Bitcoin Forum
November 19, 2024, 05:03:57 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 ... 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 [613] 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 ... 2557 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2761608 times)
sussex
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 02, 2014, 04:01:09 AM
 #12241

need help urgently!

I downloaded 0.4.8 client from xxxttps://xxxxxxxxx.html
as you guys told, i probably lose Nxt for this. so i must transfer Nxt to another account
now i have download new client from first page of this thread, but the client doesn't sync.
What should i do?

Don't repeat dodgy links on forums, someone is likely to click it....... Roll Eyes
utopianfuture
Sr. Member
****
Offline Offline

Activity: 602
Merit: 268

Internet of Value


View Profile
January 02, 2014, 04:01:43 AM
 #12242

I ended up with the bad client on 3 out of 3 VPS nodes.  FOR SURE I downloaded the bad client like this:

wget http://162.243.246.223/nxt-client-0.4.8.zip

It's as plain as day in my bash history.  The weird part is I had about 2000 Nxt in the 3 accounts and none of it was transferred out.  I just transfered it out myself and I'm shutting down the nodes.

Where was it posted ? Why did you go to a private ip address to download the client ?


░░░░░░▄▄▄████████▄▄▄
░░░░▄████████████████▄
░░▄███████████████████▄
███████████████████████
▐████████████████████████▌
█████████████████████████
█████████████████████████
█████████████████████████
▐██████████████████████▌
████████████████████████
░░▀████████████████████▀
░░░░▀████████████████▀
░░░░░░▀▀▀████████▀▀▀
  TomoChain  •    •  TomoChain 
░░░░░░▄▄▄████████▄▄▄
░░░░▄████████████████▄
░░▄███████████████████▄
███████████████████████
▐████████████████████████▌
█████████████████████████
█████████████████████████
█████████████████████████
▐██████████████████████▌
████████████████████████
░░▀████████████████████▀
░░░░▀████████████████▀
░░░░░░▀▀▀████████▀▀▀
relm9
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile
January 02, 2014, 04:03:25 AM
 #12243

I wonder where the modified client was posted originally, I can't find any record of it on Google using the links provided in this thread, odd... maybe the main NXT site was compromised briefly?

I think it's very important that SHA-256 hashes are provided with any release builds posted from now on. They aren't visible on the main site anywhere which isn't a good thing
tk808
Legendary
*
Offline Offline

Activity: 1512
Merit: 1124


Invest in your knowledge


View Profile
January 02, 2014, 04:05:11 AM
 #12244

Was the client on the offical Nxt forums safe? Anyone get jacked from that yet?

I downloaded it an hour or two after it got uploaded. I do not have the ZIP file anymore to check the hash.
bitcoinrocks
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
January 02, 2014, 04:07:22 AM
 #12245

Quote
I ended up with the bad client on 3 out of 3 VPS nodes.  FOR SURE I downloaded the bad client like this:

wget http://162.243.246.223/nxt-client-0.4.8.zip

It's as plain as day in my bash history.  The weird part is I had about 2000 Nxt in the 3 accounts and none of it was transferred out.  I just transfered it out myself and I'm shutting down the nodes.

Quote
Where was it posted ? Why did you go to a private ip address to download the client ?

I don't know how I could find out where it was posted.  I'm sure I copied and pasted it from a page in the browser to wget in the console.

EDIT: I have a lot of experience with IT security so it would have been made to look legit.
allwelder
Legendary
*
Offline Offline

Activity: 1512
Merit: 1004



View Profile
January 02, 2014, 04:14:23 AM
 #12246

the max bit length of NXT Password is  ?

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
opticalcarrier
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
January 02, 2014, 04:17:24 AM
Last edit: January 02, 2014, 04:39:44 AM by opticalcarrier
 #12247

can you get a timestamp from the file or some autid log that you can correlate in your web browser?
utopianfuture
Sr. Member
****
Offline Offline

Activity: 602
Merit: 268

Internet of Value


View Profile
January 02, 2014, 04:17:58 AM
 #12248

the max bit length of NXT Password is  ?


Don't know. But 256 bit pass is already impossible to crack at the current state of science and technology. I use 35 character and it already 240 bit.


░░░░░░▄▄▄████████▄▄▄
░░░░▄████████████████▄
░░▄███████████████████▄
███████████████████████
▐████████████████████████▌
█████████████████████████
█████████████████████████
█████████████████████████
▐██████████████████████▌
████████████████████████
░░▀████████████████████▀
░░░░▀████████████████▀
░░░░░░▀▀▀████████▀▀▀
  TomoChain  •    •  TomoChain 
░░░░░░▄▄▄████████▄▄▄
░░░░▄████████████████▄
░░▄███████████████████▄
███████████████████████
▐████████████████████████▌
█████████████████████████
█████████████████████████
█████████████████████████
▐██████████████████████▌
████████████████████████
░░▀████████████████████▀
░░░░▀████████████████▀
░░░░░░▀▀▀████████▀▀▀
bitcoinrocks
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
January 02, 2014, 04:22:40 AM
 #12249

Quote
can you get a timestamp from the file or some autid log that you can correlate in your web browser?

I'm actually working on that right now.
bitcoinrocks
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
January 02, 2014, 04:29:14 AM
 #12250

When was 0.4.8 released?
tk808
Legendary
*
Offline Offline

Activity: 1512
Merit: 1124


Invest in your knowledge


View Profile
January 02, 2014, 04:32:38 AM
 #12251

When was 0.4.8 released?

Yesterday
Uniqueorn
Full Member
***
Offline Offline

Activity: 182
Merit: 100

NXT.org


View Profile
January 02, 2014, 04:38:55 AM
 #12252

Are we sure it is Drexme?
If so, I have his real name. Pretty stupid if he really did it.
bitcoinrocks
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
January 02, 2014, 04:39:47 AM
 #12253

I'm confused.  The timestamp on my bad client zip is Dec 31 11:43.  That VPS runs on UTC time and I can see that its time is correct.  Converting that to my local time, that would put me on the computer really early in the morning which my browser logs tell me I was not.  I just checked with my wife to confirm and she says I was not up that early yesterday.  I'm still thinking this over.
opticalcarrier
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
January 02, 2014, 04:40:10 AM
 #12254

well at this point I think we all need to stop and take a step back and determine how to best handle new client releases moving forwards.
CfB had to stop using his DL link due to bandwidth problems.  Maybe dev team needs to run a dedicated VPS to host releases on?  Maybe the unused coins can go to fund that?

Obviously all WWW/info/forums/WIKI sites need to be updated with VERY STRONG LANGUAGE regarding checksums

My suggestion is for when dev team releases a new client, to post in this thread a reply with a link and checksums. then any site out there that wishes to host the file should also post a link back to the thread where the new client was released so the downloader can see the checksum?

Any more thoughts on how to best mitigate this theft risk?
tk808
Legendary
*
Offline Offline

Activity: 1512
Merit: 1124


Invest in your knowledge


View Profile
January 02, 2014, 04:44:46 AM
 #12255

well at this point I think we all need to stop and take a step back and determine how to best handle new client releases moving forwards.
CfB had to stop using his DL link due to bandwidth problems.  Maybe dev team needs to run a dedicated VPS to host releases on?  Maybe the unused coins can go to fund that?

Obviously all WWW/info/forums/WIKI sites need to be updated with VERY STRONG LANGUAGE regarding checksums

My suggestion is for when dev team releases a new client, to post in this thread a reply with a link and checksums. then any site out there that wishes to host the file should also post a link back to the thread where the new client was released so the downloader can see the checksum?

Any more thoughts on how to best mitigate this theft risk?

Always check the HASH of the zip file before you unzip it. Match it with the hash of the posters download.
If the person doesn't post the original hash, i'm not downloading.

That's what i've learned and going to start doing every new release.
Uniqueorn
Full Member
***
Offline Offline

Activity: 182
Merit: 100

NXT.org


View Profile
January 02, 2014, 04:46:02 AM
 #12256

well at this point I think we all need to stop and take a step back and determine how to best handle new client releases moving forwards.
CfB had to stop using his DL link due to bandwidth problems.  Maybe dev team needs to run a dedicated VPS to host releases on?  Maybe the unused coins can go to fund that?

Obviously all WWW/info/forums/WIKI sites need to be updated with VERY STRONG LANGUAGE regarding checksums

My suggestion is for when dev team releases a new client, to post in this thread a reply with a link and checksums. then any site out there that wishes to host the file should also post a link back to the thread where the new client was released so the downloader can see the checksum?

Any more thoughts on how to best mitigate this theft risk?

Always check the HASH of the zip file before you unzip it. Match it with the hash of the posters download.
If the person doesn't post the original hash, i'm not downloading.

That's what i've learned and going to start doing every new release.

but aren't the hashes different in every release?
xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
January 02, 2014, 04:46:29 AM
 #12257


That's a much nicer SHA-256 checker than the one I linked to -- everything in yours is done in the browser.  Nice.

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
January 02, 2014, 04:48:16 AM
 #12258

Any more thoughts on how to best mitigate this theft risk?

Distribute new releases on the blockchain?

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
bitcoinrocks
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
January 02, 2014, 04:50:36 AM
Last edit: January 02, 2014, 05:12:44 AM by bitcoinrocks
 #12259

I think I downloaded the bad client zip from here:

http://www.nxtcrypto.org/

(EDIT: No I didn't.  See my post below.)

I can't be sure yet and I still don't understand some of my timestamps, but I see in my browser logs that I accessed that page at around the time I updated to 0.4.8 and I'm pretty sure I remember using the link on that page.

EDIT: I think I even remember laughing about how silly it was that that page pointed to an IP address for the download.
tk808
Legendary
*
Offline Offline

Activity: 1512
Merit: 1124


Invest in your knowledge


View Profile
January 02, 2014, 04:52:01 AM
 #12260

well at this point I think we all need to stop and take a step back and determine how to best handle new client releases moving forwards.
CfB had to stop using his DL link due to bandwidth problems.  Maybe dev team needs to run a dedicated VPS to host releases on?  Maybe the unused coins can go to fund that?

Obviously all WWW/info/forums/WIKI sites need to be updated with VERY STRONG LANGUAGE regarding checksums

My suggestion is for when dev team releases a new client, to post in this thread a reply with a link and checksums. then any site out there that wishes to host the file should also post a link back to the thread where the new client was released so the downloader can see the checksum?

Any more thoughts on how to best mitigate this theft risk?

Always check the HASH of the zip file before you unzip it. Match it with the hash of the posters download.
If the person doesn't post the original hash, i'm not downloading.

That's what i've learned and going to start doing every new release.

but aren't the hashes different in every release?

On the Nxt Forums, the client download thread always has the new SHA-1 hash, of every release.
Pages: « 1 ... 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 [613] 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 ... 2557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!