Author

Topic: [ANN] [MINT] Mintcoin (POS / 5%) [NO ICO] [Fair distro, community maintained] - page 149. (Read 1369788 times)

legendary
Activity: 1090
Merit: 1000
Too many coins "here today and gone tomorrow" (with peoples' money). Mint is here forever and it looks like people are taking notice.
hero member
Activity: 840
Merit: 1000
the more people getting scammed by newb dev/coins will continue to make coins like MINT look more and more appealing to people looking for a long term hold, with other old coins like LTC and doge getting more attention it makes sense that so is MINT

well deserved in my eyes  Cool

Yeah most coins that have been alive for more than a year are getting new buyer. Look at BLK, MAX, LTC, DOGE, VTC, and MINT. Most have solid communities & active development & people contributing to bounties & development.  Roll Eyes Grin
legendary
Activity: 1190
Merit: 1000
Kaspa
the more people getting scammed by newb dev/coins will continue to make coins like MINT look more and more appealing to people looking for a long term hold, with other old coins like LTC and doge getting more attention it makes sense that so is MINT

well deserved in my eyes  Cool
hero member
Activity: 672
Merit: 500
Banned: For Your Protection
Wow. What the heck is happening? Buy orders are just filling up.  Shocked

It's going to "fly sky high"  Grin
sr. member
Activity: 291
Merit: 250
Ezekiel 34:11, John 10:25-30
Wow. What the heck is happening? Buy orders are just filling up.  Shocked
hero member
Activity: 840
Merit: 1000
can we stake with multiMINT wallet if there is one?
member
Activity: 65
Merit: 10
Did someone make a multibit wallet for mintcoin?

Can someone post a link to it?
sr. member
Activity: 291
Merit: 250
Ezekiel 34:11, John 10:25-30
Well maybe they are a permaholder that believes in Mintcoin and not a short term trader just looking for a quick pump and dump.
legendary
Activity: 1120
Merit: 1003
twet.ch/inv/62d7ae96
Um, is someone pumping MINT today?

Up 50%???

Not complaining, pleasantly surprised. Looks like someone Is acquiring again  Smiley




yep, up to 10 sat and 15btc moved today. nice

which exchange?

Currently 23btc in volume across exchanges (7:00am EDT). A lot of movement happening here. 14btc @ Cryptsy, and the rest between bter and polo.

I wonder if that mass buyer earlier in the year is getting ready to make a healthy profit? If they could move it to 40sat they'd double their money.

finding a massive buyer at 40 sat might prove difficult though...
hero member
Activity: 672
Merit: 500
Banned: For Your Protection
Um, is someone pumping MINT today?

Up 50%???

Not complaining, pleasantly surprised. Looks like someone Is acquiring again  Smiley




yep, up to 10 sat and 15btc moved today. nice

which exchange?

Currently 23btc in volume across exchanges (7:00am EDT). A lot of movement happening here. 14btc @ Cryptsy, and the rest between bter and polo.

I wonder if that mass buyer earlier in the year is getting ready to make a healthy profit? If they could move it to 40sat they'd double their money.
sr. member
Activity: 490
Merit: 250
Um, is someone pumping MINT today?

Up 50%???

Not complaining, pleasantly surprised. Looks like someone Is acquiring again  Smiley




yep, up to 10 sat and 15btc moved today. nice

which exchange?
full member
Activity: 169
Merit: 100
Um, is someone pumping MINT today?

Up 50%???

Not complaining, pleasantly surprised. Looks like someone Is acquiring again  Smiley




yep, up to 10 sat and 15btc moved today. nice
sr. member
Activity: 356
Merit: 250
Um, is someone pumping MINT today?

Up 50%???

Not complaining, pleasantly surprised. Looks like someone Is acquiring again  Smiley

sr. member
Activity: 356
Merit: 250
According to that info, there was no need to change my password... but I did anyway  Wink

I used a combination of five (5) words, and random characters, containing a total of 22 characters. Now, it's 27 total, using the same basic methodology.

Thanks for that info, because I now feel quite a bit safer if (when) this happens again.
Nice. How long is that expected to crack? A thousand + years?  It is amazing how easy/fast the small passwords are to crack. Very few do this. It is better to have as many random characters as possible. Crazy stuff.
hero member
Activity: 672
Merit: 500
Banned: For Your Protection
According to that info, there was no need to change my password... but I did anyway  Wink

I used a combination of five (5) words, and random characters, containing a total of 22 characters. Now, it's 27 total, using the same basic methodology.

Thanks for that info, because I now feel quite a bit safer if (when) this happens again.
hero member
Activity: 613
Merit: 500
Mintcoin: Get some
IMPORTANT: About the recent server compromise
On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.

While nothing can ever be ruled out in these sorts of situations, I do not believe that the attacker was able to collect any personal messages or other sensitive data beyond what I listed above.

Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

I will now go into detail about how well you can expect your password to fare against a determined attacker. However, regardless of how strong your password is, the only prudent course of action is for you to immediately change your password here and everywhere else you used it or a similar password.

The following table shows how long it will take on average for a rather powerful attacker to recover RANDOM passwords using current technology, depending on the password's alphabet and length. If your password is not completely random (ie. generated with the help of dice or a computer random number generator), then you should assume that your password is already broken.

It is not especially helpful to turn words into leetspeak or put stuff between words. If you have a password like "w0rd71Voc4b", then you should count that as just 2 words to be safe. In reality, your extra stuff will slow an attacker down, but the effect is probably much less than you'd think. Again, the times listed in the table only apply if the words were chosen at random from a word list. If the words are significant in any way, and especially if they form a grammatical sentence or are a quote from a book/webpage/article/etc., then you should consider your password to be broken.

Code:
Estimated time (conservative) for an attacker to break randomly-constructed
bitcointalk.org passwords with current technology

s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years

Password length  a-z  a-zA-Z  a-zA-Z0-9 
              8    0      3s        12s              2m
              9    0      2m        13m              3h
             10   8s      2h        13h             13d
             11   3m      5d        34d              1y
             12   1h    261d         3y            260y
             13   1d     37y       366y            22ky
             14  43d   1938y       22ky             1My
             15   1y   100ky        1My           160My
-------------------------------------------------------
         1 word  0
        2 words  0
        3 words  0
        4 words  3m
        5 words  19d
        6 words  405y
        7 words  3My

Each password has its own 12-byte random salt, so it isn't possible to attack more than one password with the same work. If it takes someone 5 days to recover your password, that time will all have to be spent on your password. Therefore, it's likely that only weak passwords will be recovered en masse -- more complicated passwords will be recovered only in targeted attacks against certain people.

If your account is compromised due to this, email [email protected] from the email that was previously associated with your account.

For security reasons, I deleted all drafts. If you need a deleted draft, contact me soon and I can probably give it to you.

A few people might have broken avatars now. Just upload your avatar again to fix it.

Unproxyban fee processing isn't working right now. If you want to register and you can't, get someone to post in Meta for you and you'll be whitelisted.

Searching is temporarily disabled, though it won't be disabled for as long as last time because I improved the reindexing code.

If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.

How the compromise happened:

The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything, and I don't yet want to publish everything that I do know, but it seems almost certain that it was a problem on the ISP's end.

After he got KVM access, the attacker convinced the ISP NFOrce that he was me (using his KVM access as part of his evidence) and said that he had locked himself out of the server. So NFOrce reset the server's root password for him, giving him complete access to the server and bypassing most of our carefully-designed security measures. I originally assumed that the attacker gained access entirely via social engineering, but later investigation showed that this was probably only part of the overall attack. As far as I know, NFOrce's overall security practices are no worse than average.

To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.

The forum will pay up to 15 XAU (converted to BTC) for information about the attacker's real-world identity. Exact payment amounts will depend on the quality and usefulness of information as well as what information I've already acquired, but if for example you're the first person to contact me and your info allows me to successfully prosecute this person, then you will get the full 15 XAU. You need to actually convince me that your info is accurate -- just sending me someone's name is useless.

The attacker used the following IPs/email:
37.48.77.227
66.172.27.160
[email protected]

Original Thread:
https://bitcointalksearch.org/topic/about-the-recent-server-compromise-1067985
sr. member
Activity: 490
Merit: 250
Thank you for all the replies
hero member
Activity: 840
Merit: 1000
Could someone post updated and active nodes please?


You can find nodes seen in last 24 hours here on our new explorer at CryptoID

https://chainz.cryptoid.info/mint/#!network

Feel free to donate here to keep it running

https://chainz.cryptoid.info/mint/#!crypto

or to this address

1QJpbqzkyFNcLGsC46DjXJmY1hLgHoya5C

Regards

Sam Smiley
hero member
Activity: 613
Merit: 500
Mintcoin: Get some
So now Poloniex is putting up currency controls, now what, back to using Cryptsy?
legendary
Activity: 1572
Merit: 1002
Could someone post updated and active nodes please?


You can see avaliable nodes here: http://www.multifaucet.tk/index.php?blockexplorer=MINT&network_info

Attention: Our MINT faucet address has been changed. Old address not supported more!
New faucet address, you can find on faucet page: http://www.multifaucet.tk/index.php?faucet=MINT
Jump to: