birr
|
|
October 08, 2016, 09:03:30 AM |
|
Lokgically, it doesn't make sense to say that it's ok to use mymonero.com, as long as you only store small amounts there. The site's unsafe whether you keep a dollar or a hundred thousand dollars there. But the attacker or attackers go after the big accounts and leave the small ones untouched.
|
|
|
|
|
|
|
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
CryptoSporidium
|
|
October 08, 2016, 10:49:25 AM |
|
Lokgically, it doesn't make sense to say that it's ok to use mymonero.com, as long as you only store small amounts there. The site's unsafe whether you keep a dollar or a hundred thousand dollars there. But the attacker or attackers go after the big accounts and leave the small ones untouched.
How many reports of mymonero hacks have there been? If there's been a lot, and they're mostly large balances, then that's cause for concern, and the statement posted on the fake site is raising serious allegations, so it would be good to catalogue all these mymonero hacks in an attempt to find out the scale of what's exactly happened, and how it happened. Edit: has anyone reported the fake mymonero site to any law enforcement?
|
|
|
|
elrippo
Legendary
Offline
Activity: 1008
Merit: 1001
|
|
October 08, 2016, 01:36:39 PM |
|
capital ONLY goes were their money is SAFE. No one will invests in Africa
Capital only goes where it's safe, eh? Have you never heard of VC? (I'll save you having to google that, it stands for venture capitalism?). No-one invests in Africa, eh? I suppose in your mind, $billions invested by Chinese doesn't count? Typical forum response all insults and no facts. You said capital only goes where money is safe. He pointed out places where lots of capital has gone where money isn't safe. Dude it's called an argument. Yea he highlighted the part to justify his insults. But that was not the complete sentence which is "were there's no rule of law and corrupt Govt. See, that meth is messing up his reading comprehension. So your argument is that the USA (aka western SAFE world) has rule of law and government that is not corrupt? That part wasn't intended as irony? The USA is the prettiest of the three ugly sisters. If you look at the world the US only, not western nations, is the safest. It will catch up but it will be the last to go. USA is the the core economy in the world and it always collapses from the outside toward the inside. Weakest go first. MUUUUAAAAAAHHHHAAAAAAHHHHHHAAAAAAA In the US cops shot 2015 more people, than in the whole EU for the last 30 years. The US has no economy, it is mostly based on bubbles, besides your meat production and the military industrial complex. There are more US soldiers abroad the US than in their own land. The only thing why the US is still standing, is the PetroDollar, without that the US would not have an economy Wow,so many myths. True cop shootings are high but in a free nation where citezin own the guns, that's to be expected. Oppose to the EU that outlaw guns to keep the citezens slaves!. I believe that was Hitlers first law, outlaw guns. That was the purpose the the US 2nd amendment, to keep Govt in Check, not so much lately, unfortunately. Bubbles are capital concentration, if there is a hot market, I'm there to get a piece so are a billion others. When there are no more buyers and the first sign of danger people sell and down it goes and move on to the next opportunity. Look at your own crypto land capital is moving from one coin to the next but of coarse you'll claim it's all rigged. Lastly, the US is the number one oil producer with 12 bbl a day, don't believe me, check it out. The reason the dollar is in demand is because all commodities have to be bought with dollars and all govt have to hold dollars in reserve. You should really have the facts so not to embarrass yourself. To your first argument: In the EU people also own guns, probably more than one would expect, still in the UK 7 people were shot by LE-officers in 2015, in the US that isn't even a daily count. Personally i am in martial arts for a few decades now, and the only influence for violence is violence. So if you are violent, than you will receive violence, quite simple. I tend to agree, that for defensive actions you sometimes need weapons unconcerned which type, my best one until now is and was a brief and short conversation. You mentioned the Nazi regime under Adolf Hitler. Well, the end of the story is well known, but the legal action against the regime are the Nuremberg Trials. The base argument for the prosecution against the Nazi regime was the offensive war against other countries, the crime against freedom and the crimes against humanity. Let us think back how many Wars the US started directly or indirectly against other countries.... --> There are a few, and there are present studies that the US directly or indirectly started 83-to94% of the wars displayed on this planet. For that, and another more reasons, i do not like the US War "Defense" Department and the politicians making laws to secure their own citizens with firearms or other weapons, because this is a very hostile attitude. Honestly, Defense Department and US.... --> Who really ever attacked the US? So, weapons do not secure peace, they only secure aggression following the state of mind of a weapon holder, sadly and mostly. To your second argument: Please read the main income of the US. It is a bubble, was a bubble and most likely will be a bubble. Yes the US produces most of the Oil, that's why i mentioned the petro dollar, regardless where the Oil originally comes from. Not all commodities are traded or have to be traded in dollars, especially thinking of the EU and Russia, please think about that before you tend to embrass yourself. Also not all governments have to hold dollars reserves, they are free to do so, that's a small difference. The US is not the core economy in the world, it pretends to be that with it's military complex. Of course you can keep your dominating position with force for a certain level of time, but please bear in mind that history showed us hostile countries have all died pretty quickly at a certain point in their live. Back to crypto then it shall be
|
For Advertisement. PM me to discuss.
|
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4906
Doomed to see the future and unable to prevent it
|
|
October 08, 2016, 05:03:42 PM |
|
I too find it suspicious that only large accounts have been jacked and I know when I use it i use a shortcut so there is no way to type in an incorrect url.
AFA using any web wallet for storing large sums well tht is poor security on the users part but it does not mean the site is not compromised.
As I have stated before a 2 part auth should be added, I personally would like to lock it to my IP and or MAC. There are many 2 part methods that should be added.
Maybe Fluffy can get funded to add them?
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
MoneroMooo
Legendary
Offline
Activity: 1276
Merit: 1001
|
|
October 08, 2016, 05:39:56 PM |
|
As I have stated before a 2 part auth should be added, I personally would like to lock it to my IP and or MAC. There are many 2 part methods that should be added.
While generally useful, I'm not sure that'd help in this particular case: - If the server is compromised, and is sending compromised JS, that JS can probably disable such checks, as well as post away your private spend key to an attacker. - If the connection is MITM'd, same considerations apply. - If your computer is compromised, the attacker can do whatever it wants. Locking to IP and/or MAC would work if any tx has to go through the server, but that is not the case here. What would help is the ability to run known good Javascript only. So something like having the Mymonero website running on an HTTP server on your local machine, and connecting to the mymonero site as normal to get new txes and relay spends.
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4906
Doomed to see the future and unable to prevent it
|
|
October 08, 2016, 05:52:31 PM |
|
As I have stated before a 2 part auth should be added, I personally would like to lock it to my IP and or MAC. There are many 2 part methods that should be added.
While generally useful, I'm not sure that'd help in this particular case: - If the server is compromised, and is sending compromised JS, that JS can probably disable such checks, as well as post away your private spend key to an attacker. - If the connection is MITM'd, same considerations apply. - If your computer is compromised, the attacker can do whatever it wants. Locking to IP and/or MAC would work if any tx has to go through the server, but that is not the case here. What would help is the ability to run known good Javascript only. So something like having the Mymonero website running on an HTTP server on your local machine, and connecting to the mymonero site as normal to get new txes and relay spends. Nothing can protect 100% yes, but each additional layer will not only create larger hurdles for the attacker it will also allow for a narrowed forensic analyzation of the attack vector as opposed to the "well we don't know but we think maybe it was a phishing site" answer we have now. Sometimes you need to just shut off vectors to find the avenue and even by adding these the attacker will be aware that the scope of their attack will become known and may therefore not strike again. This is especially true of inside jobs. Doing nothing is the wrong answer.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
MR1
Legendary
Offline
Activity: 927
Merit: 1000
|
|
October 08, 2016, 06:00:55 PM |
|
As I have stated before a 2 part auth should be added, I personally would like to lock it to my IP and or MAC. There are many 2 part methods that should be added.
While generally useful, I'm not sure that'd help in this particular case: - If the server is compromised, and is sending compromised JS, that JS can probably disable such checks, as well as post away your private spend key to an attacker. - If the connection is MITM'd, same considerations apply. - If your computer is compromised, the attacker can do whatever it wants. Locking to IP and/or MAC would work if any tx has to go through the server, but that is not the case here. What would help is the ability to run known good Javascript only. So something like having the Mymonero website running on an HTTP server on your local machine, and connecting to the mymonero site as normal to get new txes and relay spends. So how is the tx transmitted to the XMR network if it does not go through the server?
|
|
|
|
MoneroMooo
Legendary
Offline
Activity: 1276
Merit: 1001
|
|
October 08, 2016, 07:23:09 PM |
|
So how is the tx transmitted to the XMR network if it does not go through the server?
It does go through the server. But it does not *have* to. That is, if an attacker were to compromise some part of the chain from client to server, the attacker could induce the client to generate a transaction which would be relayed to the Monero network without going through the server.
|
|
|
|
dEBRUYNE
Legendary
Offline
Activity: 2268
Merit: 1141
|
|
October 09, 2016, 06:47:22 PM |
|
|
|
|
|
nioc
Legendary
Offline
Activity: 1624
Merit: 1008
|
|
October 09, 2016, 07:42:17 PM |
|
It has been moved to funding required. Let's go guys.
|
|
|
|
nioc
Legendary
Offline
Activity: 1624
Merit: 1008
|
|
October 09, 2016, 09:07:20 PM |
|
It has been moved to funding required. Let's go guys. Fully funded, that was quick.
|
|
|
|
Chronobank
|
|
October 09, 2016, 09:40:34 PM |
|
It seems, anonymity again becomes an important part of our lives - Xmr - Nav - Sdc. An interesting trend....
|
|
|
|
ArticMine
Legendary
Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
|
October 09, 2016, 09:56:29 PM |
|
This was over subscribed, in a very short period of time. Many thanks to all who contributed.
|
|
|
|
explorer
Legendary
Offline
Activity: 2016
Merit: 1259
|
|
October 09, 2016, 10:49:58 PM |
|
This was over subscribed, in a very short period of time. Many thanks to all who contributed. what happens to the overage? revise contract to suit? These requests are funding before I see them!
|
|
|
|
nioc
Legendary
Offline
Activity: 1624
Merit: 1008
|
|
October 10, 2016, 04:01:49 AM |
|
This was over subscribed, in a very short period of time. Many thanks to all who contributed. what happens to the overage? revise contract to suit? These requests are funding before I see them! I believe the overage is used for development at the discretion of the devs. There was at least one time that funds were raised for work that was not done and it was later used to fund another request that was approved by the community. Yes this one was funded quickly, in about an hour. I saw the proposal shortly after it was posted and was lucky enough to be able to contribute. There is another proposal coming probably tomorrow for funding of the i2p, kovri project. I know nothing of the details. If I see it before you I can donate an amount of your choosing in your name and you can pay me back later.
|
|
|
|
canth
Legendary
Offline
Activity: 1442
Merit: 1001
|
|
October 10, 2016, 02:56:46 PM |
|
Damn If I waited 2 days I would have had more dust to play with! ...
Ya know the only Time I've ever seen Canth was the Brown Dragon in Pern, you wouldn't have to have read that have you? I've been meaning to ask you that forever and never had the keyboard handy. It's the only place I've seen the name used as well, except for typos. I think I must have read at least 20 of Pern books when I was a kid - glad to see a fellow fan.
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4906
Doomed to see the future and unable to prevent it
|
|
October 10, 2016, 03:39:52 PM |
|
Damn If I waited 2 days I would have had more dust to play with! ...
Ya know the only Time I've ever seen Canth was the Brown Dragon in Pern, you wouldn't have to have read that have you? I've been meaning to ask you that forever and never had the keyboard handy. It's the only place I've seen the name used as well, except for typos. I think I must have read at least 20 of Pern books when I was a kid - glad to see a fellow fan. I think when I read them there was the first 3 and then later I read the firelizard ones but I didn't know there were more, I think I'll see if I still have them and do a re-read. I'm not sure if I'd like them as an adult but when I was a kid they enthralled me. Would definitely make a good movie.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
dEBRUYNE
Legendary
Offline
Activity: 2268
Merit: 1141
|
|
October 10, 2016, 04:07:02 PM |
|
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4906
Doomed to see the future and unable to prevent it
|
|
October 10, 2016, 06:02:58 PM |
|
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
October 10, 2016, 06:28:28 PM |
|
Hes asking for 34 dollars an hour right? I don't know how experienced and effective of a software developer he is, but if he is experienced and effective that sounds around about a market wage for that line of work.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
|