newcn
|
|
January 02, 2014, 05:39:07 AM |
|
About my another account that was stolen: this account is my first account,and it has a weaker passphrase, so I left it, and almost never use it. the last time I logon with this account, if I remember it right, was 2013.12.30 09:05:27 GMT, when I assigned a few aliases. and at that time, the client I used should be 0.4.7e!!! so, friends, be careful about your account!!!!
When did you download the client? I shall look into it. I deleted former versions, it could be difficult since they all have the same name "nxt.zip"
|
BTC:1NzzfeHCgN8fF6mSG1UeBFCVd2cxKbGyHk NXT:13187911577562526278
|
|
|
PaulyC
|
|
January 02, 2014, 05:41:02 AM Last edit: January 02, 2014, 08:31:22 AM by PaulyC |
|
Is 17480583094667840121 your new account? That is not my account. Sorry that was directed to PaulyC. Hey sorry just saw this. That's very generous! thanks Gbeirn. I don't even know when I'll check if it's in there, I'm freaked until the *confirmed client.. hah Yes this account hasn't been compromised and has a strong 40+ random PW, I haven't used it since 4.7e! Edit** Decided as everyone should to start fresh new Acct# with the windows installer from Pg. 1. Check sum'd and Hash good. thanks to anyone who can contribute. NXT 14008664550450326382 I did get a pm from another poster who mentioned setting up a bounty for me, so I don't know what the protocol is here, sorry. thanks!
|
Doge Mars Landing Foundation (founder) Coined the phrase, "Doge to the Mars" and "Check that Hash!". Discoverer of the 2013 NXT nefarious wallet. Admin. FameMom [FAMOM]
|
|
|
newcn
|
|
January 02, 2014, 05:55:02 AM |
|
About my another account that was stolen: this account is my first account,and it has a weaker passphrase, so I left it, and almost never use it. the last time I logon with this account, if I remember it right, was 2013.12.30 09:05:27 GMT, when I assigned a few aliases. and at that time, the client I used should be 0.4.7e!!! so, friends, be careful about your account!!!!
I recalled another thing about the client, my 360safeguard(a security software on my PC) reported several times that java(or start.bat which start the client, I don't remember exactly) was uploading private information when I had the client running! the client version might be earlier than 0.4.7e!!! so, WARNING again!!!
|
BTC:1NzzfeHCgN8fF6mSG1UeBFCVd2cxKbGyHk NXT:13187911577562526278
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 06:05:21 AM |
|
I don't even know when I'll check if it's in there, I'm freaked until the *confirmed client.. hah
Yeah, I'm pretty freaked out too. Been using http://22k.io/-account/<account number> instead to check my account.
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
January 02, 2014, 06:08:24 AM |
|
So I guess this was the first confirmed NXTploit.
Don't hate me because I'm beautiful.
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
bitcoinrocks
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
January 02, 2014, 06:08:47 AM |
|
So basically we have 4 different people saying they got it from 3 different places.
1 person on a wget using the IP address 1 person from mega.co 1 person from nxtcrypto.org 1 person from nextcoin.org Since I got the bad client from an IP address via wget, the question is where did I get that link. mega.co isn't a possibility, correct? The only history my browser shows for nextcoin.org since I installed 0.4.8 is: https://nextcoin.org/index.phphttps://nextcoin.org/index.php/topic,797.0.htmlhttps://nextcoin.org/index.php/board,46.0.htmlhttps://nextcoin.org/index.php/topic,1588.0.htmlThose don't look like pages I could have copied the link from. That leaves nxtcrypto.org and I also think bitcointalk.org is a possibility. Since firefox brings visited pages to the top of the history list when they are re-visted (and I didn't realize this before) it may be impossible to say which one is the culprit at this point. HOWEVER, the first time I looked at the history list before things got rearranged, I thought it was nxtcrypto.org for sure. Since then the history has been altered so I can't double-check this but that was my first impression. Looking at the history, it is certainly also possible that I got the link from bitcointalk.org within the 0.4.8 discussion. IMPORTANT: I'm going to bed and there will be too many posts to catch up on by the time I wake up. Please PM me if there is something I should read. You can link me to posts if you like.
|
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 02, 2014, 06:18:16 AM |
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 02, 2014, 06:21:12 AM |
|
CfB
Architecture question.
All nodes run the same software, each maintaining synchronized copy of blockchain Your reflex objection to any secondary authentication is that it can only be implemented using some sort of centralized method, defeating the robustness gained from the distributed nature.
I have been thinking about this at a high level this afternoon, so I am sure not all the details are right, but conceptually if we can implement a "centralized" type of action when all the nodes are running the same software and replicating the same dataset, then authentication could be implemented in a distributed context.
Correct or incorrect?
James
Maybe. Do u have an example of an authentication flow? The description is quite vague.
|
|
|
|
|
2Kool4Skewl (OP)
|
|
January 02, 2014, 07:01:02 AM |
|
REGARDING NXT CLIENT EXPLOIT
Be sure to check the sha256 hash of your download with the official sha256 hash of NRS from Come-from-Beyond. On the main page, I only list the sha256 hash of the official NRS version from Come-from-Beyond. MAKE SURE THE SHA256 HASH OF YOUR DOWNLOAD MATCHES! Even if you download it from the link I provide on the main page, CHECK THE HASH TO MAKE SURE IT MATCHES! Download links can be compromised! BE CAREFUL!
All links to download NRS should point to Come-from-Beyond's post on Bitcointalk.org. Having separate locations hosting the client is a bad idea. Too many people then have access to modify the download link. Please make sure to delete all references to other NRS downloads from the website, nxtcrypto.org, the forums and the wiki.
To determine which NRS version contains the exploit, you need to run the sha256 hash of the download and compare it to the official sha256 hash I have listed in the first post. Please, do this and report your findings to the community. THIS IS OF UTMOST IMPORTANCE!
On linux the command to check the sha256 hash is:
sha256sum 'path_to_NRS_download'
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
January 02, 2014, 07:05:26 AM |
|
can anyone else see account # 14592641999125872769 on the explorer? if you search 408269093319763437 you will see the transaction that i used to send coins to it. But just an error when i try to look up the account.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 07:10:31 AM |
|
Block explorer gives me an error (yet works fine for my account), but 22k.io shows a 200 NXT transfer.
|
|
|
|
morningtime
|
|
January 02, 2014, 07:14:15 AM |
|
REGARDING NXT CLIENT EXPLOIT
Be sure to check the sha256 hash of your download with the official sha256 hash of NRS from Come-from-Beyond. On the main page, I only list the sha256 hash of the official NRS version from Come-from-Beyond. MAKE SURE THE SHA256 HASH OF YOUR DOWNLOAD MATCHES! Even if you download it from the link I provide on the main page, CHECK THE HASH TO MAKE SURE IT MATCHES! Download links can be compromised! BE CAREFUL!
All links to download NRS should point to Come-from-Beyond's post on Bitcointalk.org. Having separate locations hosting the client is a bad idea. Too many people then have access to modify the download link. Please make sure to delete all references to other NRS downloads from the website, nxtcrypto.org, the forums and the wiki.
To determine which NRS version contains the exploit, you need to run the sha256 hash of the download and compare it to the official sha256 hash I have listed in the first post. Please, do this and report your findings to the community. THIS IS OF UTMOST IMPORTANCE!
On linux the command to check the sha256 hash is:
sha256sum 'path_to_NRS_download'
And EVERYBODY needs to create COMPLETELY NEW ACCOUNTS with NEW PASSWORDS. Because your old one *might* have been compromised. I myself can't remember whether I used the wrong client, so I created a new account and moved my funds - JUST TO BE SURE. EVERYONE SHOULD DO THIS.
|
|
|
|
pandaisftw
|
|
January 02, 2014, 07:33:36 AM |
|
Hm, I wonder if target is going up because everyone is transferring to new accounts?
|
NXT: 13095091276527367030
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 02, 2014, 07:37:43 AM |
|
Regarding the unclaimed coins: Tomorrow is the very last day when legit owners can claim them! Hurry up!
|
|
|
|
landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
January 02, 2014, 07:48:27 AM |
|
Can we put in place a block on all previous clients (from inside blockchain) until the fresh secure client is release on an urgent basis?
|
|
|
|
|
laowai80
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 07:54:44 AM |
|
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like
1) SHA256 and Elliptic Curve algo broken: 0.0001% 2) Keylogger: 80% 3) Bogus client: 10% 4) Rogue node: 10%
yeah, so it was #3, I was leaning more towards #2, but oh well, #3 has a good chance too as it turned out, since all these automatic installation packages rolling out gave people a false sense of security, and they could download from any link that says 'nxt.zip' in it. Not all, but some do. It was a good lesson on security. It's good to know that SHA256 is still rock solid.
|
|
|
|
|