Bitcoin Forum
November 18, 2024, 01:04:05 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 ... 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 [1193] 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 ... 2557 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2761608 times)
rriky92
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile WWW
January 25, 2014, 12:56:53 PM
 #23841

Code:
<form action="" method="post">
   <p>Amount: <input type="text" name="amount" /></p>
   <p>Fee: <input type="text" name="fee" /></p>
   <br>
   <p>Address:
   <textarea name="addresses" cols=40 rows=4></textarea></p>
   <input type="submit" name="submit" value="Submit" />
</form>
<?php
   
if(isset($_POST['submit']) )
   {
      
$array preg_split ('/$\R?^/m'$_POST['addresses']);
      
$countaddress count($array);
      for(
$i=0;$i<$countaddress;$i++){
      
$array[$i] = preg_replace('/\s+/'''$array[$i]);
      
$jsonurl "http://localhost:7874/nxt?requestType=sendMoney&secretPhrase=SECRET&recipient=".$array[$i]."&amount=".$_POST['amount']."&fee=".$_POST['fee']."&deadline=1440";
$json file_get_contents($jsonurl);
var_dump(json_decode($json));
}
   }
?>


I tried different times to send money using this script. I'm running XAMPP local on my machine. I tried http @ port 7874 and https @ port 7875. I think it's a problem with my passphrase. I have some quotes and other special characters in it. I also tried to make a backslash (\) before a quote (") because it's a PHP-string and maybe it doesn't like special characters like quotes. Doesn't work. I click the button and the page reloads and the form is empty. Any ideas?

You have to put * in web.xml under AllowedBotHost or something like this... i think it's not an error from the script cause in that case it should return an error, so maybe it's local host that can't handle API try with an online one or configure your local one,  or also local PHP is not working (maybe) cause something has to write when i insert a wrong server address php (in an online server) return me that he can't connect to that server address)

Zahlen
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
January 25, 2014, 12:57:56 PM
 #23842

http://www.nxtcrypto.org/

I don't know everyone who is behind this site - all of the contributors...

but, you have made it into something to be proud of.

Lots of hardworking shibes digging quietly behind the scenes to make Nxt shinier. We're proud, but we could also use some Nxt  Wink

Let's try to mention, and tip more people. I think QBTC is keeping servers running? But I don't hear her mentioned a lot.

rickyjames
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
January 25, 2014, 12:59:38 PM
Last edit: January 25, 2014, 01:26:34 PM by rickyjames
 #23843

Stolen NXT Now On Bitcoin Blockchain...And Gone!?!

As previously discussed here  ( https://bitcointalk.org/index.php?topic=345619.msg4656340#msg4656340 ), stolen NXT went on the move Jan 21 and Graviton said it was laundered thru Dgex by a "well known and reputable NXT community member".  As radio commentator Paul Harvey used to say, here's "the rest of the story"...

First of all, my apologies for Graviton for rushing into print using the juicy shock-value phrase "well known and reputable NXT community member".   Graviton didn't know I was going to do that, and I should not have.  As graviton later wrote to me, "I don't want to make it look like I'm suspecting or even setting up XYZ by assuming the identity instantly so strong as it looked like. My position is neutral - the wording about the thief being a prominent community member was wrongly chosen in haste, not anticipated for public distribution."  So...I'm sorry, Graviton.  

A forensic investigation should deal solely with facts and purge emotion as much as possible.  I fell short of that standard.

So here are the facts as gathered by Graviton on Dgex use in laundering the stolen NXT:

******** BEGIN GRAVITON PM TO OPTICALC, RICKYJAMES AND SALSACZ ***********************

I do not expect a reply from the NXT thief any more after 30+ hours have passed from my contact, so here is the data I have available. I trust you make of it what you can, if anything;

Account number: 9550
Account established: Jan 19th
IP Address: 188.132.251.194 (did not change)
Account holder email: salsacz@outlook.com (is delivered to, but does not reply - not surprisingly)
Deposited 284634 NXT from 2647797480528736696 on Jan 19th
Quick sold everything after deposit confirmed 2014-01-20 09:23 to 2014-01-20 09:34
Withdrew through instant cashout when it came available 2014-01-20 11:37 to 2014-01-20 12:22 in 7 payments (max system limit 3 BTC at once) to bitcoin address 13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH
---
I hope the information helps you some forward, although you were probably expecting more than this.

The content of this message is ok for public release.

Regards,
Graviton

******** END GRAVITON PM TO OPTICALC, RICKYJAMES AND SALSACZ ***********************

So, do I believe Salsacz distributed Trojan clients weeks ago and opened up a new Dgex account in his own name to launder stolen NXT?  No, I do not.  Way too obvious.

I believe this is a setup or frame job, a last twist-of-the-knife joke by somebody who is a reader of this forum.  So in that sense, it is still an inside job.

I've checked a few other things and I'm pretty much at a dead end.  

Epic Thomas has not been on Bitcointalk since Jan 16, so if he's watching all of this and laughing, he's not using his old username.  Somehow I don't think he's that smart.  So I personally don't think this is EpicThomas any more than I think it is Salsacz.

There are a few interesting things I've learned about 188.132.251.194.  It's in Turkey, but it seems to be owned by a Czech company called Mars Global Datacenter Services located at Probrezni 118, Prauge, Czech Republic.  This is where you would have to go for the  server logs to determine who was behind the Turkish proxy on the day of the Dgex withdrawal...

It's curious to me that the computer used in the heist is owned by a company in the same city/country as the suspect it fingers.  Even moreso that they would try to frame a white-hat with experience in catching hackers who has dealt with thousands of cheaters ( https://bitcointalk.org/index.php?topic=345619.msg4322484#msg4322484 ).  

My own personal opinion is that Salsacz has done WAY too much for the NXT community to rob others of their NXT.  However, the way things sometimes work is that somebody around him could have seen Salsacz's enthusiasm for NXT and hatched a plot of their own.  But that is just rank speculation on my part, I will never know.

So much for the getaway vehicle's license plate number.  On to following the money.

Bitcoin address 13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH is registered at Blockchain.info, which is one of the biggest online Bitcoin wallets.  So the stolen NXT has been laundered into BTC, and here it sits, all $17,371.76 of it:

https://blockchain.info/address/13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH

So I wrote Blockchain.info an email:

************ BEGIN RICKYJAMES EMAIL TO BLOCKCHAIN.INFO ***************

My name is Ricky X and I am a resident of X, X, USA. My
 cell phone number is X.

I have been investigating the theft of large numbers of NXT coins through
 use of a Trojan software package that was used by at least five users. On
 Jan 20 the thief finally laundered the money through dgex.com to the
 following Blockchain.info address:


https://blockchain.info/address/13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH

I formally request that you freeze all funds this account until you can
 examine my chain of evidence and verify that I am telling you the truth.
 Once you have done so, I ask that you release to me the email address and
 cell number of the owner of this account.

Please let me know a direct email address to your security department and a
 ticket number for this request and I will provide further details
 immediately. Thanks for your help in investigating this theft.

-Ricky J. X

************ END RICKYJAMES EMAIL TO BLOCKCHAIN.INFO ***************

to which I got this response...


************ BEGIN BLOCKCHAIN.INFO EMAIL TO RICKYJAMES ***************

Ricky, Blockchain.info only deals in bitcoin, and no other altcoin. We also don't have any access to the funds in a user's wallet. This is due to the way our wallets work. A user controls his or her passwords and private keys, and Blockchain.info only stores the encrypted backups. We don't even know what public address are in a wallet, and a user doesn't even need to provide any type of personal information to setup a wallet. Sorry to hear of this, but Blockchain.info is unable to do any type of freeze on an account, especially since a user could easily import those private keys into any other wallet service available.

Mandrik | Blockchain.info Support


************ END BLOCKCHAIN.INFO EMAIL TO RICKYJAMES***************

As an aside, I never heard back from Bter.com.

So I am out of ideas and I think it is the end of the line for me.  I gave it my best shot.

As salsacz has noted, ( https://bitcointalk.org/index.php?topic=345619.msg4649481#msg4649481 ) I still haven't caught 1 thief or thief's Bitcointalk account or didn't find any new theft except of those who were found by others.  

That's kinda like Yoda's "Do or do not, there is no try".

Sigh, sometimes the bad guys win.  

A loss for us all, and a lesson to start from this point and do everything we can to strengthen NXT security, especially for new users that don't check SHA-256 of a client file or make a password longer than 11 characters.
google98
Full Member
***
Offline Offline

Activity: 360
Merit: 100


View Profile
January 25, 2014, 12:59:56 PM
 #23844

In the last few days i'm seeing a lot of newcomers to this thread, more than in the past.

Yes... and most importantly they are NOT trolls!!!   Wink

As far as I am concerned, you're right Wink

Would like to hear some vircurex news today...

evanxxx
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
January 25, 2014, 01:10:28 PM
 #23845

got a error with NRS 0.5.9, don't know whether it is a bug.

DEBUG: Failed to analyze hallmark for peer geodreieck.redirectme.net
okaynow
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


PGP 9CB0902E


View Profile
January 25, 2014, 01:17:00 PM
 #23846

Sigh, sometimes the bad guys win.  

NOOOOOOOOOOOOOOOOOOOO

got a error with NRS 0.5.9, don't know whether it is a bug.

DEBUG: Failed to analyze hallmark for peer geodreieck.redirectme.net

I'm also getting this with .5.10. Is it something serious?

1PeecNu1J8VNKpgR13nasMZWLcMZrwNJfc
kunibopl
Full Member
***
Offline Offline

Activity: 184
Merit: 100


View Profile
January 25, 2014, 01:22:21 PM
 #23847



There are a few interesting things I've learned about 188.132.251.194.  It's in Turkey, but it seems to be owned by a Czech company called Mars Global Datacenter Services located at Probrezni 118, Prauge, Czech Republic.  This is where you would have to go for the  server logs to determine who was behind the Turkish proxy on the day of the Dgex withdrawal...


is IP address known to bitcointalk.org?
BTW: who hosts bitcointalk.org?

NXT: 5231236538923913892
Jean-Luc
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250



View Profile WWW
January 25, 2014, 01:23:41 PM
 #23848

got a error with NRS 0.5.9, don't know whether it is a bug.

DEBUG: Failed to analyze hallmark for peer geodreieck.redirectme.net
No, this is not a bug. Ignore. The peer geodreieck.redirectme.net has a malformed hallmark and is being blacklisted because of that.

lead Nxt developer, gpg key id: 0x811D6940E1E4240C
Nxt blockchain platform | Ardor blockchain platform | Ignis ICO
Jean-Luc
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250



View Profile WWW
January 25, 2014, 01:26:16 PM
 #23849

Is there a lock in 5.10 in editing any *.html files in webapps? I always add a new title for the wallet (address of my site) and it wasn't possible to launch the client after this.

If there is, it's pretty smart of them!
No, there is no such change. The difference between 0.5.9 and 0.5.10 is extremely small, just a few lines of code related to the bugs mentioned in the changelog, nothing more.

It is nonetheless important that everyone upgrade to 0.5.10.


lead Nxt developer, gpg key id: 0x811D6940E1E4240C
Nxt blockchain platform | Ardor blockchain platform | Ignis ICO
plasticAiredale
Full Member
***
Offline Offline

Activity: 207
Merit: 120



View Profile
January 25, 2014, 01:29:47 PM
 #23850

Sigh, sometimes the bad guys win.  


Thanks yet again for looking into all this rickyjames. If anything it has been fun watching the chase even though it was fruitless. It is disappointing that they get away without consequence, but at least I can have some closure on the matter. Though the thief may want to keep an eye on his rear-view mirror, as who knows who is watching him and his trails.  It also is quite comforting that they laundered the stolen NXT at roughly $0.01 each, which means they couldn't hold onto the NXT long enough to cash out much later when it has reached its true potential, and worth much more. A thanks once again to the community who donated NXT and lessened the blow of the theft.

Hopefully we can put all this talk of hacks behind us now, as we move onto bigger and better things.
nexern
Hero Member
*****
Offline Offline

Activity: 597
Merit: 500



View Profile
January 25, 2014, 01:30:16 PM
 #23851

Nexern,

Are we on schedule for the 26th?


Pin

quick update.

client dev is fine so far but i am 3 days behind schedule. try to catch up. client size is within promised boundaries
atm ~850 kb. no external libs needed until now so click and run. tested on win7 and linux ubuntu, waiting
for a mac mini to deliver to test the mac port, so this is untested now but i don't expect problems here, perhaps
some font and clipboard adjustments (i am no native osx user).
msin came up with a very nice idea how to add a usefull reputation system based on AM, try to add this.

have refactored and externalized some modules like the language resource and settings file to enable multilanguage
more easy later just by adding the translations into a simple textfile.

the only part i am not satisfied is the data update structure. atm i choosed a complete unbuffered update struc but
for very large accounts (transfers/aliases) with thousands of entries the complete loading consumes much time.
while a average account is fully loaded within ~1 minutes on startup, a big one takes much longer.
therefore i am testing for partial updates, controlled by settings to allow enabling partial data download.
the best solution would be to store no data to the disk at all and keep everything within ram.

the logic for the asset exchange is already coded but no gui atm. start testing the assets on tuesday.
Passion_ltc
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


Crypti Community Manager


View Profile
January 25, 2014, 01:30:43 PM
 #23852

Please vote which feature you want to see next on nxtion.com!

Fatih87SK
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500



View Profile
January 25, 2014, 01:34:46 PM
 #23853

Nexern,

Are we on schedule for the 26th?


Pin

quick update.

client dev is fine so far but i am 3 days behind schedule. try to catch up. client size is within promised boundaries
atm ~850 kb. no external libs needed until now so click and run. tested on win7 and linux ubuntu, waiting
for a mac mini to deliver to test the mac port, so this is untested now but i don't expect problems here, perhaps
some font and clipboard adjustments (i am no native osx user).
msin came up with a very nice idea how to add a usefull reputation system based on AM, try to add this.

have refactored and externalized some modules like the language resource and settings file to enable multilanguage
more easy later just by adding the translations into a simple textfile.

the only part i am not satisfied is the data update structure. atm i choosed a complete unbuffered update struc but
for very large accounts (transfers/aliases) with thousands of entries the complete loading consumes much time.
while a average account is fully loaded within ~1 minutes on startup, a big one takes much longer.
therefore i am testing for partial updates, controlled by settings to allow enabling partial data download.
the best solution would be to store no data to the disk at all and keep everything within ram.

the logic for the asset exchange is already coded but no gui atm. start testing the assets on tuesday.

Nice! We are waiting for your screenshots as you promised. =)

pinarello
Full Member
***
Offline Offline

Activity: 266
Merit: 100


NXT is the future


View Profile
January 25, 2014, 01:35:37 PM
 #23854

13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH
                                            zC   CHURCH  

bitcoinpaul
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
January 25, 2014, 01:39:19 PM
 #23855


Salsacz has a different mail address. And, hell, would he be dumb if he used the same nickname for a fraud mail address  Grin
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
January 25, 2014, 01:40:19 PM
 #23856

13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH
                                            zC   CHURCH  

I would find it hard to believe that the "checksum" characters are relevant.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
google98
Full Member
***
Offline Offline

Activity: 360
Merit: 100


View Profile
January 25, 2014, 01:43:17 PM
 #23857

Do you guys have an explanation why the NXT trading volume is comparatively low over the last 2-3 days?

pinarello
Full Member
***
Offline Offline

Activity: 266
Merit: 100


NXT is the future


View Profile
January 25, 2014, 01:45:35 PM
 #23858

my digital ocean VPS Node IP 198.211.127.34 is being managed by laowai80  

I have not seen him on the forum for quite sometime....I also sent him an e-mail and he has not responded till now.

I know we have to upgrade Nodes to 0.5.10 by Jan 26th to avoid a network fork....I was planning to power off the droplet until I can sort this out.


Should I power the VPS off till I get it upgraded?



why cant he just upgrade?


barbierir
Hero Member
*****
Offline Offline

Activity: 515
Merit: 502



View Profile WWW
January 25, 2014, 01:46:49 PM
 #23859


So negative  Sad Welcome all new shibes nxters!  Cheesy

EDIT: barbierir, thanks for suggesting Diceware. I've added a link to it from the wiki page. If folks prefer such methods to be more prominent, you can format the page, or comment in the page's Discussion page. Just register and edit.

I've been lurking this thread since last week when I first read about Nxt Smiley

Just to make a comparison: the Electrum wallet for bitcoin generates a 12-words long passphrase using an internal dictionary of 1600 words, with Diceware you have 7776 possible words and you can make the passphrase as long as you like.

So math says that a 10-words Diceware passphrase is stronger than a 12-words Electrum wallet passphrase.

A possible option is to use a 20 words passhprase as a "safe" account to keep most of one's nexts and another one with 12 words as a "spending" account with a lesser amount, tough rationally speaking 12 is already an overkill!











◈▣ KOMODO ● Set Your Ideas Free ▣◈
.......AN ECOSYSTEM FOR NATIVE BLOCKCHAINS.......
Blockchain Generator | Decentralized Crowdfunding | Decentralized Exchange | Bitcoin Security | Zero-Knowledge Proofs | Blockchain Interoperability | Scalable Infrastructure
aorith
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
January 25, 2014, 01:46:55 PM
 #23860

Do you guys have an explanation why the NXT trading volume is comparatively low over the last 2-3 days?

hoarding currency

BTC: 1Pc2BrecisYLZ2FSFEgCn16ogTHjopqEey  LTC: LM1XBHF8Ccv2vdgh3kqCqPaGkWGhzRMxjw
NXT: 3946500435546198781
Pages: « 1 ... 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 [1193] 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 ... 2557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!