Topic: Alternative Block Chains : be safe! - page 85. (Read 1636802 times)

I've never heard of any real trojans or viruses in wallet releases yet. It seems walletstealers in coin.exes are a myth, propagated by false negatives from antivirus software.

Just out of interest was there any any coin/mining tool infected here in past?

I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap

Be careful here. As a coder, I can hide some pretty fancy run time code that calls a script from a server that can update with malicious intentions.

Or if I am really lazy, I can have an open source on git, but a private one that I compile from with the bad code.
You are not protected on most of these, the laziness of the stupid people copying/pasting the new alt-coins is the only thing that is protecting you.

If a group with the education/willfulness somewhat smarter then the average 15 year old coder decided to reek havoc on all of the folks that race to mine the alt-coin on launch; the damage wouldn't be measurable.

Thought experiment:
Pre-announce alt-coin
On release link to source on git. Publish a binary with hidden code.
Include code in binary to copy all wallet files from all altcoins traded on cryptsy.
On the server that the wallets are uploaded to, run a test to see if it is encrypted.
For unencrypted wallets send the coins to cryptsy/coins-e wallet and sell for btc/ltc.
Have code self-patch to remove the function call.
...
Wait a few months, rinse and repeat.


The above project can be done by anyone with coding experience in a matter of days.  You are not protected, please start being somewhat cautious.
 

HTH.

I think these are perfectly legitimate concerns actually but the way I found out whether Bitcoin wasn't a scam and the way I find out anything else isn't a scam is this:

. Is it open source? If it's open source then that means people will be able to look at the code and find anything suspicious or even help to improve it if the developer is unwilling, it's very difficult to plant something bad if people can investigate it with a microscope

. Are the stores that are supportive of it just subsidiaries of the person who made the currency? Or are they independent and have accepted it willingly? This is usually a good sign that it has some actual worth, because they must have been convinced by something about the coin to accept it right?

. Does the developer regularly post updates or comments, do they chat and argue with other developers or users? Usually another good sign that the currency is going places and not just a con, if they just post it and abandon it for ages then chances are they're just looking for someone to click on the links

. Does the developer have a programming background? Have they done anything aside from this currency they've made? If they have, chances are they'll have the understanding of the source code needed to update and change it if bugs and glitches come out, they'll also usually have more respect for other peoples computers if they already work for a legitimate company

If you are an Anarchist/Libertarian :

. Does the currency have no ties to the current aristocracy, government or financial system? If so there's probably a better chance of it being legitimate than just a way to manipulate peoples wealth

thank you

look at Bytecoin a byte is bigger than a bit following that line of reasoning~hmm name dat remix?..thanks


EDIT : Lmao! looks like this is the BTE thread after reading haaa

thank you

Thanks Gavin!

That is great advice and it includes the absolute basic measures that everyone should take. Since we are connecting right to someones server anything could happen. Well, not "anything". Im not going  to start mining and open an inter-dimensional portal.

This advice is especially prescient now that we see "the newest alt coin is here!" 20 times per day. (btw, is there a way to stop people from creating thousands of altcoins? I have been trying to just ridicule them but it is barely slowing them down)

Thanks again

"April 1"

What is your opinion on Bytecoin, released on April 1?

I think FTC had a block chain split from a 51% attack around block 33,000. No slow block rate from the high diff helped the attacker.

Very good advise here, even though I don't believe on using alternative currencies to Bitcoin.


There are a number of virtual programs which can be installed for free, and they are also safe and pretty reliable.
Also very easy to setup, google on how to setup. It takes no longer than 5 minutes.

Which ones aren't?

A lot of these coins are just pump and dump.

Most of the new coins coming out daily are created by ignorant developers. Now that's scary.

necromancers...

If anybody is reading this and also wants to solo mine with virtual box for safety I used this and it worked.


The asterisk in rpcallowip is literal. In the conf file put that exactly with the asterisk.

Could you please expand on this bit more? (I'm pretty new to VirtualBox) I set up VirtualBox with Windows 7 in a host OS that's Windows 8. The windows 8 machine is my miner and I can't figure out how to get the config to point my solomine to my CHNcoin wallet on the Guest OS.  When I go to ipconfig on the VirtualBox it has an ipv6 address and an ipv4 address that is 10.x.x.x (there are numbers where the x's are). So in my conf file when I run my CHN coin wallet as server do I use the rpcallowip as the 10.x.x.x address and then set my cgminer to point to that as my url?  Will I have to configure anything else in VirtualBox to let the miner through to the ports?

Thanks for the heads up!