPUTER DEPARTMENT: PREACHING AND TELLING THE PEOPLE OF THE NETHERLANDS THEY CANNOT GO OUTSIDE AFTER 9 WITH MORE THAN 3 PEOPLE: THE MINISTER OF JUSTICE WAS CAUGHT THAT WEEKEND AT A PARTY AFTER 9 WITH MORE THAN 3 PEOPLE. IRONIC ISN'T IT ? THE MINISTER OF TECHNOLOGY: A WOMEN WHO DOESNT KNOW THAT 'LINUX' IS, GAVE US A NEW LAW: DE SLEEPWET, THIS LAW MAKES MASSIVE SURVAILLANCE LEGAL. FUNNY THING: THEY WANTED IT TO LOOK DEMOCRATIC: AND TOLD US WE HAVE THE DEMOCRATIC RIGHT IN A 'REFERENDUM' TO VOTE AGAINST OR PRO THIS LAW: THE LAW WAS DENIED BY THE PEOPLE OF THE NETHERLANDS: 2 MONTHS LATER IT WAS AN ACTIVE LAW, AND MAKES THE NETHERLANDS NO.1 ON SURVEILLANCE IN EUROPE. LUCKY FOR ME: MY LOGS SHOWED IP'S, I COULDN'T FIGURE IT OUT, HOW THEY WHERE ABLE TO HACK MY FIREWALLS, VPN'S, PASSWORDS EVEN VIRTUAL MACHINES:: DATA OVER VOLT. SELLING THIS TECHNOLOGY TO ARAB COUNTRIES,PROMOVATING TO ONE OF THE 5-EYES . USA-UK-CANADA-AU-NL -- : GOOGLE, APPLE THEY KNOW: GOOGLE, APPLE, DHL AND MANY MORE ARE BUILDING DATA-CENTERS IN NL WORTH BILLIONS AND BILLIONS OF DOLLARS. WHY? REMEMBER GOOGLE WAS FINED 4 BILLION EURO BY EUROPE? THEY NEVER PAYED. THE DUTCH STRUCK A DEAL:GOOGLE BUILDS DATA CENTRES WORTH BILLIONS , GOOGLE DOESNT PAY A FINE, BUT BUILD DATA-CENTRES, PAYING NO TAX HERE WAS ALSO SOLVED BY THE DUTCH: IN THE NETHERLANDS WHEN YOU HAVE TAX-DECLERANCE ABOVE 100MILLION USD, YOU HAVE A SPECIAL TEAM VISITING YOU: MAKING A TAX-DEAL: ITS ARE FACTS HUH: MY GOVERNMENT MAKE ANOTHER DEAL: SOFTWARE, DATA BACKDOOR THAT GIVES THE DUTCH ONLY IN THE REAREST OCCASION PRIVILEGE TO USE THAT BACKDOORS: THE TRUTH IS THAT ITS USED IN THE POLICE ACADEMY, AND STUDENTS BRAG TO EACH OTHER , OVER MANIPULATING AND PLAYIN' TRICKS ON CILIVIALS. THE PROGRAM STOPPED IN ACADEMY: THEY FOUND OUT THAT DATA REALLY MEANS POWER.. ALSO, I WANT TO PRAISE THE HONEST DUTCH GOVERMNENT WORKERS AND THE POLICE. MAY THE FORCE BE WITH YOU. PETER OLDENBURGER, AMSTERDAM, DUTCH-LAND. FACTS FFAC HACKING MILITARY GRADE Peter Oldenburger, Amsterdam, NL 2021. MINE. FACTS. DATA TOOLS TO PROTECT YOUR DATA , OVER VOLT. QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, TBECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, DO YOU BELIEVE? ELON DOES.. CHINA - DE - SUA - JPN - RUSSIA - [ USA, UK, AU, NL, FR ] - THE POWER OF TECHNOLOGY AND THE PLAYERS , E-BOOK . Ask MEGA-MAN index KIX CLOUD -X BLOCK -X API-X API-x INTEL Events, Meets & Greets Index CLOUD-x Events, Tech & Develop Sitemap CYBER SECURITY, PENETRATION TESTING, - HACKING & DEBUGGING -- PERSONAL ADVISE, BUSINESS ADVIS, CORPORATE UPGRADING, PRIVATE &GOVERNMENT. WE OFFER HIGH-END & MILITARY GRADE KNOW-HOW, TOOLS, CORDINATING , SOFTWARE & INFORMATION, 100% LEGAL, OPEN & TRANSPARENT, LICENCED. ​ PROJECTS INCLUDE: PEN-TESTING, CRYPTO-CURRENCY, CRYPTO-PROGRAMMING & BLOCKCHAIN DEVELOPMENT: WE BRING YOU WORLD FIRST DECENTRAL E-COMMERCE NETWORK -- THE BORDER PLATFORM ~ 5 API-AUTOMATED E-COMMERCE SHOPS ON AN ONLINE PLATFORM, EASY TO CONFIGURE & CONTROLLED.. WE ARE PROUIUD TO PRESENT: XBO = WORLD FIRST CRYPTO-SHARE, THE FIRST CRYPTO-CURRENCY THAT REPRESENTS VALUE ! WITH 5 PATENTS @ THE United States USPTO & INTEREST FROM TECH-COMPANIES & GOVERMNENTS AS CHINA & THAILAND.. . READ MORE: HOW THE FIRST CRYPTO_CROWDFUND WILL SPARK DECENTRAL E-COMMERCE PLATFORMS: THIS WILL BE THE FUTURE OF API-INTEL E-COMMERCE. ​ RF 007 -- ONLINE SPY SHOP: --- WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS ​ ​ QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ​ ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, TBECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, DO YOU BELIEVE? ELON DOES.. ​ ​ CHINA - DE - SUA - JPN - RUSSIA - [ USA, UK, AU, NL, FR ] - THE POWER OF TECHNOLOGY AND THE PLAYERS , E-BOOK . BLOCKCHAIN CH-x Free Workshops Interactive Forum Sys ECOMMERCE mission control Ξ BLOCKCHAIN powered API INTELligent cloud NETWORK XBORDER Ξ ECOMMERCE multi-layer BLOCKCHAIN & API-X ™ INTELLIGENT network - CLOUD-x CRYPTO-platform XBORDER ECOMMERCE - BLOCK-CHAIN CH-X INTELLIGENT API-X CRYPTO CLOUD-X NETWORK ​ Ξ xBORDER ecommerce platform Ξ ​ Ξ ∞ VOC-x { automated learning Ξ ∞ API-x { Analytic Intelligent Ξ ∞ snb-x { sandbx development Ξ ∞ bLc-x { Multi- layer BlockChain BLOCKCHAIN powered API INTELligent cloud NETWORK ​ SOFTWARE ENGINEERING PROJECTS: PEN-TESTING FOR CORPORATIONS, CRYPTO-CURRENCY, CRYPTO-PROGRAMMING & BLOCKCHAIN DEVELOPMENT: WE BRING YOU WORLD FIRST DECENTRAL E-COMMERCE NETWORK -- THE BORDER PLATFORM ~ 5 API-AUTOMATED E-COMMERCE SHOPS ON AN ONLINE PLATFORM, EASY TO CONFIGURE & CONTROLLED.. WE ARE PROUIUD TO PRESENT: XBO = WORLD FIRST CRYPTO-SHARE, THE FIRST CRYPTO-CURRENCY THAT REPRESENTS VALUE ! WITH 5 PATENTS @ THE United States USPTO & INTEREST FROM TECH-COMPANIES & GOVERMNENTS AS CHINA & THAILAND.. . READ MORE: HOW THE FIRST CRYPTO_CROWDFUND WILL SPARK DECENTRAL E-COMMERCE PLATFORMS: THIS WILL BE THE FUTURE OF API-INTEL E-COMMERCE. ​ RF 007 -- ONLINE SPY SHOP: --- WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS ​ ​ QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ​ ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, TBECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, DO YOU BELIEVE? ELON DOES.. ​ ​ CHINA - DE - SUA - JPN - RUSSIA - [ USA, UK, AU, NL, FR ] - THE POWER OF TECHNOLOGY AND THE PLAYERS , E-BOOK . The Timeline affiliate THE FUTURE OF ECOMMERCE xborder ecommerce platform e-commerce decentralized, powered by block-chains & connected & full automated by api code intergrations codecs. xx worlds first 'crypto-currency' with real & instant value, the ultimate crypto-future. xbo, worlds first 'crypto-currency' with real & instant value, the ultimate crypto-future. FEDERATION NERDS ⭐ API-X AUTOMATED INTELLIGENT E-COMMERCE platform blockchAIN-X multi-layerd block-chain controller nodes cloud-X real-time block-chain powered sync & back bo-X.io crowdfunding startup UNITED FEDERATION OF NERDS UNITED FEDERATION OF NERDS NEWS & UPDATES @ xBORDER NET BE FIRST 2 KNOW I agree to the terms & conditions > Thanks for submitting! WELCOME TO THE FUTURE, HUMANITY @ 2020 THE UNITED FEDERATION OF NERDS, EARTH GALACTIC L/L = 42DG39MIN32.4SEC_43DG08MIN19.2SEC @ 01/01/2214 xBORDER ∞ PROJECT8 ∞ THE E-COMMERCE REVOLUTION ∞ THE RISE OF DECENTRALIZATION ABOUT DECENTRALIZATION DECENTRALIZED MEANS APPLYING CONTRACTING DIRECTLY BETWEEN 0 & 1 THE HISTORICAL WAY OF CONTRACTING WAS TROUGH A MIDDLE MAN, THIS HAPPEND FOR A REASON, THE MIDDLE MAN, OR MIDDLE CONTRACT SUPPLIED ' THE TRUST OF VALUE ' FOR THAT TRANSACTION. BLOCK-CHAIN AND CRYPTO-CHAIN TECHNOLOGY ARE FORMS OF APPLYING DIRECT CONTRACTING . BLOCKCHAIN AS A MONETAIR CURRECY ? WELL, TO BE HONEST, ZUCKENBERG, THIS IS NOT POSSIBLE. DDUE TO THE HIGH AMOUNTHS OF ENERGIE IT TAKES TO PRODUCE YOUR LIBRA, I WAS CONFUSED WHEN I WAS READING THE WHITEPAPER, IT DOESNT APPLY NEW TECHNOLOGIE BUT BUILDS ON OLDER BITCOIN / ETHERIUM BITS & VALUE. BITCOIN IS SLOW & CONSUMES WAY TO MUCH ENERGY TO BE APPLIED IN REAL-TIME SYNC OR LIFE. THATS SO 1990 CHECK IT HERE YOU KNOW THERE IS ONLY A KEYNES VALUE API-X GIVES LEGAL OWNERSHIP OF xBORDER E-COMMERCE PLATFORM xBORDER NETWORK ∞ HTTPS://www.APi-X .APP POWERED & SECURED BY xBORDERS MULTI-LAYERED BLOCK-CHAIN TECHNOLOGY ∞ HTTPS://BLOCKCH-x.ORG ACCESS & CONFIG OF API-X & XBO IN REAL-TIME SYNC AT xBORDERS CLOUD NETWORK ∞ HTTPS://CLOUD-x .APP TRADE, INVEST OR EXPAND API-x E-COMMERCE PLATFORMS, JOIN THE TRADERS GILD ∞ HTTPS://VOC-x.ORG CLOUD-X BLOCKCHAIN-X INTELLIGENT API-X E-COMMERCE BLOCK-CHAIN NETWORK VIDEO CENTRAL DECENTRALIZED FORUM - START WORKING TOGETHER ! ! ​ KIX.ONE WHITEPAPER 2021 ​ Chapters ​ The History xBORDER As A State Transition System Mining in Generic Merkle Trees Alternative Blockchain Applications Scripting xBORDER BLOCKCNX Philosophy xBORDER Accounts Messages and Transactions Messages xBORDER State Transition Function Code Execution xBORDER and Mining Applications Token Systems Financial derivatives and Stable-Value Currencies Identity and Reputation Systems Decentralized File Storage Decentralized Autonomous Organizations Further Applications Miscellanea And Concerns Modified GHOST Implementation Fees Computation And Turing-Completeness Currency And Issuance Mining Centralization Scalability Conclusion Notes and Further Reading Notes Further Reading Introduction to Bitcoin and Existing Concepts The concept of decentralized digital currency, as well as alternative applications like property registries, has been around for decades. The anonymous e-cash protocols of the 1980s and the 1990s, mostly reliant on a cryptographic primitive known as Chaumian blinding, provided a currency with a high degree of privacy, but the protocols largely failed to gain traction because of their reliance on a centralized intermediary. In 1998, Wei Dai's b-money became the first proposal to introduce the idea of creating money through solving computational puzzles as well as decentralized consensus, but the proposal was scant on details as to how decentralized consensus could actually be implemented. In 2005, Hal Finney introduced a concept of reusable proofs of work, a system which uses ideas from b-money together with Adam Back's computationally difficult Hashcash puzzles to create a concept for a cryptocurrency, but once again fell short of the ideal by relying on trusted computing as a backend. In 2009, a decentralized currency was for the first time implemented in practice by Satoshi Nakamoto, combining established primitives for managing ownership through public key cryptography with a consensus algorithm for keeping track of who owns coins, known as "proof of work". xBORDER mechanism behind proof of work was a breakthrough in the space because it simultaneously solved two problems. First, it provided a simple and moderately effective consensus algorithm, allowing nodes in the network to collectively agree on a set of canonical updates to the state of the Crypto-ledger. Second, it provided a mechanism for allowing free entry into the consensus process, solving the political problem of deciding who gets to influence the consensus, while simultaneously preventing sybil attacks. It does this by substituting a formal barrier to participation, such as the requirement to be registered as a unique entity on a particular list, with an economic barrier - the weight of a single node in the consensus voting process is directly proportional to the computing power that the node brings. Since then, an alternative approach has been proposed called proof of stake, calculating the weight of a node as being proportional to its currency holdings and not computational resources; the discussion of the relative merits of the two approaches is beyond the scope of this paper but it should be noted that both approaches can be used to serve as the backbone of a cryptocurrency. ​ Peter Oldenburger, the founder of xBORDER wrote this Blog Post: ​ ​ the Crypto As A State Transition System The ledger of a cryptocurrency such as the Crypto can be thought of as a state transition system, where there is a "state" consisting of the ownership status of all existing the Cryptos and a "state transition function" that takes a state and a transaction and outputs a new state which is the result. In a standard banking system, for example, the state is a balance sheet, a transaction is a request to move $X from A to B, and the state transition function reduces the value in A's account by $X and increases the value in B's account by $X. If A's account has less than $X in the first place, the state transition function returns an error. Hence, one can formally define: APPLY(S,TX) -> S' or ERROR APPLY({ Alice: $50, Bob: $50 },"send $20 from Alice to Bob") = { Alice: $30, Bob: $70 } APPLY({ Alice: $50, Bob: $50 },"send $70 from Alice to Bob") = ERROR The "state" in the Crypto is the collection of all coins (technically, "unspent transaction outputs" or UTXO) that have been mined and not yet spent, with each UTXO having a denomination and an owner (defined by a 20-byte address which is essentially a cryptographic public keyfn. 1). A transaction contains one or more inputs, with each input containing a reference to an existing UTXO and a cryptographic signature produced by the private key associated with the owner's address, and one or more outputs, with each output containing a new UTXO to be added to the state. The state transition function APPLY(S,TX) -> S' can be defined roughly as follows: For each input in TX: If the referenced UTXO is not in S, return an error. If the provided signature does not match the owner of the UTXO, return an error. If the sum of the denominations of all input UTXO is less than the sum of the denominations of all output UTXO, return an error. Return S' with all input UTXO removed and all output UTXO added. The first half of the first step prevents transaction senders from spending coins that do not exist, the second half of the first step prevents transaction senders from spending other people's coins, and the second step enforces conservation of value. In order to use this for payment, the protocol is as follows. Suppose Alice wants to send 11.7 BTC to Bob. First, Alice will look for a set of available UTXO that she owns that totals up to at least 11.7 BTC. Realistically, Alice will not be able to get exactly 11.7 BTC; say that the smallest she can get is 6+4+2=12. She then creates a transaction with those three inputs and two outputs. The first output will be 11.7 BTC with Bob's address as its owner, and the second output will be the remaining 0.3 BTC "change", with the owner being Alice herself. Mining block_picture.jpg If we had access to a trustworthy centralized service, this system would be trivial to implement; it could simply be coded exactly as described, using a centralized server's hard drive to keep track of the state. However, with the Crypto we are trying to build a decentralized currency system, so we will need to combine the state transition system with a consensus system in order to ensure that everyone agrees on the order of transactions. the Crypto's decentralized consensus process requires nodes in the network to continuously attempt to produce packages of transactions called "blocks". The network is intended to produce roughly one block every ten minutes, with each block containing a timestamp, a nonce, a reference to (ie. hash of) the previous block and a list of all of the transactions that have taken place since the previous block. Over time, this creates a persistent, ever-growing, "blockchain" that constantly updates to represent the latest state of the the Crypto ledger. The algorithm for checking if a block is valid, expressed in this paradigm, is as follows: Check if the previous block referenced by the block exists and is valid. Check that the timestamp of the block is greater than that of the previous blockfn. 2 and less than 2 hours into the future Check that the proof of work on the block is valid. Let S[0] be the state at the end of the previous block. Suppose TX is the block's transaction list with n transactions. For all i in 0...n-1, set S[i+1] = APPLY(S[i],TX[i]) If any application returns an error, exit and return false. Return true, and register S[n] as the state at the end of this block. Essentially, each transaction in the block must provide a valid state transition from what was the canonical state before the transaction was executed to some new state. Note that the state is not encoded in the block in any way; it is purely an abstraction to be remembered by the validating node and can only be (securely) computed for any block by starting from the genesis state and sequentially applying every transaction in every block. Additionally, note that the order in which the miner includes transactions into the block matters; if there are two transactions A and B in a block such that B spends a UTXO created by A, then the block will be valid if A comes before B but not otherwise. The one validity condition present in the above list that is not found in other systems is the requirement for "proof of work". The precise condition is that the double-SHA256 hash of every block, treated as a 256-bit number, must be less than a dynamically adjusted target, which as of the time of this writing is approximately 2187. The purpose of this is to make block creation computationally "hard", thereby preventing sybil attackers from remaking the entire blockchain in their favor. Because SHA256 is designed to be a completely unpredictable pseudorandom function, the only way to create a valid block is simply trial and error, repeatedly incrementing the nonce and seeing if the new hash matches. At the current target of ~2187, the network must make an average of ~269 tries before a valid block is found; in general, the target is recalibrated by the network every 2016 blocks so that on average a new block is produced by some node in the network every ten minutes. In order to compensate miners for this computational work, the miner of every block is entitled to include a transaction giving themselves 12.5 BTC out of nowhere. Additionally, if any transaction has a higher total denomination in its inputs than in its outputs, the difference also goes to the miner as a "transaction fee". Incidentally, this is also the only mechanism by which BTC are issued; the genesis state contained no coins at all. In order to better understand the purpose of mining, let us examine what happens in the event of a malicious attacker. Since the Crypto's underlying cryptography is known to be secure, the attacker will target the one part of the Bitcoin system that is not protected by cryptography directly: the order of transactions. The attacker's strategy is simple: Send 100 BTC to a merchant in exchange for some product (preferably a rapid-delivery digital good) Wait for the delivery of the product Produce another transaction sending the same 100 BTC to himself Try to convince the network that his transaction to himself was the one that came first. Once step (1) has taken place, after a few minutes some miner will include the transaction in a block, say block number 270. After about one hour, five more blocks will have been added to the chain after that block, with each of those blocks indirectly pointing to the transaction and thus "confirming" it. At this point, the merchant will accept the payment as finalized and deliver the product; since we are assuming this is a digital good, delivery is instant. Now, the attacker creates another transaction sending the 100 BTC to himself. If the attacker simply releases it into the wild, the transaction will not be processed; miners will attempt to run APPLY(S,TX) and notice that TX consumes a UTXO which is no longer in the state. So instead, the attacker creates a "fork" of the blockchain, starting by mining another version of block 270 pointing to the same block 269 as a parent but with the new transaction in place of the old one. Because the block data is different, this requires redoing the proof of work. Furthermore, the attacker's new version of block 270 has a different hash, so the original blocks 271 to 275 do not "point" to it; thus, the original chain and the attacker's new chain are completely separate. The rule is that in a fork the longest blockchain is taken to be the truth, and so legitimate miners will work on the 275 chain while the attacker alone is working on the 270 chain. In order for the attacker to make his blockchain the longest, he would need to have more computational power than the rest of the network combined in order to catch up (hence, "51% attack"). Merkle Trees SPV in the Crypto Left: it suffices to present only a small number of nodes in a Merkle tree to give a proof of the validity of a branch. Right: any attempt to change any part of the Merkle tree will eventually lead to an inconsistency somewhere up the chain. An important scalability feature of the Crypto is that the block is stored in a multi-level data structure. The "hash" of a block is actually only the hash of the block header, a roughly 200-byte piece of data that contains the timestamp, nonce, previous block hash and the root hash of a data structure called the Merkle tree storing all transactions in the block. A Merkle tree is a type of binary tree, composed of a set of nodes with a large number of leaf nodes at the bottom of the tree containing the underlying data, a set of intermediate nodes where each node is the hash of its two children, and finally a single root node, also formed from the hash of its two children, representing the "top" of the tree. The purpose of the Merkle tree is to allow the data in a block to be delivered piecemeal: a node can download only the header of a block from one source, the small part of the tree relevant to them from another source, and still be assured that all of the data is correct. The reason why this works is that hashes propagate upward: if a malicious user attempts to swap in a fake transaction into the bottom of a Merkle tree, this change will cause a change in the node above, and then a change in the node above that, finally changing the root of the tree and therefore the hash of the block, causing the protocol to register it as a completely different block (almost certainly with an invalid proof of work). The Merkle tree protocol is arguably essential to long-term sustainability. A "full node" in the the Crypto network, one that stores and processes the entirety of every block, takes up about 15 GB of disk space in the Bitcoin network as of April 2014, and is growing by over a gigabyte per month. Currently, this is viable for some desktop computers and not phones, and later on in the future only businesses and hobbyists will be able to participate. A protocol known as "simplified payment verification" (SPV) allows for another class of nodes to exist, called "light nodes", which download the block headers, verify the proof of work on the block headers, and then download only the "branches" associated with transactions that are relevant to them. This allows light nodes to determine with a strong guarantee of security what the status of any Bitcoin transaction, and their current balance, is while downloading only a very small portion of the entire blockchain. Alternative Blockchain Applications The idea of taking the underlying blockchain idea and applying it to other concepts also has a long history. In 1998, Nick Szabo came out with the concept of secure property titles with owner authority, a document describing how "new advances in replicated database technology" will allow for a blockchain-based system for storing a registry of who owns what land, creating an elaborate framework including concepts such as homesteading, adverse possession and Georgian land tax. However, there was unfortunately no effective replicated database system available at the time, and so the protocol was never implemented in practice. After 2009, however, once Bitcoin's decentralized consensus was developed a number of alternative applications rapidly began to emerge. Namecoin - created in 2010, Namecoin is best described as a decentralized name registration database. In decentralized protocols like Tor, Bitcoin and BitMessage, there needs to be some way of identifying accounts so that other people can interact with them, but in all existing solutions the only kind of identifier available is a pseudorandom hash like 1LW79wp5ZBqaHW1jL5TCiBCrhQYtHagUWy. Ideally, one would like to be able to have an account with a name like "george". However, the problem is that if one person can create an account named "george" then someone else can use the same process to register "george" for themselves as well and impersonate them. The only solution is a first-to-file paradigm, where the first registerer succeeds and the second fails - a problem perfectly suited for the Bitcoin consensus protocol. Namecoin is the oldest, and most successful, implementation of a name registration system using such an idea. Colored coins - the purpose of colored coins is to serve as a protocol to allow people to create their own digital currencies - or, in the important trivial case of a currency with one unit, digital tokens, on the Bitcoin blockchain. In the colored coins protocol, one "issues" a new currency by publicly assigning a color to a specific Bitcoin UTXO, and the protocol recursively defines the color of other UTXO to be the same as the color of the inputs that the transaction creating them spent (some special rules apply in the case of mixed-color inputs). This allows users to maintain wallets containing only UTXO of a specific color and send them around much like regular bitcoins, backtracking through the blockchain to determine the color of any UTXO that they receive. Metacoins - the idea behind a metacoin is to have a protocol that lives on top of Bitcoin, using Bitcoin transactions to store metacoin transactions but having a different state transition function, APPLY'. Because the metacoin protocol cannot prevent invalid metacoin transactions from appearing in the Bitcoin blockchain, a rule is added that if APPLY'(S,TX) returns an error, the protocol defaults to APPLY'(S,TX) = S. This provides an easy mechanism for creating an arbitrary cryptocurrency protocol, potentially with advanced features that cannot be implemented inside of Bitcoin itself, but with a very low development cost since the complexities of mining and networking are already handled by the Bitcoin protocol. Metacoins have been used to implement some classes of financial contracts, name registration and decentralized exchange. Thus, in general, there are two approaches toward building a consensus protocol: building an independent network, and building a protocol on top of Bitcoin. The former approach, while reasonably successful in the case of applications like Namecoin, is difficult to implement; each individual implementation needs to bootstrap an independent blockchain, as well as building and testing all of the necessary state transition and networking code. Additionally, we predict that the set of applications for decentralized consensus technology will follow a power law distribution where the vast majority of applications would be too small to warrant their own blockchain, and we note that there exist large classes of decentralized applications, particularly decentralized autonomous organizations, that need to interact with each other. The Bitcoin-based approach, on the other hand, has the flaw that it does not inherit the simplified payment verification features of Bitcoin. SPV works for Bitcoin because it can use blockchain depth as a proxy for validity; at some point, once the ancestors of a transaction go far enough back, it is safe to say that they were legitimately part of the state. Blockchain-based meta-protocols, on the other hand, cannot force the blockchain not to include transactions that are not valid within the context of their own protocols. Hence, a fully secure SPV meta-protocol implementation would need to backward scan all the way to the beginning of the Bitcoin blockchain to determine whether or not certain transactions are valid. Currently, all "light" implementations of Bitcoin-based meta-protocols rely on a trusted server to provide the data, arguably a highly suboptimal result especially when one of the primary purposes of a cryptocurrency is to eliminate the need for trust. 00:00 / 01:04 NAME: XBO-GOBA1 P. Oldenburger Amsterdam Netherlands. ​ API-OATH HACK, ZERO DAY VULNERABILITY FOUND IN GOOGLE ! BUG FOUND IN in GOOGLE OATH API April 4, 2020, Amsterdam Netherlands, ​ ** THIS IS A MAJOR BUG WITH MAJOR IMPACT ** ​ ​ BUG NAME= XBO-GOBA1 - Google API OATH Authorization Bug, found on 4 April 2020. 6 April 2020, Amsterdam Netherlands. xBORDER NERD BO-X.iO BUG Analysts, # xBORDER Research team found a mayor authorization Bug in the Google Admin Application Softwaremrun on 13.4 OSX, Reset Password DIsabled Full Administrator Access to all underlying Nodes, Domains, and Admins. This Bug can have a serious impact -- it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA" Access. This can be resolved by rewriting the OATH access API in that Application. See pictures for details. ​ This is a config Error that can be used as a gate to full access of ALL google applications. ​ Restore of Original Values are virtually impossible due to WHOIS restrictions on google.domains, CNAME updates are virtually impossible due to non-access. this is a RE-LOOP Bu and could have a major impact. ​ Peter Oldenburger & Friends. # NERD BO-X.iO @ xBORDER ​ ! ANODE { xBORDER } - VOC-X "VALUE: +10 } , VOC-X Crawlers deployed on this Oath bug can leech massive amounts of user data, company data. Google Cases ref: 2-6991000030256 Senior Google Specialists. BUG II: Google API OATH Authorization PART II, GOOGLE DOMAINS BUG. Mayor Bug found on 4 April 2020. 6 April 2020, Amsterdam Netherlands. Our Research team found a mayor Access & Authorization Bug @ Google, Gmail & Domain.google syn are non-compatible. G-mail, Gsuit re-access need CNAME implements, however Google.Domains is not acc. by login, This has mayor impact on Googlists that use the Gsuit & Google domain service. Access is imposible to recover. This Bug can have a serious impact because it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA" Access. This can be resolved by rewriting the OATH access API in that Application oorn Seperating access control in Gsuite/Gmail and Domains. See pictures for details. P.Oldenburger 2020 Amsterdam Netherlands. ! ANODE { xBORDER } - VOC-X "VALUE: +7 } , VOC-X Crawlers deployed on this Oath bug can Open Backdoor into Domain access. GOOGLE AUTORIZATION 2 MAJOR FAIL BUG FOUND IN GOOGLE OATH AUTHORIZATION API 2 BUGS FOUNDS WITH MAJOR IMPACT, TOTAL ACCESS IS DISABLED. THIS WOULD BE DISASTEROUS FOR HOSPITALS, DOCTORS ETC !

  • Blockchain KIX E-Commerce CryptoCurrency | Blockchainkix.com

    Blockchain KIX E-Commerce CryptoCurrency | Blockchainkix.com Welcome to the Ultimate Blockchain KIX E-Commerce CryptoCurrency - Blockchainkix.com KIX .COM BLOCKCHAIN https://cryptokix.net/ For more information, see website ICO Funding Network cryptokix net . https://cannabisseed.pro/ For more information, see website Cannabis Seed - Shop: Order Online | Buy Cannabisseed.pro . https://cannabisseed.shop/ For more information, see website CannabisSeed.Shop: Order Online, Shop & Buy Cannabis Seeds . ​ https://luckycharm.guru/ For more information, see website Magic Amulet - Protective Talisman - Lucky Charms | LuckyCharm.Guru . ​​ https://luckycharm.jewelry/ For more information, see website luckycharm.jewelry ​ For more information, see dildokopen.eu - sex-toys & sexspeeltjes shoppen ​ ​ For more information, see shopvergleichen.de - website & shops vergleichen deutschland ​ ​​ https://holidaynetwork.org/ https://airportnetwork.org/ https://villanetwork.org/ ​ https://xcom.dev/ For more information, see website Xcom.dev E-Commerce . ​ https://bioherby.de/ For more information, see website Bioherby: Naturprodukte und Tee hier bestellen ​ For more information, see website Bioherby: Naturprodukte, Gynostemma online shoppen https://hyperstartup.org/ For more information, see website Cryptocurrency Blockchain Crowdfund ICO Startup | hyperstartup.org . ​ ​ https://blockchainkix.com/ For more information, see website Blockchain KIX E-Commerce CryptoCurrency | Blockchainkix.com . ​ https://xborder.dev For more information, see website Blockchain ♛ xBORDER.DEV . https://xborder.app For more information, see website XBORDER.APP 🟢 Cryptocurrency & Blockchain Crowdfunding Network . For more information, see website Reishi Pilz | bestellen aus Bio-Farm (Lingzhi, Ganoderma) ❤️ Bioherby . For more information, see website Ginseng Wurzel & Extrakt | bestellen aus Bio-Farm ❤️ Bioherby . For more information, see website villanetwork.org . For more information, see website hotelsnetwork.org . For more information, see website AIRPORTNETWORK.ORG . ​ https://bloginformation.net For more information, see website THE WORLD OF HEALTH AND WELLNESS BLOG . ​ https://botanic.wiki For more information, see website Botanic Wiki . ​ https://wikibotanic.org For more information, see website Wiki Botanic - Scientific study of plants, genetics, ecology & classification . ​ https://cryptocurrencyinvest.org/ For more information, see website cryptocurrency invest . ​ https://informaticsblog.com For more information, see website Informaticsblog . index BLOCKCHAINKIX.COM 2022 AMSTERDAM NETHERLANDS CYBER SECURITY, PENETRATION TESTING, - HACKING & DEBUGGING -- PERSONAL ADVISE, BUSINESS ADVIS, CORPORATE UPGRADING, PRIVATE &GOVERNMENT. WE OFFER HIGH-END & MILITARY GRADE KNOW-HOW, TOOLS, CORDINATING , SOFTWARE & INFORMATION, 100% LEGAL, OPEN & TRANSPARENT, LICENCED. PROJECTS INCLUDE: PEN-TESTING, CRYPTO-CURRENCY, CRYPTO-PROGRAMMING & BLOCKCHAIN DEVELOPMENT: WE BRING YOU WORLD FIRST DECENTRAL E-COMMERCE NETWORK -- THE BORDER PLATFORM ~ 5 API-AUTOMATED E-COMMERCE SHOPS ON AN ONLINE PLATFORM, EASY TO CONFIGURE & CONTROLLED.. WE ARE PROUIUD TO PRESENT: XBO = WORLD FIRST CRYPTO-SHARE, THE FIRST CRYPTO-CURRENCY THAT REPRESENTS VALUE ! WITH 5 PATENTS @ THE United States USPTO & INTEREST FROM TECH-COMPANIES & GOVERMNENTS AS CHINA & THAILAND.. . READ MORE: HOW THE FIRST CRYPTO_CROWDFUND WILL SPARK DECENTRAL E-COMMERCE PLATFORMS: THIS WILL BE THE FUTURE OF API-INTEL E-COMMERCE. RF 007 -- ONLINE SPY SHOP: --- WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, BECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, DO YOU BELIEVE? ELON DOES.. THE POWER OF TECHNOLOGY AND THE PLAYERS , E-BOOK BY PETER OLDENBURGER . YEAR 2022 THE SOFTWARE ENGINEERING PROJECTS OF BLOCKCHAINKIX.COM PEN-TESTING FOR CORPORATIONS, CRYPTO-CURRENCY, CRYPTO-PROGRAMMING & BLOCKCHAIN DEVELOPMENT: WE BRING YOU WORLD FIRST DECENTRAL E-COMMERCE NETWORK -- THE BORDER PLATFORM ~ 5 API-AUTOMATED E-COMMERCE SHOPS ON AN ONLINE PLATFORM, EASY TO CONFIGURE & CONTROLLED.. WE ARE PROUD TO PRESENT: XBO = WORLD FIRST CRYPTO-SHARE, THE FIRST CRYPTO-CURRENCY THAT REPRESENTS VALUE ! WITH 5 PATENTS @ THE United States USPTO & INTEREST FROM TECH-COMPANIES & GOVERNMENTS AS CHINA & THAILAND.. . READ MORE: HOW THE FIRST CRYPTO_CROWDFUND WILL SPARK DECENTRAL E-COMMERCE PLATFORMS: THIS WILL BE THE FUTURE OF API-INTEL E-COMMERCE. RF 007 -- ONLINE SPY SHOP: --- WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, TBECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, CHINA - DE - SUA - JPN - RUSSIA - [ USA, UK, AU, NL, FR ] - THE POWER OF TECHNOLOGY AND THE PLAYERS , E-BOOK . BLOCKCHAIN powered API INTELligent cloud NETWORK XBORDER Ξ ECOMMERCE multi-layer BLOCKCHAIN & API-X ™ INTELLIGENT network - CLOUD-x CRYPTO-platform XBORDER ECOMMERCE - BLOCK-CHAIN CH-X INTELLIGENT API-X CRYPTO CLOUD-X NETWORK ​ Ξ xBORDER ecommerce platform Ξ ​ Ξ ∞ VOC-x { automated learning Ξ ∞ API-x { Analytic Intelligent Ξ ∞ snb-x { sandbx development Ξ ∞ bLc-x { Multi- layer BlockChain BLOCKCHAIN powered API INTELligent cloud NETWORK THE FUTURE OF ECOMMERCE xborder ecommerce platform e-commerce decentralized, powered by block-chains & connected & full automated by api code intergrations codecs. xx worlds first 'crypto-currency' with real & instant value, the ultimate crypto-future. FEDERATION NERDS ⭐ xbo, worlds first 'crypto-currency' with real & instant value, the ultimate crypto-future. API-X AUTOMATED INTELLIGENT E-COMMERCE platform blockchAIN-X multi-layerd block-chain controller nodes cloud-X real-time block-chain powered sync & back bo-X.io crowdfunding startup UNITED FEDERATION OF NERDS UNITED FEDERATION OF NERDS NEWS & UPDATES @ xBORDER NET BE FIRST 2 KNOW I agree to the terms & conditions > Thanks for submitting! WELCOME TO THE FUTURE HUMANITY @ 2022 THE UNITED FEDERATION OF NERDS EARTH GALACTIC L/L = 42DG39MIN32.4SEC_43DG08MIN19.2SEC @ 01/01/2214 xBORDER ∞ PROJECT8 ∞ THE E-COMMERCE REVOLUTION ∞ THE RISE OF DECENTRALIZATION ABOUT DECENTRALIZATION DECENTRALIZED MEANS APPLYING CONTRACTING DIRECTLY BETWEEN 0 & 1 THE HISTORICAL WAY OF CONTRACTING WAS TROUGH A MIDDLE MAN, THIS HAPPEND FOR A REASON, THE MIDDLE MAN, OR MIDDLE CONTRACT SUPPLIED ' THE TRUST OF VALUE ' FOR THAT TRANSACTION. BLOCK-CHAIN AND CRYPTO-CHAIN TECHNOLOGY ARE FORMS OF APPLYING DIRECT CONTRACTING . BLOCKCHAIN AS A MONETAIR CURRECY ? WELL, TO BE HONEST, ZUCKENBERG, THIS IS NOT POSSIBLE. DDUE TO THE HIGH AMOUNTHS OF ENERGIE IT TAKES TO PRODUCE YOUR LIBRA, I WAS CONFUSED WHEN I WAS READING THE WHITEPAPER, IT DOESNT APPLY NEW TECHNOLOGIE BUT BUILDS ON OLDER BITCOIN / ETHERIUM BITS & VALUE. BITCOIN IS SLOW & CONSUMES WAY TO MUCH ENERGY TO BE APPLIED IN REAL-TIME SYNC OR LIFE. THATS SO 1990 CHECK IT HERE YOU KNOW THERE IS ONLY A KEYNES VALUE API-X GIVES LEGAL OWNERSHIP OF xBORDER E-COMMERCE PLATFORM xBORDER NETWORK ∞ HTTPS://www.APi-X .APP POWERED & SECURED BY xBORDERS MULTI-LAYERED BLOCK-CHAIN TECHNOLOGY ∞ HTTPS://BLOCKCH-x.ORG ACCESS & CONFIG OF API-X & XBO IN REAL-TIME SYNC AT xBORDERS CLOUD NETWORK ∞ HTTPS://CLOUD-x .APP TRADE, INVEST OR EXPAND API-x E-COMMERCE PLATFORMS, JOIN THE TRADERS GILD ∞ HTTPS://VOC-x.ORG CLOUD-X BLOCKCHAIN-X BLOCKCHAINKIX.COM WHITE PAPER 2022 ​ Chapters ​ The History xBORDER As A State Transition System Mining in Generic Merkle Trees Alternative Blockchain Applications Scripting xBORDER BLOCKCNX Philosophy xBORDER Accounts Messages and Transactions Messages xBORDER State Transition Function Code Execution xBORDER and Mining Applications Token Systems Financial derivatives and Stable-Value Currencies Identity and Reputation Systems Decentralized File Storage Decentralized Autonomous Organizations Further Applications Miscellanea And Concerns Modified GHOST Implementation Fees Computation And Turing-Completeness Currency And Issuance Mining Centralization Scalability Conclusion Notes and Further Reading Notes Further Reading Introduction to Bitcoin and Existing Concepts The concept of decentralized digital currency, as well as alternative applications like property registries, has been around for decades. The anonymous e-cash protocols of the 1980s and the 1990s, mostly reliant on a cryptographic primitive known as Chaumian blinding, provided a currency with a high degree of privacy, but the protocols largely failed to gain traction because of their reliance on a centralized intermediary. In 1998, Wei Dai's b-money became the first proposal to introduce the idea of creating money through solving computational puzzles as well as decentralized consensus, but the proposal was scant on details as to how decentralized consensus could actually be implemented. In 2005, Hal Finney introduced a concept of reusable proofs of work, a system which uses ideas from b-money together with Adam Back's computationally difficult Hashcash puzzles to create a concept for a cryptocurrency, but once again fell short of the ideal by relying on trusted computing as a backend. In 2009, a decentralized currency was for the first time implemented in practice by Satoshi Nakamoto, combining established primitives for managing ownership through public key cryptography with a consensus algorithm for keeping track of who owns coins, known as "proof of work". xBORDER mechanism behind proof of work was a breakthrough in the space because it simultaneously solved two problems. First, it provided a simple and moderately effective consensus algorithm, allowing nodes in the network to collectively agree on a set of canonical updates to the state of the Crypto-ledger. Second, it provided a mechanism for allowing free entry into the consensus process, solving the political problem of deciding who gets to influence the consensus, while simultaneously preventing sybil attacks. It does this by substituting a formal barrier to participation, such as the requirement to be registered as a unique entity on a particular list, with an economic barrier - the weight of a single node in the consensus voting process is directly proportional to the computing power that the node brings. Since then, an alternative approach has been proposed called proof of stake, calculating the weight of a node as being proportional to its currency holdings and not computational resources; the discussion of the relative merits of the two approaches is beyond the scope of this paper but it should be noted that both approaches can be used to serve as the backbone of a cryptocurrency. ​ Peter Oldenburger, the founder of xBORDER wrote this Blog Post: ​ ​ the Crypto As A State Transition System The ledger of a cryptocurrency such as the Crypto can be thought of as a state transition system, where there is a "state" consisting of the ownership status of all existing the Cryptos and a "state transition function" that takes a state and a transaction and outputs a new state which is the result. In a standard banking system, for example, the state is a balance sheet, a transaction is a request to move $X from A to B, and the state transition function reduces the value in A's account by $X and increases the value in B's account by $X. If A's account has less than $X in the first place, the state transition function returns an error. Hence, one can formally define: APPLY(S,TX) -> S' or ERROR APPLY({ Alice: $50, Bob: $50 },"send $20 from Alice to Bob") = { Alice: $30, Bob: $70 } APPLY({ Alice: $50, Bob: $50 },"send $70 from Alice to Bob") = ERROR The "state" in the Crypto is the collection of all coins (technically, "unspent transaction outputs" or UTXO) that have been mined and not yet spent, with each UTXO having a denomination and an owner (defined by a 20-byte address which is essentially a cryptographic public keyfn. 1). A transaction contains one or more inputs, with each input containing a reference to an existing UTXO and a cryptographic signature produced by the private key associated with the owner's address, and one or more outputs, with each output containing a new UTXO to be added to the state. The state transition function APPLY(S,TX) -> S' can be defined roughly as follows: For each input in TX: If the referenced UTXO is not in S, return an error. If the provided signature does not match the owner of the UTXO, return an error. If the sum of the denominations of all input UTXO is less than the sum of the denominations of all output UTXO, return an error. Return S' with all input UTXO removed and all output UTXO added. The first half of the first step prevents transaction senders from spending coins that do not exist, the second half of the first step prevents transaction senders from spending other people's coins, and the second step enforces conservation of value. In order to use this for payment, the protocol is as follows. Suppose Alice wants to send 11.7 BTC to Bob. First, Alice will look for a set of available UTXO that she owns that totals up to at least 11.7 BTC. Realistically, Alice will not be able to get exactly 11.7 BTC; say that the smallest she can get is 6+4+2=12. She then creates a transaction with those three inputs and two outputs. The first output will be 11.7 BTC with Bob's address as its owner, and the second output will be the remaining 0.3 BTC "change", with the owner being Alice herself. ​ ​ Mining block_picture.jpg If we had access to a trustworthy centralized service, this system would be trivial to implement; it could simply be coded exactly as described, using a centralized server's hard drive to keep track of the state. However, with the Crypto we are trying to build a decentralized currency system, so we will need to combine the state transition system with a consensus system in order to ensure that everyone agrees on the order of transactions. the Crypto's decentralized consensus process requires nodes in the network to continuously attempt to produce packages of transactions called "blocks". The network is intended to produce roughly one block every ten minutes, with each block containing a timestamp, a nonce, a reference to (ie. hash of) the previous block and a list of all of the transactions that have taken place since the previous block. Over time, this creates a persistent, ever-growing, "blockchain" that constantly updates to represent the latest state of the the Crypto ledger. The algorithm for checking if a block is valid, expressed in this paradigm, is as follows: Check if the previous block referenced by the block exists and is valid. Check that the timestamp of the block is greater than that of the previous blockfn. 2 and less than 2 hours into the future Check that the proof of work on the block is valid. Let S[0] be the state at the end of the previous block. Suppose TX is the block's transaction list with n transactions. For all i in 0...n-1, set S[i+1] = APPLY(S[i],TX[i]) If any application returns an error, exit and return false. Return true, and register S[n] as the state at the end of this block. Essentially, each transaction in the block must provide a valid state transition from what was the canonical state before the transaction was executed to some new state. Note that the state is not encoded in the block in any way; it is purely an abstraction to be remembered by the validating node and can only be (securely) computed for any block by starting from the genesis state and sequentially applying every transaction in every block. Additionally, note that the order in which the miner includes transactions into the block matters; if there are two transactions A and B in a block such that B spends a UTXO created by A, then the block will be valid if A comes before B but not otherwise. ​ ​ The one validity condition present in the above list that is not found in other systems is the requirement for "proof of work". The precise condition is that the double-SHA256 hash of every block, treated as a 256-bit number, must be less than a dynamically adjusted target, which as of the time of this writing is approximately 2187. The purpose of this is to make block creation computationally "hard", thereby preventing sybil attackers from remaking the entire blockchain in their favor. Because SHA256 is designed to be a completely unpredictable pseudorandom function, the only way to create a valid block is simply trial and error, repeatedly incrementing the nonce and seeing if the new hash matches. ​ ​ At the current target of ~2187, the network must make an average of ~269 tries before a valid block is found; in general, the target is recalibrated by the network every 2016 blocks so that on average a new block is produced by some node in the network every ten minutes. In order to compensate miners for this computational work, the miner of every block is entitled to include a transaction giving themselves 12.5 BTC out of nowhere. Additionally, if any transaction has a higher total denomination in its inputs than in its outputs, the difference also goes to the miner as a "transaction fee". Incidentally, this is also the only mechanism by which BTC are issued; the genesis state contained no coins at all. In order to better understand the purpose of mining, let us examine what happens in the event of a malicious attacker. Since the Crypto's underlying cryptography is known to be secure, the attacker will target the one part of the Bitcoin system that is not protected by cryptography directly: the order of transactions. The attacker's strategy is simple: Send 100 BTC to a merchant in exchange for some product (preferably a rapid-delivery digital good) Wait for the delivery of the product Produce another transaction sending the same 100 BTC to himself Try to convince the network that his transaction to himself was the one that came first. Once step (1) has taken place, after a few minutes some miner will include the transaction in a block, say block number 270. After about one hour, five more blocks will have been added to the chain after that block, with each of those blocks indirectly pointing to the transaction and thus "confirming" it. At this point, the merchant will accept the payment as finalized and deliver the product; since we are assuming this is a digital good, delivery is instant. Now, the attacker creates another transaction sending the 100 BTC to himself. If the attacker simply releases it into the wild, the transaction will not be processed; miners will attempt to run APPLY(S,TX) and notice that TX consumes a UTXO which is no longer in the state. So instead, the attacker creates a "fork" of the blockchain, starting by mining another version of block 270 pointing to the same block 269 as a parent but with the new transaction in place of the old one. Because the block data is different, this requires redoing the proof of work. Furthermore, the attacker's new version of block 270 has a different hash, so the original blocks 271 to 275 do not "point" to it; thus, the original chain and the attacker's new chain are completely separate. The rule is that in a fork the longest blockchain is taken to be the truth, and so legitimate miners will work on the 275 chain while the attacker alone is working on the 270 chain. In order for the attacker to make his blockchain the longest, he would need to have more computational power than the rest of the network combined in order to catch up (hence, "51% attack"). ​ ​ Merkle Trees SPV in the Crypto Left: it suffices to present only a small number of nodes in a Merkle tree to give a proof of the validity of a branch. Right: any attempt to change any part of the Merkle tree will eventually lead to an inconsistency somewhere up the chain. ​ ​ Tcalability feature of the Crypto is that the block is stored in a multi-level data structure. The "hash" of a block is actually only the hash of the block header, a roughly 200-byte piece of data that contains the timestamp, nonce, previous block hash and the root hash of a data structure called the Merkle tree storing all transactions in the block. A Merkle tree is a type of binary tree, composed of a set of nodes with a large number of leaf nodes at the bottom of the tree containing the underlying data, a set of intermediate nodes where each node is the hash of its two children, and finally a single root node, also formed from the hash of its two children, representing the "top" of the tree. The purpose of the Merkle tree is to allow the data in a block to be delivered piecemeal: a node can download only the header of a block from one source, the small part of the tree relevant to them from another source, and still be assured that all of the data is correct. The reason why this works is that hashes propagate upward: if a malicious user attempts to swap in a fake transaction into the bottom of a Merkle tree, this change will cause a change in the node above, and then a change in the node above that, finally changing the root of the tree and therefore the hash of the block, causing the protocol to register it as a completely different block (almost certainly with an invalid proof of work). The Merkle tree protocol is arguably essential to long-term sustainability. A "full node" in the the Crypto network, one that stores and processes the entirety of every block, takes up about 15 GB of disk space in the Bitcoin network as of April 2014, and is growing by over a gigabyte per month. Currently, this is viable for some desktop computers and not phones, and later on in the future only businesses and hobbyists will be able to participate. A protocol known as "simplified payment verification" (SPV) allows for another class of nodes to exist, called "light nodes", which download the block headers, verify the proof of work on the block headers, and then download only the "branches" associated with transactions that are relevant to them. This allows light nodes to determine with a strong guarantee of security what the status of any Bitcoin transaction, and their current balance, is while downloading only a very small portion of the entire blockchain. ​ Alternative Blockchain Applications The idea of taking the underlying blockchain idea and applying it to other concepts also has a long history. In 1998, Nick Szabo came out with the concept of secure property titles with owner authority, a document describing how "new advances in replicated database technology" will allow for a blockchain-based system for storing a registry of who owns what land, creating an elaborate framework including concepts such as homesteading, adverse possession and Georgian land tax. However, there was unfortunately no effective replicated database system available at the time, and so the protocol was never implemented in practice. After 2009, however, once Bitcoin's decentralized consensus was developed a number of alternative applications rapidly began to emerge. ​ Namecoin - created in 2010, Namecoin is best described as a decentralized name registration database. In decentralized protocols like Tor, Bitcoin and BitMessage, there needs to be some way of identifying accounts so that other people can interact with them, but in all existing solutions the only kind of identifier available is a pseudorandom hash like 1LW79wp5ZBqaHW1jL5TCiBCrhQYtHagUWy. Ideally, one would like to be able to have an account with a name like "george". However, the problem is that if one person can create an account named "george" then someone else can use the same process to register "george" for themselves as well and impersonate them. The only solution is a first-to-file paradigm, where the first registerer succeeds and the second fails - a problem perfectly suited for the Bitcoin consensus protocol. Namecoin is the oldest, and most successful, implementation of a name registration system using such an idea. Colored coins the purpose of colored coins is to serve as a protocol to allow people to create their own digital currencies - or, in the important trivial case of a currency with one unit, digital tokens, on the Bitcoin blockchain. In the colored coins protocol, one "issues" a new currency by publicly assigning a color to a specific Bitcoin UTXO, and the protocol recursively defines the color of other UTXO to be the same as the color of the inputs that the transaction creating them spent (some special rules apply in the case of mixed-color inputs). This allows users to maintain wallets containing only UTXO of a specific color and send them around much like regular bitcoins, backtracking the blockchain to determine the color of any UTXO that they receive. Metacoins - the idea behind a metacoin is to have a protocol that lives on top of Bitcoin, using Bitcoin transactions to store metacoin transactions but having a different state transition function, APPLY'. Because the metacoin protocol cannot prevent invalid metacoin transactions from appearing in the Bitcoin blockchain, a rule is added that if APPLY'(S,TX) returns an error, the protocol defaults to APPLY'(S,TX) = S. This provides an easy mechanism for creating an arbitrary cryptocurrency protocol, potentially with advanced features that cannot be implemented inside of Bitcoin itself, but with a very low development cost since the complexities of mining and networking are already handled by the Bitcoin protocol. Metacoins have been used to implement some classes of financial contracts, name registration and decentralized exchange. There are two approaches toward building a consensus protocol building an independent network, and building a protocol on top of Bitcoin. The former approach, while reasonably successful in the case of applications like Namecoin, is difficult to implement; each individual implementation needs to bootstrap an independent blockchain, as well as building and testing all of the necessary state transition and networking code. Additionally, we predict that the set of applications for decentralized consensus technology will follow a power law distribution where the vast majority of applications would be too small to warrant their own blockchain, and we note that there exist large classes of decentralized applications, particularly decentralized autonomous organizations, that need to interact with each other. ​ The Bitcoin-based approach on the other hand, has the flaw that it does not inherit the simplified payment verification features of Bitcoin. SPV works for Bitcoin because it can use blockchain depth as a proxy for validity; at some point, once the ancestors of a transaction go far enough back, it is safe to say that they were legitimately part of the state. Blockchain-based meta-protocols, on the other hand, cannot force the blockchain not to include transactions that are not valid within the context of their own protocols. Hence, a fully secure SPV meta-protocol implementation would need to backward scan all the way to the beginning of the Bitcoin blockchain to determine whether or not certain transactions are valid. Currently, all "light" implementations of Bitcoin-based meta-protocols rely on a trusted server to provide the data, arguably a highly suboptimal result especially when one of the primary purposes of a cryptocurrency is to eliminate the need for trust. NAME: XBO-GOBA1 P. Oldenburger Amsterdam Netherlands. ​ API-OATH HACK, ZERO DAY VULNERABILITY FOUND IN GOOGLE ! BUG FOUND IN in GOOGLE OATH API April 4, 2020, Amsterdam Netherlands, ​ ** THIS IS A MAJOR BUG WITH MAJOR IMPACT ** ​ ​ BUG NAME= XBO-GOBA1 - Google API OATH Authorization Bug, found on 4 April 2020. 6 April 2020, Amsterdam Netherlands. xBORDER NERD BO-X.iO BUG Analysts, # xBORDER Research team found a mayor authorization Bug in the Google Admin Application Softwaremrun on 13.4 OSX, Reset Password DIsabled Full Administrator Access to all underlying Nodes, Domains, and Admins. This Bug can have a serious impact -- it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA" Access. This can be resolved by rewriting the OATH access API in that Application. See pictures for details. ​ This is a config Error that can be used as a gate to full access of ALL google applications. ​ Restore of Original Values are virtually impossible due to WHOIS restrictions on google.domains, CNAME updates are virtually impossible due to non-access. this is a RE-LOOP Bu and could have a major impact. ​ Peter Oldenburger & Friends. # NERD BO-X.iO @ xBORDER ​ ! ANODE { xBORDER } - VOC-X "VALUE: +10 } , VOC-X Crawlers deployed on this Oath bug can leech massive amounts of user data, company data. Google Cases ref: 2-6991000030256 Senior Google Specialists. BUG II: Google API OATH Authorization PART II, GOOGLE DOMAINS BUG. Mayor Bug found on 4 April 2020. 6 April 2020, Amsterdam Netherlands. Our Research team found a mayor Access & Authorization Bug @ Google, Gmail & Domain.google syn are non-compatible. G-mail, Gsuit re-access need CNAME implements, however Google.Domains is not acc. by login, This has mayor impact on Googlists that use the Gsuit & Google domain service. Access is imposible to recover. This Bug can have a serious impact because it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA" Access. This can be resolved by rewriting the OATH access API in that Application oorn Seperating access control in Gsuite/Gmail and Domains. See pictures for details. P.Oldenburger 2020 Amsterdam Netherlands. ! ANODE { xBORDER } - VOC-X "VALUE: +7 } , VOC-X Crawlers deployed on this Oath bug can Open Backdoor into Domain access. GOOGLE AUTORIZATION 2 MAJOR FAIL BUG FOUND IN GOOGLE OATH AUTHORIZATION API 2 BUGS FOUNDS WITH MAJOR IMPACT, TOTAL ACCESS IS DISABLED. THIS WOULD BE DISASTEROUS FOR HOSPITALS, DOCTORS ETC ! RF 007 ​ WIFI, ETH, GSM, GPG, PGP -- MILITARY GRADE & QUALITY SPY TOOLS -- TRACK -- LISTEN -- CATCH & COPY - SPOOF & MORE. LATEST NEWS & TECHNOLOGY: ARDUINO, RASPI, LINUX, WINDOWS, MAC-OS -- DEBIAN -- KALI -- PARROT -- REDHAT -- INFO & COURSES -- BOOKS & SOFTWARE GMS, BLUETOOTH, BLE , INFRARED & RADIO -- SWARMING, TRACKING, LOCATING > COPY , IMITATE THAN PENETRATE: BLE, IR, WIFI, GMS, THE MHZ CATCHERS KNOW-HOW THE STRONGEST TRANSPORTER OF DATA? DSL? 6G? SUPER-WIFI? NOPE.. VOLT.. THATS RIGHT: WHEN YOU PLUG YOUR HIGH-END PGP PHONE INTO THE POWERLINE TO CHARGE.. ALTHO THIS TECHNOLOGY IS DIFFICULT AND NEW: THIS IS HOW JEFF BESOZ GOT HACKED. YOU KNOW BLUETOOTH IS ACCESSIBLE OVER VOLT? I CAN HOP FROM DEVICE TO DEVICE. I CAN MIMIK YOUR BLEUTOOTH MAC-NUMBER, AND ID, SO THAT AN CORRUPTED DEVICE WILL SYNC WITH YOUR DEVICES, AND ACCESSIBLE TO ALL DEVICES THAT YOU CONNECTED TO POWERLINES: FROM THERE I CAN ACCESS YOUR UNIQUE MAC & SNIN NUMBERS, SPOOF THEM, AND YOU WILL CARRY A 'HOST' WITH YOU ALL THE TIMES, WHEREEVER YOU GO. PASSWORDS? LOCKS? DOESNT MATTER BECAUSE YOUR PHONE OR COMPUTER DOESNT RECONISE THE TREATH. I CAN HOP FROM YOUR BLUETOOTH, WIFI OR GMS -RF TO ALL DEVICES THAT BROADCAST RF-SIGNALS: CAMERAS, PHONES, TV'S, COMPUTERS, YOUR MOTORBIKE, YOUR ELECTRIC CAR,SCARY: I CAN GO INSIDE YOUR HEAD WHEN YOU WEAR HEARING DEVICES.. I CAN MANIPULATE YOUR PHONE APPLICATIONS, ALTER MUSIC OR JUST TAKE IT EASY: CHANGE NAME-SERVERS & ALL YOUR UPLOAD & DOWNLOAD DATA WILL BE TRANSPORTED TO MY PERSONAL COMPUTER 'A SO CALLED MIM-ATTACK' . I DID RESEARCH ON DATA OVER VOLT FOR THE PAST 3 YEARS, I GOT THE ATTENTION OF VARIOUS AGENCIES: CHINA, THE UK, AND MY FELLOW COUNTRY MEN , THE DUTCH, ARE 24/7 PRESENT. I TRIED TO LAUNCH WEBSITES BEFORE THIS ONE ON THIS SUBJECT: IMPOSSIBLE: WEB-SITES WHERE REMOVED, DOMAIN NAMES GONE, SOFTWARE PATENTS BLOCKED. WHEN I TOLD MY SISTER, SHE DID NOT BELIEVE ME. I REPORTED MORE THAN 8 TIMES AT THE POLICE STATION, I WROTE LETTERS TO THE MINISTER OF JUSTICE AND THE MINISTER OF TECHNOLOGY: SHE WROTE ME BACK: SOMETHING LIKE: FUCK OFF. THE POLICE TOLD ME I HAD MENTAL PROBLEMS, AND THAT I 'HAD TO LET THIS SUBJECT GO.. NOW 3 YEARS LATER, WHEN THIS KNOW-HOW IS GETTING OUT TO THE PUBLIC, THE DUTCH GOVERNMENT WAS FALLEN , SOME OF THEM HAVE TO GO TO COURT: 30.000 MAN, WOMAN & CHILDREN WHERE CUT ON WELL-FARE FOR MORE THAN 10 TO 15 YEARS, LOANS STOPT, LOSING THEIR HOUSING, MARKED AS CRIMINALS, BECAUSE OF WHAT THEY REFER AS 'HUMAN ERRORS', BLAMING EACH OTHER, SHOWING UP TO LATE AT HEARING COMMISSIONS, TAKE-ING NO RESPONSIBILITY, BLAMING EACH OTHER, NOT EVEN ONE SPOKE THE TRUTH, OR THEY JUST DONT FUCKING CARE ! SLAMMER OF THE MOINTH: THE JUSTICE AND COMPUTER DEPARTMENT: PREACHING AND TELLING THE PEOPLE OF THE NETHERLANDS THEY CANNOT GO OUTSIDE AFTER 9 WITH MORE THAN 3 PEOPLE: THE MINISTER OF JUSTICE WAS CAUGHT THAT WEEKEND AT A PARTY AFTER 9 WITH MORE THAN 3 PEOPLE. IRONIC ISN'T IT ? THE MINISTER OF TECHNOLOGY: A WOMEN WHO DOESNT KNOW THAT 'LINUX' IS, GAVE US A NEW LAW: DE SLEEPWET, THIS LAW MAKES MASSIVE SURVAILLANCE LEGAL. FUNNY THING: THEY WANTED IT TO LOOK DEMOCRATIC: AND TOLD US WE HAVE THE DEMOCRATIC RIGHT IN A 'REFERENDUM' TO VOTE AGAINST OR PRO THIS LAW: THE LAW WAS DENIED BY THE PEOPLE OF THE NETHERLANDS: 2 MONTHS LATER IT WAS AN ACTIVE LAW, AND MAKES THE NETHERLANDS NO.1 ON SURVEILLANCE IN EUROPE. LUCKY FOR ME: MY LOGS SHOWED IP'S, I COULDN'T FIGURE IT OUT, HOW THEY WHERE ABLE TO HACK MY FIREWALLS, VPN'S, PASSWORDS EVEN VIRTUAL MACHINES:: DATA OVER VOLT. SELLING THIS TECHNOLOGY TO ARAB COUNTRIES,PROMOVATING TO ONE OF THE 5-EYES . USA-UK-CANADA-AU-NL -- : GOOGLE, APPLE THEY KNOW: GOOGLE, APPLE, DHL AND MANY MORE ARE BUILDING DATA-CENTERS IN NL WORTH BILLIONS AND BILLIONS OF DOLLARS. WHY? REMEMBER GOOGLE WAS FINED 4 BILLION EURO BY EUROPE? THEY NEVER PAYED. THE DUTCH STRUCK A DEAL:GOOGLE BUILDS DATA CENTRES WORTH BILLIONS , GOOGLE DOESNT PAY A FINE, BUT BUILD DATA-CENTRES, PAYING NO TAX HERE WAS ALSO SOLVED BY THE DUTCH: IN THE NETHERLANDS WHEN YOU HAVE TAX-DECLERANCE ABOVE 100MILLION USD, YOU HAVE A SPECIAL TEAM VISITING YOU: MAKING A TAX-DEAL: ITS ARE FACTS HUH: MY GOVERNMENT MAKE ANOTHER DEAL: SOFTWARE, DATA BACKDOOR THAT GIVES THE DUTCH ONLY IN THE REAREST OCCASION PRIVILEGE TO USE THAT BACKDOORS: THE TRUTH IS THAT ITS USED IN THE POLICE ACADEMY, AND STUDENTS BRAG TO EACH OTHER , OVER MANIPULATING AND PLAYIN' TRICKS ON CILIVIALS. THE PROGRAM STOPPED IN ACADEMY: THEY FOUND OUT THAT DATA REALLY MEANS POWER.. ALSO, I WANT TO PRAISE THE HONEST DUTCH GOVERMNENT WORKERS AND THE POLICE. MAY THE FORCE BE WITH YOU. PETER OLDENBURGER, AMSTERDAM, DUTCH-LAND. FACTS FFAC HACKING MILITARY GRADE Peter Oldenburger, Amsterdam, NL 2021. MINE. FACTS. DATA TOOLS TO PROTECT YOUR DATA , OVER VOLT. QUESTIONS ? COMMENTS ? OFFERS ? CALL, CHAT, OR EMAIL: WE MAKE IT PERSONAL: WE OFFER 24.7 ONLINE ASSISTANCE. DONT UNDERSTAND A WORD? CLICK IT! ITS A LINK.. WE OFFER PERSONAL, HIGHEND SERVICE & KNOW-HOW ON MULTIPLE SUBJECTS. OUR TEAM TRAVELS ALL OVER THE WORLD. ORGANIZING EVENTS & WORKSHOPS , DISCUSSIONS & LECTURES, ONLINE & IN REAL LIVE: MEET US ! ONLINE: HELP US DEVELOP AND GET CRYPTO-SHARES OF THE NEMESIS. JOIN HUNDREDS OF PROFESSIONALS WITH THE SAME TASK.. BUILDING AN BLOCKCHAIN POWERED , INTELLIGENT, E-COMMERCE NETWORK: A PLATFORM ENTITY LEARNS, COMPARES, DEPLOYS, CALCULATES, CRAWLS& SNIFFS THE INTERNET IN THE SEARCH FOR KNOWLEAGE. IN THE BEGIN THAT WILL BE E0--COMMERCE, PRICES, OFFERS ETC. DO YOU BELIEVE? THE DECENTRALIZATION AND CYPTO-CODING AKA BLOCK-CHAINING, FINALLY MICROPROCESSORS BECOMING REAL ' MICRO" INTELLIGENT -ALL-IN-ONE-CPU-GPU-MEMORY, INDUCED BY QUANTUM TECHNOLOGY, WILL START WHEN OUR COAL, GASOLINE, WINDMILLS WILL BE REPLACED BY HYDROGEN. HYDROGEN WILL BE FOR ELECTRICITY WHAT ELECTRICITY WAS TO STEAM, IT SPARKED THE INDUSTRIAL REVOLUTION. RO - POWERED BY WILL BE NANO-PROCESSORS POWERED BY QUANTUM TECHNOLOGY. UPGRADE LEADS TO THE API-MATRIX INTELLIGENCE THAT WILL CHANGE ONLINE BUSINESS, CURRENCY AND SHAREHOLDING WILL REPRESENT VALUE, AND NOT BASED ON TRUST, TBECAUSE KNOW-HOW IS POWER, WILL SHOW IN RISING VALUE OF XBO-CRYPTO-SHARES, BUT THAT IS NOT HER GOAL NOR HER FINAL PURPOSE, DO YOU BELIEVE? ELON DOES..

  • xBORDER | Google API Hack - Authorization Bugs Revealed

    I'm a paragraph. Click here to add your own text and edit me. It's easy. CrowdFunding xBORDER, x-Border Block-Chain API Intelligent E-Commerce Technology Development, xBORDER, the official Institute. xBORDER US HQ, 171 S Whisman Rd, Mountain View, CA 94041, United States. xBORDER EU HQ, Sint Olofssteeg 4, 1012AK, Amsterdam, Netherlands. xBORDER CrowdFunding - Block-Chain API Intelligent E-Commerce Technology Development x BORDER, the official Institute, Cloud -X, Crypto Encrypted Voting. x-BORDER Crowd-Fund the Blockchain. Institute of Coding, JSON, JAVA, PHYTON, Programming at xBORDER. Now the x-BORDER CrowdFund - Implementing Block-Chain API Intelligent E-Commerce Technology. Development of the xBORDER Network Platform, official Institute Cloud -X, Crypto and Encrypted Votings. x-BORDER Crowd-Fund the Blockchain, Headquarters. KIX CLOUD -X BLOCK -X API-X More BUGCRAWLER #= xBORDER NODE { REPORTMINORITY } - UNITED DUTCH VOC-X VOC-X = NODE { VOC } - "VALUE: CONTROLLER | { CONNECTS API-NODES TO THEIR MASTERS } BLOCKCHX NODE { CHX } - "XVALUE: TRADER { XBO } - { VOC } - { API } BORDER BORDER BORDER NERDZERO API-X1: ​ BACKPASS GOOGLE.DOMAINS ​ ​ News and updates from the Project Zero team at Google Thursday, April 2, 2020 ​ Posted by Maddie Stone, Project Zero INTRODUCTION I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post . 019-1458, a Win32k Escalation of Privilege (EoP), said to be exploited in the wild and discovered by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. Later that day, Kaspersky published a blog post on the exploit. The blog post included details about the exploit, but only included partial details on the vulnerability. My end goal was to do variant analysis on the vulnerability, but without full and accurate details about the vulnerability, I needed to do a root cause analysis first. I tried to get my hands on the exploit sample, but I wasn't able to source a copy. Without the exploit, I had to use binary patch diffing in order to complete root cause analysis. Patch diffing is an often overlooked part of the perpetual vulnerability disclosure debate, as vulnerabilities become public knowledge as soon as a software update is released, not when they are announced in release notes. Skilled researchers can quickly determine the vulnerability that was fixed by comparing changes in the codebase between old and new versions. If the vulnerability is not publicly disclosed before or at the same time that the patch is released, then this could mean that the researchers who undertake the patch diffing effort could have more information than the defenders deploying the patches. While my patch diffing adventure did not turn out with me analyzing the bug I intended (more on that to come!), I do think my experience can provide us in the community with a data point. It’s rarely possible to reference hard timelines for how quickly sophisticated individuals can do this type of patch-diffing work, so we can use this as a test. I acknowledge that I have significant experience in reverse engineering, however I had no previous experience at all doing research on a Windows platform, and no knowledge of how the operating system worked. It took me three work weeks from setting up my first VM to having a working crash proof-of-concept for a vulnerability. This can be used as a data point (likely a high upper bound) for the amount of time it takes for individuals to understand a vulnerability via patch diffing and to create a working proof-of-concept crasher, since most individuals will have prior experience with Windows. But as I alluded to above, it turns out I analyzed and wrote a crash POC for not CVE-2019-1458, but actually CVE-2019-1433 . I wrote this whole blog post back in January, went through internal reviews, then sent the blog post to Microsoft to preview (we provide vendors with 24 hour previews of blog posts). That’s when I learned I’d analyzed CVE-2019-1433, not CVE-2019-1458. At the beginning of March, Piotr Florczyk published a detailed root cause analysis and POC for the “real” CVE-2019-1458 bug . With the “real” root cause analysis for CVE-2019-1458 now available, I decided that maybe this blog post could still be helpful to share what my process was to analyze Windows for the first time and where I went wrong. This blog post will share my attempt to complete a root cause analysis of CVE-2019-1458 through binary patch diffing, from the perspective of someone doing research on Windows for the first time. This includes the process I used, a technical description of the “wrong”, but still quite interesting bug I analyzed, and some thoughts on what I learned through this work, such as where I went wrong. This includes the root cause analysis for CVE-2019-1433, that I originally thought was the vulnerability for the in the wild exploit. As far as I know, the vulnerability detailed in this blog post was not exploited in the wild. MY PROCESS When the vulnerability was disclosed on December’s Patch Tuesday, I was immediately interested in the vulnerability. As a part of my new role on Project Zero where I’m leading efforts to study 0-days used in the wild, I was really interested in learning Windows. I had never done research on a Windows platform and didn’t know anything about Windows programming or the kernel. This vulnerability seemed like a great opportunity to start since: Complete details about the specific vulnerability weren't available, It affected both Windows 7 and Windows 10, and The vulnerability is in win32k which is a core component of the Windows kernel. I spent a few days trying to get a copy of the exploit, but wasn’t able to. Therefore I decided that binary patch-diffing would be my best option for figuring out the vulnerability. I was very intrigued by this vulnerability because it affected Windows 10 in addition to Windows 7. However, James Forshaw advised me to patch diff the Windows 7 win32k.sys files rather than the Windows 10 versions. He suggested this for a few reasons: The signal to noise ratio is going to be much higher for Windows 7 rather than Windows 10. This “noise” includes things like Control Flow Guard , more inline instrumentation calls, and “weirder” compiler settings. On Windows 10, win32k is broken up into a few different files: win32k.sys, win32kfull.sys, win32kbase.sys, rather than a single monolithic file. Kaspersky’s blog post stated that not all Windows 10 builds were affected. I got to work creating a Windows 7 testing environment. I created a Windows 7 SP1 x64 VM and then started the long process of patching it up until September 2019 (the last available update prior to the December 2019 update where the vulnerability was supposedly fixed). This took about a day and a half as I worked to find the right order to apply the different updates. Turns out that me thinking that September 2019 was the last available update prior to December 2019 would be one of the biggest reasons that I patch-diffed the wrong bug. I thought that September 2019 was the latest because it was the only update shown to me, besides December 2019, when I clicked “Check for Updates” within the VM. Because I was new to Windows, I didn’t realize that not all updates may be listed in the Windows Update window or that updates could also be downloaded from the Microsoft Update Catalog . When Microsoft told me that I had analyzed the wrong vulnerability, that’s when I realized my mistake. CVE-2019-1433, the vulnerability I analyzed, was patched in November 2019, not December 2019. If I had patch-diffed November to December, rather than September to December, I wouldn’t have gotten mixed up. Once the Windows 7 VM had been updated to Sept 2019, I made a copy of its C:\Windows\System32\win32k.sys file and snapshotted the VM. I then updated it to the most recent patch, December 2019, where the vulnerability in question was fixed. I then snapshotted the VM again and saved off the copy of win32k.sys. These two copies of win32k.sys are the two files I diffed in my patch diffing analysis. Win32k is a core kernel driver that is responsible for the windows that are shown as a part of the GUI. In later versions of Windows, it’s broken up into multiple files rather than the single file that it is on Windows 7. Having only previously worked on the Linux/Android and RTOS kernels, the GUI aspects took a little bit of time to wrap my head around. On James Foreshaw’s recommendation, I cloned my VM so that one VM would run WinDbg and debug the other VM. This allows for kernel debugging. Now that I had a copy of the supposed patched and supposed vulnerable versions of win32k.sys, it’s time to start patch diffing. PATCH DIFFING WINDOWS 7 WIN32K.SYS I decided to use BinDiff to patch diff the two versions of win32k. In October 2019, I did a comparison on the different binary diffing tools available [video , slides ], and for me, BinDiff worked best “out of the box” so I decided to at least start with that again. I loaded both files into IDA and then ran BinDiff between the two versions of win32k. To my pleasant surprise, there were only 23 functions total in the whole file/driver that had changed from one version to another. In addition, there were only two new functions added in the December 2019 file that didn’t exist in September. This felt like a good sign: 23 functions seemed like even in the worst case, I could look at all of them to try and find the patched vulnerability. (Between the November and December 2019 updates only 5 functions had changed, which suggests the diffing process could have been even faster.) Original BinDiff Matched Functions of win32k.sys without Symbols When I started the diff, I didn’t realize that the Microsoft Symbol Server was a thing that existed. I learned about the Symbol Server and was told that I could easily get the symbols for a file by running the following command in WinDbg: x win32k!*. I still hadn’t realized that IDA Pro had the capability to automatically get the symbols for you from a PDB file, even if you aren’t running IDA on a Windows computer. So after running the WinDBG command, I copied all of the output to a file, rebased my IDA Pro databases to the same base address and then would manually rename functions as I was reversing based on the symbols and addresses in the text file. About a week into this escapade, I learned how to modify the IDA configuration file to have my IDA Pro instance, running on Linux, connect to my Windows VM to get the symbols. BinDiff Matched Function of win32k.sys with Symbols What stood out at first when I looked at BinDiff was that none of the functions called out in Kaspersky’s blog post had been changed: not DrawSwitchWndHilite, CreateBitmap, SetBitmapBits, nor NtUserMessageCall. Since I didn’t have a strong indicator for a starting point, I instead tried to rule out functions that likely wouldn’t be the change that I was looking for. I first searched for function names to determine if they were a part of a different blog post or CVE. Then I looked through all of the CVEs claimed to affect Windows 7 that were fixed in the December Bulletin and matched them up. Through this I ruled out the following functions: CreateSurfacePal - CVE-2019-1362 RFONTOBJ::bInsterGlyphbitsLookaside, xInsertGlyphbitsRFONTOBJ - CVE-2019-1468 EXPLORING THE WRONG CHANGES At this point I started scanning through functions to try and understand their purpose and look at the changes that were made. GreGetStringBitmapW caught my eye because it had “bitmap” in the name and Kaspersky’s blog post talked about the use of bitmaps. The changes to GreGetStringBitmapW didn’t raise any flags: one of the changes had no functional impact and the other was sending arguments to another function, a function that was also listed as having changed in this update. This function had no public symbols available and is labeled as vuln_sub_FFFFF9600028F200 in the Bindiff image above. In the Dec 2019 win32k.sys its offset from base address is 0x22F200. As shown by the BinDiff flow graph above, there is a new block of code added in the Dec 2019 version of win32k.sys. The Dec 2019 added argument checking before using that argument when calculating where to write to a buffer. This made me think that this was a vulnerability in contention: it’s called from a function with bitmap in the name and appears that there would be a way to overrun a buffer. I decided to keep reversing and spent a few days on this change. I was getting deep down in the rabbit hole though and had to remember that the only tie I had between this function and the details known about the in-the-wild exploit was that “bitmap” was in the name. I needed to determine if this function was even called during the calls mentioned in the Kaspersky blog post. I followed cross-references to determine how this function could be called. The Nt prefix on function names means that the function is a syscall. The Gdi in NtGdiGetStringBitmapW means that the user-mode call is in gdi32.dll. Mateusz Jurczyk provides a table of Windows syscalls here . Therefore, the only way to trigger this function is through a syscall to NtGdiGetStringBitmapW. In gdi32.dll, the only call to NtGdiGetStringBitmapW is GetStringBitmapA, which is exported. Tracing this call path and realizing that none of the functions mentioned in the Kaspersky blog post called this function made me realize that it was pretty unlikely that this was the vulnerability. However, I decided to dynamically double check that this function wouldn’t be called when calling the functions listed in the blog post or trigger the task switch window. I downloaded Visual Studio into my Windows 7 VM and wrote my first Windows Desktop app, following this guide . Once I had a working “Hello, World”, I began to add calls to the functions that are mentioned in the Kaspersky blog post: Creating the “Switch” window, CreateBitmap, SetBitmapBits, NtUserMessageCall, and half-manually/half-programmatically trigger the task-switch window, etc. I set a kernel breakpoint in Windbg on the function of interest and then ran all of these. The function was never triggered, confirming that it was very unlikely this was the vulnerability of interest. I then moved on to GreAnimatePalette. When you trigger the task switch window, it draws a new window onto the screen and moves the “highlight” to the different windows each time you press tab. I thought that, “Sure, that could involve animating a palette”, but I learned from last time and started with trying to trigger the call in WinDbg instead. I found that it was never called in the methods that I was looking at so I didn’t spend too long and moved on. NARROWING IT DOWN TO xxxNextWindow and xxxKeyEvent After these couple of false starts, I decided to change my process. Instead of starting with the functions in the diff, I decided to start at the function named in Kaspersky’s blog: DrawSwitchWndHilite. I searched the cross-references graph to DrawSwitchWndHilite for any functions listed in the diff as having been changed. As shown in the call graph above, xxxNextWindow is two calls above DrawSwitchWndHilite. When I looked at xxxNextWindow, I then saw that xxxNextWindow is only called by xxxKeyEvent and all of the changes in xxxKeyEvent surrounded the call to xxxNextWindow. These appeared to be the only functions in the diff that lead to a call to DrawSwitchWndHilite so I started reversing to understand the changes. REVERSING THE VULNERABILITY I had gotten symbols for the function names in my IDA databases, but for the vast majority of functions, this didn’t include type information. To begin finding type information, I started googling for different function names or variable names. While it didn’t have everything, ReactOS was one of the best resources for finding type information, and most of the structures were already in IDA. For example, when looking at xxxKeyEvent, I saw that in one case, the first argument to xxxNextWindow is gpqForeground. When I googled for gpqForeground, ReactOS showed me that this variable has type tagQ *. Through this, I also realized that Windows uses a convention for naming variables where the type is abbreviated at the beginning of the name. For example: gpqForeground → global, pointer to queue (tagQ *), gptiCurrent → global, pointer to thread info (tagTHREADINFO *). This was important for the modification to xxxNextWindow. There was a single line change between September and December to xxxNextWindow. The change checked a single bit in the structure pointed to by arg1. If that bit is set, the function will exit in the December version. If it’s not set, then the function proceeds, using arg1. Once I knew that the type of the first argument was tagQ *, I used WinDbg and/or IDA to see its structure. The command in WinDbg is dt win32k!tagQ. At this point, I was pretty sure I had found the vulnerability (😉), but I needed to prove it. This involved about a week more of reversing, reading, debugging, wanting to throw my computer out the window, and getting intrigued by potential vulnerabilities that were not this vulnerability. As a side note, for the reversing, I found that the HexRays decompiler was great for general triage and understanding large blocks of code, but for the detailed understanding necessary (at least for me) for writing a proof-of-concept (POC), I mainly used the disassembly view. RESOURCES Here are some of the resources that were critical for me: “Kernel Attacks Through User- Mode Callbacks” Blackhat USA 2011 talk by Tarjei Mandt [slides , video ] I learned about thread locking, assignment locking, and user-mode callbacks. “One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild” by Jack Tang, Trend Micro Security Intelligence [blog ] This was an analysis of a vulnerability also related to xxxNextWindow. This blog helped me ultimately figure out how to trigger xxxNextWindow and some argument types of other functions. “Kernel exploitation – r0 to r3 transitions via KeUserModeCallback” by Mateusz Jurczyk [blog ] This blog helped me figure out how to modify the dispatch table pointer with my own function so that I could execute during the user-mode callback. “Windows Kernel Reference Count Vulnerabilities - Case Study” by Mateusz Jurczyk, Zero Nights 2012 [slides ] “Analyzing local privilege escalations in win32k” by mxatone, Uninformed v10 (10/2008) [article ] P0 Team Members: James Forshaw, Tavis Ormandy, Mateusz Jurczyk, and Ben Hawkes TIMELINE Oct 31 2019: Chrome releases fix for CVE-2019-13720 Dec 10 2019: Microsoft Security Bulletin lists CVE-2019-1458 as exploited in the wild and fixed in the December updates. Dec 10-16 2019: I ask around for a copy of the exploit. No luck! Dec 16 2019: I begin setting up a Windows 7 kernel debugging environment. (And 2 days work on a different project.) Dec 23 2019: VM is set-up. Start patch diffing Dec 24-Jan 2: Holiday Jan 2 - Jan 3: Look at other diffs that weren’t the vulnerability. Try to trigger DrawSwitchWndHilite Jan 6: Realize changes to xxxKeyEvent and xxxNextWindow is the correct change. (Note dear reader, this is not in fact the “correct change”.) Jan 6-Jan16: Figure out how the vulnerability works, go down random rabbit holes, work on POC. Jan 16: Crash POC crashes! Approximately 3 work weeks to set up a test environment, diff patches, and create crash POC. CVE-2019-1458 CVE-2019-1433 ROOT CAUSE ANALYSIS Bug class: use-after-free OVERVIEW The vulnerability is a use-after-free of a tagQ object in xxxNextWindow, freed during a user mode callback. (The xxx prefix on xxxNextWindow means that there is a callback to user-mode.) The function xxxKeyEvent is the only function that calls xxxNextWindow and it calls xxxNextWindow with a pointer to a tagQ object as the first argument. Neither xxxKeyEvent nor xxxNextWindow lock the object to prevent it from being freed during any of the user-mode callbacks in xxxNextWindow. After one of these user-mode callbacks (xxxMoveSwitchWndHilite), xxxNextWindow then uses the pointer to the tagQ object without any verification, causing a use-after free. DETAILED WALK THROUGH This section will walk through the vulnerability on Windows 7. I analyzed the Windows 7 patches instead of Windows 10 as explained above in the process section. The Windows 7 crash POC that I developed is available here . ANALYZED SAMPLES I did the diff and analysis between the September and December 2019 updates of win32k.sys as explained in the “My Process” section. Vulnerable win32k.sys (Sept 2019): 9dafa6efd8c2cfd09b22b5ba2f620fe87e491a698df51dbb18c1343eaac73bcf (SHA-256) Patched win32k.sys (December 2019): b22186945a89967b3c9f1000ac16a472a2f902b84154f4c5028a208c9ef6e102 (SHA-256) OVERVIEW This walk through is broken up into the following sections to describe the vulnerability: Triggering xxxNextWindow Freeing the tagQ (queue) structure User-mode callback xxxMoveSwitchWndHilite Using the freed queue TRIGGERING xxxNextWindow The code path is triggered by a special set of keyboard inputs to open a “Sticky Task Switcher” window. As a side note, I didn’t find a way to manually trigger the code path, only programmatically (not that an individual writing an EoP would need it to be triggered manually). To trigger xxxNextWindow, my proof-of-concept (POC) sends the following keystrokes using the SendInput API: + TAB + TAB release + ALT + CTRL + TAB + release all except ALT extended + TAB. (See triggerNextWindow function in POC). The “normal” way to trigger the task switch window is with ALT + TAB, or ALT+CTRL+TAB for “sticky”. However, this window won’t hit the vulnerable code path, xxxNextWindow. The “normal” task switching window, shown below, looks different from the task switching window displayed when the vulnerable code path is being executed. Shown below is the “normal” task switch window that is displayed when ALT+TAB [+CTRL] are pressed and xxxNextWindow is NOT triggered. The window that is shown when xxxNextWindow is triggered is shown below that. "Normal" task switch window Window that is displayed when xxxNextWindow is called If this is the first “tab press” then the task switch window needs to be drawn on the screen. This code path through xxxNextWindow is not the vulnerable one. The next time you hit TAB, after the window has already been drawn on the screen, when the rectangle should move to the next window, is when the vulnerable code in xxxNextWindow can be reached. FREEING THE QUEUE in xxxNextWindow xxxNextWindow takes a pointer to a queue (tagQ struct) as its first argument. This tagQ structure is the object that we will use after it is freed. We will free the queue in a user-mode callback from the function. At LABEL_106 below (xxxNextWindow+0x847), the queue is used without verifying whether or not it still exists. The only way to reach LABEL_106 in xxxNextWindow is from the branch at xxxNextWindow+0x842. This means that our only option for a user-callback mode is in the function xxxMoveSwitchWndHilite. xxxMoveSwitchWndHilite is responsible for moving the little box within the task switch window that highlights the next window. void __fastcall xxxNextWindow(tagQ *queue, int a2) { [...] V43 = 0; while ( 1 ) { if (gspwndAltTab->fnid & 0x3FFF == 0x2A0 && gspwndAltTab->cbwndExtra + 0x128 == gpsi->mpFnid_serverCBWndProc[6] && gspwndAltTab->bDestroyed == 0 ) v45 = *(switchWndStruct **)(gspwndAltTab + 0x128); else v45 = 0i64; if ( !v45 ) { ThreadUnlock1(); goto LABEL_106; } handleOfNextWindowToHilite = xxxMoveSwitchWndHilite(v8, v45, isShiftPressed2); ← USER MODE CALLBACK if ( v43 ) { if ( v43 == handleOfNextWindowToHilite ) { v48 = 0i64; LABEL_103: ThreadUnlock1(); HMAssignmentLock(&gspwndActivate, v48); if ( !*(_QWORD *)&gspwndActivate ) xxxCancelCoolSwitch(); return; } } else { v43 = handleOfNextWindowToHilite; } tagWndPtrOfNextWindow = HMValidateHandleNoSecure(handleOfNextWindowToHilite, TYPE_WINDOW); if ( tagWndPtrOfNextWindow ) goto LABEL_103; isShiftPressed2 = isShiftPressed; } [...] LABEL_106: v11 = queue->spwndActive; ← USE AFTER FREE if ( v11 || (v11 = queue->ptiKeyboard->rpdesk->pDeskInfo->spwnd->spwndChild) != 0i64 ) { [...] USER-MODE CALLBACK in xxxMoveSwitchWndHilite There are quite a few different user-mode callbacks within xxxMoveSwitchWndHilite. Many of these could work, but the difficulty is picking one that will reliably return to our POC code. I chose the call to xxxSendMessageTimeout in DrawSwitchWndHilite. This call is sending the message to the window that is being highlighted in the task switch window by xxxMoveSwitchWndHilite. Therefore, if we create windows in our POC, we can ensure that our POC will receive this callback. xxxMoveSwitchWndHilite sends message 0x8C which is WM_LPKDRAWSWITCHWND. This is an undocumented message and thus it’s not expected that user applications will respond to this message. Instead, there is a user-mode function that is automatically dispatched by ntdll!KiUserCallbackDispatcher. The user-mode callback for this message is user32!_fnINLPKDRAWSWITCHWND. In order to execute code during this callback, in the POC we hot-patch the PEB.KernelCallbackTable, using the methodology documented here . In the callback, we free the tagQ structure using AttachThreadInput . AttachThreadInput “attaches the input processing mechanism of one thread to that of another thread” and to do this, it destroys the queue of the thread that is being attached to another thread’s input. The two threads then share a single queue. In the callback, we also have to perform the following operations to force execution down the code path that will use the now freed queue: xxxMoveSwitchWndHilite returns the handle of the next window it should highlight. When this handle is passed to HMValidateHandleNoSecure, it needs to return 0. Therefore, in the callback we need to destroy the window that is going to be highlighted. When HMValidateHandleNoSecure returns 0, we’ll loop back to the top of the while loop. Once we’re back at the top of the while loop, in the following code block we need to set v45 to 0. There appear to be two options: fail the check such that you go in the else block or set the extra data in the tagWND struct to 0 using SetWindowLongPtr. The SetWindowLongPtr method doesn’t work because this window is a special system class (fnid == 0x2A0). Therefore, we must fail one of the checks and end up in the else block in order to be in the code path that will allow us to use the freed queue. if (gspwndAltTab->fnid & 0x3FFF == 0x2A0 && gspwndAltTab->cbwndExtra + 0x128 == gpsi->mpFnid_serverCBWndProc[6] && gspwndAltTab->bDestroyed == 0 ) v45 = *(switchWndStruct **)(gspwndAltTab + 0x128); else v45 = 0i64; USING THE FREED QUEUE Once v45 is set to 0, the thread is unlocked and execution proceeds to LABEL_106 (xxxNextWindow + 0x847) where mov r14, [rbp+50h] is executed. rbp is the tagQ pointer so we dereference it and move it into r14. Therefore we now have a use-after-free. WINDOWS 10 CVE-2019-1433 also affected Windows 10 builds. I did not analyze any Windows 10 builds besides 1903. Vulnerable (Oct 2019) win32kfull.sys: c2e7f733e69271019c9e6e02fdb2741c7be79636b92032cc452985cd369c5a2c (SHA-256) Patched (Nov 2019) win32kfull.sys: 15c64411d506707d749aa870a8b845d9f833c5331dfad304da8828a827152a92 (SHA-256) I confirmed that the vulnerability existed on Windows 10 1903 as of the Oct 2019 patch by triggering the use-after-free with Driver Verifier enabled on win32kfull.sys. Below are excerpts from the crash. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except. Typically the address is just plain bad or it is pointing at freed memory. FAULTING_IP: win32kfull!xxxNextWindow+743 ffff89ba`965f553b 4d8bbd80000000 mov r15,qword ptr [r13+80h] # Child-SP RetAddr Call Site 00 ffffa003`81fe5f28 fffff806`800aa422 nt!DbgBreakPointWithStatus 01 ffffa003`81fe5f30 fffff806`800a9b12 nt!KiBugCheckDebugBreak+0x12 02 ffffa003`81fe5f90 fffff806`7ffc2327 nt!KeBugCheck2+0x952 03 ffffa003`81fe6690 fffff806`7ffe4663 nt!KeBugCheckEx+0x107 04 ffffa003`81fe66d0 fffff806`7fe73edf nt!MiSystemFault+0x1d6933 05 ffffa003`81fe67d0 fffff806`7ffd0320 nt!MmAccessFault+0x34f 06 ffffa003`81fe6970 ffff89ba`965f553b nt!KiPageFault+0x360 07 ffffa003`81fe6b00 ffff89ba`965aeb35 win32kfull!xxxNextWindow+0x743 ← UAF 08 ffffa003`81fe6d30 ffff89ba`96b9939f win32kfull!EditionHandleAndPostKeyEvent+0xab005 09 ffffa003`81fe6e10 ffff89ba`96b98c35 win32kbase!ApiSetEditionHandleAndPostKeyEvent+0x15b 0a ffffa003`81fe6ec0 ffff89ba`96baada5 win32kbase!xxxUpdateGlobalsAndSendKeyEvent+0x2d5 0b ffffa003`81fe7000 ffff89ba`96baa7fb win32kbase!xxxKeyEventEx+0x3a5 0c ffffa003`81fe71d0 ffff89ba`964e3f44 win32kbase!xxxProcessKeyEvent+0x1ab 0d ffffa003`81fe7250 ffff89ba`964e339b win32kfull!xxxInternalKeyEventDirect+0x1e4 0e ffffa003`81fe7320 ffff89ba`964e2ccd win32kfull!xxxSendInput+0xc3 0f ffffa003`81fe7390 fffff806`7ffd3b15 win32kfull!NtUserSendInput+0x16d 10 ffffa003`81fe7440 00007ffb`7d0b2084 nt!KiSystemServiceCopyEnd+0x25 11 0000002b`2a5ffba8 00007ff6`a4da1335 win32u!NtUserSendInput+0x14 12 0000002b`2a5ffbb0 00007ffb`7f487bd4 WizardOpium+0x1335 <- My POC 13 0000002b2a5ffc10 00007ffb7f86ced1 KERNEL32!BaseThreadInitThunk+0x14 14 0000002b2a5ffc40 0000000000000000 ntdll!RtlUserThreadStart+0x21 BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202 To trigger the crash, I only had to change two things in the Windows 7 POC: The keystrokes are different to trigger the xxxNextWindow task switch window on Windows 10. I was able to trigger it by smashing CTRL+ALT+TAB while the POC was running (and triggering the normal task switch Window). It is possible to do this programmatically, I just didn’t take the time to code it up. Overwrite index 0x61 instead of 0x57 in the KernelCallbackTable. It took me about 3 hours to get the POC to trigger Driver Verifier on Windows 10 1903 regularly (about every 3rd time it's run). Disassembly at xxxNextWindow+737 in Oct 2019 Update Disassembly at xxxNextWindow+73F in Nov 2019 Update The fix in the November update for Windows 10 1903 is the same as the Windows 7 fix: Add the UnlockQueue function. Add locking around the call to xxxNextWindow. Check the “destroyed” bitflag in the tagQ struct before proceeding to use the queue. FIXING THE VULNERABILITY To patch the CVE-2019-1433 vulnerability, Microsoft changed four functions: xxxNextWindow xxxKeyEvent (Windows 7)/EditionHandleAndPostKeyEvent (Windows 10) zzzDestroyQueue UnlockQueue (new function) Overall, the changes are to prevent the queue structure from being freed and track if something attempted to destroy the queue. The addition of the new function, UnlockQueue, suggests that there were no previous locking mechanisms for queue objects. zzzDestroyQueue Patch The only change to the zzzDestroyQueue function in win32k is that if the refcount on the tagQ structure (tagQ.cLockCount) is greater than 0 (keeping the queue from being freed immediately), then the function now sets a bit in tagQ.QF_flags. zzzDestroyQueue Pre-Patch zzzDestroyQueue Post-Patch xxxNextWindow Patch There is a single change to the xxxNextWindow function as shown by the BinDiff graph below. When execution is about to use the queue again (at what was LABEL_106 in the vulnerable version), a check has been added to see if a bitflag in tagQ.QF_flags is set. The instructions added to xxxNextWindow+0x847 are as follows where rbp is the pointer to the tagQ structure. bt dword ptr [rbp+13Ch], 1Ah jb loc_FFFFF9600017A0C9 If the bit is set, the function exists. If the bit is not set, the function continues and will use the queue. The only place this bit is set is in zzzDestroyQueue. The bit is set when the queue was destroyed, but couldn't be freed immediately because its refcount (tagQ.cLockCount) is greater than 0. Setting the bit is a new change to the code base as described in the section above. xxxKeyEvent (Windows 7)/EditionHandleAndPostKeyEvent (Windows 10) Patch In this section I will simply refer to the function as xxxKeyEvent since Windows 7 was the main platform analyzed. However, the changes are also found in the EditionHandleAndPostKeyEvent function in Windows 10. The change to xxxKeyEvent is to thread lock the queue that is passed as the first argument to xxxNextWindow. Thread locking doesn’t appear to be publicly documented by Microsoft. My understanding comes from Tarjei Mandt’s 2011 Blackhat USA presentation, “Kernel Attacks through User-Mode Callbacks ”. Thread locking is where objects are added to a thread’s lock list, and their ref counter is increased in the process. This prevents them from being freed while they are still locked to the thread. The new function, UnlockQueue, is used to unlock the queue. if ( !queue ) queue = gptiRit->pq; xxxNextWindow(queue, vkey_cp); xxxKeyEvent+92E Pre-Patch if ( !queue ) queue = gptiRit->pq; ++queue->cLockCount; currWin32Thread = (tagTHREADINFO *)PsGetCurrentThreadWin32Thread(v62); threadLockW32 = currWin32Thread->ptlW32; currWin32Thread->ptlW32 = (_TL *)&threadLockW32; queueCp = queue; unlockQueueFnPtr = (void (__fastcall *)(tagQ *))UnlockQueue; xxxNextWindow(queue, vkey_cp); currWin32Thread2 = (tagTHREADINFO *)PsGetCurrentThreadWin32Thread(v64); currWin32Thread2->ptlW32 = threadLockW32; unlockQueueFnPtr(queueCp); xxxKeyEvent+94E Post-Patch CONCLUSION So...I got it wrong. Based on the details provided by Kaspersky in their blog post, I attempted to patch diff the vulnerability in order to do a root cause analysis. It was only based on the feedback from Microsoft (Thanks, Microsoft!) and their guidance to look at the InitFunctionTables method, that I realized I had analyzed a different bug. I analyzed CVE-2019-1433 rather than CVE-2019-1458, the vulnerability exploited in the wild. The real root cause analysis for CVE-2019-1458 was documented by @florek_pl here . If I had patch-diffed November 2019 to December 2019 rather than September to December, then I wouldn’t have analyzed the wrong bug. This seems obvious after the fact, but when just starting out, I thought that maybe Windows 7, being so close to end of life, didn’t get updates every single month. Now I know to not only rely on Windows Update, but also to look for KB articles and that I can download additional updates from the Microsoft Update Catalog. Although this blog post didn’t turn out how I originally planned, I decided to share it in the hopes that it’d encourage others to explore a platform new to them. It’s often not a straight path, but if you’re interested in Windows kernel research, this is how I got started. In addition, I think this was a fun and quite interesting bug! I didn’t initially set out to do a patch diffing exercise on this vulnerability, but I do think that this work gives us another data point to use in disclosure discussions. It took me, someone with reversing, but no Windows experience, three weeks to understand the vulnerability and write a proof-of-concept. While I ended up doing this analysis for a vulnerability other than the one I intended, many attackers are not looking to patch-diff a specific vulnerability, but rather any vulnerability that they could potentially exploit. Therefore, I think that three weeks can be used as an approximate high upper bound since most attackers looking to use this technique will have more experience. API-3: BOOK-GO.COM ​ EQUALS: AA+ COSMETIC BRAND: REVENUE: UNKNOWN, READ NERD'S EMAILS WITH BIGGEST DISTRIBUTOR IN ASIA. TERRITORY: WORLD, WEBSHOPSC | FOCUS: ASIA, CHINA, HONGKONG, JAPAN, SHOPS. API-X: SEMI PRODUCTION: EUROPEAN INGREDIENTS < PACKED&SEALED NERDS FACTORY >BANGKOK. NERD'S PACKING FACTORY IN >BANGKOK,THAILAND,SEA SEND&SHIP: AMAZON UNITED STATES, AMAZON GERMANY, AMAZON FRANCE,AFFILITATE xBORDER BLOCKCHAIN -X ​ A FULL AUTONOMOUS, DECENTRALIZED, MULTI-LAYER HYBRID X-11 CRYPTO NETWORK CONTROLLED BY MASTERNODES ​ xBORDER NET ™ Welcome to xBORDER, The Institute of Coding in JSON, JAVA, PHYTO woaw N, Programming at x BORDER. Ready>? Now the x-BORDER CrowdFund is about to start - Implementing Block-Chain API Intelligent E-Commerce Technologies. Developments of the x BORDER Network Platforms, official Institute the Cloud -X, Cryptos and Encrypted Voting. x-BORDER Crowd-Fund the Blockchains, European Headquarters ASint Olofsteeg 4 1012AK Amsterdam Netherlands. United States Headquarters, xBORDER Sillicon Valley, Wisman Road 171 S Whisman Rd, Mountain View, CA 94041, United States. PROJECT8 PROJECT8 PROJECT8 PROJECT8 PROJECT8 PROJECT8 A P - I X GOOGLE @ NERD BO-X.iO AUTHORIZATION DEBUGGED xborder Welcome to xBORDER, The Institute of Coding in JSON, JAVA, PHYTO woaw N, Programming at x BORDER. Ready>? Now the x-BORDER CrowdFund is about to start - Implementing Block-Chain API Intelligent E-Commerce Technologies. Developments of the x BORDER Network Platforms, official Institute the Cloud -X, Cryptos and Encrypted Voting. x-BORDER Crowd-Fund the Blockchains, European Headquarters ASint Olofsteeg 4 1012AK Amsterdam Netherlands. United States Headquarters, xBORDER Sillicon Valley, Wisman Road 171 S Whisman Rd, Mountain View, CA 94041, United States. XBO-GOBA1 BUG in GOOGLE OATH API April 4, 2020, Amsterdam Netherlands. ​ BUG NAME= XBO-GOBA1 - Google API OATH Authorization Bug, found on 4 April 2020. 6 April 2020, Amsterdam Netherlands. xBORDER NERD BO-X.iO BUG Analysts, # xBORDER Research team found a mayor authorization Bug in the Google Admin Application Softwaremrun on 13.4 OSX, Reset Password DIsabled Full Administrator Access to all underlying Nodes, Domains, and Admins. This Bug can have a serious impact -- it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA" Access. This can be resolved by rewriting the OATH access API in that Application. See pictures for details. ​ This is a config Error that can be used as a gate to full access of ALL google applications. ​ Restore of Original Values are virtually impossible due to WHOIS restrictions on google.domains, CNAME updates are virtually impossible due to non-access. this is a RE-LOOP Bu and could have a major impact. ​ Peter Oldenburger & Friends. # NERD BO-X.iO @ xBORDER ​ ! A NODE { xBORDER } - VOC-X "VALUE: +10 } , VOC-X Crawlers deployed on this Oath bug can leech massive amounts of user data, company data. Google Cases ref: 2-6991000030256 Senior Google Specialists. BUG II: Google API OATH Authorization PART II, GOOGLE DOMAINS BUG. Mayor Bug found on 4 April 2020. 6 April 2020, Amsterdam Netherlands. Our Research team found a mayor Access & Authorization Bug @ Google, Gmail & Domain.google syn are non-compatible. G-mail, Gsuit re-access need CNAME implements, however Google.Domains is not acc. by login, This has mayor impact on Googlists that use the Gsuit & Google domain service. Access is imposible to recover. ​ This Bug can have a serious impact because it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA" Access. This can be resolved by rewriting the OATH access API in that Application oorn Seperating access control in Gsuite/Gmail and Domains. See pictures for details. ​ P.Oldenburger 2020 Amsterdam Netherlands. ​ ​ ! A NODE { xBORDER } - VOC-X "VALUE: +7 } , VOC-X Crawlers deployed on this Oath bug can Open Backdoor into Domain access. ​ Resolved: Google did call me and sent me the link /Domains/Help OMG :P ​ ​ ​ PROJECT 8 BORDER BORDER BORDER PROJECT8 xBORDER INTELLIGENT E-COMMERCE MULTI-LAYERED BLOCK-CHAINS API =X NODE { API } - "VALUE: ​ API-X1=BIOHERBY.COM API-X2=COLLAGENNOW.COM ​ API-X3=BOOK-GO.COM API-X4=HOTEL.APP ​ API-X5=SEXSHOP.APP API-X6=SUPERSHOPPERS.COM ​ { API- X7=XOTE.APP { API-X8=CLOUD-X .APP ​ ​ ​ API-X1: BIOHERBY.COM ​ EQUALS: HERBALIFE REVENUE2018: 5,4BILLION USD TERRITORY: WORLD, IN SHOPS,WEBSHOP,AMAZON API-X: SEMI PRODUCTION: BIOHERBY THAILAND COLTD NERD'S PACKING FACTORY IN >BANGKOK,THAILAND,SEA SEND&SHIP: AMAZON UNITED STATES, AMAZON GERMANY, AMAZON FRANCE ​ ​ ​ I'm a paragraph. Click here to add your own text and edit me. It's easy. ​ KIX CLOUD -X BLOCK -X API-X More xBORDER PLATFORM ∞ WORLDS FIRST MULTI-LAYERED API-INTEL NETWORK xBORDER USA- SILLICON VALLEY - UNITED STATES THE JEDI xBORDER EUROPE xBORDER BLOCKCHAIN -X BLOCKCHX #= NODE { CHX } API =X NODE { API } - "VALUE: ​ API-X1=BIOHERBY.COM API-X2=COLLAGENNOW.COM ​ API-X3=BOOK-GO.COM API-X4=HOTEL.APP ​ API-X5=SEXSHOP.APP API-X6=SUPERSHOPPERS.COM ​ { API- X7=XOTE.APP { API-X8=CLOUD-X .APP ​ ​ ​ API-X1: BIOHERBY.COM ​ EQUALS: HERBALIFE REVENUE2018: 5,4BILLION USD TERRITORY: WORLD, IN SHOPS,WEBSHOP,AMAZON API-X: SEMI PRODUCTION: BIOHERBY THAILAND COLTD NERD'S PACKING FACTORY IN >BANGKOK,THAILAND,SEA SEND&SHIP: AMAZON UNITED STATES, AMAZON GERMANY, AMAZON FRANCE ​ ​ ​ API-X1: COLLAGENNOW.COM ​ EQUALS: AA+ COSMETIC BRAND: REVENUE: UNKNOWN, READ NERD'S EMAILS WITH BIGGEST DISTRIBUTOR IN ASIA. TERRITORY: WORLD, WEBSHOPSC | FOCUS: ASIA, CHINA, HONGKONG, JAPAN, SHOPS. API-X: SEMI PRODUCTION: EUROPEAN INGREDIENTS < PACKED&SEALED NERDS FACTORY >BANGKOK. NERD'S PACKING FACTORY IN >BANGKOK,THAILAND,SEA SEND&SHIP: AMAZON UNITED STATES, AMAZON GERMANY, AMAZON FRANCE,AFFILITATE API-X1: COLLAGENNOW.COM ​ EQUALS: AA+ COSMETIC BRAND: REVENUE: UNKNOWN, READ NERD'S EMAILS WITH BIGGEST DISTRIBUTOR IN ASIA. TERRITORY: WORLD, WEBSHOPSC | FOCUS: ASIA, CHINA, HONGKONG, JAPAN, SHOPS. API-X: SEMI PRODUCTION: EUROPEAN INGREDIENTS < PACKED&SEALED NERDS FACTORY >BANGKOK. NERD'S PACKING FACTORY IN >BANGKOK,THAILAND,SEA SEND&SHIP: AMAZON UNITED STATES, AMAZON GERMANY, AMAZON FRANCE,AFFILITATE XBO = NODE { xBORDER } - "VALUE: CONNECTS XBORDER WITH ROTHSCHILD { CFDs on GOLD / XBO ~ OZ } VOC-X = NODE { VOC } - "VALUE: CONTROLLER | { CONNECTS API-NODES TO THEIR MASTERS } EXPLAINED BLOCKCHAIn BLOCKCHAIn BLOCKCHX BLOCKCHX NODE { CHX } - "XVALUE: TRADER { XBO } - { VOC } - { API } ​ A FULL AUTONOMOUS, DECENTRALIZED, MULTI-LAYER HYBRID X-WITH 5 UNITED STATES PATENTS, READY FOR DEPLOYMENT. BLOCKCHAIN -X WILL PUSH THE LIMITS OF QUANTUM PHYSICS! WE ALREADY HAVE UNIQUE FEATURES IN DEPLOYMENT, LIKE VOTING AND CASTING VOTES, WITHOUT COMPROMISSION! !SUPPORTED, MONITORED AND VERIFIED BY THE DUTCH GOVERNMENT, DEPLOYED FULL OPEN SOURCE AND TRANSPARANT, THESE CHAINS WILL PUSH THE BOUNDRYS OF INVENTIONS. WITH THE RISE OF QUANTUM MECHANICS & QUANTUM COMPUTERS THE BLOCKCHAIN TECHNOLOGY WILL RISE. IMPLEMENTING BLOCKCHAIN ENCODED ARTIFICIAL INTELLIGENCE WILL ROCK THE EVOLUTION OF ROBOTICA, TECHNOGICAL BIOPHYSICS AND CYBERNETICS. ​ ​ THE FUTURE IS NOW ! ​ PETER OLDENBURGER, DEVELOPMENT. ​ NET ™ CROWDFUND Log In VOC-X C H X PROJECT8 Zero Zero Zero PROJECT8 PROJECT8 xBORDER CLOUD-x, institute of block-chain and technology API X TRADER NODE - DISCOVERS & TRADES ™ BLOCKCHX - ENUMMERATOR BY INFINITY xBORDER BLOCK-CHAIN PLATFORM CROWDFUND PRE-RELEASE 2020 ​ XBO { PLATFORM NODES CONTROLLER } XBO CONTROLS VOC-X, API-X, CHX & SAN{DBx}. ​ TOTAL AMOUTH WILL BE SET BEFORE RELEASE, INITIAL VALUE WILL BE SET BEFORE RELEASE, VALUE WILL FOLLOW THE LAW OF KEYNES, XBO OPENS THE MASTER CONTROLLERS, APPRENTICE & JEDI NODES ARE CONFIGURABLE. MASTERSS CONTROLS APPRENTICES & JEDI'S. ​ TOTAL RELEASE TIME APROX 3 / 5 YEAR, INITIAL CROWDFUND ON THE 3 MAYOR TECK PLATFORMS> { USA, LONDON, HK } ​ ​ ​ ​ API-X { CONTROLS E-COMMERCE PLATFORMS } ​ ​ ​ CHX { E-NUMERATOR BY INFINITY } ​ VOC-X { TRADER ​ ​ ​ ​ ​ ​ - Several International Platforms 2049 CHAINED TRANSITIONS THE LEGACY IS ENFOLDING.. PRE-RELEASE 25 DECEMBER 2019, JEDISONLINKEDIN. =XBO ! N26 DEC- 31DEC - CROUNDFUND NETHERLANDS = VOC-X ​ {CHK} 1-JAN31JAN CROUDNFUND USA ​ .. FROM 1 /31 FEB EVENTS IN HK,HK EVENTS IN DUBAI EVENTS IN SAUDIA EVENTS IN SHANGHAI EVENTS IN BEJING ​ MARCH 1: DEPLOYMOPEN, TRANSPARANT & DECENTRALIZED. TRUIJUNE1: d​ ENT OF API-X ​ JUNE1: TRIP TO AFRICA: NERD MADE A OATH TO THE GODS. START THE BUILD OF SCHOOLS IN SOUTH AFRICA. >EDUCATE HIV CHILDREN PROTECT THE ELEPHANT> REPOPULATE, ADJUST DNA> BLESS THE GANNESS,. ​ NEWS VISION VISION AND ON THE 7TH DAY, GOD CREATED LIGHT, PRAISE THE ENLIGHTED, PRAISE THE BUDDHA, PREASE ALL THAT IS GOOD, PRAISE THE HOLY CAT, THE COW AND THE ELEPHANT. THE BLUEPRINT NERD BO-X Project 8 - Chapter 1 : Visions ​ WELCOME TO THE NERD BOX CLOUD -X OFFERS THE HIGHEST PLATFORM SECURITY IN THE WORLD. PARTNERS WITH ACROLIS, LOUD -X OFFERS INDUVIDIALS, ORGANISATIONS AND ENTERPRISES PROTECTION GUARANTEES, THE HIGHEST IN THE WORL YOUR DATA GUARDED & MONITORED BY VOC-X. ​ VOC-X, THE DIGITAL GUARDIAN, IS PROVEN NUMBER 1 SECURE PENETRATE WITH THE HIGHEST STANDARD DATA SRVERS LOCATED THE WORDLS SAFEST DATA HUB IN AMSTERDAM, THE NETHERLANDS. (GOOGLE JUST LOCATED A NEW PARK, OPEN A FREE ACCOUNT FOR 30DAYS TODAY! ​ WE OFFER REALLIVE SYNC, BACKUP, ENCRYTION, VM, AND MANY MORE. ​ ​ WELCOME TO WORLDS MOST SECURE CLOUD SERVICE CLOUD -X OFFERS THE HIGHEST PLATFORM SECURITY IN THE WORLD. PARTNERS WITH ACROLIS, LOUD -X OFFERS INDUVIDIALS, ORGANISATIONS AND ENTERPRISES PROTECTION GUARANTEES, THE HIGHEST IN THE WORL YOUR DATA GUARDED & MONITORED BY VOC-X. ​ VOC-X, THE DIGITAL GUARDIAN, IS PROVEN NUMBER 1 SECURE PENETRATE WITH THE HIGHEST STANDARD DATA SRVERS LOCATED THE WORDLS SAFEST DATA HUB IN AMSTERDAM, THE NETHERLANDS. (GOOGLE JUST LOCATED A NEW PARK, OPEN A FREE ACCOUNT FOR 30DAYS TODAY! ​ WE OFFER REALLIVE SYNC, BACKUP, ENCRYTION, VM, AND MANY MORE. ​

View All