Author

Topic: my account security (Read 573 times)

legendary
Activity: 3794
Merit: 1375
Armory Developer
October 09, 2016, 06:00:20 AM
#4
All back to normal, unsticking this
staff
Activity: 3458
Merit: 6793
Just writing some code
October 06, 2016, 10:01:47 PM
#3
http://pastebin.com/20cPXx2U

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- From goatpig on October 7th 2016:

Situation is back to normal. I am now confident my accounts were not compromised. Regardless, I have recycled the passwords on my accounts and upgraded security practices where possible.

If anything, this episode has reinforced my motivation to add Gitian support to Armory.

This is also a good opportunity to remind community of a few points:

1) When it comes to important announcements, do not trust my forum posts or comments on Github unless they are signed with my offline key (745D 707F BA53 968B DF63 AA8D 8C52 1176 4922 589A).
Day to day troubleshooting and bug discussion do not fall under that scope obviously. Annoucements of this nature do. Releases are also always signed.

2) I will never ask for your private keys or information revealing your identity. The most I ask for are log files, testnet watching-only wallets and blkXXXXX.dat raw blockchain data files.

3) When providing log files, feel free to edit potentially privacy leaking information, however do not simply post a snipet of your choosing unless you are familiar with the method of Armory error logging.
If you have to crop the log file, always prioritize the latest entries.

4) Ultimately the security of the project relies on code reviewers and community testing. Do not hesitate to take part in our testing phases and ask me about change sets. Our IRC channel is a good place to get in touch with me on these topics (no general trouble shooting there please)

5) The trully security oriented users should always at least resort to building the offline signer themselves. Building Armory on Linux is fairly easy, particularly on Debian like distros.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX9AD7AAoJEIxSEXZJIlia7D8QAMblBFSxTcPRxk/5tN/klMfF
TF41oB4g+EbBU3VbRYiS0+PR0Td58Bk3V+56DQw2ASiTE/JSMrgPzzQnu+1EsTc1
0ZPsYmoCGIKQTccCNkg553TyC717CXN8HsVvNM+TBtGGFvq6Ml2MjQf2xdaCezbd
w2i6szS6AXka+/H/JGhRSi+0SMvRgsks+M6DF+kVwsdBkttRao8I2qPSX/g3LhEA
Nmx1eu5Q2hA9itMrB7HtxITABvOcxb/TdcsKuMa3Ohb/Fi5zVwsBKEKW3NG9IiFg
J/2kSaF4/sOUu6HJc+VYTMpXj25aJ8MMGxhDjqcRdXAwOtyvjL0bzE8thecEt/up
XhJdo94nAf1ycdOky5cm3lLLNpeXuCuiK4E614DXjA2L4IsSu6bq5fzbQxs7b8Iy
pUbdrdqlow6Cj0PHzXXROxVXFqZjHlaIEQSvFesUEu/2XKVOL1m9krGPml8RWH9w
fSaunXvqHIAVoZqgtbqOjckH8LI7ku9u17VqoO12m2HrpZucWTP3v60Kzg0kyDNn
FTtLe1Ze8fTV+JE68P0kca3BwDJA30JjO77aBOQ5r8h2/e+nFdSGM682L7srR2Th
EjVNLD37atvvzmlHEzTJ+zaKC8HESCj82gpEjD5hPXpIzsBYSerl6s0QuKSVyhJg
eYknJwOM/1OmgHriNyBs
=a9RC
-----END PGP SIGNATURE-----
staff
Activity: 3458
Merit: 6793
Just writing some code
October 04, 2016, 01:14:23 PM
#2
As an extra precaution, the Admins have temporarily banned goatpig's account from posting and sending PMs.
legendary
Activity: 3794
Merit: 1375
Armory Developer
October 04, 2016, 12:57:24 PM
#1
http://pastebin.com/itk6PMzA

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Got a message from Google today indicating someone tried to log into my 2 Google accounts using the respective correct passwords.
Google blocked them. The offender used my IP both times, indicating this is either a false positive, or some malware on my machine.
I'm recycling passwords amd going my machine for now. Do not trust my unsigned messages on the forums until I post otherwise.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
iQIcBAEBCAAGBQJWUYCVAAoJEIxSEXZJIliacuUP/1VOH9Jwi7CAIGZfWWuw08nz
HkM/kJSS77t8kXnf4Iu9Aui22cZVITlHeXrwgTn3F6+owms3Vd554ipvZg3Jsw2Y
tELoVV76kWaLLpPZ9ohH9VTFJyi9FcClBKAVFXHeA0cEdk6kUrbhoXzHS97hvTaN
Rq83Vk2Hg0XFL7IkY4GKDTMwzrfL6oTeLjyBax9K2jq+7BdVzcMn3YB54Pns24Ha
3a0oFRUWOHtTM4cJARLusJBSmasrk1OVdr01+s7lzOLKqTS2r06lLC6I/vXUEqkU
66D0JcUOujzGXJZ2vxR4lFS//telAnhY+EoZR64lUvKKiA1gUoVl6qrAnRPEkGWZ
i2XkHYuwZ9TM47dygt5trGyHdqtajz4HKizCE+iH3D/2iIkmirJu4rv8WIARg5WI
F4PRAqPi+sMAlwvHWcH73DWq0WO2lYyaxHbSLvVSa0+0j0XkaVx+Gv0dm9KzBpO9
BD6z2jN1K4M+HUnbjbkXJOM846wNqT9lV7/RdB57GcucPo8tXo4aJ9T/oVlBY671
D8cf8Wia/BxzyHUhdpSnAhr90AZ7VNxJkHfyLu92GKMJtI9pVXsgnY0ZxEwwXFyY
yOQ0Os41VPAsRDC/ZWfRyriV9tk9tfY9ZoBnd2nL/IF0Nr0kYrv3bt+W4y4/4Kq0
KI4nH2vn5Yn3nqRRmKwo
=3m6a
-----END PGP SIGNATURE-----

It's all in the pastebin. Bottom line, don't trust stuff I post until the next signed message. This is most likely a false positive but I'd rather err on the safe side. Will post new testing builds after this is resolved.
Jump to: