Connect with us

Cybersecurity

Phishing Attack Strikes LastPass; Here’s How you Avoid it

Published

on

Users of LastPass are vulnerable to a phishing attack that requires preventive measures. Sean Cassidy, CTO at Praesidio, a cloud cyber security startup, detected that attackers can steal a user’s password, email and two-factor authentication code, which make all the user’s documents and passwords vulnerable. He described the vulnerability and suggested protection measures on his website. He also discussed LastPass at ShmooCon 2016, a hacker convention.

// -- Discuss and ask questions in our community on Workplace.

The attack, which Cassidy references as LostPass, displays messages in the browser that an attacker can fake. The user cannot distinguish between the fake LostPass message and the real message since the fake one looks the same as the real one. The notification and login screen are the same, pixel-for-pixel.

The attack method Cassidy describes works in Google Chrome and to a degree in Firefox. In Google Chrome, fake messages look the same as the LastPass extension messages. Such is not the case with Firefox.

Cassidy related an incident a few months ago when LastPass showed a message on his browser saying a session had expired, and he needed to log in again. He had not used LastPass for a few hours and had done nothing to cause him to log out. When he clicked the notification, it displayed a message in the browser viewport that he realized an attacker could have drawn. Any malicious website could have drawn the notification.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Cassidy 1

As LastPass trained users to expect notices in the browser viewport, users would not have a reason for concern. The login screen and two-factor prompt also get drawn in the viewport.

Cassidy 2Cassidy 3

Because LastPass has an API that can be remotely accessed, Cassidy envisioned an attack.

How It Works

The LostPass steps are as follows.

The attacker gets the victim to go to a malicious website that appears to be benign or a real website that is vulnerable to XSS (cross-site scripting). Once at the website, the attacker deploys lostpass.js. The user will not be alarmed since this is not intended to be a secure website. It could even be an image or a funny video.

If the user has installed LastPass, the attacker shows the login expiration and logs the user out of LastPass. This action makes it look like the user has logged out.

Cassidy 4

When the user clicks on the false banner, the attacker directs them to an attacker-controlled login page that appears identical the LastPass login page.

Cassidy 5

The “chome-extenson.pw” domain looks like the Chrome protocol for “chrome-extension.” There is an open issue in Chromium that addresses this.

Next, the victim enters their password and sends credentials to the attacker’s server, which checks to see if the credentials are correct by calling LastPass’s API. The API advises if two-factor authentication is needed.

Should the password and username be incorrect, the attacker redirects the user back to the malicious website. This time, the LostPass notification bar will say “Invalid Password.”

Should the user have a two-factor notification, the attacker redirects them to a two-factor prompt.

Cassidy 6

When the attacker gets the correct username and password (including the two-factor token), the attacker downloads the victim’s information from the LastPass API. The attacker can install a backdoor in the user’s account using the emergency contact feature, disabling two-factor authentication and adding the attacker’s server as a trusted device.

The steps described parallel the path LastPass follows when a user logs out remotely.

Why It’s So Effective

Training is not effective in fighting this as there is not much difference between the real and fake versions in what the user sees.

The LastPass login workflow is buggy and complex. It sometimes displays in-viewport login pages, and it sometimes displays them as popup windows.

LastPass is easy to detect, and it was even easier to locate the exact CSS and HTML LastPass uses to display login pages and notifications.

Best Browsers And OSs

The attack works best on the Chrome browser since it uses an HTML login page. Firefox pops up a window for login, so it appears as whatever operating system the user is on.

Cassidy has experimental support for Firefox on Windows 8 and OS X in LostPass, but it is not enabled by default.

He developed it specifically to work against LastPass 4.0 and did not include any version detection information.

To safeguard against attacks, Cassidy recommends the following steps for individuals and companies, not in any particular order.

• Ignore browser window notifications.

• Enable IP restrictions, which are only available to paid plans.

• Disable mobile login, keeping in mind other attacks can use non-mobile API.

• Log all failures and logins.

• Advise employees of the potential attack.

Two-factor authentication does not help; instead, it makes the attack easier.

LastPass, by default, sends an email confirmation when a new IP address tries to log in. While this should completely halt the attack, it does not. LastPass documentation indicates the confirmation email only gets sent if the user doesn’t have two-factor authentication enabled.

Because LostPass phishes for a two-factor authentication code, it bypasses the email confirmation step.

The LostPass can be made more effective in instances where it gets blocked by a confirmation email (i.e., “Please confirm your login email to continue”), but the attack already has sufficient strength.

Have You Been Attacked?

To determine if you’ve been attacked, a user can view their “LastPass Account History” to view all login attempts and the corresponding IP addresses.

There are alternatives to LastPass, but Cassidy has not researched them to guarantee their safety.

He recommends the following user considerations:

• Browser extensions have a greater risk than native applications.

• An API makes it easier for attackers to steal a lot of data.

• Store only frequently-used and low-risk data in a password manager.

An attack called “Even the LastPast Will be Stole, Deal with It” published by Garcia and Vigo presented a client-side attack relying on bad design choices LastPass made which make it susceptible to compromised machines.

Cassidy’s work addresses LastPass from a different perspective. One does not require access to a LastPass user’s machine; the attacker tricks the user into providing their credentials.

Also read: LastPass gets a major update with a new interface and features

Why He Developed It

In discussing why he developed the attack, Cassidy said the security industry is naïve about phishing, which is the most common attack vector.

Better user training will not solve the problem. What’s needed is software designed to be phishing resistant. Security evaluations should include the ease of phishing software.

Another important observation is that this attack requires no sophisticated knowledge. An attacker can get the HTML with a simple right click. JavaScript will enable the attacker to glue the pieces together. Once the details of the attack are published, criminals will be able to create their own version in less than one day.

Cassidy said he is publishing this tool so companies can make informed decisions about the attack and how to best respond.

Because the vulnerability is hard to fix and easy to exploit, Cassidy believes it is appropriate to release a tool.

He informed LastPass in November, and they acknowledged the problem in December.
LastPass first understood the problem to mainly be a result of the CSRF (cross-site request forgery) logout. They suggested it would not work due to the email confirmation step. A spokesperson said LastPass can confirm the bug is a phishing attack, but not a vulnerability, a position Cassidy disputes.

One fix LastPass implemented was to warn users when they type in their master password into some website. The problem with this is they display a warning message in the browser viewport like all their other messages. If the website is attacker-controlled, detecting when this notification is added is trivial.

Cassidy suppresses the notification in LostPass and sends a request to an attacker server to log the master password.

He does not blame LastPass for the fact that the industry does not respond well to phishing attacks.

A Warning To The Industry

Cassidy said it is important to inform users about security concerns in the products they use. Security researchers too often kowtow to corporations in not informing users about vulnerabilities for which they should be aware.

Operating systems and browsers can address this class of bugs. To spoof the “chrome extension” protocol, Cassidy purchased the domain “chrome-extension.pw,” which appears similar. Connecting to this domain over HTTP makes it appear similar to the built-in protocol. An open issue in Chromium addresses this. Below is an image of LastPass and LostPass, side-by-side, for Firefox on Windows 8.

Cassidy 7

Firefox is harder to spoof. Cassidy had to manually draw each OS’s native widget using CSS and HTML. These are not perfect, but close enough.

Because the browser viewport can illustrate anything with pixels, consideration must be given to how to authenticate native windows visually.

The code is available on GitHub.

 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.8 stars on average, based on 4 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

1 Comment

1 Comment

  1. ackthbbft

    January 18, 2016 at 9:00 pm

    “He recommends the following user considerations:
    • Browser extensions have a greater risk than native applications.”
    I don’t see that LastPass offers a native application (at least for Windows; their Android app might count as one). Their download page only seems to have browser extension installers. That is certainly a big concern.
    It seems the easiest way for users to avoid this is to never click on the “banner” that LastPass sometimes displays, as it could actually be the lostpass.js phishing attack. Users should be advised to only click on the extension icon itself whenever seeing such a message, or otherwise go directly to the LastPass site. (This is what I do whenever receiving any kind of message from my banks; I always go directly to the site myself instead of using e-mail links.)
    LastPass should probably even put out an update that explicitly removes their own “banner” warnings, with a message to all users explaining the change.
    A master password change might be in order, and be sure to check your IP History of logins (as the article recommends) for the past month or so (all of mine in the last month have been from work, home, or smartphone, so hopefully I’m still safe).

You must be logged in to post a comment Login

Leave a Reply

Artificial Intelligence

YEXT: An Invisible Force In Artificial Intelligence

Published

on

YEXT, Inc. (NYSE: YEXT) is one of those behind the scenes companies involved in Intelligence Search that plays an important role in Artificial Intelligence. What does that mean? Remember the Amazon commercial? “Eco, order a 12” Pizza with pepperoni from Stromboli’s and have it delivered”.

