How to make a Bitcoin mining botnet? - Answers

August / September monthly report from v1docq47 (CCS + XRM.RU)

This is my monthly progress report (CCS.html) + XMR.RU).
Below is a list of what has been done and translated into Russian for two months of my work.

Monero Video (YouTube)

The following video posted on Monero Russian Community YouTube Channel.

Weekly News:

Short Q&A about Monero:

Monero into Russian (Translation)

The following articles / guides have been translated into Russian and posted on the XMR.RU website and my Github repository.
Note: If you would like to read the original article in English, then, open the article you are interested in, and at the end of each article you will find a link to the source.

Critical Decentralisation Cluster 36c3 (transcriptions (EN + RU) + translation (RU)):

01 - Monero Introduction (Diego "rehrar" Salazar) | Transcriptions - EN.md) / RU.md) / XMR.RU 02 - RIAT Introduction (parasew) | Transcriptions - EN.md) / RU.md) / XMR.RU 03 - Swiss Cryptoeconomics Assembly (polto, Ome) | Transcriptions - EN.md) / RU.md) / XMR.RU 04 - Namecoin Introduction (Jeremy Rand) | Transcriptions - EN.md) / RU.md) / XMR.RU 05 - Open Hardware developed at FOSSASIA (Mario Behling) | Transcriptions - EN.md) / RU.md) / XMR.RU 06 - Paralelni Polis (Juraj Bednar) | Transcriptions - EN.md) / RU.md) / XMR.RU 07 - Introduction to Replicant (dllud, Denis ‘GNUtoo’ Carikli)​ | Transcriptions - EN.md) / RU.md) / XMR.RU 08 - Open Source Hardware and OSHWA (Drew Fustini) | Transcriptions - EN.md) / RU.md) / XMR.RU 09 - ImplicitCAD (Juila Longtin) | Transcriptions - EN.md) / RU.md) / XMR.RU 10 - Program in Detail | Transcriptions - EN / RU / XMR.RU 11 - about:freedom (Bonnie Mehring, Blipp)​ | Transcriptions - EN.md) / RU.md) / XMR.RU 13 - Funding Models of FOSS (Diego “rehrar” Salazar) | Transcriptions - EN.md) / RU.md) / XMR.RU 14 - The Sharp Forks We Follow​ | Transcriptions - EN / RU / XMR.RU 16 - P2P Trading in Cryptoanarchy | Transcriptions - EN / RU / XMR.RU 17 - Monero’s Adaptive Blockweight Approach to Scaling | Transcriptions - EN / RU / XMR.RU 18 - Nym (Harry Halpin)​ | Transcriptions - EN.md) / RU.md) / XMR.RU 19 - Digital Integrity of the Human Person | Transcriptions - EN / RU / XMR.RU 20 - cyber~Congress (Sergey Simanovsky) | Transcriptions - EN.md) / RU.md) / XMR.RU 21 - KYC & Crypto-AML Tools (polto) | Transcriptions - EN.md) / RU.md) / XMR.RU 22 - Parallel Polis, Temporary Autonomous Zones and Beyond | Transcriptions - EN / RU 23 - MandelBot:HAB - Open Source Ecotecture and Horizontalism | Transcriptions - EN / RU 24 - Adventures and Experiments Adding Namecoin to Tor Browser | Transcriptions - EN / RU 25 - Fair Data Society (Gregor Zavcer) | Transcriptions - EN.md) / RU.md) / XMR.RU 45 - Designing a Communal Computing Interface | Transcriptions - EN / RU / XMR.RU 47 - Hackatoshi’s Flying Circuit | Transcriptions - EN / RU / XMR.RU

Zero to Monero - Second Edition

https://www.overleaf.com/read/hcmqnvgtfmyh - Chapter 00 - Abstract - Chapter 01 - Introduction - Chapter 02 - Basic Concepts - Chapter 03 - Advanced Schnorr-like Signatures

Monero Outreach Articles

Getmonero.org Posts Blog

LocalMonero Articles

Note: You need "Change Language" to Russian - Why Monero Has A Tail Emission - How CLSAG Will Improve Monero's Efficiency - How Monero Solved the Block Size Problem That Plagues Bitcoin - How Ring Signatures Obscure Monero's Outputs - Monero Best Practices for Beginners - Monero Outputs Explained

Monero Meeting logs

CCS Result / Report

Monero News

Other Articles

Pull / Merge Request

Monero Project Translations (Weblate)

Thanks for your support!
submitted by v1docq47 to Monero [link] [comments]

Heres some proof about sigma not being a trojan and omikron client proof from the sigma creator andro

The high GPU usage is due to the GPU acceleration or the UIs. And this is not comparable to other person's GPU usage since every GPU behave differently. You can compare this usage with vanilla 1.15.2's GPU usage. In my personal case, it's about +1~8% higher.
And the overall performance loss over the 1.8 clients is due to the 1.15 itself, the heavy UI, the missing optimisations (performance update soon), the obfuscation, etc
Some people are saying that "conhost.exe" is a malware... It's actually the console process spawned by java.exe which is used by Sigma (instead of the javaw.exe, the window version of java.exe without the console, that is mostly used for Minecraft).
Fun fact: Badlion client and Lunar client are also spawning conhost, and they aren't getting called out as malwares.
Here's a great explanation of what it is: https://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

And Omikron client was not a bitcoin miner, here's the copypasta :
Omikron client didn't have any btc miner / rat / botnet or whatever. The thing running in background was a system to validate the usage of the auto alt / proxy from other computers. Therefore, if you used auto alt / auto proxy, your computer among others validated in some sort of P2P the usage of alts / proxies. If >50% of computers says that a "transaction" is good, it was validated. Omikron decided to do that to counter the abuse of auto alt / auto proxy.
But ofc you could disable that autorun in Omikron Client's setting. And it was clearly written in the client that it would autorun (but no body really read it) if you use auto alts / auto proxy.
Edit, another copypasta:
I know, this is missleading. In the code, finding alts is refenrenced as "mining" them because you have this usepass combo and sometime yay ! Its a working minecraft alt ! The whole problem about all this drama is that its old code written when the client was "ghost client" and putting it in a .m file intead of .minecraft, having the package not named omikron, not using omikron domain name in the code was a good idear to prevent memory scanning cheating software such as BLSquad to find "omikron" but as you can tell it has bring more trouble that anything. You shoudn't be scared, your cpu isn't and wont be used to mine crypto or any unwanted activity and you will soon be able to chose if you want the service to run. In the next release, beside the fact that all of this was moved to .minecraft/Omikron, using proper domain name etc, you will be able to choose if you are using the client and want the background service running to find alts or if you have the client installed but not using it you will be able to disable the background service.
The video that is spreading about Omikron client is only proving that it downloads an autorun, and runs it in the background, which is intended.

Be careful of people trying to spread that Sigma could be a virus. Most of the time, they're made up by people who are clueless and don't know about what they're talking about (ex: conhost).
submitted by Vardenisss to minecraftclients [link] [comments]

Why is the RandomX algorithm being hyped to the moon?

TL;DR: don't assume the average return from mining RandomX will be higher than the current CryptonightR algorithm. Hold back your excitement for now.
I think we all need to bring something to our attention. Over the last month, there have been so many topics and comments here on MoneroMining about the new 'RandomX' algorithm. This algorithm is supposed to be launched a couple of months from now.
There are many questions like "is this a good hashrate for my CPU"? "What's your power usage on RandomX"? "How can I tune my CPU for RandomX"? "How would the algorithm perform on this hardware"? I think these are great constructive comments that are at the heart of what miners stand for. We miners love optimizing our rigs and educating ourselves on technological trends.
But I've noticed many questions such as "what parts should I buy for a RandomX mining rig"? "Is an AMD Ryzen 9 3900x a good investment"? "What parts will give me the most profit when RandomX launches"? Many of these questions are asked with very little research.
I think there's a gold fever brewing behind some of these comments. The kind of motives that have bankrupted many miners in the past bubbles.
As we have seen in 2014 and 2018, anybody who enters the crypto industry with an 'I want easy profit' attitude almost always goes bankrupt. They buy coins or hardware at the peak of the bubble. Sometimes they get lucky and sell their coins or rigs right before the crash (only to get burned in a future bubble later). But most of the time, these new users lose most of their investment.
As a veteran miner, a lot of alarm bells ring in my head when I read these kinds of RandomX hype posts.
I have no reason to think CPU mining will be more profitable on RandomX than on the current CryptonightR.
In the GPU mining community, I have the feeling that there's a lot of resentment over the 2018 crypto recession and the whole 'ASIC miner invasion'. I think people here are feeling burned over their losses last year and the evil ASIC takeover, and want an opportunity for the little guy to start mining again. So we're falsely seeing the RandomX ray of hope as a floodlight, and getting overexcited.
And in general, the ordinary person cannot make a significant, steady profit in the crypto mining industry. The guy who wrote that thread is very rich and even 100 GTX 1080 Ti's cost nothing to him. The reason he became wealthy is because he avoided get-rich-quick gimmicks back in the day (like the dotcom sites) and focused on learning technology for the future. Mining will not make you rich, and especially not RandomX coin tossing.
If you love RandomX, build your rig now, keep benchmarking and undervolting and have fun at it. But if you just want profit, wait until RandomX is up and running. And consider all the risks involved with a new algorithm and commercial mining in general.
So I hope we can all reconsider whether we're excited about RandomX for the right reasons. Let's try to avoid jumping to conclusions about profitability and hold off on the Newegg 'checkout' button. Even though 12 cores at 70 watts sounds awesome. Happy mining!
submitted by Hammereditor to MoneroMining [link] [comments]

Weird attack attempt on my server, should I be worried?

I keep getting random login attempts on my SSH, but what's weird is that they arn't trying very hard or very fast, and they are trying very random usernames, like it seems to me if they were truly brute forcing they would be trying root or my name or things that would be more likely to be valid and not random words/letters. They get blocked for 2 hours after 3 tries by fail2ban, and have about 20 or so IPs that they are rotating through, but the fact that the effort seems so low has me wondering, could this be some kind of byproduct of a bigger attack I'm just not seeing? Like exploiting some kind of vulnerability but it just happens to also trigger those log entries?
This also appears to be targeted, because my SSH is on a non standard port, so it's not just random bots or anything, as I doubt those bother to scan every single port, they just look for port 22 and go for low hanging fruit. I mean I suppose it could be a random attack but it just seems more targeted given they bothered to do a full port scan. I very rarely get login attempts but my phone has been lit up all day. I have 31 blocked IPs as I type this.
I don't see anything else weird though... but I have been getting lot of threatening emails saying my email is hacked and they want bitcoin (it's hosted on that same server) but the passwords they are telling me they used are wrong. Though some of them are my old passwords for other web services that I've since changed. Basically they say they have webcam footage of me watching porn and I don't even have a webcam, nor watch porn. (serious, I'm Christian) But I'm more worried about the idea that they might somehow be getting into my server and are just good at hiding their traces. As far as I know these emails are mostly just scams but do wonder what kind of effort they are actually doing to hack people. I mean if they really do get in and actually do find discriminate info then they have even more ammunition.
Should I be worried? I'd like to think that I run a rather tight ship, but I'm no security expert especially when it comes to the more advanced hacking like where they can send specially formatted packets that start to do all sorts of weird stuff. Like looking for 0-day exploits etc. I understand there's way more to security then just having a good firewall and brute force protection and strong passwords and all that. Real hacking actually bypasses all of that completely by finding a flaw in the firewall, software, etc.
Also one log entry kinda weirded me out, I forget the exact line, but it was basically a disconnection notice, but the IP was nowhere else! Normally the client connects, tries to login, fails, disconnects so you see the IP show up for those actions. But this particular entry was just a disconnection, and that's it. I even did a grep search for the IP address in case it was very far up in the log or something but did not find anything. How would this happen? I tested what happens if I just telnet to the port and disconnect, but I get a different message.
EDIT / May 8 2019: Changed the SSH port last night (over 24h ago) and the attacks stopped... obviously not a "fix" but it's nice to see the logs being quiet again... It also makes it slightly more plausible that it may very well be automated and not targeted. If it was targeted they would have found the new port by now.
I of course need to start looking at more serious mitigation for these sort of attacks. While fail2ban was doing it's job, I don't have a way of knowing if this attack was something bigger, like trying to exploit SSHD in a weird way or if this was some kind of distraction technique while they attack something else etc.
EDIT / May 20 2019: So no attacks so far after changing port. At one point I changed it back for fun and the attacks started immediately. This is very strange, as by now you'd think they would have scanned me and tried to find the new port, but they're still trying the old one. Starting to think it's a very low effort attack, maybe someone stuck a botnet against me and just left it as is. Who knows. Seems too odd for it to be random. Server has been up for years, why did it only start now? Anyway I'm not really worried anymore. I may also play around with adding more logging/honeypot related stuff on my server so I can block stuff before they even get a chance to try anything.
submitted by RedSquirrelFtw to security [link] [comments]

AMA: Ask Mike Anything

Hello again. It's been a while.
People have been emailing me about once a week or so for the last year to ask if I'm coming back to Bitcoin now that Bitcoin Cash exists. And a couple of weeks ago I was summoned on a thread called "Ask Mike Hearn Anything", but that was nothing to do with me and I was on holiday in Japan at the time. So I figured I should just answer all the different questions and answers in one place rather than keep doing it individually over email.
Firstly, thanks for the kind words on this sub. I don't take part anymore but I still visit occasionally to see what people are talking about, and the people posting nice messages is a pleasant change from three years ago.
Secondly, who am I? Some new Bitcoiners might not know.
I am Satoshi.
Just kidding. I'm not Satoshi. I was a Bitcoin developer for about five years, from 2010-2015. I was also one of the first Bitcoin users, sending my first coins in April 2009 (to SN), about 4 months after the genesis block. I worked on various things:
You can see a trend here - I was always interested in developing peer to peer decentralised applications that used Bitcoin.
But what I'm best known for is my role in the block size debate/civil war, documented by Nathaniel Popper in the New York Times. I spent most of 2015 writing extensively about why various proposals from the small-block/Blockstream faction weren't going to work (e.g. on replace by fee, lightning network, what would occur if no hard fork happened, soft forks, scaling conferences etc). After Blockstream successfully took over Bitcoin Core and expelled anyone who opposed them, Gavin and I forked Bitcoin Core to create Bitcoin XT, the first alternative node implementation to gain any serious usage. The creation of XT led to the imposition of censorship across all Bitcoin discussion forums and news outlets, resulted in the creation of this sub, and Core supporters paid a botnet operator to force XT nodes offline with DDoS attacks. They also convinced the miners and wider community to do nothing for years, resulting in the eventual overload of the main network.
I left the project at the start of 2016, documenting my reasons and what I expected to happen in my final essay on Bitcoin in which I said I considered it a failed experiment. Along with the article in the New York Times this pierced the censorship, made the wider world aware of what was going on, and thus my last gift to the community was a 20% drop in price (it soon recovered).

