[XMR] Monero Speculation - page 1240.

ArticMine

legendary

Activity: 2282

Merit: 1050

Monero Core Team

Quote from: TrueCryptonaire on July 16, 2016, 01:36:27 PM

...
promises of "soon coming" GUI are still in force however but nobody seems to care.
...

If this is correct, the implication is that the GUI work has not been priced in by the market at this point.

TrueCryptonaire

legendary

Activity: 1092

Merit: 1000

Quote from: nioc on July 15, 2016, 04:52:57 PM

Quote from: s1gs3gv on July 15, 2016, 04:01:12 PM

Quote from: TrueCryptonaire on July 15, 2016, 03:35:20 PM

Back to the topic, speculation.
So what do you guys think, up or down from here? For me both are equally good.

sideways till the next BTC pump, then down and consolidation around 25

TC, how can they be equally good when it's not going low enough for you to buy? I know where it's going but I don't know the path from here.

s1gs3gv, when is the next btc pump?

If it goes down to my target I buy (perhaps if I have balls enough anymore).
If it goes up, I doubt it will go high enough I will bother to sell.

Therefore, I do not care if it goes up or down.

TrueCryptonaire

legendary

Activity: 1092

Merit: 1000

Quote from: s1gs3gv on July 15, 2016, 04:01:12 PM

Quote from: TrueCryptonaire on July 15, 2016, 03:35:20 PM

Back to the topic, speculation.
So what do you guys think, up or down from here? For me both are equally good.

sideways till the next BTC pump, then down and consolidation around 25

Thank you!
The volume is now pretty low.
Risto is not active here these days, promises of "soon coming" GUI are still in force however but nobody seems to care.
Price might actually drop. After rise when the volumes go down usually the price drops. And after dumps the drop of volumes is a bullish sign.
I think 25 is also a reasonable area to go... On the other hand, the whale might be planning to buy some large share of coins and waiting for the dump to come and then suddenly attack to the sellers.
It will be a great surprise of Monero is cabable to break the trading range of 0.001-0.004 with new higher trading range.
Currently I think Monero could take 0.03 (10 times higher price) IMO. And rising there will bring new members to the community and thus increase adaption.
Darkcoin community also seems not to have any urgency to join us since their coin is higher in the coinmarketcap.

wpalczynski

legendary

Activity: 1456

Merit: 1000

Quote from: primer- on July 15, 2016, 05:42:26 PM

Botnets are raping Monero. So far I can account for 11MH/s of botnet hash (almost 50%). The hash is spread across 17 wallets. I'll be willing to share my sources for 1btc - escrow accepted.

Why wouldnt they mine it, it happens to be a profitable coin for them to work with. Try some other FUD angle, no one really cares about the botnets mining.

Febo

legendary

Activity: 2744

Merit: 1288

Quote from: dEBRUYNE on July 16, 2016, 05:04:51 AM

Quote from: noobtrader on July 15, 2016, 08:14:24 PM

wow...
no wonder you bought into monero, ur so full of clue...

Same happened to someone running an ETH node:

https://www.reddit.com/r/ethereum/comments/3ird55/holy_shit_my_eth_accounts_been_hacked/

Oh, and also:

https://www.reddit.com/r/Monero/comments/4atg0d/monero_rpc_no_password/d13io7e

It only happens to coins that are used so dont worry will not happen to DASH.

dEBRUYNE

legendary

Activity: 2268

Merit: 1141

Quote from: noobtrader on July 15, 2016, 08:14:24 PM

wow...
no wonder you bought into monero, ur so full of clue...

Same happened to someone running an ETH node:

https://www.reddit.com/r/ethereum/comments/3ird55/holy_shit_my_eth_accounts_been_hacked/

Oh, and also:

https://www.reddit.com/r/Monero/comments/4atg0d/monero_rpc_no_password/d13io7e

birr

hero member

Activity: 870

Merit: 585

Twodollah twodollah twodollah

noobtrader

legendary

Activity: 1456

Merit: 1000

wow...
no wonder you bought into monero, ur so full of clue...

What is very important to know is that the RPC calls are NOT password protected.

Quote from: DaveyJones on July 15, 2016, 02:32:05 PM

Quote from: noobtrader on July 15, 2016, 01:13:56 PM

this dude shows that he cannot even comprehend a text and get the points out of it. He only reads "coins were stolen" and that is his buzzword to ride all day on it.

ELI5 for you noobtraderthathasnoclue

If you put password 123 you don´t have to wonder an account is taken... in this case if you bind ip and port and don´t close that port for incoming traffic from the outside it is your fault

pls learn to read

Quote from: TheKoziTwo on July 15, 2016, 08:54:26 AM

IMPORTANT ANNOUNCEMENT FOR ALL SERVICE PROVIDERS:

I basically hacked cryptonic.net today as I was able to get their wallet seed and transfer out 2380 XMR. I will of course return the funds to the owner, the only reason I transferred them out is to safe keep them from other potential attackers.

This is something that has been worrying me for a while, but it was only today after receiving a PM from a guy asking for help that I decided to go through the effort. I scanned the monero network, a total of 318 IP's on port 18082. I found 2 matches, and only 1 that I was able to attack. But there could be more vulnerable services out there running on different ports.

When you're running the wallet in rpc mode (you can do that by binding the port) for example like this:

Code:

./simplewallet --wallet-file mywallet.dat --password demo123 --rpc-bind-port 18082

Your wallet will be able to respond to RPC calls. What is very important to know is that the RPC calls are NOT password protected. The password I specified in my example (demo123) only protects the wallet. Once the wallet is running as rpc server it will accept incoming calls. Therefore your port 18082 MUST BE CLOSED (or whatever port you use to run the wallet server). This way you can only access the RPC from localhost.

The RPC has calls like "query_key" where you can retrive view_key or the mnemonic seed. That's what I used, but I could also have used commands like "transfer" to take the funds.

This does not affect normal wallets, only if you run it in server mode like I explained above.

As of right now I'd advise people to wait with purchases on cryptonic until the owner has responded and secured his wallet.

It doesn't appear to be any major issue at the moment as I only found this 1 wallet vulnerable, but again I don't know how many are running servers on different ports and I think it's best this info is out in the open so admins can secure their wallets correctly. It's very simple, just make sure that the port you bind your wallet to is closed.

Johnny Mnemonic

hero member

Activity: 795

Merit: 514

Quote from: primer- on July 15, 2016, 05:42:26 PM

Botnets are raping Monero. So far I can account for 11MH/s of botnet hash (almost 50%). The hash is spread across 17 wallets. I'll be willing to share my sources for 1btc - escrow accepted.

Sweet! Thanks for securing the network, botnets!

s1gs3gv

legendary

Activity: 1316

Merit: 1014

ex uno plures

Quote from: nioc on July 15, 2016, 04:52:57 PM

s1gs3gv, when is the next btc pump?

damned if I know. feels like it could be soon though.

primer-

legendary

Activity: 1092

Merit: 1000

Botnets are raping Monero. So far I can account for 11MH/s of botnet hash (almost 50%). The hash is spread across 17 wallets. I'll be willing to share my sources for 1btc - escrow accepted.

smoothie

legendary

Activity: 2492

Merit: 1491

LEALANA Bitcoin Grim Reaper

Quote from: c789 on July 15, 2016, 12:51:01 PM

Quote from: noobtrader on July 15, 2016, 12:33:40 PM

this is waht happenz if you dont have a decent wallet

Quote from: ?? on ??

ups!

Quote from: TheKoziTwo on July 15, 2016, 08:54:26 AM

IMPORTANT ANNOUNCEMENT FOR ALL SERVICE PROVIDERS:

I basically hacked cryptonic.net today as I was able to get their wallet seed and transfer out 2380 XMR. I will of course return the funds to the owner, the only reason I transferred them out is to safe keep them from other potential attackers.

This is something that has been worrying me for a while, but it was only today after receiving a PM from a guy asking for help that I decided to go through the effort. I scanned the monero network, a total of 318 IP's on port 18082. I found 2 matches, and only 1 that I was able to attack. But there could be more vulnerable services out there running on different ports.

When you're running the wallet in rpc mode (you can do that by binding the port) for example like this:

Code:

./simplewallet --wallet-file mywallet.dat --password demo123 --rpc-bind-port 18082

Your wallet will be able to respond to RPC calls. What is very important to know is that the RPC calls are NOT password protected. The password I specified in my example (demo123) only protects the wallet. Once the wallet is running as rpc server it will accept incoming calls. Therefore your port 18082 MUST BE CLOSED (or whatever port you use to run the wallet server). This way you can only access the RPC from localhost.

The RPC has calls like "query_key" where you can retrive view_key or the mnemonic seed. That's what I used, but I could also have used commands like "transfer" to take the funds.

This does not affect normal wallets, only if you run it in server mode like I explained above.

As of right now I'd advise people to wait with purchases on cryptonic until the owner has responded and secured his wallet.

It doesn't appear to be any major issue at the moment as I only found this 1 wallet vulnerable, but again I don't know how many are running servers on different ports and I think it's best this info is out in the open so admins can secure their wallets correctly. It's very simple, just make sure that the port you bind your wallet to is closed.

I don't view that as being negative for simplewallet. It's just like any other software: if you don't know how to use it, it can put you at risk. It's the fault of the user, not of the software. I'll admit I was also running simplewallet incorrectly until now, but that was due to my ignorance. I wouldn't view Apache (or NGINX or Lighttpd) as indecent if I didn't do my part to secure it properly.

It's like if I leave a vault full of cash wide open at night for anyone to come and steal....is it the fault of the vault manufacturer who designed the vault?

I don't think so.

Dotto

legendary

Activity: 981

Merit: 1005

No maps for these territories

Excuse me, but breaking 43 seems like a little bit more plausible then revisiting.93

Sooner than you soon

OTOH, sell the news on GUI releasement is not totally out of hand. Whatever, I bet up from here

ArticMine

legendary

Activity: 2282

Merit: 1050

Monero Core Team

Quote from: TrueCryptonaire on July 15, 2016, 03:35:20 PM

Back to the topic, speculation.
So what do you guys think, up or down from here? For me both are equally good.

It could go either way. I do see the following contributing factors:

Internal software development:

The most eminent here is the GUI given that it is close to completion https://forum.getmonero.org/9/work-in-progress/2476/the-official-qt-gui-project . This will come down to whether the market has already discounted the GUI on release. If it has then it could be "buy the rumor sell the news" and a fall in price could result. If the market had not discounted the GUI then it could lead to a rise in price.

Other items to consider here are the development work on RingCT (bullish) and bugs, vulnerabilities in the software showing up, particularly during a hard fork (bearish).

External:

In the short term I see the issue surrounding the Ethereum fork as actually more significant than anything with Bitcoin. One key thing to consider here that this kind of fork to change to ownership of coins / tokens would be next to impossible to pull off in Monero. Over the longer term the whole blocksize mess in Bitcoin is bullish for Monero.

The long term technical picture:

For close to two years Monero has been trading between 0.00091 XBT and 0.0043 XBT. A third test / breakout of either one of these two levels could lead to drastically higher, for the 0.0043 level, or drastically lower, for the 0.00091 level, prices.

nioc

legendary

Activity: 1624

Merit: 1008

Quote from: s1gs3gv on July 15, 2016, 04:01:12 PM

Quote from: TrueCryptonaire on July 15, 2016, 03:35:20 PM

Back to the topic, speculation.
So what do you guys think, up or down from here? For me both are equally good.

sideways till the next BTC pump, then down and consolidation around 25

TC, how can they be equally good when it's not going low enough for you to buy? I know where it's going but I don't know the path from here.

s1gs3gv, when is the next btc pump?

s1gs3gv

legendary

Activity: 1316

Merit: 1014

ex uno plures

Quote from: TrueCryptonaire on July 15, 2016, 03:35:20 PM

Back to the topic, speculation.
So what do you guys think, up or down from here? For me both are equally good.

sideways till the next BTC pump, then down and consolidation around 25

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: DaveyJones on July 15, 2016, 02:32:05 PM

Quote from: noobtrader on July 15, 2016, 01:13:56 PM

*doubles down on previous [clueless fail]*

this dude shows that he cannot even comprehend a text and get the points out of it. He only reads "coins were stolen" and that is his buzzword to ride all day on it.

ELI5 for you noobtraderthathasnoclue

If you put password 123 you don´t have to wonder an account is taken... in this case if you bind ip and port and don´t close that port for incoming traffic from the outside it is your fault

It's too bad noobtrader can't read above a 2nd grade level. "Coins were stolen" is the only phrase in Kozi's post he could parse, so he just keeps clinging to his false impression no matter how hard we try to educate him.

He's the type of person who says "ZOMG BITCOIN HAX0RD" because MtGox lost coins. Cheesy

TrueCryptonaire

legendary

Activity: 1092

Merit: 1000

Back to the topic, speculation.
So what do you guys think, up or down from here? For me both are equally good.

Hueristic

legendary

Activity: 3836

Merit: 4969

Doomed to see the future and unable to prevent it

Quote from: TheKoziTwo on July 15, 2016, 01:45:28 PM

...It's not really a problem with the wallet itself, it works just fine. Perhaps it's rather lack of documentation that is the issue here. In any case it turns out it most likely also requires IP to be bound for this hack to work, which makes it even less likely. When you reach the point that you bind both IP and port and communicate with your wallet from a different server most admins will realize that's not a safe way to do it. This is all about education really, anything can be insecure in the wrong hands. Also 0MQ is in development and will replace the current rpc at some point.

There is too much conflicting info on this crap and I've asked repeatedly for the Dev notes on these changes. changing from RPC to IPC local is a good idea and Fluffy sted there was going to be a change to ZMTP for RTP but Json would also remain separately (separate builds?). Since he never finished the conversation with me I'm very unclear on what the direction is and who signed off on what. I would like to know though.

Leaving open unencrypted ports is just bad setup and afaik the default is closed but in some tutorials I have seen the port being opened but have never seen it mentioned to make sure to close it.

DaveyJones

hero member

Activity: 768

Merit: 505

Quote from: noobtrader on July 15, 2016, 01:13:56 PM

this dude shows that he cannot even comprehend a text and get the points out of it. He only reads "coins were stolen" and that is his buzzword to ride all day on it.

ELI5 for you noobtraderthathasnoclue

If you put password 123 you don´t have to wonder an account is taken... in this case if you bind ip and port and don´t close that port for incoming traffic from the outside it is your fault

Topic: [XMR] Monero Speculation - page 1240. (Read 3314316 times)