NASDAQ futures are coming into the week gap up after an overnight session featuring elevated range and volume. Price was choppy overnight, creating a balanced profile while trading inside of the Friday range. At 8:30am advance retail sales data came out better-than-expected.
Also on the economic docket today we have business inventories at 10am, 3- and 6-month T-bill auctions at 11:30am, and long-term TIC flows at 4pm.
Last week markets worked sideways-to-higher in choppy, volatile action. The last week performance of each major index is shown below:
On Friday the NASDAQ printed a normal variation down. The day began gap up to new high-of-week. Sellers drove lower closing the gap and eventually taking out the Thursday low before responsive buyers stepped in. Sellers became initiative later in the day, making a new session low before the week’s end.
Heading into today my primary expectation is for sellers to work into the overnight inventory and close the gap down to 6659.75. From here we continue lower, down through overnight low 6642.25. Look for buyers down at 6639.75 and two way trade to ensue.
Hypo 2 buyers gap-and-go higher, up through overnight high 6698. Look for sellers up at 6708.25 and two way trade to ensue.
Hypo 3 stronger buyers sustain trade above 6708.25 setting up a move to target 6750.25 before two way trade ensues.
Levels:
Volume profiles, gaps, and measured moves:
Initiative buyer well before the gap….open test drive in the cards?
forgive my broken english,
i wanted to let you know, that the worlds largest crypto exchange has been targeted by hackers and I have learned out how this happens.
If you use binance.com to trade as do billions of other money daily, you are potentially vulnerable to hacking.
There are many people over the months complaining getting hacked and binance still has no fricken clue how. So i investigated and found out how this is happening. Disclaimer: without code review or pentesting anything. It was by regular user method only. Unsure what functions are exposed as I have no access to code.
After finding out about vulnerability, I contact binance and was startled to have them correct my bad english and refuse to admit fault. Again the problem still exists. I also placed cert and secfous the detail about problems.
after contacting binance about its vulnerability and gave them detailed info about how to repro, they replied with a long lecture about my bad english without acknowledging the problem. they instead corrected my mispelling and use of terms in report. I wasnt aware my english was that bad, but an excuse is an excuse. They have refused to fix cause they are incompetant.
This concerns me as many people are loosing money getting hacked daily and they will not fix. Plus this being a billion dollar exchange it could destroy crypto markets real bad. It is easy fix though so I not understand them. I think they develop only user interface and cosmetics in design instead of security issues. I have been pentesting applications and servers since the 90’s but my english is not best.
What is happening is when you are logged into binance, and visits a hostile crypto news site, your account details are stolen using (bad english here) session hijack or a xss script attack. Unsure of the exact method as I do not have access to their source code nor admit I want to look without written notice that I can review. So I repro in a limited user capacity without knowledge of functionality on both sites no problem.
withdraws using automation after visiting hostile crypto news domain site when logged into binance
if you want to repro vulnerabilty,
create binance account with funds inside,
when logged into account, go to
search google/duckduckg and search crypto,
within this first block of sites
you will have a hostil site
that harvests your account data and automatically withdraws funds/buys and sells automatically using automation. almost they harvest and use your details to pump and dump the market before withdrawing it all within seconds. very fast transaction.
You can see it done by using a separate browser with a script blocker and navigating to hostile domain when logged into binance. you will see the alternate browser turn into the binance page from the other browser. your session has been hijacked.
it was search google news section for ‘crypto’ and within this list is the bad dude, but it is ever changing so listing the hostile dude domain name would be pointless but the dude is still there as of today.
so becareful binance is a crap