Alternative Block Chains : be safe!

[Lowlander]

necromancers...

[1713463143]

1713463143

[Simran]

Most of the new coins coming out daily are created by ignorant developers. Now that's scary.

[Hfleer]

A lot of these coins are just pump and dump.

[kano]

A lot of these coins are just pump and dump.

Which ones aren't?

[Welsh]

Very good advise here, even though I don't believe on using alternative currencies to Bitcoin.


There are a number of virtual programs which can be installed for free, and they are also safe and pretty reliable.
Also very easy to setup, google on how to setup. It takes no longer than 5 minutes.

[erk]

I think FTC had a block chain split from a 51% attack around block 33,000. No slow block rate from the high diff helped the attacker.

[ProfMac]

A lot of these coins are just pump and dump.

Which ones aren't?

What is your opinion on Bytecoin, released on April 1?

[kano]

A lot of these coins are just pump and dump.

Which ones aren't?

What is your opinion on Bytecoin, released on April 1?

"April 1"

[dmatthewstewart]

Thanks Gavin!

That is great advice and it includes the absolute basic measures that everyone should take. Since we are connecting right to someones server anything could happen. Well, not "anything". Im not going  to start mining and open an inter-dimensional portal.

This advice is especially prescient now that we see "the newest alt coin is here!" 20 times per day. (btw, is there a way to stop people from creating thousands of altcoins? I have been trying to just ridicule them but it is barely slowing them down)

Thanks again

[pinarello]

thank you

[JohnSy]

I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!"  (FUD == Fear, Uncertainty and Doubt)  But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.

When I first heard about bitcoin, my questions were:lots of fishy

1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?

I answered those questions by:

1) Reading and understanding Satoshi's whitepaper.  Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project.  I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.

If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.

If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:

1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.

[TECHICENINE]

look at Bytecoin a byte is bigger than a bit following that line of reasoning~hmm name dat remix?..thanks


EDIT : Lmao! looks like this is the BTE thread after reading haaa

[PsychoticBigBoy]

thank you

[Lethn]

I think these are perfectly legitimate concerns actually but the way I found out whether Bitcoin wasn't a scam and the way I find out anything else isn't a scam is this:

. Is it open source? If it's open source then that means people will be able to look at the code and find anything suspicious or even help to improve it if the developer is unwilling, it's very difficult to plant something bad if people can investigate it with a microscope

. Are the stores that are supportive of it just subsidiaries of the person who made the currency? Or are they independent and have accepted it willingly? This is usually a good sign that it has some actual worth, because they must have been convinced by something about the coin to accept it right?

. Does the developer regularly post updates or comments, do they chat and argue with other developers or users? Usually another good sign that the currency is going places and not just a con, if they just post it and abandon it for ages then chances are they're just looking for someone to click on the links

. Does the developer have a programming background? Have they done anything aside from this currency they've made? If they have, chances are they'll have the understanding of the source code needed to update and change it if bugs and glitches come out, they'll also usually have more respect for other peoples computers if they already work for a legitimate company

If you are an Anarchist/Libertarian :

. Does the currency have no ties to the current aristocracy, government or financial system? If so there's probably a better chance of it being legitimate than just a way to manipulate peoples wealth

[bob131313]

I think these are perfectly legitimate concerns actually but the way I found out whether Bitcoin wasn't a scam and the way I find out anything else isn't a scam is this:

. Is it open source? If it's open source then that means people will be able to look at the code and find anything suspicious or even help to improve it if the developer is unwilling, it's very difficult to plant something bad if people can investigate it with a microscope

Be careful here. As a coder, I can hide some pretty fancy run time code that calls a script from a server that can update with malicious intentions.

Or if I am really lazy, I can have an open source on git, but a private one that I compile from with the bad code.
You are not protected on most of these, the laziness of the stupid people copying/pasting the new alt-coins is the only thing that is protecting you.

If a group with the education/willfulness somewhat smarter then the average 15 year old coder decided to reek havoc on all of the folks that race to mine the alt-coin on launch; the damage wouldn't be measurable.

Thought experiment:
Pre-announce alt-coin
On release link to source on git. Publish a binary with hidden code.
Include code in binary to copy all wallet files from all altcoins traded on cryptsy.
On the server that the wallets are uploaded to, run a test to see if it is encrypted.
For unencrypted wallets send the coins to cryptsy/coins-e wallet and sell for btc/ltc.
Have code self-patch to remove the function call.
...
Wait a few months, rinse and repeat.


The above project can be done by anyone with coding experience in a matter of days.  You are not protected, please start being somewhat cautious.
 

HTH.

[reb0rn21]

Just out of interest was there any any coin/mining tool infected here in past?

I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap

[Joerii]

Just out of interest was there any any coin/mining tool infected here in past?

I knew few ppl that lost coins from Gox, BTC-e and they were "careful", even gmail verification have not helped, but i bet many mined alt crap

I've never heard of any real trojans or viruses in wallet releases yet. It seems walletstealers in coin.exes are a myth, propagated by false negatives from antivirus software.

[Luckybit]

I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!"  (FUD == Fear, Uncertainty and Doubt)  But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.

When I first heard about bitcoin, my questions were:

1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?

I answered those questions by:

1) Reading and understanding Satoshi's whitepaper.  Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project.  I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.

If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.

If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:

1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.

Multi-factor authentication for all please. Yubikey+Password, Cellphone+Password, Smartcard+Password, Biometric+Password.

Never trust a site which wants you to use a password alone. Never trust your keyboard or your operating system. Biometric hardware wallets will become increasingly important for security of crypto-finance in the future and I wish there were more robust hardware and API's for it.

I know Bitcoin is intending to support two-factor authentication but please consider supporting the latest biometric technology as well due to the ease of use factor.

[Luckybit]

Good advice.

Using an alternate cryptocurrency client would be a great way to get many people to install a hidden virus that targets Bitcoin users.

If you have a significant amount of Bitcoins, I wouldn't run other clients on the same computer until the alternates have developed trust over a longer period of time... I'm probably on the paranoid side of things though.

These new cryptocurrencies are interesting, and it will be fascinating to see how it will all play out.  

Ultimately someone should probably release a product, some hardware such as a thumb drive with an OS which runs in as a virtual machine and sell it to people. Then they just plug it in and install the latest alt-coin for testing. The thumb drive should also include biometric authentication and generate a one time password.

It would be the perfect hardware wallet in my opinion. No remembering passwords. You wouldn't even necessarily have to worry about losing the hardware wallet because the actual wallet could be backed up to the cloud or internet and downloaded again as it would be authenticated by your biometric signature which will not change even if you were to lose the device. It would be a combination of a Yubikey, 16-32GB hardware encrypted solid state drive, and finger vein recognition biometric authentication. Push one button and it backs up all your coins to your email, or to the cloud. Put your finger into the slot, enter the 4 digit pin, and you can make a transaction.

The reason for the pin is because someone might try to steal your money while you're asleep. Something you know, something you have, something you are.

[simplydt]

Some people only have one computer and that must suck. Fortunately I have multiple so I can use some of my alt-miners to do this safely.

Virtual machines ftw