Author

Topic: An Important Message to all Crypto-Currency DEVELOPERS* (Read 1259 times)

3ds
full member
Activity: 238
Merit: 100
And of course please always utilize and include SHA-256 Checksum details so we can ALL verify what we download are not compromised by way of an end users SHA-256 Checksum Utility.
That's my wish, too. But only a few developers play it safe Embarrassed
sr. member
Activity: 616
Merit: 250
 An Important Message to all Crypto-Currency DEVELOPERS*


 Please use https sites for all Qt Wallet downloads! Using unsecure (http) is already leading to failure.

 And of course please always utilize and include SHA-256 Checksum details so we can ALL verify what we download are not compromised by way of an end users SHA-256 Checksum Utility.

 After all Bitcoin is based on SHA-256, and well Bitcoin offers exactly SHA-256 Checksum details as a security measure! Every other Crypto-Currency should offer the exact same security measure
.

 But sadly even Bitcoin's Windows (exe) ~9MB download page is NOT secure (http). This is simply NOT Acceptable Anymore.

 See the next links for more on this:

Verify release signatures
http://bitcoin.org/en/download

and here is what "Verify release signatures" leads to
http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/SHA256SUMS.asc/view


The UNSECURE Bitcoin download page!
The Bitcoin Download for Windows (exe) ~9MB download page:
http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/bitcoin-0.8.5-win32-setup.exe/download

 Sadly not even Bitcoin's download page is secure!!! (http)

 Secure = https

 Again, starting now this is simply no longer acceptable. Too much is riding on Bitcoin. And ALL the other Crypto-Currencies for that matter, to risk bad results and reports of them anymore.

 At least that's what I believe, and being a most recent victim of a bad resulting download (see the 1st link in this post above) I wont rest easy until ALL DEVELOPERS get their acts together on these two most serious of issues!


1. All download pages need to be https

2. All Crypto-Currencies need to offer SHA-256 Checksum details to use together with an end user's SHA Checksum Utility in order to verify the downloaded item is not compromised nor corrupted.


 And please stop using MEGA. It's NOT "secure" (https). Nor is it anything but shady in the way it appears when I go there. And MEGA demands everyone to activate Java-Scripting in order to download anything, then forces us to accept some obscure pop up to allow them to download "more than 50 megs" when the Qt's are far smaller than this. What's up with that???

  Every developer should also be utilizing NoScript for Firefox to moderate Java-Scripting. Github doesn't require Java-Scripting to download.


 All of us have a great deal riding on this entire topic of Crypto-Currencies. Let's get these matters fixed before things possibly get way too far out of hand concerning these topics.


 Let's make certain going forward we have everything LOCKED DOWN TIGHT. At least as tight as the Banks and Wall Street already has them concerning these matters.

 ALL of our reputations are riding on all Crypto-Currencies being a Safe & Secure.


 Some are "leaking" right now with big holes, ie: vulnerabilities, weak vectors. This is no longer acceptable.


 So let's Lock ALL these Qt wallets down for every coin type before things get completely out of hand. Apparently I got recently compromised, badly. Fortunately it was on a dedicated miner with nothing of value to steal. The next victim(s) may not be so fortunate.


RE:

***** VIRUS WARNING ***** @ MEGA's Unsecure Download site for Lucky7coin

https://bitcointalksearch.org/topic/m.3378690



Caveat empore!
Jump to: