Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
January 02, 2014, 02:57:14 AM |
|
so what is the hash of the whole nxt-client-0.4.8.zip archive supposed to be? *edit* This is the output from online-convert.com hex: ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2
HEX: EC7C30A100717E60D8ABE50EEDB23641952847D91FF90B9B05A74FF98D8A4CF2
h:e:x: ec:7c:30:a1:00:71:7e:60:d8:ab:e5:0e:ed:b2:36:41:95:28:47:d9:1f:f9:0b:9b:05:a7:4f:f9:8d:8a:4c:f2
base64: 7HwwoQBxfmDYq+UO7bI2QZUoR9kf+QubBadP+Y2KTPI=
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 02:58:11 AM |
|
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like 1) SHA256 and Elliptic Curve algo broken: 0.0001% 2) Keylogger: 80% 3) Bogus client: 10% 4) Rogue node: 10% Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
January 02, 2014, 02:58:25 AM |
|
so what is the hash of the whole nxt-client-0.4.8.zip archive supposed to be?
ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 anything else is bogus.
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
January 02, 2014, 02:59:52 AM |
|
so what is the hash of the whole nxt-client-0.4.8.zip archive supposed to be?
ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 anything else is bogus. thankyou sir. it looks like I'm in the clear.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
January 02, 2014, 03:00:41 AM |
|
Also clear.
Very big PHEW
Edit: blockchain explorer is back up, btw
|
|
|
|
Passion_ltc
|
|
January 02, 2014, 03:01:42 AM Last edit: January 03, 2014, 01:57:55 AM by Passion_ltc |
|
I created a new account under 0.4.7e and transfered ALL NXT to the new ID. This should work out. Let's just wait for the Aliases Transfer. :p
Also: Is it just a NXT Keylogger or does it log the whole system? :s
Edit: Well, didn't worked THAT well. Lost my NXT also..
|
|
|
|
opticalcarrier
|
|
January 02, 2014, 03:04:41 AM |
|
I created a new account under 0.4.7e and transfered ALL NXT to the new ID. This should work out. Let's just wait for the Aliases Transfer. :p
Also: Is it just a NXT Keylogger or does it log the whole system? :s
from the code just a NXT logger
|
|
|
|
newcn
|
|
January 02, 2014, 03:05:09 AM Last edit: January 02, 2014, 03:19:08 AM by newcn |
|
In summary,what I found from Chrome history: from download history, the malware link was: http://162.243.246.223/nxt-client-0.4.8.zipsha256: 948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 the creation time and modification time of the zip file on my local disk was: creation time:2013.12.31,20:31:14 modified time:2013.12.31,20:35:16 in that time period, I only accessed two pages: 20:29 https://bitcointalk.org/index.php?topic=345619.11740 20:30 https://bitcointalk.org/index.php?topic=345619.0 from the download history, I probably downloaded the malware from the first page,that is: http://info.nxtcrypto.org/nxt-client-0.4.8.zip(I found the new version and checked it on the first page, and it's true, there's an update there, but I don't like the mega site, its slow from my home, so I downloaded the link from the first page) the thief might changed the link directly, or he might changed IP address of info.nxtcrypto.org current IP of info.nxtcrypto.org is 46.28.204.121, which is different from 162.243.246.223
|
BTC:1NzzfeHCgN8fF6mSG1UeBFCVd2cxKbGyHk NXT:13187911577562526278
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 02, 2014, 03:08:19 AM |
|
Also clear.
Very big PHEW
Edit: blockchain explorer is back up, btw
Great Love the blockchain explorer and nexern's work.
|
|
|
|
opticalcarrier
|
|
January 02, 2014, 03:09:50 AM |
|
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well. Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down But as far as I know, dex has still not returned the donation NXT.
|
|
|
|
rickyjames
|
|
January 02, 2014, 03:11:43 AM |
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
|
|
|
|
NWO
|
|
January 02, 2014, 03:12:37 AM |
|
Open source incoming! Rally has begun! Anything below .0001 is CHEAP
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 03:13:30 AM |
|
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like 1) SHA256 and Elliptic Curve algo broken: 0.0001% 2) Keylogger: 80% 3) Bogus client: 10% 4) Rogue node: 10% Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too If you still didnt understand, there was a patched NXT Client which logged all password to server of EvilDave!
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 02, 2014, 03:13:55 AM |
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link.
|
|
|
|
newcn
|
|
January 02, 2014, 03:14:42 AM |
|
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well. Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down But as far as I know, dex has still not returned the donation NXT. well, I didn't mean that, I didn't accussed anyone or any site. in fact, the current IP of info.nxtcrypto.org is 46.28.204.121, and it's different from 162.243.246.223, that's where I downloaded the malware
|
BTC:1NzzfeHCgN8fF6mSG1UeBFCVd2cxKbGyHk NXT:13187911577562526278
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 02, 2014, 03:16:28 AM |
|
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like 1) SHA256 and Elliptic Curve algo broken: 0.0001% 2) Keylogger: 80% 3) Bogus client: 10% 4) Rogue node: 10% Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too If you still didnt understand, there was a patched NXT Client which logged all password to server of EvilDave! Is it the same or separate issue from PaulyC's hacked account ?
|
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 03:17:22 AM |
|
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
Maybe see how much damage was done first? The account that PaulyC's 7808 NXT was sent to contains only ~1150 more NXT. newcn lost ~17k. Probably easier to reimburse lost NXT if it isn't too large. Is it possible to find out how long the fake link was up, and how many people downloaded from it?
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 03:17:37 AM |
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link. 1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum. 2. Already located.
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 03:18:32 AM Last edit: January 02, 2014, 03:34:36 AM by intel |
|
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like 1) SHA256 and Elliptic Curve algo broken: 0.0001% 2) Keylogger: 80% 3) Bogus client: 10% 4) Rogue node: 10% Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too If you still didnt understand, there was a patched NXT Client which logged all password to server of EpicThomas! Is it the same or separate issue from PaulyC's hacked account ? The same. All hacked accounts is only work of one patched (infected) client designed by one pair of hands. EpicDave is OK, EpicThomas is not OK , as he is owner of IP to which password logs leaked. Just confused these two names.
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 02, 2014, 03:22:23 AM |
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link. 1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum. 2. Already located. 1. Can you give me the link to 250k loss case. 2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ? I would support a roll-back if that much money involved.
|
|
|
|
|