. I know this is also a dangerous practice but a distributed coin store as well. 
Topic: WARNING TO COMMUNITY (Read 988 times)
This is why I like using Cryptsy, Coins-e, Bter, and BTC-e as wallets for a part of my altcoins . I know this is also a dangerous practice but a distributed coin store as well.
. I know this is also a dangerous practice but a distributed coin store as well. 
Quote
In which case don't download from Devs you don't know with no forum account reputation, i'd call that evolution more than anything.
If Developers do not look after or care about a development then obviously its going to go that way , where users don't know who controls it or who is up-keeping it.
Most of that is the effect of a saturated market of pre-mined and insta-scammed crypto-"currency".
all things being equal.
If Developers do not look after or care about a development then obviously its going to go that way , where users don't know who controls it or who is up-keeping it.
Most of that is the effect of a saturated market of pre-mined and insta-scammed crypto-"currency".
all things being equal.
Deal was that someone created new account named "Krugercoin", then posted "Krugecoin, mandatory update" post which had the malicious client. Real dev of krugercoin (Nibiru) had nothing to do with it.
Well, its like oldest scam in the internet. send email to gazillion ppl which states:
'BankNameHere' wants youre feedback, win an iPAD !
then the link goes to BankNameHere.easyurls.com and steals credentials. Easy as pie.
Lesson pretty much is, allways check what you click allways check what u download.
Hey,
Just an idea on signing.. What I did with some QT builds I created is the following:
- create a md5 hash of the files created
- sign the md5 hashes with my wallet address thats in my signature
- include a text file with binaries that contain those hashes and signing strings
- include the github address of the commit used to create the build
That way everyone can verify that the files are actually coming from the person owning that address. For fancyness you could use a vanity address containing the name of the coin
HTH,
Cheers
Just an idea on signing.. What I did with some QT builds I created is the following:
- create a md5 hash of the files created
- sign the md5 hashes with my wallet address thats in my signature
- include a text file with binaries that contain those hashes and signing strings
- include the github address of the commit used to create the build
That way everyone can verify that the files are actually coming from the person owning that address. For fancyness you could use a vanity address containing the name of the coin
HTH,
Cheers
This doesnt actually help much on the krugercoin case since malicious client was not redirected or anything. But it was just some forum post which offered completly new link to client.
In which case don't download from Devs you don't know with no forum account reputation, i'd call that evolution more than anything.
If Developers do not look after or care about a development then obviously its going to go that way , where users don't know who controls it or who is up-keeping it.
Most of that is the effect of a saturated market of pre-mined and insta-scammed crypto-"currency".
all things being equal.
Hey,
Just an idea on signing.. What I did with some QT builds I created is the following:
- create a md5 hash of the files created
- sign the md5 hashes with my wallet address thats in my signature
- include a text file with binaries that contain those hashes and signing strings
- include the github address of the commit used to create the build
That way everyone can verify that the files are actually coming from the person owning that address. For fancyness you could use a vanity address containing the name of the coin
HTH,
Cheers
Just an idea on signing.. What I did with some QT builds I created is the following:
- create a md5 hash of the files created
- sign the md5 hashes with my wallet address thats in my signature
- include a text file with binaries that contain those hashes and signing strings
- include the github address of the commit used to create the build
That way everyone can verify that the files are actually coming from the person owning that address. For fancyness you could use a vanity address containing the name of the coin
HTH,
Cheers
This doesnt actually help much on the krugercoin case since malicious client was not redirected or anything. But it was just some forum post which offered completly new link to client.
Thank you for warning everyone.
This should be standard practice for all software people download, never ever download from untrustworthy sources and best practice if you can be bothered is to get some kind of virus scanner that works on download links before you get them but I'll admit I don't know much about that kind of software because I'm just using what comes with Windows 7.
got to wonder what other alternate crypto coins are effected.
great work tyrion70
recently Nybble lost its Client (it was only updated to Google drive)
i certainly suspected something like this .
recently Nybble lost its Client (it was only updated to Google drive)
i certainly suspected something like this .
Hey,
Just an idea on signing.. What I did with some QT builds I created is the following:
- create a md5 hash of the files created
- sign the md5 hashes with my wallet address thats in my signature
- include a text file with binaries that contain those hashes and signing strings
- include the github address of the commit used to create the build
That way everyone can verify that the files are actually coming from the person owning that address. For fancyness you could use a vanity address containing the name of the coin
HTH,
Cheers
Just an idea on signing.. What I did with some QT builds I created is the following:
- create a md5 hash of the files created
- sign the md5 hashes with my wallet address thats in my signature
- include a text file with binaries that contain those hashes and signing strings
- include the github address of the commit used to create the build
That way everyone can verify that the files are actually coming from the person owning that address. For fancyness you could use a vanity address containing the name of the coin
HTH,
Cheers
Hello all,
I have seen someone try to do this with CGB a month ago and now I see it occurred with Krugercoin. The CGB occurrence went unnoticed fortunately and no damage was done, but I see the Krugercoin one took off and is creating issues.
Please be extremely cautious of where you are downloading updates! Either get them direct from github or take the time to confirm that the updates are from the development team (can be identified by tracking down the original ANN thread and seeing who posted it). One can only reason that we will see more of this, so please be cautious!
Any creative ideas should be thrown into the mix in order to create some kind of safeguard (signature or other) so the trusted sources can be confirmed.
FYI - From what I have seen, this issue occurs with a junior profile that is named after the coin. This should be an indicator to you to beware!
I have seen someone try to do this with CGB a month ago and now I see it occurred with Krugercoin. The CGB occurrence went unnoticed fortunately and no damage was done, but I see the Krugercoin one took off and is creating issues.
Please be extremely cautious of where you are downloading updates! Either get them direct from github or take the time to confirm that the updates are from the development team (can be identified by tracking down the original ANN thread and seeing who posted it). One can only reason that we will see more of this, so please be cautious!
Any creative ideas should be thrown into the mix in order to create some kind of safeguard (signature or other) so the trusted sources can be confirmed.
FYI - From what I have seen, this issue occurs with a junior profile that is named after the coin. This should be an indicator to you to beware!
Jump to: