NXT :: descendant of Bitcoin - Updated Information

[newcn]

About my another account that was stolen:
this account is my first account,and it has a weaker passphrase,
so I left it, and almost never use it.
the last time I logon with this account, if I remember it right, was 2013.12.30 09:05:27 GMT, when I assigned a few aliases. and at that time, the client I used should be 0.4.7e!!!
so, friends, be careful about your account!!!!

When did you download the client?

I shall look into it. I deleted former versions,
it could be difficult since  they all have the same name "nxt.zip"

[1715592709]

1715592709

[1715592709]

1715592709

[PaulyC]

Is 17480583094667840121 your new account?

That is not my account.

Sorry that was directed to PaulyC.

Hey sorry just saw this.
That's very generous! thanks Gbeirn.
I don't even know when I'll check if it's in there, I'm freaked until the *confirmed client.. hah

Yes this account hasn't been compromised and has a strong 40+ random PW, I haven't used it since 4.7e!

Edit** Decided as everyone should to start fresh new Acct#
with the windows installer from Pg. 1. Check sum'd and Hash good. thanks to anyone who can contribute.

NXT
14008664550450326382

I did get a pm from another poster who mentioned setting up a bounty for me, so I don't know what the protocol is here, sorry. thanks!

[newcn]

About my another account that was stolen:
this account is my first account,and it has a weaker passphrase,
so I left it, and almost never use it.
the last time I logon with this account, if I remember it right, was 2013.12.30 09:05:27 GMT, when I assigned a few aliases. and at that time, the client I used should be 0.4.7e!!!
so, friends, be careful about your account!!!!

I recalled another thing about the client,
my 360safeguard(a security software on my PC) reported several times that java(or start.bat which start the client, I don't remember exactly) was uploading private information when I had the client running!  the client version might be earlier than 0.4.7e!!!
so, WARNING again!!!

[Zahlen]

I don't even know when I'll check if it's in there, I'm freaked until the *confirmed client.. hah

Yeah, I'm pretty freaked out too. Been using http://22k.io/-account/<account number> instead to check my account.

[xyzzyx]

So I guess this was the first confirmed NXTploit.

Don't hate me because I'm beautiful.

[bitcoinrocks]

So basically we have 4 different people saying they got it from 3 different places.

1 person on a wget using the IP address
1 person from mega.co
1 person from nxtcrypto.org
1 person from nextcoin.org

Since I got the bad client from an IP address via wget, the question is where did I get that link.  mega.co isn't a possibility, correct?  The only history my browser shows for nextcoin.org since I installed 0.4.8 is:

https://nextcoin.org/index.php
https://nextcoin.org/index.php/topic,797.0.html
https://nextcoin.org/index.php/board,46.0.html
https://nextcoin.org/index.php/topic,1588.0.html

Those don't look like pages I could have copied the link from.  That leaves nxtcrypto.org and I also think bitcointalk.org is a possibility.  Since firefox brings visited pages to the top of the history list when they are re-visted (and I didn't realize this before) it may be impossible to say which one is the culprit at this point.  HOWEVER, the first time I looked at the history list before things got rearranged, I thought it was nxtcrypto.org for sure.  Since then the history has been altered so I can't double-check this but that was my first impression.  Looking at the history, it is certainly also possible that I got the link from bitcointalk.org within the 0.4.8 discussion.

IMPORTANT:  I'm going to bed and there will be too many posts to catch up on by the time I wake up.  Please PM me if there is something I should read.  You can link me to posts if you like.

[swartzfeger]

Looks like block explorer is back up!

http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=13891739725946840876

[instacalm]

Looks like block explorer is back up!

http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=13891739725946840876

 

[Come-from-Beyond]

Is it a question ?

No?

[Come-from-Beyond]

CfB

Architecture question.

All nodes run the same software, each maintaining synchronized copy of blockchain
Your reflex objection to any secondary authentication is that it can only be implemented using some sort of centralized method, defeating the robustness gained from the distributed nature.

