|
Jabulon
|
 |
March 02, 2014, 04:15:12 AM |
|
OMG Jabulon thank you!!! Was like pulling teeth to get that info here lol
Sorry I took so long. Was caught up in another conversation. Two additional things: clear the console history with the red button lower right when you are done. Exit debug window. The lock should appear open immediately, but you may still see the minting-suspended message for a few minutes. It should disappear in a few. That's fucking awful Soepkep, I was always worried about that issue. Left a warning yesterday in the thread. So yeah, Ctrl+L or just use the little red rectangle button lower right after you've unlocked. I think (hope and pray) the history is not retained elsewhere after you clear. Prob it's ok. But it's just sitting there in plaintext until you get rid of it. |
|
|
|
|
Soepkip
|
|
March 02, 2014, 04:15:46 AM |
|
Hey guys,Well. I'm kinda at a loss for words. After everything I've been doing karma still kicked me in the ass. Somehow my windows wallet got hacked, and (since i don't save passwords on my windows machine) i suspect they got my passphrase through the debug console. So a fair warning if you unlock your wallet: ALWAYS USE CTRL+L to clear it! I lost 27160 BC, and i'm really down about it seeing as that was my personal stash. I'd like to thank Aforis for helping me setting up a VMWare with Linux wallet. If you like the work I did in the past days, please consider a donation: B96Ma83Sbxq5HR6UsPtbGapi9s5ZRHjwNo I'm going to leave my computer now for a bit and hope i get motivated again to help the BlackCoin community out. I'm down, but not defeated. Sorry for your loss. What is Ctrl+L? I seriously have no clue how these hackers do it. Do you have an Antivirus/firewall? It's mind f****** CTRL+L clears the debug screen. If you type your passphrase out to unlock it'll remain shown if you don't use ctrl+L I'm also amazed in how they've done it. They must have targeted me very specifically. |
|
|
|
|
Collegestudent
|
|
March 02, 2014, 04:21:30 AM |
|
Cryptowallets need to be upgraded to be more user friendly, less cody so everyone can use it and more secure.
|
|
|
|
|
almightyruler
Legendary
 Offline
Activity: 2268
Merit: 1092
|
|
March 02, 2014, 04:30:24 AM |
|
Soepkip, your password could have been captured via someone remotely watching your screen, or just a simple keylogger. Ctrl-L will not thwart the latter, unfortunately.
I'm seriously thinking about setting up a dedicated machine as a cold wallet, which will stay powered off and physically disconnected 99.999% of the time. It will only be switched on to generate new receive addresses, send funds, or add a new coin. In addition, it will be firewalled so when powered on it will only communicate with a client on my local network. It will never be connected to the greater internet.
Most consumer computers do not contain any data that is of general value. That's now changing as cryptocoins become more popular...
|
|
|
|
|
|
Soepkip
|
|
March 02, 2014, 04:32:14 AM |
|
Soepkip, your password could have been captured via someone remotely watching your screen, or just a simple keylogger. Ctrl-L will not thwart the latter, unfortunately.
I'm seriously thinking about setting up a dedicated machine as a cold wallet, which will stay powered off and physically disconnected 99.999% of the time. It will only be switched on to generate new receive addresses, send funds, or add a new coin. In addition, it will be firewalled so when powered on it will only communicate with a client on my local network. It will never be connected to the greater internet.
Most consumer computers do not contain any data that is of general value. That's now changing as cryptocoins become more popular...
I scan my computer regularly (like 2 days ago) and nothing was found. That's the weirdest part about it. I was lucky to find my wallet back thanks to automatic backups. I also want to state that all Community Funds are save. |
|
|
|
|
Jabulon
|
|
March 02, 2014, 04:32:52 AM |
|
STRONGLY RECOMMENDED
In addition to immediately clearing the console history after you unlock, observe best-practices and don't even directly type in the unlock command, at least not the password part. Pull it from a password mgr, or if for some (bad) reason you don't use one, type it out in chunks in notepad, intermixed with garbage characters, then copy and paste chunk by chunk. If your computer has keylogging malware you could get seriously fucked otherwise.
|
|
|
|
|
y3804
|
|
March 02, 2014, 04:39:51 AM |
|
My personal tip: When I need to login / withdraw BTC, I usually use a virtual keyboard where you simply press the keys with your mouse. It's much safer as it doesn't record the keyboard
|
|
|
|
|
|
Jabulon
|
|
March 02, 2014, 04:42:19 AM |
|
My personal tip: When I need to login / withdraw BTC, I usually use a virtual keyboard where you simply press the keys with your mouse. It's much safer as it doesn't record the keyboard
Word. In fact the password mgr called Password Safe also has a virtual keyboard you can pull up anytime. This is great software, and it is free. |
|
|
|
dealwithitdoge
Newbie
Offline
Activity: 21
Merit: 0
|
|
March 02, 2014, 04:43:14 AM |
|
some sophisticated keyloggers can detect keystrokes from the on-screen keyboard
|
|
|
|
|
|
Jabulon
|
|
March 02, 2014, 04:45:04 AM |
|
some sophisticated keyloggers can detect keystrokes from the on-screen keyboard
Well, god damn. Then, yeah, USE A GODDAM PASSWORD MGR and don't type sensitive shit at all when you are online. |
|
|
|
|
Vann
|
|
March 02, 2014, 04:50:32 AM |
|
STRONGLY RECOMMENDED
In addition to immediately clearing the console history after you unlock, observe best-practices and don't even directly type in the unlock command, at least not the password part. Pull it from a password mgr, or if for some (bad) reason you don't use one, type it out in chunks in notepad, intermixed with garbage characters, then copy and paste chunk by chunk. If your computer has keylogging malware you could get seriously fucked otherwise.
+1 Never use the keyboard directly to type sensitive passwords. When I have to type a password, I use the Windows 8.1 on-screen keyboard which keyloggers can't pick up. |
|
|
|
|
|
Vann
|
|
March 02, 2014, 04:54:56 AM |
|
My personal tip: When I need to login / withdraw BTC, I usually use a virtual keyboard where you simply press the keys with your mouse. It's much safer as it doesn't record the keyboard
Word. In fact the password mgr called Password Safe also has a virtual keyboard you can pull up anytime. This is great software, and it is free. KeePass is another open-source alternative as well. BinaryClock from Dedicated Pools has a good tutorial YouTube video on this subject.- https://www.youtube.com/watch?v=ksTRQqDoWwE |
|
|
|
|
|
blade87
|
|
March 02, 2014, 04:56:48 AM |
|
After mining this, and a little bit of MINT (mining that again by the way), I am not sure I can ever go back to mining newly released scrypt PoW only coins. They're just so boring in comparison.
|
|
|
|
|
|
Jabulon
|
|
March 02, 2014, 04:59:49 AM |
|
And another general security tip for anyone new to this nasty business: With any user account on any service you use (gmail, facebook for starters) that offers 2nd-layer or 'OTP', be it in the form of Google Authenticator, Authy, etc., or an external hardware device like Yubikey, enable this feature. That said, yes, you can still get fucked in a variety of ways: http://imgur.com/uT3mjcObut please diminish the likelihood of it in any way you can. |
|
|
|
|
Soepkip
|
|
March 02, 2014, 05:07:29 AM |
|
And another general security tip for anyone new to this nasty business: With any user account on any service you use (gmail, facebook for starters) that offers 2nd-layer or 'OTP', be it in the form of Google Authenticator, Authy, etc., or an external hardware device like Yubikey, enable this feature. That said, yes, you can still get fucked in a variety of ways: http://imgur.com/uT3mjcObut please diminish the likelihood of it in any way you can. I have lost 1 BTC before due to a hack of my gmail. Since then i have different passwords for everything, use LastPass to keep track of them and use 2FA everywhere i can. EVERYWHERE i can. Maybe an awesome addition to the BlackCoin client: 2FA. |
|
|
|
|
binaryclock
|
|
March 02, 2014, 05:22:56 AM |
|
My personal tip: When I need to login / withdraw BTC, I usually use a virtual keyboard where you simply press the keys with your mouse. It's much safer as it doesn't record the keyboard
Word. In fact the password mgr called Password Safe also has a virtual keyboard you can pull up anytime. This is great software, and it is free. KeePass is another open-source alternative as well. BinaryClock from Dedicated Pools has a good tutorial YouTube video on this subject.- https://www.youtube.com/watch?v=ksTRQqDoWwE Thanks for spreading the word about security! It is very important! |
DEDICATEDPOOL.COM
|
|
|
|
Soepkip
|
|
March 02, 2014, 05:42:57 AM |
|
Hey guys,Well. I'm kinda at a loss for words. After everything I've been doing karma still kicked me in the ass. Somehow my windows wallet got hacked, and (since i don't save passwords on my windows machine) i suspect they got my passphrase through the debug console. So a fair warning if you unlock your wallet: ALWAYS USE CTRL+L to clear it! I lost 27160 BC, and i'm really down about it seeing as that was my personal stash. I'd like to thank Aforis for helping me setting up a VMWare with Linux wallet. If you like the work I did in the past days, please consider a donation: B96Ma83Sbxq5HR6UsPtbGapi9s5ZRHjwNo I'm going to leave my computer now for a bit and hope i get motivated again to help the BlackCoin community out. I'm down, but not defeated. Thanks so far to the people that have donated. It's just a little bit but it does lift my spirits! |
|
|
|
|
Jabulon
|
|
March 02, 2014, 05:44:03 AM |
|
And another general security tip for anyone new to this nasty business: With any user account on any service you use (gmail, facebook for starters) that offers 2nd-layer or 'OTP', be it in the form of Google Authenticator, Authy, etc., or an external hardware device like Yubikey, enable this feature. That said, yes, you can still get fucked in a variety of ways: http://imgur.com/uT3mjcObut please diminish the likelihood of it in any way you can. I have lost 1 BTC before due to a hack of my gmail. Since then i have different passwords for everything, use LastPass to keep track of them and use 2FA everywhere i can. EVERYWHERE i can. Maybe an awesome addition to the BlackCoin client: 2FA. It would be awesome, and would set a new industry standard. Like you I use second-factor authentication f'n everywhere: Gmail, facebook, twitter, and definitely with ALL crypto/Bitcoin related accounts. I would use it on my pools if they offered it, but none of them are there yet. Whaddya say BinaryClock, how about leading the way? (not that you aren't already, you must be on crack because clearly you are the man who never sleeps). |
|
|
|
|
Soepkip
|
|
March 02, 2014, 06:00:47 AM |
|
Heh, now i'm gonna patent that idea :p. You can buy it off of me for 27160 BC xD
|
|
|
|
bitwarrior
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
March 02, 2014, 06:05:59 AM |
|
Anyone here having a problem depositing BC at mintpal.com? Is there a thread going on with regards to this issue?
Thanks
|
|
|
|
|
|
