[SDC] ShadowCash | Welcome to the UMBRA - page 198.

Gizfreak

legendary

Activity: 1162

Merit: 1000

Allergic to false promises

Quote from: ffmad on May 25, 2015, 10:35:37 AM

welcome back on bitcointalk

remember to change your bitcointalk password and more if it was shared with other websites Wink

Thanks for the reminder and the first thing I did was indeed change my pw.

ffmad

legendary

Activity: 868

Merit: 1006

welcome back on bitcointalk

remember to change your bitcointalk password and more if it was shared with other websites Wink

issie81

hero member

Activity: 760

Merit: 500

CryptoZilla

And we are back:)

Missed you guys!

dasource

hero member

Activity: 821

Merit: 1000

Quote from: lawgicc on May 21, 2015, 03:07:03 PM

Also i believe if 2FA was set up through a phone or 3rd party device, seperate from the cold wallet, it would be impossible to hack since the 2FA codes are always changing. If you as a keylogger would just wait for the user to enter the code, why has 2FA yet to be hacked? Why has no keylogger/hacker "just waited"? cause you cant, if you wait the code changes, and how can the hacker get the changed code from the phone or 3rd party device if he only has the device of the cold wallet bugged?

That is a misconception ... once you unlock your wallet I can easily steal your private key. Then no traditional 2FA in the world will save you.
Traditional 2FA is not the answer.

Quote from: lawgicc on May 21, 2015, 03:07:03 PM

example, the hacker took 55k from my cold wallet.

AFAIAC your definition of cold wallet does not match mine. A cold wallet is not connected to the Internet.

Quote from: lawgicc on May 21, 2015, 03:07:03 PM

the hacker took nothing from my blockchain wallet locked with 2FA, BUT he attempted. He had full access, he cracked my fuckin pgp where all my blockchain info was stored with BOTH Mnemonic passwords. Did he not want to check my bitcoin wallet? or was he unable to? Ill go with the second one.

Because he/she was an opportunist v.s. real hacker!

And again traditional 2FA provides unrealistic expectation for protecting crypto ... so great the front-end is protected by 2FA .. that is fine I will make my way straight to the bitcoin daemon which does not have 2FA and pull the keys from it. Then what you going todo?

My point is simple and that is any 2FA (as of right now) which is not using multisig is a load of nonsense and providing nothing but false security. I have yet to see a solution which is better, I am sure with time we will see them.

Automatic Monkey

hero member

Activity: 503

Merit: 500

Quote from: lawgicc on May 21, 2015, 03:39:38 PM

Quote from: Wheatclove on May 21, 2015, 03:31:37 PM

Quote from: lawgicc on May 21, 2015, 03:07:03 PM

Also i believe if 2FA was set up through a phone or 3rd party device, seperate from the cold wallet, it would be impossible to hack since the 2FA codes are always changing. If you as a keylogger would just wait for the user to enter the code, why has 2FA yet to be hacked? Why has no keylogger/hacker "just waited"? cause you cant, if you wait the code changes, and how can the hacker get the changed code from the phone or 3rd party device if he only has the device of the cold wallet bugged?

example, the hacker took 55k from my cold wallet.

the hacker took nothing from my blockchain wallet locked with 2FA, BUT he attempted. He had full access, he cracked my fuckin pgp where all my blockchain info was stored with BOTH Mnemonic passwords. Did he not want to check my bitcoin wallet? or was he unable to? Ill go with the second one.

Funny you say this, because blockchain.info had a bunch of 2fa accounts hacked last year but reimbursed all the stolen coins.

Was it faulty tech by 2fa or a goof up by blockchain.info?

Does bitcoin get hacked or do people get hacked for bitcoin?

It is extremely unlikely a private key has ever been hacked directly. Nor was your PGP cracked! But no lock is more secure than it's key and getting a key off someone's computer can be as easy as getting their car keys out of their pocket. Car keys have gotten a lot more secure in recent years too so now it's easier to carjack someone or mug them for their keys than hot wire a car the old fashioned way.

lawgicc

sr. member

Activity: 420

Merit: 250

Quote from: Wheatclove on May 21, 2015, 03:31:37 PM

Quote from: lawgicc on May 21, 2015, 03:07:03 PM

Also i believe if 2FA was set up through a phone or 3rd party device, seperate from the cold wallet, it would be impossible to hack since the 2FA codes are always changing. If you as a keylogger would just wait for the user to enter the code, why has 2FA yet to be hacked? Why has no keylogger/hacker "just waited"? cause you cant, if you wait the code changes, and how can the hacker get the changed code from the phone or 3rd party device if he only has the device of the cold wallet bugged?

example, the hacker took 55k from my cold wallet.

the hacker took nothing from my blockchain wallet locked with 2FA, BUT he attempted. He had full access, he cracked my fuckin pgp where all my blockchain info was stored with BOTH Mnemonic passwords. Did he not want to check my bitcoin wallet? or was he unable to? Ill go with the second one.

Funny you say this, because blockchain.info had a bunch of 2fa accounts hacked last year but reimbursed all the stolen coins.

Was it faulty tech by 2fa or a goof up by blockchain.info?

Does bitcoin get hacked or do people get hacked for bitcoin?

Wheatclove

hero member

Activity: 606

Merit: 500

Quote from: lawgicc on May 21, 2015, 03:07:03 PM

Also i believe if 2FA was set up through a phone or 3rd party device, seperate from the cold wallet, it would be impossible to hack since the 2FA codes are always changing. If you as a keylogger would just wait for the user to enter the code, why has 2FA yet to be hacked? Why has no keylogger/hacker "just waited"? cause you cant, if you wait the code changes, and how can the hacker get the changed code from the phone or 3rd party device if he only has the device of the cold wallet bugged?

example, the hacker took 55k from my cold wallet.

the hacker took nothing from my blockchain wallet locked with 2FA, BUT he attempted. He had full access, he cracked my fuckin pgp where all my blockchain info was stored with BOTH Mnemonic passwords. Did he not want to check my bitcoin wallet? or was he unable to? Ill go with the second one.

Funny you say this, because blockchain.info had a bunch of 2fa accounts hacked last year but reimbursed all the stolen coins.

lawgicc

sr. member

Activity: 420

Merit: 250

Also i believe if 2FA was set up through a phone or 3rd party device, seperate from the cold wallet, it would be impossible to hack since the 2FA codes are always changing. If you as a keylogger would just wait for the user to enter the code, why has 2FA yet to be hacked? Why has no keylogger/hacker "just waited"? cause you cant, if you wait the code changes, and how can the hacker get the changed code from the phone or 3rd party device if he only has the device of the cold wallet bugged?

example, the hacker took 55k from my cold wallet.

the hacker took nothing from my blockchain wallet locked with 2FA, BUT he attempted. He had full access, he cracked my fuckin pgp where all my blockchain info was stored with BOTH Mnemonic passwords. Did he not want to check my bitcoin wallet? or was he unable to? Ill go with the second one.

lawgicc

sr. member

Activity: 420

Merit: 250

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

This incident happened in a very specific way and I don't think it represents a security threat to SDC in particular or crypto in general. That specific way was a bad link just like the kind you get in a phishing e-mail and this is something that happens every day with traditional banking, nothing crypto-specific about it.

If you have large holdings in any coin (particularly coins that need to stake) it's probably time for a dedicated Linux machine for your wallets and keys. You should be able to do it with a 10-year old computer you found in a dumpster, plus a 1 TB drive. No browsing or e-mail on that machine, firewalls limiting net access to your wallets, do what you need to do through airgaps. Then you can set up thin wallets on your everyday machine for your spending money.

One way the devs could help with this is to supply some easier install packages for the Linux wallets, and/or detailed install instructions "for dummies." A dev knows Linux backwards and forwards but installing Linux software is a pain in the klootzak for people who don't use it every day. Better wallet discipline plus more installs on the more secure OS will cut down on theft somewhat and increase overall trust in the coin.

I agree with almost all this. Whos monitoring this thread for these kinds of links/scams? No one?

I understand its my job to check links but when its coming from a requote of the Dev on an official moderated thread of the coin....never thought once that would be possible. but now im down 55k sdc....and people already knew of this scam and they still pulled it off? i almost cant even be mad, this is unbelieveable..forever will i be checking links, never again will i touch a link from this website.

dasource

hero member

Activity: 821

Merit: 1000

Quote from: Wheatclove on May 21, 2015, 02:38:39 PM

The Linux wallets have a readme in github which is fairly easy to follow. The first thing I ever did on Linux was install the wallet.

Shadowcoind is the command line wallet which is much more difficult than the gui qt wallet.

The learning curve is actually not that difficult. If you load the GUI Wallet and goto console and type "help" that is basically the same as running "shadowcoind help" ... start practicing there first (unlock wallet, send transactions etc), instead of using the GUI use the console (the commands are the same).

Once your comfortable you can move onto linux etc and manage the Shadow wallet with ease from CLI.
If you are going to go down this route, stick to a linux server behind your home router/nat v.s. a public VPS (as that then requires you to ensure the VM/VPS is secured and up-to-date)

systh

sr. member

Activity: 390

Merit: 250

Quote from: Wheatclove on May 21, 2015, 02:38:39 PM

Quote from: systh on May 21, 2015, 02:33:16 PM

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

This incident happened in a very specific way and I don't think it represents a security threat to SDC in particular or crypto in general. That specific way was a bad link just like the kind you get in a phishing e-mail and this is something that happens every day with traditional banking, nothing crypto-specific about it.

Yep, that's what I was trying to tell skip.

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

If you have large holdings in any coin (particularly coins that need to stake) it's probably time for a dedicated Linux machine for your wallets and keys. You should be able to do it with a 10-year old computer you found in a dumpster, plus a 1 TB drive. No browsing or e-mail on that machine, firewalls limiting net access to your wallets, do what you need to do through airgaps. Then you can set up thin wallets on your everyday machine for your spending money.

I was just thinking about dedicated machine a couple of days ago.. I was wondering: Linux wallet comes with "shadowcoind" – a daemon, if I'm not mistaken; my question: is it enough for staking to run that daemon only? Maybe with some additional parameters? (I'm in no way Linux pro, even though I flirt with it for some time already.)

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

One way the devs could help with this is to supply some easier install packages for the Linux wallets, and/or detailed install instructions "for dummies." A dev knows Linux backwards and forwards but installing Linux software is a pain in the klootzak for people who don't use it every day. Better wallet discipline plus more installs on the more secure OS will cut down on theft somewhat and increase overall trust in the coin.

This would be great contribution to Shadow Wiki!

I seriously think there's a good opportunity for community members who want to contribute by writing those Wiki pages/tutorials etc.

The Linux wallets have a readme in github which is fairly easy to follow. The first thing I ever did on Linux was install the wallet.

Shadowcoind is the command line wallet which is much more difficult than the gui qt wallet.

Yeah, I know it doesn't have the GUI. I was planning to install it on a machine-turned-server (w/o monitor), so I just SSH to it via terminal.. that's why I was curious about shadowcoind.
Thanks for pointing me to a readme (hehe).

Wheatclove

hero member

Activity: 606

Merit: 500

Quote from: systh on May 21, 2015, 02:33:16 PM

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

This incident happened in a very specific way and I don't think it represents a security threat to SDC in particular or crypto in general. That specific way was a bad link just like the kind you get in a phishing e-mail and this is something that happens every day with traditional banking, nothing crypto-specific about it.

Yep, that's what I was trying to tell skip.

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

If you have large holdings in any coin (particularly coins that need to stake) it's probably time for a dedicated Linux machine for your wallets and keys. You should be able to do it with a 10-year old computer you found in a dumpster, plus a 1 TB drive. No browsing or e-mail on that machine, firewalls limiting net access to your wallets, do what you need to do through airgaps. Then you can set up thin wallets on your everyday machine for your spending money.

I was just thinking about dedicated machine a couple of days ago.. I was wondering: Linux wallet comes with "shadowcoind" – a daemon, if I'm not mistaken; my question: is it enough for staking to run that daemon only? Maybe with some additional parameters? (I'm in no way Linux pro, even though I flirt with it for some time already.)

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

One way the devs could help with this is to supply some easier install packages for the Linux wallets, and/or detailed install instructions "for dummies." A dev knows Linux backwards and forwards but installing Linux software is a pain in the klootzak for people who don't use it every day. Better wallet discipline plus more installs on the more secure OS will cut down on theft somewhat and increase overall trust in the coin.

This would be great contribution to Shadow Wiki!

I seriously think there's a good opportunity for community members who want to contribute by writing those Wiki pages/tutorials etc.

The Linux wallets have a readme in github which is fairly easy to follow. The first thing I ever did on Linux was install the wallet.

Shadowcoind is the command line wallet which is much more difficult than the gui qt wallet.

systh

sr. member

Activity: 390

Merit: 250

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

This incident happened in a very specific way and I don't think it represents a security threat to SDC in particular or crypto in general. That specific way was a bad link just like the kind you get in a phishing e-mail and this is something that happens every day with traditional banking, nothing crypto-specific about it.

Yep, that's what I was trying to tell skip.

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

If you have large holdings in any coin (particularly coins that need to stake) it's probably time for a dedicated Linux machine for your wallets and keys. You should be able to do it with a 10-year old computer you found in a dumpster, plus a 1 TB drive. No browsing or e-mail on that machine, firewalls limiting net access to your wallets, do what you need to do through airgaps. Then you can set up thin wallets on your everyday machine for your spending money.

I was just thinking about dedicated machine a couple of days ago.. I was wondering: Linux wallet comes with "shadowcoind" – a daemon, if I'm not mistaken; my question: is it enough for staking to run that daemon only? Maybe with some additional parameters? (I'm in no way Linux pro, even though I flirt with it for some time already.)

Quote from: Automatic Monkey on May 21, 2015, 01:00:41 PM

One way the devs could help with this is to supply some easier install packages for the Linux wallets, and/or detailed install instructions "for dummies." A dev knows Linux backwards and forwards but installing Linux software is a pain in the klootzak for people who don't use it every day. Better wallet discipline plus more installs on the more secure OS will cut down on theft somewhat and increase overall trust in the coin.

This would be great contribution to Shadow Wiki!

I seriously think there's a good opportunity for community members who want to contribute by writing those Wiki pages/tutorials etc.

dadon

legendary

Activity: 1190

Merit: 1002

Pecvniate obedivnt omnia.

yeah welcome back skip, we will give you the benefit of the doubt..behave Wink

Automatic Monkey

hero member

Activity: 503

Merit: 500

This incident happened in a very specific way and I don't think it represents a security threat to SDC in particular or crypto in general. That specific way was a bad link just like the kind you get in a phishing e-mail and this is something that happens every day with traditional banking, nothing crypto-specific about it.

If you have large holdings in any coin (particularly coins that need to stake) it's probably time for a dedicated Linux machine for your wallets and keys. You should be able to do it with a 10-year old computer you found in a dumpster, plus a 1 TB drive. No browsing or e-mail on that machine, firewalls limiting net access to your wallets, do what you need to do through airgaps. Then you can set up thin wallets on your everyday machine for your spending money.

One way the devs could help with this is to supply some easier install packages for the Linux wallets, and/or detailed install instructions "for dummies." A dev knows Linux backwards and forwards but installing Linux software is a pain in the klootzak for people who don't use it every day. Better wallet discipline plus more installs on the more secure OS will cut down on theft somewhat and increase overall trust in the coin.

bangomatic

legendary

Activity: 1246

Merit: 1000

ARK Team likes to ban and delete posts in reddit.

I take it to mean that skip has decided to work with us and not against us. Welcome back skip.

maxvolts

full member

Activity: 226

Merit: 100

Quote from: skip60 on May 21, 2015, 12:14:24 PM

Quote from: systh on May 21, 2015, 11:52:35 AM

Quote from: skip60 on May 21, 2015, 11:30:56 AM

Quote from: dasource on May 21, 2015, 10:02:01 AM

Quote from: skip60 on May 21, 2015, 09:54:43 AM

if you say that, HD wallet is the solution for it...then HD wallet look like the most important improvement right now

You can achieve great security right now using multisig (like I do) and you will need to have access to multiple devices to move my funds...
What HD wallet (BIP32, 39 and 44) brings to the table is a "standardised" way for say Trezor or Ledger Wallet to add support for Shadow and make it easy for the average person to feel secure with their crypto currency of choice.

Then share with us how to have multisig for average users

I am sure lots of holders are paranoid right now.

Me personelly, dont feel comfortable with one password only

You shouldnt let holders be uncomfortable and if they feel insecure they will cash out

After lawgicc incident, i noticed that price is 5k-10k higher/lower or manipulating the price for 5k-10k extra sdc is nothing.

I am changed now

If they steal, then u re done. I was thinking that, the only way i lose money at shadow at long term was only possible with dev team closing the project

Being robbed really sucks

Thanks for yet another contribution to the discussion, skippy.

You do realize this is not a problem of Shadow, but all cryptos in general, right?
In fact, not just cryptos – if you're not careful with your actions online, you'll face the consequences.

But still, feel free to blame Shadow and cash out. As usual, we'll all be happy to grab our SDC once again and again.. *wink*

I was not talking about myself, i was generally my idea
Well done to you that you got that meaning out of what i wrote

I wrote there that i am changed, why didnt you bold that part

Anyway, lest cut it here

What the hell does that even mean?

skip60

sr. member

Activity: 630

Merit: 253

Quote from: systh on May 21, 2015, 11:52:35 AM

Quote from: skip60 on May 21, 2015, 11:30:56 AM

Quote from: dasource on May 21, 2015, 10:02:01 AM

Quote from: skip60 on May 21, 2015, 09:54:43 AM

if you say that, HD wallet is the solution for it...then HD wallet look like the most important improvement right now

You can achieve great security right now using multisig (like I do) and you will need to have access to multiple devices to move my funds...
What HD wallet (BIP32, 39 and 44) brings to the table is a "standardised" way for say Trezor or Ledger Wallet to add support for Shadow and make it easy for the average person to feel secure with their crypto currency of choice.

Then share with us how to have multisig for average users

I am sure lots of holders are paranoid right now.

Me personelly, dont feel comfortable with one password only

You shouldnt let holders be uncomfortable and if they feel insecure they will cash out

After lawgicc incident, i noticed that price is 5k-10k higher/lower or manipulating the price for 5k-10k extra sdc is nothing.

I am changed now

If they steal, then u re done. I was thinking that, the only way i lose money at shadow at long term was only possible with dev team closing the project

Being robbed really sucks

Thanks for yet another contribution to the discussion, skippy.

You do realize this is not a problem of Shadow, but all cryptos in general, right?
In fact, not just cryptos – if you're not careful with your actions online, you'll face the consequences.

But still, feel free to blame Shadow and cash out. As usual, we'll all be happy to grab our SDC once again and again.. *wink*

I was not talking about myself, i was generally my idea
Well done to you that you got that meaning out of what i wrote

I wrote there that i am changed, why didnt you bold that part

Anyway, lest cut it here

systh

sr. member

Activity: 390

Merit: 250

Quote from: skip60 on May 21, 2015, 11:30:56 AM

Quote from: dasource on May 21, 2015, 10:02:01 AM

Quote from: skip60 on May 21, 2015, 09:54:43 AM

if you say that, HD wallet is the solution for it...then HD wallet look like the most important improvement right now

You can achieve great security right now using multisig (like I do) and you will need to have access to multiple devices to move my funds...
What HD wallet (BIP32, 39 and 44) brings to the table is a "standardised" way for say Trezor or Ledger Wallet to add support for Shadow and make it easy for the average person to feel secure with their crypto currency of choice.

Then share with us how to have multisig for average users

I am sure lots of holders are paranoid right now.

Me personelly, dont feel comfortable with one password only

You shouldnt let holders be uncomfortable and if they feel insecure they will cash out

After lawgicc incident, i noticed that price is 5k-10k higher/lower or manipulating the price for 5k-10k extra sdc is nothing.

I am changed now

If they steal, then u re done. I was thinking that, the only way i lose money at shadow at long term was only possible with dev team closing the project

Being robbed really sucks

Thanks for yet another contribution to the discussion, skippy.

You do realize this is not a problem of Shadow, but all cryptos in general, right?
In fact, not just cryptos – if you're not careful with your actions online, you'll face the consequences.

But still, feel free to blame Shadow and cash out. As usual, we'll all be happy to grab our SDC once again and again.. *wink*

drAGon925

hero member

Activity: 527

Merit: 500

Quote from: lawgicc on May 20, 2015, 07:46:50 PM

Quote from: Automatic Monkey on May 20, 2015, 07:17:35 PM

Quote from: Wheatclove on May 20, 2015, 05:46:47 PM

Quote from: CraveIt on May 20, 2015, 05:35:48 PM

Is everyone just being paranoid? lol

Everyone is being super paranoid. And some are super quick to point fingers.

Yes, and the real crook is watching that and getting his rocks off. Don't give him the satisfaction.

amen.

i hope you dump my coins back to me duesch. take my $$$ idgaf, broke scammer taught me a valuable lesson. id love for you to try to actually come take my shit in person. lol

you have my address Wink

or i should say addresses

i know for a fact, it was in the pgp txt u probably swept , with my private keys. u have my real email as well. if you can trigger my blockchain data when i hadnt even accessed blockchain on this new/bugged computer....makes me wonder, there is only one other way.

too scared to login to any of my accounts without TOR/VPN....sad sad. passwords are all still the same. Wink

last time ill be posting about this dumb move on my part

Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 198. (Read 1289636 times)