// -- Discuss and ask questions in our community on Workplace.

Today the vast majority of online searches go through third-party sources such as data aggregators, governmental agencies and consumers. The net result of this third party sourcing has been to produce “best guess” data that can often miss or misstate the target data field.

YEXT developed a better way to source critical digital knowledge.  For example business clients use YEXT to update public facts about their brands. They are building their based on the rapid and ever changing nature of data.  So far the YEXT Knowledge Network offers over 100 services to more than 110 corporate clients and has over $150 million in annual revenue.  So could YEXT play a key role in AI,  the next big thing?

How YEXT Works

Most of us are familiar with big time search engines like Google, Google Maps, Facebook, Instagram, Bing, Cortana, Apple Maps, Siri and Yelp.  These pioneering companies are the major drivers in information search today.  However, we also know, their accuracy is not exactly ideal.  

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

This is where YEXT steps in.  Their knowledge engine platform lets business manage their digital knowledge in the cloud and sync it to over 100 services including the kingpins of search noted above.

Intelligent Search is the structured information that a business wants to make publicly accessible. In food service it could be the address, phone number or menu details of a restaurant; in healthcare, the health insurances accepted by a physician or the precise drop-off point of the emergency room at a hospital campus; or in finance, the ATM locations, retail bank holiday hours or insurance agent biographies.

Artificial Intelligence Offers a Potential $10 Billion Market

Improving search results in general is nice but not very sexy.  It doesn’t make you want to beg for more information.  However, when you consider the role of Artificial Intelligence (AI) in our evermore data intense world, the importance of Intelligent Search and the opportunities for YEXT becomes a compelling story.  

The AI trend is already underway as YEXT is increasingly using the structured data on their platform to expand or add new integrations with vertically specialized applications, voice-based search and AI engines.

Just Right For Big Data Applications

YEXT customers use their platform to manage their digital knowledge covering over 17 million attributes and nearly one million locations. These customers include leading businesses in a diverse set of industries, such as healthcare and pharmaceuticals, retail, financial services, manufacturing and technology.

Major customers include: AutoZone, Ben & Jerry’s, Best Buy, Citibank, Denny’s, Farmers Insurance Group, H&R Block, HCA, Infiniti, Marriott, Michael’s, McDonald’s, Rite Aid, Steward Health Care and others. The list is growing.

Management believes the market for digital knowledge management is large and mostly untapped with over 100 million potential business locations and points of interest in the world equaling over $10 billion.  

Shooting For Acquisitions and Broad AI Penetration

Founded in 2006 by serial entrepreneurs Howard Lerman (CEO) and Brian Distelburger, President these two are typical software guys whose vision appears much more broad based the their current focus with YEXT.  Here is where the prospectus from their April 2017 IPO offers some mystery and excitement to the story.

Unlike most rapid growth tech companies YEXT had no urgent need to go public.  They generated almost $60 million in gross profit in 2016 before heavy marketing costs resulted in a loss of $26.5 million.  Even so, they still ended the year with $20 million in cash. That’s a fair distance from being destitute.

The company’s real need for the IPO was to establish a liquid public market for the stock. They raised about $123.5 million, all of which will go into the bank.  The company is debt free and there are no insiders selling stock.  Very interesting.

Strong  Financial Results

For the latest reported nine months ended October 31, 2017 revenues grew 38% reaching $122 million.  The good news is the gross profits reached a record 75% or $90 million.  All of this was spent on sales and marketing to expand the business.  When all the beans were counted, YEXT lost $50 million producing a $30 million negative cash flow.  The balance sheet remains liquid with $120+ million in cash and securities.

FYI: In spite of some top notch bankers underwriting its IPO and analysts from those same five firms covering the company, the stock has done almost nothing for investors.  This $1.1 billion market cap was recently hanging out around $12 about the same as the IPO price.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 4.00 out of 51 vote, average: 4.00 out of 51 vote, average: 4.00 out of 51 vote, average: 4.00 out of 51 vote, average: 4.00 out of 5 (1 votes, average: 4.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.3 stars on average, based on 24 rated postsJames Waggoner is a veteran Wall Street analyst and hedge fund manager who has spent the past few years researching the fintech possibilities of cryptocurrencies. He has a special passion for writing about the future of crypto.




Feedback or Requests?

Continue Reading

Breaches

Skepticism Grows Over BitGrail’s Supposed $167 Million Hack

Published

on

A relatively unknown cryptocurrency exchange by the name of BitGrail has informed its users of a coordinated cyber attack targeting Nano (XRB) tokens. However, the incident does not appear to be holding up to scrutiny after the founder of the exchange made an odd request to the developers of Nano shortly after discovering the alleged theft.

// -- Discuss and ask questions in our community on Workplace.

BitGrail Exchange Allegedly Compromised

The Italian exchange issued a notice to its clients last week informing them that 17 million XRB tokens were compromised in a cyber attack. The XRB token, formerly known known as Raiblocks, is valued at $9.80 at the time of writing for a total market cap of $1.3 billion. That puts the total monetary loss of the supposed heist at nearly $167 million.

Parts of the notice have been translated into English from the original Italian by Tech Crunch, a media company dedicated to startups and technology news. According to the agency,  BitGrail has stated the following:

“… Internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by BitGrail… Today a charge about those fraudulent activities has been submitted to the competent authorities and now is under police investigation.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The notice indicated that all transactions have been put on hold until authorities complete their investigation.

Very little is known about BitGrail, as it is not listed among the 183 exchanges whose volume is ranked by CoinMarketCap.

Suspicion Grows

Unlike other crypto heists, the circumstances surrounding the alleged BitGrail attack have been met with widespread suspicion. As David Z. Morris of Fortune rightly notes, this isn’t the first time BitGrail has suspended Nano withdrawals. The same thing happened in early January when the exchange halted not only Nano, but Lisk and CryptoForecast transactions as well.

The suspension was followed by an announcement that the exchange was taking measured steps to verify users and enforce anti-money laundering requirements. It was around this time that users became suspicious that BitGrail was going to cut and run with their tokens.

BitGrail founder Francesco Firano made an unusual request to the developers of Nano following the alleged attack: he asked them to fork their record, a move that would essentially restore the stolen funds.

Nano officially rejected the request on Friday, the day after Firano supposedly discovered the stolen coins. In a post that appeared on the Nano Medium page, the team said:

“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

Last month, hackers made off with more than $400 million worth of NEM tokens stolen from Coincheck, a Japan-based cryptocurrency exchange. The coins have yet to be recovered and the perpetrators remain at large. In 2014, a cyber heist brought down Mt Gox, which was the world’s largest exchange.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 165 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

ICO

ICO Analysis: Serenity

Published

on

During the past few decades, internet connectivity and technological advancement evolved rapidly to satisfy a large spectrum of the digital consumer crowd up to and including finance. The demand for online stock exchange, currency trading and investing has led to the development of thousands of online brokerage platforms and systems all over the globe. However, the lack of regulations when it comes to security and protection exposes the current online market with almost 90% of the platforms being unregulated. This environment attracts ‘scammers’ and creates unhealthy manipulative situations in the sphere, impacting both traders and companies that are involved in the digital markets. Here comes Serenity with an attempt to change that for good.

// -- Discuss and ask questions in our community on Workplace.

Serenity’s financial services promise to create an independent marketplace based on smart contracts, where trading records will be transparent and monitored by a blockchain based platform. Blockchain guarantees transparency and lack of affiliation in order to secure traders from misuse of their funds by centralized exchange markets.

In addition to a secure trading environment, Serenity will allow users to buy, sell and exchange CFDs, futures, cryptocurrencies and even shares for cryptocurrencies all in a decentralized fashion, recorded and monitored by the blockchain in order to avoid the possibility of counterfeiting.

Over the last decade, the online trading process has not changed at all. Forex based exchanges attract popularity due to the lack of regulations while at the same time putting traders’ funds at risk since most of these platforms are not transparent (as we have observed, they can influence their users’ actions, freeze their accounts or deny a withdraw request at any time). Only 10% of the online broker companies have a license to provide intermediary services in the financial sector due to the complicated and expensive procedure that can cost from $200,000 to several millions per company, a sum most are not willing to pay. Serenity plans to radically change that approach by creating a transparent regulatory system powered by the modern blockchain technologies.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The Token

The SRNT token, the native currency of the Serenity financial platform, will be used to purchase, sell, exchange and withdraw digital assets within the platform that will consist of a pool of brokers. After the token sale, the user is free to transfer their SRNT into external exchanges in order to trade them for possible pairs of digital assets which the platform might not support at the moment.

At the pre-ICO, the SRNT token will have a 50% discount and then a 40% to 10% discount during the public sale that will run until March 7.

According to a spokesman for the company, the total token supply will be 400,000,000 SRNT. Anything that will be left behind after the prementioned deadline will be burned. As for the circulating supply, it is not yet fixed and it will be composed after the token sale.

The spokesman tells us that 3% of the funding will be used for bounty rewards and 12% is reserved for the team. As for the rest, we must wait for further official announcements that will take place after the token sale.

Team

At first glance, we can already see a professional team with years of experience in the field. In  words, Serenity is not just another cryptocurrency platform made by GitHub coders.

Project co-founder Stanislav Vaneev is the CEO and founder of Grand Capital, an international level financial services company that has a monthly turnover of $6 billion USD and serves over 300,000 clients worldwide. Anton Vasin (co-founder & COO), has more than a decade of experience in the forex sphere and is also the head of risk hedging department. Denis Kulagin (CEO) is a marketing expert for multiple forex companies in China, Indonesia, Vietnam, and India. Vasiliy Alexeev (CTO) is the man behind UpTrader, a global provider of software for brokers. His ten years of experience are also focused on marketing and product development for various Forex companies.

The list goes on and from what we can see here, Serenity has a legit team with solid financial background and not just a ‘collage‘ of individuals that want to enter the blockchain game.

Verdict

In general, more than 6,000 brokers provide online exchange services using MetaTrader platforms. According to industry statistics, around 4 million traders use their platforms on a daily basis. As mentioned before, only a small percent of these companies are actually regulated and can guarantee a risk-free relationship.

Serenity is the first cryptocurrency focused exchange market that will be regulated and at the same time provide traders the ability to invest in broader options such as CFDs and futures.

Of course, regulations could mean that anonymity will be gone, which was the main reason people invested in cryptocurrencies in the first place. At the same time, this is important for professional traders who make a living out of official and licensed exchange markets. Don’t forget that regulations are unavoidable and they are necessary to establish a trusted relationship between governmental institutions and the crypto sphere.

Risks

  • Taking a look at the Serenity whitepaper can leave more questions than answers, as we had to personally seek assistance from the team in order to understand their token system and other core features. It is not an easy model to understand. -3
  • We still don’t know what 85% of the total funds will be used for and how the distribution benefits the investor or trader on an immediate scale. -3
  • Many new cryptocurrency-focused markets ‘pop up’ every couple of months, but none of them can actually compete with already established titans like Binance, Bitfinex, Bittrex etc. The Serenity team looks great but they will have to prove their unique approach with actual numbers before the end of the year. -1

Growth Opportunity

  • After multiple cases, including the recent DDOS attack on Binance and the attack on the Japanese exchange market Coincheck, a transparent and professional market is needed as soon as possible. This gives Serenitt a golden opportunity to make.a big difference. +4
  • Platforms like Bitfinex already set a minimum deposit of $10,000 USD for new accounts and it is most likely that more exchanges will follow with similar internally generated ‘rules’. If cryptocurrency platforms want to stay under the radar and have a nice flow with their respective governments, they will eventually have to be regulated. Serenity solves that issue from the outset. +3
  • Most online cryptocurrency exchange markets give you the option to exchange between several preset pairs of cryptocurrencies and only with other cryptocurrencies supported by each individual platform respectively. Serenity gives users the option to change their cryptocurrencies into fiat, CFDs or even futures all inside one platform. +4

Disposition

The Serenity team might have some good contacts in the forex scene and Mr. Vaneev’s own Grand Capital has already 300,000 active users that would possible join the new venture, but we must not underestimate “traditional” cryptocurrency markets like Binance which managed to raise 6 million active users in a matter of months.

Serenity can really be a revolutionary step in combining cryptocurrencies with traditionally regulated markets but we must not forget that people choose cryptocurrencies in order to avoid regulations and transparency.

A score of 4 out of 10 is reserved for Serenity, based on present facts.

Investment Details

  • Type: Crowdsale
  • Symbol: SRNT
  • Pre-Sale: Concluded
  • Public Sale: January 25th-March 7th, 2018
  • Payments Accepted: ETH (KYC Required)

Disclaimer: The writer has no position in Serenity at the time of writing.

Featured image courtesy of Shutterstock. 

 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 1.00 out of 51 vote, average: 1.00 out of 51 vote, average: 1.00 out of 51 vote, average: 1.00 out of 51 vote, average: 1.00 out of 5 (1 votes, average: 1.00 out of 5)
You need to be a registered member to rate this.
Loading...

2.9 stars on average, based on 6 rated posts




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending