Topic: Alternative Block Chains : be safe! - page 87. (Read 1715818 times)

LOL. Paranoid. First of all that has nothing to do with 'fear of bitcoin/altcoin/jokecoin/scamcoin'. That's standard Inner Tube safety.
If you have to mention those issues, your audience isn't tall enough for this ride.


That sounds like a procedure for both evaluating and IMPROVING. I still fail to see the need to mention of the 'fear factor'. Not calling you FUDmonkey, but this is kind of standard isn't it or should we require an internet driver's license?


This is where we're playing games with psychology or at least it can seem so. There's a lot of ppl with internet war stories talking about scams without context (exception silly coin from the hunter of the RealSilly).


More boilerplate advice. It's good stuff for noobs, but come on are we still in 1990?

Were really supposed the build the entire thing from source, not use windows and run it in a VM just to use an alt-coin safely? Are we supposed to audit the code ourselves too?

I dont think many people are going to do that just to use an alt-chain, and I think many of the alt-chains are safe enough, ie... Litecoin and Namecoin... I wouldnt bother...

LOL linus - now that would be funny

Try Melbourne - Aus ...

BitcoinEXpress has 100.000+ of BTC. Everybody should consider this when reading BCX's comments about alt-chains 

Thanks Mr. Andresen, but I'm only running alternative clients in VMs (I'm basically selling all alt. coins for BTC asap  )

Guys, there is no point in GPU-mining in VMs!

Alternative chains with GPU-based miners are compatible with standard (trusted) miners that don't need to be virtualized. This means you only need to run the (untrusted) alternative chain app in a VM, and expose its RPC port to the network where the physical miners are running...

Working on it in vSphere 5, I feel I am close to getting it to work.

GPU virtualization is still pretty experimental. Most VMs virtualize some old crap GPU by default. To get hardware access to your actual GPU, in Virtualbox there is an option to do that and it works, sometimes, somewhat. TBH, I havent tried GPU mining in a VM yet, I have used it for CPU mining and then VMs are trivial. Anyone got GPU mining to work in a VM?

Virtualbox is pretty easy and works great. Its also free.

No it's not it's the easiest product unless you are talking about VSphere.

vmware is so hard to use

Fortunately a few decades ago they invented virtual machines. Now anyone can have as many computers and OSs as he likes

Mayhaps, mayhaps.

Are you sure about that?  What's a network of a few thousand high end machines with great network connectivity, on 24x7, insensitive to CPU or GPU load worth?  Doubly so with some having the keys to a few hundred to a few thousand dollars of electronic currency?

I'd say quite a bit.  It's only a matter of time -- if a big enough % of the bitcoin community is willing to download and run windows exes for every alt currency that comes along all you need is a hijacked forum account of a regular to pull it off.

touche

I like your style.


Nah, more like this entire funny hobby of making funny alt chains  is just a really small hobby which srz bzns hackers just overlook.

AFAIK, the closest we have is that fake miner.  If you think of it as mining a bogus, non-existent vapor coin chain then yes, it qualifies.

If a technological feat is possible, man will do it. Almost as if it's wired into the core of our being.  And an alt chain mining trojan feat is not just possible but borderline trivial.  Not having happened in the 4 or 5 alt chains so far is just pure luck.

No, I mean a documented case of malware propagating through distribution of alt-chains specifically ?

http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

Software trojans are definitely not a myth.  Has there been a bitcoin related one yet?  Absolutely!  I forget the name, but there was some wallet stealer Windows .exe that promised vastly higher hash rates.   It uploaded wallets to an FTP site instead.

Was there a documented case of malware propagation via this route, or is this more or less a "what if..." Infosec Comparative E-Masculinity thing ?

It's hard enough to get the half-baked alt chain software to run at all (and speed is of the essence knowing they are all quickly collapsing pyramids) never mind configuring a VM with appropriate hardware access.  Here are steps I've taken which I think are "good enough" to be advice -- it's worked for me for 4 shitcoin chains so far.

1.  Don't use Windows and pre-built .exes.  Just don't.  Ever.  Nothing inherently wrong with Microsoft software, but it is well understood and commonly used by the botnet types.  Staying out of the monoculture is a form of security by obscurity.
2.  Create a new account with no group membership.  I call mine "goatse" for obvious but nostalgic reasons.  Make absolutely sure that account doesn't have read or write access outside of their home directory.   Make doubly sure they can't read the raw hard drive device.
3.  Log out of your main account and into that account whenever compiling or running the alt chain software.  Remember that compilation & installation scripts are code!
4.  Do not browse exchange sites you have coinage in and definitely do not save passwords in the browser when logged in as this account.
5.  If you log into this account via ssh DO NOT enable X proxying.  It's trivial to read your keystrokes, do screen captures, etc when X is proxied.  Let me repeat this one, make sure X proxying is disabled.  If you can type 'xterm' and see it show up on your main account's screen you're vulnerable. 

And yes, I even follow this for official bitcoin software.  On a different account than "goatse" of course.