Pages:
Author

Topic: Alternative Block Chains : be safe! - page 84. (Read 1618773 times)

newbie
Activity: 43
Merit: 0
February 19, 2014, 05:43:10 AM
#96
Using altcoins will never be safe, cause it's almost impossible to analyse all the code, best effort would be to understand the risk and be ready for trouble.
member
Activity: 66
Merit: 10
February 16, 2014, 07:38:51 PM
#95
I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!"  (FUD == Fear, Uncertainty and Doubt)  But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.

When I first heard about bitcoin, my questions were:

1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?

I answered those questions by:

1) Reading and understanding Satoshi's whitepaper.  Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project.  I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.

If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.

If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:

1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.



Multi-factor authentication for all please. Yubikey+Password, Cellphone+Password, Smartcard+Password, Biometric+Password.

Never trust a site which wants you to use a password alone. Never trust your keyboard or your operating system. Biometric hardware wallets will become increasingly important for security of crypto-finance in the future and I wish there were more robust hardware and API's for it.

I know Bitcoin is intending to support two-factor authentication but please consider supporting the latest biometric technology as well due to the ease of use factor.


People will probably find a way to hack those as well ,no?
newbie
Activity: 14
Merit: 0
February 13, 2014, 04:49:07 PM
#94
I think blockchain is good with people use it.
newbie
Activity: 19
Merit: 0
February 07, 2014, 08:44:33 PM
#93
This is a very good writeup!
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
February 02, 2014, 10:05:08 AM
#92
exactly !
and sometimes such as CENT, it was posted with no updated source code and a keylogger was added to it..
see this
https://www.virustotal.com/en/file/824864222d7d7997ce4b7f6dc2d289b9764185d2f8a0c9d8a0e3b89743aba86c/analysis/1391352958/
that is the last CENT wallet that dev Shakezulu posted at his own web site with no updated source code and he later removed all traces of it of course
and the guy has released TONS of other coins and is good buddies with Cryptsy staff etc
back room "scammer" buddies lol

i would just try and stay away until more skilled guys can vouch for it being clean or maybe try running the wallet in a Virtual machine ?
your taking a serious risk downloading and running a Wallet.exe that was just posted..
the risk is rather obvious but if you have numerous accounts and other wallets we have seen malware posted that steals coins from many wallets, so be careful.

although no one cares it would seem, i myself ask one thing first when a new coin comes along..
WHO MADE IT ?
If it's a user with a name that match's the coin.. i pass on it.
There is no real reason for cowards to hide who they are.
And i will not support these *handful of coin spammers that want to change their user names and
update the coin name and icon and re-upload a Brand new currencies every few minutes..

Doge, Cat, Moose, Rat, Pig, Elephant, Squirrel, Snake COOOOIIIINNNNN FTW

much yes ?

uhhh, much dumb.... yes
legendary
Activity: 3472
Merit: 1722
January 27, 2014, 08:12:22 AM
#91
as long as there is the source code, they are safe

Doesn't matter when most people don't even check the source code.
legendary
Activity: 929
Merit: 1000
January 20, 2014, 05:11:45 PM
#90
Is the zipped doge blockchain download link below OK, or has anyone heard anything dodgy about it? I am just a noob asking the experts.

http://doge.rstreefland.com/
member
Activity: 98
Merit: 10
http://www.coinsmanager.com/
January 01, 2014, 02:00:49 AM
#89
Damn, I've been installing a lot of new wallets those past days, and now I feel silly... I've lost myself in the fever of new coins and giveaways, and my computer could be infected by a scam coin...
Will have to clean all that soon Sad Thanks for the tips !
legendary
Activity: 1050
Merit: 1007
Live like there is no tomorrow!
December 29, 2013, 11:15:25 AM
#88

3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.


Does anyone has a few tips to do this? As most of the people here probably don't understand the source code well I guess.
sr. member
Activity: 389
Merit: 250
December 25, 2013, 06:28:01 PM
#87
in the last month alone i have seen two new altcoins posted with a trojan / keylogger
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !

the guy mentioned earlier how easy it would be and he's right..

a lot of thee guy don't even make the coins.. and often they get premined as they are delivered

the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene

i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months

and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.

so yeah i could go on and on forever citing examples but who cares ?

maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it


I wish you'd be more specific about which clients have malware or trojans on them. Like for example off this site which ones if any?

http://coinmarketcap.com/



 
hero member
Activity: 938
Merit: 1002
December 22, 2013, 04:36:21 PM
#86
in the last month alone i have seen two new altcoins posted with a trojan / keylogger
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !

the guy mentioned earlier how easy it would be and he's right..

a lot of thee guy don't even make the coins.. and often they get premined as they are delivered

the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene

i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months

and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.

so yeah i could go on and on forever citing examples but who cares ?

maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it

Wow I didn't realize things were that bad in the altcoin scene. Would be great to have a thread that exposes scammy behavior so people are aware of the known tricks.
newbie
Activity: 16
Merit: 0
December 13, 2013, 09:53:53 PM
#85
Lucasian Professor of Mathematics
legendary
Activity: 3248
Merit: 1070
December 07, 2013, 08:12:09 AM
#84
as long as there is the source code, they are safe
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
December 04, 2013, 02:35:51 AM
#83
in the last month alone i have seen two new altcoins posted with a trojan / keylogger
a well known coin by a well known coin spammer and coin cloner for hire also added one to his last wallet version..
so yeah they are out in force !

the guy mentioned earlier how easy it would be and he's right..

a lot of thee guy don't even make the coins.. and often they get premined as they are delivered

the more you dig the more you find.. there is no limit to the scummy greedy behavior in this scene

i today found yet another fake malware bundle uploaded to torrent sites..
some guy has been at it hard.. i have flagged about 6 uploads he has done (all Bitcoin related or Altcoin related) last few months

and miners are commonly flagged as malware by AV software and rightfully so because the code may be clean but its bundled with malware
and has been for years.. the two most popular things for malware coders these days is to infect you to jack your machine for mining or just steal wallets
or even to get Facebook likes.

so yeah i could go on and on forever citing examples but who cares ?

maybe rather than posting stupid little stickied warnings the admins here could expose the little pricks doing it..
after all they should be able to see they are being posted from the same ip's (many of these guys prob have a 100 accounts here)
all they do is lock and delete the topic.. and let the douches keep doing it
newbie
Activity: 12
Merit: 0
November 22, 2013, 01:48:00 AM
#82
I agree with this completely. I have a computer that I was given that I use for nothing but altcoin mining.
sr. member
Activity: 570
Merit: 250
November 16, 2013, 09:11:52 AM
#81
It is not wrong to be conservative. The possibility is that people miss a lot of fun and chances of profit by adopting this attitude. Specifically, it is right not to install risky software on real personal computer.
full member
Activity: 126
Merit: 100
November 16, 2013, 04:19:01 AM
#80
Some people only have one computer and that must suck. Fortunately I have multiple so I can use some of my alt-miners to do this safely.

Virtual machines ftw
hero member
Activity: 714
Merit: 510
August 31, 2013, 06:30:18 AM
#79
Good advice.

Using an alternate cryptocurrency client would be a great way to get many people to install a hidden virus that targets Bitcoin users.

If you have a significant amount of Bitcoins, I wouldn't run other clients on the same computer until the alternates have developed trust over a longer period of time... I'm probably on the paranoid side of things though.

These new cryptocurrencies are interesting, and it will be fascinating to see how it will all play out.  

Ultimately someone should probably release a product, some hardware such as a thumb drive with an OS which runs in as a virtual machine and sell it to people. Then they just plug it in and install the latest alt-coin for testing. The thumb drive should also include biometric authentication and generate a one time password.

It would be the perfect hardware wallet in my opinion. No remembering passwords. You wouldn't even necessarily have to worry about losing the hardware wallet because the actual wallet could be backed up to the cloud or internet and downloaded again as it would be authenticated by your biometric signature which will not change even if you were to lose the device. It would be a combination of a Yubikey, 16-32GB hardware encrypted solid state drive, and finger vein recognition biometric authentication. Push one button and it backs up all your coins to your email, or to the cloud. Put your finger into the slot, enter the 4 digit pin, and you can make a transaction.

The reason for the pin is because someone might try to steal your money while you're asleep. Something you know, something you have, something you are.
hero member
Activity: 714
Merit: 510
August 31, 2013, 06:24:21 AM
#78
I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!"  (FUD == Fear, Uncertainty and Doubt)  But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.

When I first heard about bitcoin, my questions were:

1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?

I answered those questions by:

1) Reading and understanding Satoshi's whitepaper.  Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project.  I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.

If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.

If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:

1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.



Multi-factor authentication for all please. Yubikey+Password, Cellphone+Password, Smartcard+Password, Biometric+Password.

Never trust a site which wants you to use a password alone. Never trust your keyboard or your operating system. Biometric hardware wallets will become increasingly important for security of crypto-finance in the future and I wish there were more robust hardware and API's for it.

I know Bitcoin is intending to support two-factor authentication but please consider supporting the latest biometric technology as well due to the ease of use factor.
legendary
Activity: 1274
Merit: 1050
August 25, 2013, 08:20:32 AM
#77
Just out of interest was there any any coin/mining tool infected here in past?

I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap

I've never heard of any real trojans or viruses in wallet releases yet. It seems walletstealers in coin.exes are a myth, propagated by false negatives from antivirus software.

Pages:
Jump to: