Microsoft vulnerability, Blur Airdrop, Bitboy Fiasco, Build web3 Resume, and much more!

Oct 24, 2022 min read
Microsoft vulnerability, Blur Airdrop, Bitboy Fiasco, Build web3 Resume, and much more!

gm 👋

Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe.

Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.

If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!

Have an awesome week ahead!

Team Cypherock

What we’re covering this week

  1. Microsoft365 vulnerability 🫣
  2. Mazury: Build Web3 professional presence 🧮
  3. Blur airdrop care package 💵
  4. Bitboy 🤬
  5. Updates from Cypherock 💥

Security Digest

Microsoft: Insecure Encryption might be leaking data


Microsoft Office 365 offers a method of sending encrypted messages. It uses a security framework named Office 365 Message Encryption (OME) to let users send and receive encrypted emails between users within and outside the organization while withholding all information about the communications themselves.

Microsoft Office 365 Message Encryption (OME) utilizes Electronic Codebook (ECB) for cryptographically encrypting the communication.

In a recent report published by Withsecure, a Finnish cybersecurity firm. The firm reported that this framework is generally insecure and can leak information about the structure of the messages sent. This report comes after U.S. National Institute of Standards and Technology earlier pointed out “ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal.”

That being said, the vulnerability does not arise from decryption from a single message but rather from analyzing a store of a large amount of stolen encrypted messages. “An attacker with a large database of messages may infer their content (or parts of it) by analyzing relative locations of repeated sections of the intercepted messages,” the company said.

This is a known threat model known as ’ Hack now, decrypt later’ where attackers can use old leached-out encrypted messages in order to fuel their attacks in the future.

While the thread can be contained by switching to Quantum-resistant algorithms, Withsecure states “Microsoft has no plans to fix this vulnerability the only mitigation is to avoid using Microsoft Office 365 Message Encryption”

Users can protect themselves by editing their old mail flow rules to the rule action that use apply the previous version of OME to use Microsoft Purview Message Encryption, as recommended by Redmond notes in its documentation.

Dapp News

Mazury: Build Web3 Professional Presence


Mazury is an on-chain resume builder that helps companies find the talent that they need by indexing over 1.1m Ethereum addresses and verifying resume credentials. The platform brings the user’s professional reputation on-chain, letting the user create their web3 professional profile in seconds. On Mazury, you can display your contributions across projects to get jobs in the coolest startups and DAOs. The platform features a competence-based reputation system, to have an on-chain mechanism for builders and talent to get together and build.

Twitter Tales

In the midst of big Aptos airdrop crazy, BLUR announces it’s care package for everyone who stuck around in the bear market. Go check if you traded any NFTs in this bear market.

Check out the thread here.

Reddit Reads

Discussions around Bitboy rant is going strong in the Reddit crypto community. Community yet to decide if if what he says matters or not.

Why do we pay attention to losers like bitboy? from r/CryptoCurrency

Updates from Cypherock

Is Your Crypto Safe? Take the Cypherock Quiz and find out!

Is your crypto safe

Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!

Here’s some alpha 🚀

Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!

Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 10% off on their purchase and you make $25 per sale!

Sign up to become a Cypherock Affiliate!

Have questions regarding our product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.