 Show Posts
|
|
Pages: [1]
|
Guys any reason the bounty spreadsheets haven't been updated..? Do you need help with it?
Better answer the questions people ask you. Angel you realise Darkoth doesn't work for LevelNet right? He has a levelnet logo, so he is also responsible. Large companies that have a technical analyst will not invest in this scam project, but ordinary people look only at the wrapper and do not go into details. They can become victims of these scammers. That's some funny logic you've got going on there and if that's how you think, you're not going to convince the masses on your side of this debate. My business is to warn. And those who invest in this scam project for their stupidity themselves will be to blame for having lost money. |
|
|
|
Guys any reason the bounty spreadsheets haven't been updated..? Do you need help with it?
Better answer the questions people ask you. Angel you realise Darkoth doesn't work for LevelNet right? He has a levelnet logo, so he is also responsible. Large companies that have a technical analyst will not invest in this scam project, but ordinary people look only at the wrapper and do not go into details. They can become victims of these scammers. |
|
|
|
Guys any reason the bounty spreadsheets haven't been updated..? Do you need help with it?
Better answer the questions people ask you. |
|
|
|
Please, answer my questions that I asked earlier |
|
|
|
The scam accusations was slightly worrying, thanks for addressing that LevelNet!
This project is a scam. It is impossible to protect the system from malicious software only by comparing the hash sum of the file. Especially they want to collect 1.5-55 million dollars, but the project is too simple to spend such amounts on implementation. |
|
|
|
Hi guys. Here’s our assessment of this situation: Our hunch is that Angel117 is an aggressive former employee, who was removed from the project some time ago. While it would be easiest to discredit this attempt at harming our project as being mere trolling, we don’t want to leave any of our followers in doubt as to our projects merits, or the sincerity of our intentions. Regarding his accusations towards the project and the CEO, we believe his main motivation is for revenge (towards the project, the leader and individual people employed in the project). We believe that anything he would say will be aimed at discrediting us. However, we feel it is important to provide the community with our answers and clarity on the project.
Regarding his statement that it is impossible to implement some functionality in the project means that a person does not have knowledge in the field of development management. We are not aiming to do everything at once, but move gradually from MVP to RTM. Once again, here are our answers: 1. File Hashing is used to quickly search for KNOWN objects. This is the key to the speed of the algorithm that excludes trusted software from the need of any additional analysis. Detection of the same harmful objects, including those modified with the help of "morphers, cryptors and packers", is carried out through white lists. 2. Reports about malicious objects from LevelNet client applications are not sufficient for making these objects into the category of malware. This decision is made on the intermediate super nodes, the messages from which, in turn, are signed with a security key. 3. The author does not fully understand the principle of the work of LevelNet algorithms on super nodes. Dynamic analysis is not performed either because of the impossibility of automating such a process, or because it is not necessary. In this case, the white list is responsible for filtering. 4. In the speed and efficiency of information dissemination within p2p networks, each user can be convinced by the example of p2p file clients (ala bittorent), allowing to exchange huge amounts of data. The competence of the author in this matter raises special suspicions, in particular, at the expense of unsupported "report can be checked in a few days". 5. LevelNet does not use antivirus software, but only analyzes the reactions of its users. 6. For the functioning of the LevelNet network, there is absolutely no need to collect any personal data. All objects are represented exclusively by their hash-sums, according to which, as is known, it is impossible to restore the contents of the object or its belonging. 7. First, antivirus products do not exchange databases with their competitors. Secondly, the speed of updating the anti-virus database is estimated in hours; they use client-server connection protocols in which client devices do not contact each other, especially client devices with different antivirus products. 8. LevelNet does not perform heuristic analysis and preactive protection for one reason - no need. It is worth reminding the author that LevelNet is not yet another antivirus with all its inherent flaws, such as inefficiency of malware detection algorithms, slowdown of the device, serious resource consumption, etc. Conclusion: Due to the fact that we are aware of the motive of his messages, we will ignore future communication with him.We adhere to the rule "Do not feed the troll". We ask the audience to pay attention to the character and emotional tone of his posts where accusations and discreditations are going on in each post. We will be grateful to all who can help us back our claims about this user.
We have also compiled a list of additional resources that help support the authenticity of our project:
1.1 We are registered in the jurisdiction of the United States. ( https://businesssearch.sos.ca.gov/) in the search field, specify levelnet. Corporate number: C4046746 1.2 We have a registered trademark ( https://www.uspto.gov/trademarks-application-process/search-trademark-database) in the search field, specify levelnet. Serial Number:87092110 1.3 We have a registered patent. ( https://levelnet.co/files/Provisional%20patent%20confirmation.pdf) 1.4 We are on TechCrunch in SF ( https://medium.com/@LevelNetwork/levelnet-techcrunch-disrupt-2017-report-c4b66dea9a69) 1.5 We go through Howey Test to fulfill the requirements of the securities regulator ( https://drive.google.com/file/d/0B6khJNq3_ly5dVY2NzlFUkFKLU0/view) Registration is required. It is done so that other ICOs do not copy 1.6 We publish an information memorandum. ( https://drive.google.com/file/d/0B9Qwnd-nTBzTMUllUDJyWXdKTlU/view) 1.7 On our advisor board are respected people from the industry from of the valley (levelnet.co) 1.8 We are on Blockchain UA 2017 in Kiev ( https://medium.com/@LevelNetwork/blockchain-ua-2017-kiev-cecce7882de9) We do not hide behind fictitious names, you can meet with us personally. All project participants are public people. If it is necessary to give more evidence we will provide them to the audience. LevelNet Yes, I am a former employee. And I have a lot about Pavel Shiklaev and project. In the first after a very long work, he deceived me for a large sum of money. I strongly relied on this money, because it would very much help me buy an apartment. But Pavel deceived me. He has no conscience. From the former employees with him no one is working anymore because he deceives people. All employees represented on the site have long worked in other companies. He does not have a team. I want to warn people not to deal with this scoundrel!
At the expense of the arguments for the project. My arguments are logical and there is no connection with whether I want to take revenge or not. Any expert who values his reputation will confirm my words!1. Malicious software uses a morph or cryptor. This means that the sum of the file on each system is different. This means that the database will be empty for all malicious programs. And there is no sense in the fact that this malicious program was detected on another computer, because the client will not be able to recognize it and identify the threat reports. 2. No super nodes and so on can not weed out fake reports. Since everything that the client makes is left can be repeated automatically. His statements about super nodes and signatures are fraudulent, to give at least some sort of response to an unsolvable problem. 3. I made the assumption that you will check the reports on the server using anti-virus software, because you said this earlier, but you generally do not want to check them and it makes it very easy to manipulate statistics from the outside. 4. I said that in a few days, then if you checked the files on the server. Connections of the peer-to-peer do not provide a second reaction. BitTorrent is arranged differently, it has a central user directory. However, data transfer by peer-to-peer means transferring data between the CHARGE of nodes, and not directly. It says that Pavel do not even own the technologies that he claiming. For example schema of peer-to-peer network:  5. No antivirus company will allow you to use their software for commercial purposes, even on the client side. If you think otherwise, you could write a letter at least to one of the antivirus companies with this issue and officially publish the answer on the site. You did not, so you already know that you are prohibited from using their software in this way. 6. --- 7/8. Antivirus companies sell each other's bases is a well-known fact. And the antivirus is able to recognize the threat through algorithms that have been developed for many years. Strong proactive defense systems are developed. But you seriously argue that this is not necessary and for security it is enough just to compare the hash sum of the file  The fact that the company is officially registered does not deny that this is a scam. They will simply launder money for example through non-existent salaries. In Russia, this is a common practice for paper wages is one, but the employee is paid several times less. |
|
|
|
Hey guys, I just found out about this project. I really like the idea. I am planning to read the whitepaper today. Is the a prototype available?
The idea at first glance may seem interesting, but any security expert will prove to you that this project is meaningless. This project not give any real protection. I gave my arguments above and the managers can not answer them. But they still continue to collect money, which means that this project is a scam. |
|
|
|
If the project is successful you will be the luckiest person, man ... But Bounty lasts until 15 december. if my signature is finished,I may be wearing the signature of this project  For now I can only participate in social media bounty. The project will not be successful because it is scam. Read carefully this topic. They are not able to answer questions about problems and do not want to do this. |
|
|
|
Why are not you answering questions about the project here? You have already been told that your project is a failure. But you continue to collect money. This means that you are scammers and your project is a scam! |
|
|
|
Hello..
Is it true you changed the rules bounty
And what is your reason for doing that?
THANKS
Because this project is a scam. They are not going to work. Their motive is only to steal money. |
|
|
|
New account registered yesterday and didn't provide any proof either.
The date of registration of my account does not apply to irrefutable arguments that your project is scam. |
|
|
|
Thank you for your correct questions, we see that you have become better understood:
1.Reports about malicious objects from LevelNet client applications are not sufficient to place these objects in the malicious category in the database. This decision is made on the intermediate super nodes, the messages from which, in turn, are signed with a security key. Thus, false reports will be filtered at this stage.
2.Practically in all cases, the execution of the shell code entails loading onto the disk and the subsequent launch of the malicious executable module, which will be immediately detected and blocked by the LevelNet client. Due to the limitations of bytecode execution in RAM, no serious actions can be performed without saving to disk.
About the legal aspect. How can you say so if there are examples, for example, virostotal and others? They were closed? Or you can know some legal subtleties that we do not know, then the sound of the position on the basis of which our project will be closed. You are considerably behind in understanding the project and its movement.
1. If the reports are signed with a security key, then it must be sewn into the client program. It follows that it can be extracted and used to sign fake reports. The problem with the management of statistics from the outside is not solved by you. 2. You introduce yourself as a great specialist in cyber security. However, say such nonsense that the execution of the code in memory carries no threat? This shows that you are not competent in matters of cyber security. Through the shellcode, you can run the simplest backdoor and execute commands in the system. In addition, you can download any malicious program and execute it in memory without saving to disk. 3. The company virustotal.com antivirus companies independently apply and enter into a legal agreement, and provide them with api interface for their software product. They benefit from this, as they receive information that users upload. However, no company will cooperate with you, because there is no benefit in this. And legally you will not be allowed to use the antivirus product for commercial purposes. |
|
|
|
These are serious claims and seem to be a provocation.
As for the technical part. There is no question of any dynamic and static analysis of speech. Confirmation of a false request from the user
is also described in the algorithm for assigning the level of risk. Read carefully how the threat level is set.
Reputational base formation
A novel concept of weighting certain attributes for the determining the Risk Level of
potential software packages. This Risk Level is evaluated by the LevelNet system
automatically based on the value of a set of factors listed below in descending order of
importance:
● antivirus solutions reactions from end-point users.
● level of trust that its publisher has
● prevalence within the network
● the number of cases when this software was added to the list of exceptions
end-users
The number of antivirus solutions can be obtained both from users' devices
and from the internal servers of the LevelNet network. The process of monitoring
previously unknown software.
Also read about the database of trusted publishers, you most likely missed it or just did not know it.
If the object (the new hash) does not satisfy the conditions, then it is considered dangerous, thus all manipulations with the cryptor and morphing are reduced to zero due to the fact that the object
previously did not meet with users and there are no trusted publishers in the database.
The algorithm is specified in the answer number 1. In addition to this algorithm, the number of requests from the user is checked. In reality, if the user
sends many requests, it is blocked due to the fact that this is not a real behavior. Because sending a lot of requests from the user in reality does not happen.
2.1 We do not check each file, we use the algorithm specified in item 1. The source of information is user devices and the database of trusted publishers and their files.
We do not use dynamic anti-virus scanning on our side.
3. It's not the number of devices, but the speed of delivery of verified information. The data transfer rate is very high today. There's really no verification on the video
on the reliability of the request received from the device on which an antivirus is installed, which is able to cope with the threat. Validation test
A request from a user for an identified threat does not take much time. We do not analyze the set of anti-virus engines in our
in the cloud, but we operate the information with information obtained from other users and sources of re-checking the information.
Verification of the request is not based on either dynamic or static analysis, which you specified in paragraphs 1-8.
On the legal side:
- All results of anti-virus software on the user's device are the property of the user under license agreements.
Number 9 Are you sure of this? If so, I ask you to provide evidence that we have not undergone any independent technical audit.
It is not a problem to buy thousands of proxy servers and send false reports from each IP address, thereby manipulating statistics in the database of levelnet. How can you check the real report or not? Statistics can be manipulated from the outside, and so there is no point in such a project. You are going to use the result of the work of third-party antivirus software for your own commercial purposes. No antivirus company will allow this. The user's license for the anti-virus only entitles the user to use the software product for the intended purpose. This does not entitle you to use the output of a third-party product. You just sue and the project will be closed legally! Your project is not an antivirus or firewall. It just blocks the launch of the program based on statistics, which is easy to manipulate from the outside. It is not able to protect against the implementation of the shell code through vulnerabilities. Can not recognize web exploits. This is absolutely useless software product. You have not created a single successful project in your life. Your past project failed in a shame. All ordinary developers listed on the official site levelnet.сo have long worked in other companies and will not be dismissed for the sake of your suspicious project. Why did you decide that you can do at least something like that? |
|
|
|
Those are some pretty big claims. Do you have any evidence to back it up, especially the banking fraud claim?
Yes. And it's not in your interests that I prove it. Better answer to my arguments about the project, if certainly able. |
|
|
|
|
This project is scam!
First, the organizer of the project, Pavel Shkliaev, made his capital on carding(banking fraud). He steals from people money from bank accounts with the help of malicious spyware. This already says for what purpose this ISO was created.
The idea of the project is stupid and carries a number of unavoidable technical and legal problems:
1. The malicious file in this project is determined stupidly by the hash of the file. Any malware uses a cryptor, a morph or a packer, which makes each file unique, which means that each file has a different hash amount. For this reason, the project itself is meaningless.
2. It is impossible to check whether there was a real report on the infected file or this report is fake. Anyone can create a program that will send millions of false reports including for legitimate programs.
If they will check each file on the server with all possible antiviruses by analogy with virostotal.com, then there will not be enough computing resources for this. In addition, the detection will not be a few seconds as a demonstration, but a minimum of 10 minutes, provided that there are free computing resources. And this will only be a static analysis, which is easily handled by the simplest cryptor. For dynamic analysis, you need many times more time and resources. In addition, until now no one has implemented a stable dynamic analysis on the set of antiviruses, because there are many difficulties in this.
3. The reaction time is only on the video demo in a few seconds because there are only 4 virtual machines connected to the local network. And this does not verify the real report or not. In real-world conditions, the time costs for transmitting through a peer-to-peer will be at least a few minutes. And if you check the report with the file on the server, it will take an indefinite time. If all resources are very busy, then the report can be checked in a few days.
4. In order to use third-party antivirus programs both on the client and on the server, you must obtain legal permission from absolutely all anti-virus companies. This is impossible, because no antivirus company will help the competitive product.
5. The client without the user's consent will download files from his computer, which is a violation of confidentiality and may lead to the leakage of important information for the user. In addition, the executable file is stupidly pumped to the server completely, and its size can be hundreds of megabytes and even a few gigabytes.
6. Even if you completely download the executable file and try to perform a dynamic analysis on the server, it may simply not start due to the lack of necessary libraries.
7. Antiviruses and so quickly exchange antivirus databases between each other, so making such a proxy does not make sense.
8. This project will never replace a full-fledged antivirus, since this antivirus has heuristic analysis and proactive protection, which allows detecting suspicious threats or actions.
9. I am familiar with this project, as they tried to offer to various investors during 2016-2017 and no investor agreed to invest money in it, because it does not pass the audit by an independent technical auditor.
Based on all of the above, I'm 100% sure that this project is a scam!
|
|
|
|
|
