Sunday, 5 June 2022

SEO

What Is SEO?

SEO stands for search engine optimization, which is a set of practices designed to improve the appearance and positioning of web pages in organic search results. Because organic search is the most prominent way for people to discover and access online content, a good SEO strategy is essential for improving the quality and quantity of traffic to your website.

Why is SEO important?

Organic search results:
The unpaid listings on a search engine results page (SERP) that the search engine has determined are most relevant to the user’s query. Ads (in this context, PPC Or Pay-per-click ads) make up a significant portion of many SERPs. Organic search results are distinct from these ads in that they are positioned based on the search engine’s organic ranking algorithms rather than advertiser bids. You can’t pay for your page to rank higher in organic search results.

Quality of organic traffic:
How relevant the user and their search query are to the content that exists on your website. You can attract all the visitors in the world, but if they're coming to your site because Google tells them you're a resource for Apple computers when really you're a farmer selling apples, those visitors are likely to leave your site without completing any conversions. High-quality traffic includes only visitors who are genuinely interested in the products, information, or other resources your site offers. High-quality SEO capitalizes on the search engine’s effort to match a user’s search intent to the web pages listed in the SERP.

Quantity of organic traffic:
The number of users who reach your site via organic search results. Users are far more likely to click on search results that appear near the top of the SERP, which is why it’s important to use your SEO strategy to rank relevant pages as high as you can. The more high-quality visitors you attract to your site, the more likely you are to see an increase in valuable conversions.

Seo Work

Search engines like Google and Bing use crawlers, sometimes also called bots or spiders, to gather information about all the content they can find on the internet. The crawler starts from a known web page and follows internal links to pages within that site as well as external links to pages on other sites. The content on those pages, plus the context of the links it followed, helps the crawler understand what each page is about and how it’s semantically connected to all of the other pages within the search engine’s massive database, called an index. When a user types or speaks a query into the search box, the search engine uses complex algorithms to pull out what it believes to be the most accurate and useful list of results for that query. These organic results can include web pages full of text, news articles, images, videos, local business listings, and other more niche types of content.

There are a lot of factors that go into the search engines’ algorithms, and those factors are evolving all the time to keep up with changing user behavior and advances in machine learning. 

SEOs use their understanding of these ranking factors to develop and implement search marketing strategies that include a balance of on-page off-page and technical best practices. An organization that hopes to earn and maintain high SERP rankings and, as a result, lots of high-quality user traffic, should employ a strategy that prioritizes user experience, employs non-manipulative ranking tactics, and evolves alongside search engines’ and users’ changing behaviors.




    Friday, 3 June 2022

    Google Keyword Planner

    Keyword Tool is free online keyword research instrument that uses google autocomplete to generate hundreds of relevant long-tail keywords for any topic.

    Google Autocomplete is a feature used in Google Search. Its purpose is to speed up the searches performed by users on Google.The search terms suggested by Google Autocomplete are selected based on many different factors. One of them is how often users were searching for a particular search term in the past. Keyword Tool helps you employ google suggest for keyword research. It extracts Google keyword suggestions and presents it to you in an easy-to-understand interface.

    To generate long-tail keyword suggestions, Keyword Tool prepends and appends the search term which you specify with different letters and numbers, places it into the Google search box and pulls out keyword suggestions. Best part, all of it happens in a split of a second!

    Using Keyword Tool, you can choose a specific Google domain out of 192 supported domains and one out of 83 languages that will be used to produce keyword suggestions.The free version of Keyword Tool can generate up to 750+ keywords from Google autocomplete in seconds.The advanced version of Keyword Tool, Keyword Tool Pro, provides on average two times more keywords in comparison to the free version and offers a handful of other useful features. You can find more information about keyword tools you can quickly find and analyze thousands of relevant long-tail keywords with free or paid versions of Keyword Tool and use them for content creation, search engine optimization, pay-per-click advertising, or other marketing activities.


    There are few places on the web where you can find keywords that people type in the Google search box. One of the most popular sources of this information is google keyword planner.

    Unfortunately, data presented by Google Keyword Planner is meant to be used for paid advertising inside the Google Ads platform. The keywords that you will find with this tool might be too generic and not very descriptive. In other words, barely useful for content marketing, blogging, or SEO. Keyword Tool does not use Google Keyword Planner to generate keyword ideas. We find keywords that people search for on Google using a different source - Google Autocomplete. Google Autocomplete, the source of data employed by Keyword Tool, was created by Google to make the search experience for people easier and faster.

    Basically, Google shows the autocomplete suggestions whenever you start typing anything into the Google search box. It is in Google's best interest to show the most relevant keywords in the autocomplete suggestions. Keywords that would help Google to retrieve the most relevant websites and help users find the most relevant content for their search query.


    Keyword Planner - is a tool created for advertisers and is not meant for content creation or SEO. Yes, it does contain valuable data about keywords such as competition, suggested bids, average monthly searches, etc.But, at the same time, it will hide profitable long tail keywords with thousands of monthly searches that can be used to create content for your website. Some digital marketing professionals think that it is done on purpose and helps Google to increase the competition and cost-per-click for a limited number of keywords.

    Keyword Tool is the best alternative to Google Keyword Planner for content marketing and SEO as it does not hide popular keywords that can be used to create content for your website.


    Keyword Tool For SEO And Content Creation

    If you want your website to get traffic from Google or other search engines, you need to make sure that it contains content created around the right keywords. What this means is that you should be utilizing words that your potential audience is already using while looking for similar content, products or services online.The best way to discover these keywords, as it was proven by thousands of thriving websites and online businesses, is to use keywords from Google search suggestions as a base to create content for your website.

    By creating content around the popular keywords that your audience is using to find information online, you are already giving great value to your website visitors. In return, Google will reward your web property with higher rankings which entails a traffic increase.


    If you are running pay-per-click (PPC) advertising campaigns and target your ads based on keywords that users type in Google, you know how important it is to select the right keywords for your campaigns.

    The relevant keywords that you target with your ads will bring the right audience to your website. Showing your ads to people that type relevant keywords will result in higher click-through rate (CTR), lower cost-per-click (CPC), and higher conversion rates for your business. As a result, you will spend less money on advertising and generate a better return on investment.

    Moody's changes Pakistan's outlook to negative from stable; affirms B3 rating

    Singapore, June 02, 2022 -- Moody's Investors Service ("Moody's")  has today affirmed the Government of Pakistan's B3 local and foreign currency issuer and senior unsecured debt ratings, the (P)B3 senior unsecured MTN programme rating, and changed the outlook to negative from stable.  The decision to change the outlook to negative is driven by Pakistan's heightened external vulnerability risk and uncertainty around the sovereign's ability to secure additional external financing to meet its needs. Moody's assesses that Pakistan's external vulnerability risk has been amplified by rising inflation, which puts downward pressure on the current account, the currency and – already thin – foreign exchange reserves, especially in the context of heightened political and social risk. Pakistan's weak institutions and governance strength adds uncertainty around the future direction of macroeconomic policy, including whether the country will complete the current IMF Extended Fund Facility (EFF) program and maintain a credible policy path that supports further financing.

    The decision to affirm the B3 rating reflects Moody's assumption that, notwithstanding the downside risks mentioned above, Pakistan will conclude the seventh review under the IMF EFF programme by the second half of this calendar year, and will maintain its engagement with the IMF, leading to additional financing from other bilateral and multilateral partners. In this case, Moody's assesses that Pakistan will be able to close its financing gap for the next couple of years. The B3 rating also incorporates Moody's assessment of the scale of Pakistan's economy and robust growth potential, which will provide the economy with some capacity to absorb shocks. These credit strengths are balanced against Pakistan's fragile external payments position, weak governance and very weak fiscal strength, including very weak debt affordability.

    The B3 rating affirmation also applies to the backed foreign currency senior unsecured ratings for The Third Pakistan International Sukuk Co Ltd and The Pakistan Global Sukuk Programme Co Ltd. The associated payment obligations are, in Moody's view, direct obligations of the Government of Pakistan.

    Concurrent to today's action, Pakistan's local and foreign currency country ceilings have been lowered to B1 and B3, from Ba3 and B2, respectively. The two-notch gap between the local currency ceiling and sovereign rating is driven by the government's relatively large footprint in the economy, weak institutions, and relatively high political and external vulnerability risk.  The two-notch gap between the foreign currency ceiling and the local currency ceiling reflects incomplete capital account convertibility and relatively weak policy effectiveness, which point to material transfer and convertibility risks notwithstanding moderate external debt.              


    RATINGS RATIONALE

    RATIONALE FOR THE CHANGE IN OUTLOOK TO NEGATIVE FROM STABLE

    HIGHER EXTERNAL VULNERABILITY RISK TO PERSIST DUE TO UNCERTAINTY AROUND ADDITIONAL EXTERNAL FINANCING

    Moody's expects Pakistan's current account to remain under significant pressure, on the back of elevated global commodity prices through 2022 and 2023. Pakistan's current account deficit has widened to a cumulative $13.8 billion since the start of the current fiscal year in July 2021 up until April 2022, compared to a deficit of $543 million in the same period a year earlier. In the absence of an equivalent inflow in the financial account, the rapid widening of the current account deficit has led to a large drawdown of the foreign exchange reserves. According to data from the IMF, Pakistan's foreign exchange reserves have declined to $9.7 billion at the end of April 2022, which is sufficient to cover less than two months of imports. This compares with the $18.9 billion of reserves at the end of July 2021.

    Moody's projects the current account deficit to come in at 4.5-5% of GDP for fiscal 2022 (ending June 2022), slightly wider than the government's expectations. As global commodity prices decline gradually in 2023 and as domestic demand moderates, Moody's expects the current account deficit to narrow to 3.5-4% of GDP. Moody's current account deficit forecasts are higher than previous (early February 2022) projections of 4% and 3% for fiscal 2022 and 2023, respectively.

    The larger current account deficits underscore the need for Pakistan to secure additional external financing, especially given its very low foreign exchange reserves. Pakistan is in negotiations with the IMF on the seventh review of the EFF programme. Moody's expects Pakistan to successfully conclude the review by the second half of the year, with the associated IMF financing to be disbursed then. Conclusion of the seventh review, and further engagement with the IMF, will also help Pakistan secure financing from other bilateral and multilateral partners. In this scenario, Moody's expects Pakistan to be able to fully meet its external obligations for the next couple of years.

    However, Moody's assesses that the balance of risks is on the downside. An agreement with IMF could take longer than expected, as the government may find it difficult to reduce fuel and power subsidies given rising inflation. Recent moves by the government to raise fuel prices signal its commitment to addressing issues raised by the IMF. Still, political and social challenges will complicate the government's efforts to agree on and implement further reforms, such as revenue raising reforms. While not Moody's baseline scenario, if Pakistan is unable to secure additional financing later this year, foreign exchange reserves will continue to be drawn down from already very low levels, increasing the risk of a balance of payments crisis.

    HEIGHTENED POLITICAL RISK CHALLENGES THE STABILITY AND PREDICTABILITY OF POLICYMAKING

    As mentioned above, Pakistan's rising external vulnerability risk has been amplified by rising inflation, particularly in the context of heightened political and social risks. In April 2022, inflation reached 13.4% year-on-year, with particularly high inflation in food and energy which account for a very large share of the most vulnerable households' budgets.

    Moody's assesses that political uncertainty in Pakistan remains high, even after the new government has been installed. The new ruling coalition comprises of multiple political parties with divergent interests, which is likely to make the enactment of any legislation difficult, including those related to reforms under the IMF EFF programme. Moreover, the next elections are due by the middle of 2023. In Moody's view, political parties will find it difficult to continually enact significant revenue-raising measures in the run-up to the elections, especially in a high inflation environment.

    Rising interest rates are also likely to increasingly constrain the government's policy choices, especially since interest payments already absorb more than 40% of revenue.

    Meanwhile, domestic political risk has also risen with a higher frequency of terrorist attacks over the last year. According to the Pak Institute for Peace Studies think-tank, the number of terrorist attacks increase 42% in 2021 compared to a year ago. More frequent terrorist attacks add to safety concerns, which may increase social risks, as well as constrain business conditions and limit investment.

    Moody's assesses that there is a material probability of a recurrence in domestic political stress that will impinge on the effectiveness of policymaking and the government's ability to implement timely economic reforms aimed at achieving macroeconomic stability.

    RATIONALE FOR THE AFFRIMATION OF THE B3 RATING

    The affirmation of the B3 rating reflects Moody's assumption that Pakistan will secure external financing, including through the conclusion of the seventh review and subsequent reviews under the IMF EFF programme and avoid a balance of payment crisis.

    Pakistan's B3 rating also reflects Moody's assessment that the country's large size and robust potential growth provides it with some capacity to absorb economic shocks. Pakistan's potential growth of about 5% in part reflects the country's favourable demographics with its sizable under-30 population. Nonetheless, Pakistan's potential growth is constrained by structural challenges, including weak governance and weak competitiveness.

    Pakistan, like many of its South Asian neighbours, is vulnerable to environmental risks. Pakistan drains a significant portion of its scarce fresh water resources every year and has a large share of its population exposed to unsafe drinking water. The country is also exposed to extreme weather events, such as heat waves and floods, which can create negative economic and social costs.

    Moody's projects Pakistan's real GDP growth to slow to 4.2% in fiscal 2023, moderately lower than the government's projections. This compares with growth of 6.0% in fiscal 2022. The moderation in economic activity reflects the drag on domestic demand from rising inflation and a tightening in monetary policy by the State Bank of Pakistan. Moody's expects Pakistan's real GDP to pick up gradually reaching 4.5-5% over fiscal 2024 and 2025.

    Meanwhile, Pakistan's fiscal strength is very weak, a long-standing feature of the sovereign's credit profile. Moody's expects fiscal consolidation to stall ahead of the next general elections. Moody's projects Pakistan's government debt to stabilise at around 70% of GDP for fiscal 2022 and 2023, higher than the median of 63% for B-rated sovereigns. Meanwhile, given a very narrow revenue base, Pakistan's government debt as a share of revenue is very high at around 560% in fiscal 2021. Moody's expects this ratio to remain elevated at 550-590% over fiscal 2022 to 2024, well above the 290% for the median B-rated sovereign. As mentioned, the sovereign also has very weak debt affordability – one of the weakest among Moody's rated sovereigns.

    ENVIRONMENTAL, SOCIAL AND GOVERNANCE CONSIDERATIONS

    Pakistan's ESG credit impact score is Highly Negative (CIS-4), reflecting its high exposure to environmental and social risks, as well as its weak governance profile. Relatively weak institutions and very weak fiscal strength constrain the government's capacity to address ESG risks.

    Exposure to environmental risk is Highly Negative (E-4 issuer profile score) because of Pakistan's vulnerability to climate change and the limited supply of clean, fresh and safe water. Pakistan drains a significant proportion of its scarce fresh water resources every year, and a large share of its population is exposed to unsafe drinking water. Water utility services tend to be intermittent, because of high leakage levels, limited supply and insufficient access to power. The inadequate quality of drinking water has health and economic consequences for Pakistan, such as contributing to stunting which undermines human capital.  With varied climates across the nation, Pakistan is significantly exposed to extreme weather events, including tropical cyclones, drought, floods and extreme temperatures. In particular, the magnitude and dispersion of seasonal monsoon rainfall influence agricultural sector growth and rural household consumption. Agriculture accounts for around 20% of GDP and exports, and nearly 40% of total employment. Overall, around 70% of the entire population live in rural areas. As a result, both droughts and floods can create economic, fiscal and social costs for the sovereign.

    Exposure to social risk is Highly Negative (S-4 issuer profile score), driven by safety concerns that have limited investment and diversification opportunities. Very low incomes as well as limited access to quality healthcare, basic services, housing and education, especially in rural areas, are also important social issues. In addition, rising inflation has also led to higher social tensions as cost of living increases. That said, the government has taken steps to reduce poverty and inequality, strengthening social safety nets, and promoting human capital as key priorities through its expansive 'Ehsaas' programme (national poverty alleviation programme), although effects will take time to materialise and are limited by still weak institutions and governance.

    Pakistan's governance risk exposure is Highly Negative (G-4 issuer profile score). International surveys of various indicators of governance, while showing some early signs of improvement, continue to point to weak rule of law and control of corruption, as well as limited government effectiveness. The score also takes into account Pakistan's efforts in improving its macroeconomic policy effectiveness in recent years. For example, the government has amended the State Bank of Pakistan Act to strengthen the independence of the central bank and restrict the central bank from extending credit to the government.

    GDP per capita (PPP basis, US$): 5,541 (2020 Actual) (also known as Per Capita Income)

    Real GDP growth (% change): -0.9% (2020 Actual) (also known as GDP Growth)

    Inflation Rate (CPI, % change Dec/Dec): 8.6% (2020 Actual)

    Gen. Gov. Financial Balance/GDP: -7% (2020 Actual) (also known as Fiscal Balance)

    Current Account Balance/GDP: -1.5% (2020 Actual) (also known as External Balance)

    External debt/GDP: 37.6% (2020 Actual)

    Economic resiliency: ba2

    Default history: At least one default event (on bonds and/or loans) has been recorded since 1983.

    On 30 May 2022, a rating committee was called to discuss the rating of Pakistan, Government of. The main points raised during the discussion were: The issuer's economic fundamentals, including its economic strength, have not materially changed. The issuer's institutions and governance strength, have not materially changed. The issuer's fiscal or financial strength, including its debt profile, has not materially changed. The issuer has become increasingly susceptible to event risks.

    FACTORS THAT COULD LEAD TO AN UPGRADE OR DOWNGRADE OF THE RATINGS

    FACTORS THAT COULD LEAD TO AN UPGRADE

    The negative outlook signals that a rating upgrade is unlikely over the near term. The outlook would likely be changed to stable if Pakistan's external vulnerability risks decreased materially and durably. This could come from access to material external financing that significantly raises foreign exchange reserves, potentially upon successful completion of the current IMF External Fund Facility programme, with credible commitment from the government to follow through the implementation of economic reforms. A resumption of fiscal consolidation, including through implementing revenue-raising measures, pointing to a meaningful improvement in debt affordability would also be credit positive.

    FACTORS THAT COULD LEAD TO A DOWNGRADE

    The rating would likely be downgraded if there were a further deterioration in Pakistan's external position that would threaten the government's external repayment capacity and balance of payments stability. This could come from protracted negotiations with the IMF, resulting in delays in securing additional financing from IMF or other sources beyond this year. Expectations that the government debt would rise markedly, with a related deterioration in debt affordability from already weak level, would also put downward pressure on the rating. Finally, an increase in social and political risk that disrupted policymaking and undermined Pakistan's ability to secure financing would also be negative for the rating.

    The principal methodology used in these ratings was Sovereign Ratings Methodology published in November 2019 and available at https://ratings.moodys.com/api/rmc-documents/63168. Alternatively, please see the Rating Methodologies page on https://ratings.moodys.com for a copy of this methodology.

    The weighting of all rating factors is described in the methodology used in this credit rating action, if applicable.

    REGULATORY DISCLOSURES

    The List of Affected Credit Ratings announced here are a mix of solicited and unsolicited credit ratings. For additional information, please refer to Moody's Policy for Designating and Assigning Unsolicited Credit Ratings available on its website https://ratings.moodys.com. Additionally, the List of Affected Credit Ratings includes additional disclosures that vary with regard to some of the ratings.  Please click on this link https://www.moodys.com/viewresearchdoc.aspx?docid=PBC_ARFTL466304 for the List of Affected Credit Ratings. This list is an integral part of this Press Release and provides, for each of the credit ratings covered, Moody's disclosures on the following items:

    • Rating Solicitation

    • Issuer Participation

    • Participation: Access to Management

    • Participation: Access to Internal Documents

    • Endorsement

    • Lead Analyst

    • Releasing Office


    For further specification of Moody's key rating assumptions and sensitivity analysis, see the sections Methodology Assumptions and Sensitivity to Assumptions in the disclosure form. Moody's Rating Symbols and Definitions can be found on https://ratings.moodys.com/rating-definitions.

    For ratings issued on a program, series, category/class of debt or security this announcement provides certain regulatory disclosures in relation to each rating of a subsequently issued bond or note of the same series, category/class of debt, security or pursuant to a program for which the ratings are derived exclusively from existing ratings in accordance with Moody's rating practices. For ratings issued on a support provider, this announcement provides certain regulatory disclosures in relation to the credit rating action on the support provider and in relation to each particular credit rating action for securities that derive their credit ratings from the support provider's credit rating. For provisional ratings, this announcement provides certain regulatory disclosures in relation to the provisional rating assigned, and in relation to a definitive rating that may be assigned subsequent to the final issuance of the debt, in each case where the transaction structure and terms have not changed prior to the assignment of the definitive rating in a manner that would have affected the rating.  For further information please see the issuer/deal page for the respective issuer on https://ratings.moodys.com.

    For any affected securities or rated entities receiving direct credit support from the primary entity(ies) of this credit rating action, and whose ratings may change as a result of this credit rating action, the associated regulatory disclosures will be those of  the guarantor entity.  Exceptions to this approach exist for the following disclosures, if applicable to jurisdiction: Ancillary Services, Disclosure to rated entity, Disclosure from rated entity.

    The ratings have been disclosed to the rated entity or its designated agent(s) and issued with no amendment resulting from that disclosure.

    Regulatory disclosures contained in this press release apply to the credit rating and, if applicable, the related rating outlook or rating review.

    Moody's general principles for assessing environmental, social and governance (ESG) risks in our credit analysis can be found at https://ratings.moodys.com/documents/PBC_1288235.

    At least one ESG consideration was material to the credit rating action(s) announced and described above.

    Please see https://ratings.moodys.com for any updates on changes to the lead rating analyst and to the Moody's legal entity that has issued the rating.




    Thursday, 2 June 2022

    Cryptocurrency

    Cryptocurrency is decentralized digital money that’s based on blockchain technology. You may be familiar with the most popular versions, Bitcoin and Ethereum, but there are more than 5,000 different cryptocurrencies in circulation.

    A cryptocurrency is a medium of exchange that is digital, encrypted, and decentralized. Unlike the U.S. Dollar or the Euro, there is no central authority that manages and maintains the value of a cryptocurrency. Instead, these tasks are broadly distributed among a cryptocurrency’s users via the internet.You can use crypto to buy regular goods and services, although most people invest in cryptocurrencies as they would in other assets, like stocks or precious metals. While cryptocurrency is a novel and exciting asset class, purchasing it can be risky as you must take on a fair amount of research to fully understand how each system works.

    Bitcoin was the first cryptocurrency, first outlined in principle by Satoshi Nakamoto in a 2008 paper titled “Bitcoin A peer-to-peer electronic cash system.” Nakamoto described the project as “an electronic payment system based on cryptographic proof instead of trust.”That cryptographic proof comes in the form of transactions that are verified and recorded on a blockchain.

    Blockchain

    A blockchain is an open, distributed ledger that records transactions in code. In practice, it’s a little like a checkbook that’s distributed across countless computers around the world. Transactions are recorded in “blocks” that are then linked together on a “chain” of previous cryptocurrency transactions.

    “Imagine a book where you write down everything you spend money on each day,” says Buchi Okoro, CEO, and co-founder of African cryptocurrency exchange Quidax. “Each page is similar to a block, and the entire book, a group of pages, is a blockchain.”With a blockchain, everyone who uses a cryptocurrency has their own copy of this book to create a unified transaction record. The software logs each new transaction as it happens, and every copy of the blockchain is updated simultaneously with the new information, keeping all records identical and accurate. To prevent fraud, each transaction is checked using one of two main validation techniques: proof of work or proof of stake.

    Proof of work and proof of stake are two different validation techniques used to verify transactions before they’re added to a blockchain that rewards verifiers with more cryptocurrency. Cryptocurrencies typically use either proof of work or proof of stake to verify transactions.

    Proof of Work

    “Proof of work is a method of verifying transactions on a blockchain in which an algorithm provides a mathematical problem that computers race to solve,” says Simon Oxenham, social media manager at Xcoins.com.Each participating computer, often referred to as a “miner,” solves a mathematical puzzle that helps verify a group of transactions—referred to as a block—then adds them to the blockchain ledger. The first computer to do so successfully is rewarded with a small amount of cryptocurrency for its efforts.

    This race to solve blockchain puzzles can require an intense amount of computer power and electricity. In practice, that means the miners might barely break even with the crypto they receive for validating transactions, after considering the costs of power and computing resources.

    To reduce the amount of power necessary to check transactions, some cryptocurrencies use a proof of stake verification method. With proof of stake, the number of transactions each person can verify is limited by the amount of cryptocurrency they’re willing to “stake,” or temporarily lock up in a communal safe, for the chance to participate in the process. “It’s almost like bank collateral,” says Okoro. Each person who stakes crypto is eligible to verify transactions, but the odds you’ll be chosen to do so increase with the amount you front.“Because proof of stake removes energy-intensive equation solving, it’s much more efficient than proof of work, allowing for faster verification/confirmation times for transactions,” says Anton Altement, CEO of Osom Finance. If a stake owner (sometimes called a validator) is chosen to validate a new group of transactions, they’ll be rewarded with cryptocurrency, potentially in the number of aggregate transaction fees from the block of transactions. To discourage fraud, if you are chosen and verify invalid transactions, you forfeit a part of what you staked.

    Role of Consensus in Crypto

    Both proofs of stake and proof of work rely on consensus mechanisms to verify transactions. This means while each uses individual users to verify transactions, each verified transaction must be checked and approved by the majority of ledger holders. For example, a hacker couldn’t alter the blockchain ledger unless they successfully got at least 51% of the ledgers to match their fraudulent version. The amount of resources necessary to do this makes fraud unlikely.


    Mining is how new units of cryptocurrency are released into the world, generally in exchange for validating transactions. While it’s theoretically possible for the average person to mine cryptocurrency, it’s increasingly difficult in proof of work systems, like Bitcoin.

    “As the Bitcoin network grows, it gets more complicated, and more processing power is required,” says Spencer Montgomery, founder of Uinta Crypto Consulting. “The average consumer used to be able to do this, but now it’s just too expensive. There are too many people who have optimized their equipment and technology to outcompete.”And remember: Proof of work cryptocurrencies require huge amounts of energy to mine. It’s estimated that 0.21% of all of the world’s electricity goes to powering Bitcoin farms. That’s roughly the same amount of power Switzerland uses in a year. It’s estimated most Bitcoin miners end up using 60% to 80% of what they earn from mining to cover electricity costs. While it’s impractical for the average person to earn crypto by mining in a proof of work system, the proof of stake model requires less in the way of high-powered computing as validators are chosen at random based on the amount they stake. It does, however, require that you already own a cryptocurrency to participate. (If you have no crypto, you have nothing to stake.

    Use Cryptocurrency 

    You can use cryptocurrency to make purchases, but it’s not a form of payment with mainstream acceptance quite yet. A handful of online retailers like overstock.com accept Bitcoin, but it’s far from the norm.

    Until crypto is more widely accepted, you can work around current limitations by exchanging cryptocurrency for gift cards. At eGifter, for instance, you can use Bitcoin to buy gift cards for Dunkin Donuts, Target, Apple, and select other retailers and restaurants. You may also be able to load cryptocurrency to a debit card to make purchases. In the U.S., you can sign up for the BitPay card, a debit card that converts crypto assets into dollars for purchase, but there are fees involved to order the card and use it for ATM withdrawals, for example. You may also use crypto as an alternative investment option outside of stocks and bonds. “The best-known crypto, Bitcoin, is a secure, decentralized currency that has become a store of value like gold,” says David Zeiler, a cryptocurrency expert and associate editor for financial news site Money Morning. “Some people even refer to it as ‘digital gold.’”

    Secure purchasing

    Using crypto to securely make purchases depends on what you’re trying to buy. If you’d like to spend cryptocurrency at a retailer that doesn’t accept it directly, you can use a cryptocurrency debit card, like Bitpay, in the U.S.If you’re trying to pay a person or retailer who accepts cryptocurrency, you’ll need a cryptocurrency wallet, which is a software program that interacts with the blockchain and allows users to send and receive cryptocurrency. To transfer money from your wallet, you can scan the QR code of your recipient or enter their wallet address manually. Some services make this easier by allowing you to enter a phone number or select a contact from your phone. Keep in mind that transactions are not instantaneous as they must be validated using proof of work or proof of stake. Depending on the cryptocurrency, this may take between 10 minutes and two hours.

    This lag time, though, is part of what makes crypto transactions secure. “A bad actor trying to alter a transaction won’t have the proper software ‘keys,’ which means the network will reject the transaction. The network also polices and prevents double spending,” Zeiler says.

    Invest In Cryptocurrency

    Cryptocurrency can be purchased on peer-to-peer networks and Cryptocurrency exchanges, such as Coinbase and Bitfinex. Keep an eye out for fees, though, as some of these exchanges charge what can be prohibitively high costs on small crypto purchases. Coinbase, for instance, charges a fee of 0.5% of your purchase plus a flat fee of $0.99 to $2.99 depending on the size of your transaction. Some brokerage platforms—like Robinhood, Webull, and eToro—let you invest in crypto. They offer the ability to trade some of the most popular cryptocurrencies, including Bitcoin, Ethereum, and Dogecoin, but they may also have limitations, including the inability to move crypto purchases off their platforms.

    “It was once fairly difficult but now it’s relatively easy, even for crypto novices,” Zeiler says. “An exchange like Coinbase caters to non-technical folks. It’s very easy to set up an account there and link it to a bank account.”

    It’s best to keep in mind that buying individual cryptocurrencies is a little like buying individual stocks. Rather than buying only security, it's better to spread your purchases out over many different options. If you want exposure to the crypto market, you might invest in individual stocks of crypto companies. “There are also a few Bitcoin mining stocks such as Hive Blockchain (HIVE),” says Zeiler. “If you want some crypto exposure with less risk, you can invest in big companies that are adopting blockchain technology, such as IBM, Bank of America, and Microsoft.”


    Experts hold mixed opinions about investing in cryptocurrency. Because crypto is a highly speculative investment, with the potential for intense price swings, some financial advisors don’t recommend people invest at all.

    For example, Bitcoin nearly quadrupled in value over the course of 2020, closing out the year above $28,900. By April 2021, the price of BTC had more than doubled from where it started the year, but all those gains had been lost by July. Then BTC more than doubled again, hitting an intraday high above $68,990 on November 10, 2021—and then dropped to around $46,000 at the end of 2021. As you can see, cryptocurrencies can be very volatile.

    That’s why Peter Palion, a certified financial planner CEP in East Norwich, N.Y., thinks it’s safer to stick to the currency that’s backed by a government, like the U.S. dollar.“If you have the U.S. dollar in your cash reserves, you know you can pay your mortgage, you can pay your electricity bill,” Palion says. “When you look at the last 12 months, Bitcoin looks basically like my last EKG, and the U.S. dollar index is more or less a flat line. Something that drops by 50% is not suitable for anything but speculation.”

    That said, for clients who are specifically interested in cryptocurrency, CFP Ian Harvey helps them put some money into it. “The weight in a client’s portfolio should be large enough to feel meaningful while not derailing their long-term plan should the investment go to zero,” says Harvey. As for how much to invest, Harvey talks to investors about what percentage of their portfolio they’re willing to lose if the investment goes south. “It could be 1% to 5%, it could be 10%,” he says. “It depends on how much they have now, and what’s really at stake for them, from a loss perspective.”

    Tuesday, 31 May 2022

    Stuxnet Virus

    Stuxnet is a malicious computer worm that became infamous for its use to attack Iranian nuclear facilities. That attack made global news headlines in 2010 when it was first discovered. As Malwarebytes' Senior Director of Threat Intelligence Jérôme Segura said in his article Stuxnet  new light through old windows "Very few pieces of malware have garnered the same kind of worldwide attention as Stuxnet."

    While a computer worm, Stuxnet is malicious software, it has been used to attack electro-mechanical equipment. As in the case of the major attack in Iran, attackers used Stuxnet to exploit multiple zero-day Windows vulnerabilities, search infected PCs for a connection to the software that controlled the electro-mechanical equipment, and send instructions intended to damage the equipment. While many types of malware infect a computer through the Internet, another unique feature of the Stuxnet attack in Iran is that the malware was introduced to the PCs via infected USB drives.


    "Very few pieces of malware have garnered the same kind of worldwide attention as Stuxnet."

    -Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes


    Many people call the malware "Stuxnet virus" even though it’s not a computer virus — it’s a computer worm. Although both viruses and worms are types of malware that can corrupt files, a computer worm can be far more sophisticated. For starters, unlike a virus, a worm doesn’t require human interaction to activate. Instead, it self-propagates, sometimes prolifically after it enters a system. Besides deleting data, a computer worm can overload networks, consume bandwidth, open a backdoor, diminish hard drive space, and drop other dangerous malware like rootkits, spyware, and ransomware.

    What was the Stuxnet attack in Iran?

    According to the book Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, in 2010, visiting inspectors from the Atomic Energy Agency were surprised to see many of Iran’s centrifuges failing. Neither the Iranians nor the inspectors could fathom why the Siemens-made equipment, designed to enrich uranium powering nuclear reactors, was malfunctioning so catastrophically.

    It was hard to imagine that a piece of malicious software was responsible. After all, Iran’s nuclear facilities were air-gapped — meaning they weren’t connected to a network or the Internet. For a malware attack to occur on the air-gapped uranium enrichment plant, someone must have consciously or subconsciously added the malware physically, perhaps through an infected USB drive.

    When a security team from Belarus came to investigate some malfunctioning computers in Iran, it found a highly complex malicious software. This aggressive malware would later spread further into the wild, with researchers dubbing it as Stuxnet, the “world’s first digital weapon.”

    Stuxnet so dangerous

    Experts call Stuxnet an incredibly complex piece of code and the world's first cyberweapon. It may have physically degraded nearly 1000 Iranian centrifuges. Stuxnet worked by infecting the programmable logic controllers (PLCs) that controlled the centrifuges and sabotaged them.  Centrifuges spin at extraordinarily fast speeds, creating a force many times faster than gravity in order to separate elements in uranium gas. The worm manipulated the centrifuges’ operating speed, creating enough stress to damage them. Stuxnet took its time, waiting weeks to slow down the centrifuges after accelerating them temporarily, making its activities hard to detect.

    Stuxnet was also hard to detect because it was a completely new malware, an emerging threat with no known signatures. In addition, Stuxnet exploited multiple zero-day vulnerabilities, which are unfixed software security flaws. Stuxnet also sent fake industrial process control sensor signals to hide its presence and malicious activity. In addition, Stuxnet was also able to drop a rootkit. Rootkits can give a threat actor control of a system at its core. With a rootkit installation, Stuxnet was more capable of furtive action.

    Strong cybersecurity measures are critical to any business. Reports of cyberattacks are in the news regularly, and it’s not always malicious software attacking useful software; as in the case of Stuxnet, malware can be used to ultimately attack electro-mechanical devices, hardware, and infrastructure. One of the most notable cybersecurity incidents of 2021 was a ransomware attack that shut down the largest fuel pipeline in the US for nearly a week. It was later determined that a single compromised password enabled the attack. Other ransomware attack targets during the year included the world's largest meatpacker and the largest ferry service in Massachusetts.

    Whether it’s ransomware, computer worms, phishing, business email compromise, or another threat that keeps you up at night, you can take steps to protect your business. In our mission to bring cyber protection to everyone, Malwarebytes offers security solutions to businesses of all sizes. Your company can also adopt security best practices, such as:


    Apply a strict Bring your own device policy that prevents employees and contractors from introducing potential threats.

    Air gaps are any computers that could affect national security.

    Air gaps are all legacy systems that serve as human interfaces.

    Adopt a sophisticated password regime with two-factor authentication that hinders brute force attacks and prevents stolen passwords from becoming threat vectors.

    Secure computers and networks with the latest patches.

    Use AI-powered cybersecurity software with machine learning capabilities.

    Apply easy backup and restore at every possible level to minimize disruption, especially for critical systems.

    Constantly monitor processors and servers for anomalies.

    Try a demilitarized zone (DMZ) for industrial networks.

    Look up application whitelisting for enhanced software security.





    Slammer virus

    The SQL slammer worm is a computer virus (technically, a computer worm) that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within 10 minutes. Although titled "SQL slammer worm", the program did not use the SQL language; it exploited two buffer overflow bugs in Microsoft's flagship SQL Server database product. Other names include W32.SQLExp.Worm, DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, and W32/SQLSlammer.

    Computer Virus   

    The virus is a piece of program code that, like a biological virus, makes copies of itself and spreads by attaching itself to a host, often damaging the host in the process.

    Computer Worm 

    A computer worm is a self-replicating computer program, similar to a computer virus. It is self-contained and does not need to be part of another program to propagate itself.


    According to NSF DARPA, Silicon Defense, Cisco Systems, AT&T, NIST, and CAIDA members. Sapphire's spreading strategy is based on random scanning -- it selects IP addresses at random to infect, eventually finding all susceptible hosts. Random scanning worms initially spread exponentially rapidly, but the rapid infection of new hosts becomes less effective as the worm spends more effort retrying addresses that are either already infected or immune. Thus as with the Code Red worm of 2001, the proportion of infected hosts follows a classic logistic form of initially exponential growth in a finite system. We refer to this as the random constant spread (RCS) model.


    W32.SQLExp.Worm attacks a vulnerable system

    Sends itself to the SQL Server Resolution Service, which listens on UDP port 1434

    Takes advantage of a buffer overflow vulnerability that allows a portion of system memory to be overwritten. When the worm does this, it runs in the same security context as the SQL Server service.

    Calls the Windows API function, GetTickCount, and uses the result as a seed to randomly generate IP addresses.

    Opens a socket on the infected computer and attempts to repeatedly send itself to UDP port 1434 on the IP addresses it has generated, by using an ephemeral source port. Because the worm does not selectively attack the hosts in the local subnet, large amounts of traffic are the result.


    Protect your system against the Slammer worm

    Download SQL Server 2000 SP3a or MSDE 2000 SP2.

    Install the following SQL Server 2000 Security Tools:

    SQL Scan

    SQL Check

    SQL Critical Update

    These tools allow you to scan instances of SQL Server 2000 or MSDE 2000 on your corporate network, detect security vulnerabilities, check a single machine, and apply security update MS02-061 to any vulnerable system.

    Slammer Work

    Get Inside
    Slammer masquerades as a single UDP packet, one that would normally be a harmless request to find a specific database service. The first byte in the string - 04 - tells SQL Server that the data following it is the name of the online database being sought. Microsoft's tech specs dictate that this name be at most 16 bytes long and end in a telltale 00. But in the Slammer packet, the bytes run on, craftily coded so there is no 00 among them. As a result, the SQL software pastes the whole thing into memory.

    Reprogram the Machine
    The initial string of 01 characters spills past the 128 bytes of memory reserved for the SQL Server request and into the computer's stack next door. "Stack" is programmer-speak for an orderly list of information the computer shuffles to remind itself what to do next, like tidy paperwork on a desk. The first thing the computer does after opening Slammer's too-long UDP "request" is overwritten its own stack with new instructions that Slammer has disguised as a routine query. The computer reprograms itself without realizing it.

    Choose Victims at Random
    Slammer generates a random IP address, targeting another computer that could be anywhere on the Internet. To randomize, Slammer deploys a time-honored programmer's trick: It looks up the number of milliseconds that have elapsed on the CPU's system clock since it was booted and interprets the number as an IP address.

    Replicate
    The envelope is addressed, now it just needs to be stuffed. Slammer points to its own code as the data to send. The infected computer writes out a new copy of the worm and licks the UDP stamp.

    Repeat
    After sending off the first tainted packet, Slammer loops around immediately to send another to a different computer. It doesn't waste a single millisecond. Instead of making another call to the system clock to get the time, it just shuffles the bits of the IP address already in memory to create a new one. Slammer's one bug is buried here: The reshuffling leaves a few digits in the address unchanged. It hardly matters, though, since the computer is now spewing packets as fast as its network cable can carry them away. A home PC could cram a couple hundred copies onto its broadband link every second. Corporate data centers became nasty breeding grounds, launching tens of thousands per second. Slammer commandeered just 75,000 SQL machines. But because it replicated so fast, the worm was able to take down millions more, kicking them offline with a flood of meaningless traffic.





    Anna Kournikova Virus

    The Anna Kournikova Virus was a worm that spread by email, disguised as an email attachment with the filed name “AnnaKournikova.jpg.VBS.” The virus was a Visual Basic script that, once opened, emailed itself to all the contacts within the user's Outlook address book. Anna Kournikova was a payload-free virus, however, and did not erase any files or send information back to the creator.

    A new Visual Basic script (VBS) virus that appears to have originated in Europe has made its way to the U.S. and is clogging up e-mail systems across the country Monday, according to antivirus vendors. The virus, which spreads itself through e-mail systems using Microsoft Corp.’s Outlook in a way similar to the notorious “LoveLetter” virus apparently made its way from Europe to the U.S. overnight, according to Vincent Weafer, director of antivirus research for antivirus vendor Symantec Corp. Computer Associates International Inc. (CA) also received reports of its existence in the Asia-Pacific region, said Ian Hameroff, a CA business manager, called the threat a “worm” rather than a virus. Vendors Trend Micro Inc. and McAfee.com Corp. also issued warnings, containing the same basic information.

    The virus, as all but CA, has termed the threat, features one of three variants of the subject line “Here you go :-)” as well as three variants of the name for the attachment, based around “Anna.Kournikova.jpg.vbs.” The image is intended to appear to be a .JPG image of Russian tennis star Anna Kournikova. The e-mail resends itself, but does not appear to do any damage like deleting files or corrupting data.

    “Damage is a variable term,” CA’s Hameroff said. “This does cause damage in ways such as inappropriate bandwidth use or by filling up an e-mail server.”

    The virus appears to be doing both ably.

    “We started getting reports from U.S. customers overnight,” Symantec’s Weafer said. “At this point, we believe it came from Europe, but we haven’t been able to narrow it down any further yet,” he added.CA hasn’t been able to nail down the origin either, Hameroff said. The worm, or virus depending on the source, tries to launch a browser on Jan. 26 of any year that links to a domain name in the Netherlands, he said, adding that doesn’t necessarily mean that is the country of origin.

    Because there are only three variants on the subject line and the name of the attachment, Weafer believes the virus will be easy to filter out, but he doesn’t think it is a variant of any previously discovered virus. CA came to the same conclusion, with Hameroff saying: “it’s very simplistic” and appears to be a sample piece of work shared among “black hat sites” of hackers and miscreants. Finland-based security vendor F-Secure Corp., which calls the virus “On-the-fly,” said in a statement that it appears to be spreading faster than many of last year’s bigger viruses, adding that it is currently spreading as fast as “LoveLetter,” which infected an estimated 15 million computers.

    According to Symantec’s Weafer, the virus has hit “about 50” of Symantec’s large customers so far.

    “Most likely, this came from the virus generation kit which allows ‘script kiddies’ to create viruses easily,” he added. Script kiddies are computer users who usually lack programming skills, but use easy-to-assemble kits and scripts to create viruses. The security vendors are recommending that computer users update antivirus software and “use good judgment in executing e-mail like this” that contains attachments, Hameroff said.


    Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

      Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...