I have been thinking about this at a high level this afternoon, so I am sure not all the details are right, but conceptually if we can implement a "centralized" type of action when all the nodes are running the same software and replicating the same dataset, then authentication could be implemented in a distributed context.

Correct or incorrect?

James

Maybe. Do u have an example of an authentication flow? The description is quite vague.

[seek4dream]

Can Windows Installer be trusted?
link: https://nextcoin.org/index.php/topic,1902.0.html
I didn't realize my dear Nxt could have been stolen easily until just now.
We can never be too cautious, right?

[2Kool4Skewl]

REGARDING NXT CLIENT EXPLOIT

Be sure to check the sha256 hash of your download with the official sha256 hash of NRS from Come-from-Beyond.  On the main page, I only list the sha256 hash of the official NRS version from Come-from-Beyond.  MAKE SURE THE SHA256 HASH OF YOUR DOWNLOAD MATCHES!  Even if you download it from the link I provide on the main page, CHECK THE HASH TO MAKE SURE IT MATCHES!  Download links can be compromised!  BE CAREFUL!

All links to download NRS should point to Come-from-Beyond's post on Bitcointalk.org.  Having separate locations hosting the client is a bad idea.  Too many people then have access to modify the download link.  Please make sure to delete all references to other NRS downloads from the website, nxtcrypto.org, the forums and the wiki.

To determine which NRS version contains the exploit, you need to run the sha256 hash of the download and compare it to the official sha256 hash I have listed in the first post.  Please, do this and report your findings to the community.  THIS IS OF UTMOST IMPORTANCE!

On linux the command to check the sha256 hash is:

sha256sum 'path_to_NRS_download'

[Anon136]

can anyone else see account # 14592641999125872769 on the explorer? if you search 408269093319763437 you will see the transaction that i used to send coins to it. But just an error when i try to look up the account.

[Zahlen]

Block explorer gives me an error (yet works fine for my account), but 22k.io shows a 200 NXT transfer.

[morningtime]

REGARDING NXT CLIENT EXPLOIT

Be sure to check the sha256 hash of your download with the official sha256 hash of NRS from Come-from-Beyond.  On the main page, I only list the sha256 hash of the official NRS version from Come-from-Beyond.  MAKE SURE THE SHA256 HASH OF YOUR DOWNLOAD MATCHES!  Even if you download it from the link I provide on the main page, CHECK THE HASH TO MAKE SURE IT MATCHES!  Download links can be compromised!  BE CAREFUL!

All links to download NRS should point to Come-from-Beyond's post on Bitcointalk.org.  Having separate locations hosting the client is a bad idea.  Too many people then have access to modify the download link.  Please make sure to delete all references to other NRS downloads from the website, nxtcrypto.org, the forums and the wiki.

To determine which NRS version contains the exploit, you need to run the sha256 hash of the download and compare it to the official sha256 hash I have listed in the first post.  Please, do this and report your findings to the community.  THIS IS OF UTMOST IMPORTANCE!

On linux the command to check the sha256 hash is:

sha256sum 'path_to_NRS_download'

And EVERYBODY needs to create COMPLETELY NEW ACCOUNTS with NEW PASSWORDS. Because your old one *might*  have been compromised. I myself can't remember whether I used the wrong client, so I created a new account and moved my funds - JUST TO BE SURE. EVERYONE SHOULD DO THIS.

[pandaisftw]

Hm, I wonder if target is going up because everyone is transferring to new accounts?

[Come-from-Beyond]

Regarding the unclaimed coins: Tomorrow is the very last day when legit owners can claim them! Hurry up!

[landomata]

Can we put in place a block on all previous clients (from inside blockchain) until the fresh secure client is release on an urgent basis?

[instacalm]

if you haven't already, don't forget to vote for Hash's logo here: https://nextcoin.org/index.php/topic,1927.0.html

[laowai80]

intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like

1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%

yeah, so it was #3, I was leaning more towards #2, but oh well, #3 has a good chance too as it turned out, since all these automatic installation packages rolling out gave people a false sense of security, and they could download from any link that says 'nxt.zip' in it. Not all, but some do. It was a good lesson on security. It's good to know that SHA256 is still rock solid.