The last two years

Left Bitcoin ... but not decentralisation. After all that went down I started a new project called Corda. You can think of Corda as Bitcoin++, but modified for industrial use cases where a decentralised p2p database is more immediately useful than a new coin.
Corda incorporates many ideas I had back when I was working on Bitcoin but couldn't implement due to lack of time, resources, because of ideological wars or because they were too technically radical for the community. So even though it's doesn't provide a new cryptocurrency out of the box, it might be interesting for the Bitcoin Cash community to study anyway. By resigning myself to Bitcoin's fate and joining R3 I could go back to the drawing board and design with a lot more freedom, creating something inspired by Bitcoin's protocol but incorporating all the experience we gained writing Bitcoin apps over the years.
The most common question I'm asked is whether I'd come back and work on Bitcoin again. The obvious followup question is - come back and work on what? If you want to see some of the ideas I'd have been exploring if things had worked out differently, go read the Corda tech white paper. Here's a few of the things it might be worth asking about:
I don't plan on returning to Bitcoin but if you'd like to know what sort of things I'd have been researching or doing, ask about these things.
edit: Richard pointed out some essays he wrote that might be useful, Enterprise blockchains for cryptocurrency experts and New to Corda? Start here!
submitted by mike_hearn to btc [link] [comments]

Ransomeware Cyberattack Mega-Thread

Hi folks,
In light of the ongoing world-wide cyberattack/ransomware issue at the moment, we have decided to set up a mega-thread to contain all of the news and updates as things unfold. If you find new news or stories about the attacks, please do not submit them to the sub, please submit them here and I will periodically add the new links to a growing list. Pre-existing posts will remain but all new posts will be removed and directed here. Thank you to everyone who has posted and help spread the news so far!
EDIT: You can download the standalone update here directly from Microsoft.
SEE ALSO: /PCMasterRace discussion
(Sorted by newest first) (Updated May 15th 4PM (-8gmt))
Submitter Discussion Link
ManiaforBeatles Discussion Researchers see possible North Korea link to global cyber attack
jimrosenz Discussion Hardly Anyone Paying the Hackers? Because Using Bitcoin Is Hard
Ilikespacestuff Discussion The WannaCry ransomware has mysterious ties to North Korea
MBrandonLee Discussion The WannaCry ransomware attack was temporarily halted. But it’s not over yet.
OmahaVike Discussion Researchers: WannaCry ransomware shares code with North Korean malware - CyberScoop
swinglinefan Discussion The WannaCry Ransomware Hackers Made Some Major Mistakes
capcaunul Discussion WannaCry hackers had no intention of giving users their files back even if they pay
SuccessHook Discussion Microsoft says governments should stop 'hoarding' security vulnerabilities after WannaCry attack
zsreport Discussion WannaCry Ransomware: Microsoft Calls Out NSA For 'Stockpiling' Vulnerabilities
PCisLame Discussion Cyber attack latest: Vladimir Putin blames US for hack as thousands more computers hit by ransomware
PCisLame Discussion Worldwide ransomware attacks: What we know so far
bevmoon Discussion Worldwide cyberattack could spark more trouble Monday
marypin Discussion Microsoft’s response to widespread cyber attacks may make you WannaCry
dinesh848 Discussion What Is WannaCry, Who Is Affected, and Everything Else You Need to Know About It
destinyland Discussion Microsoft blasts spy agencies for leaked exploits used by WanaDecrypt0r
proto-sinaitic Discussion Microsoft calls out NSA, CIA for 'stockpiling of vulnerabilities' after major ransomware cyberattack
screaming_librarian Discussion Microsoft blames US Government for 'WannaCrypt' ransomware disaster
mikekavish Discussion Aftershocks May Last as U.S. Warns of Malware’s Complex Components
littleaurora Discussion If You Still Use Windows XP, Prepare For the Worst
temporarycreature Discussion Microsoft president blasts NSA for its role in 'WannaCry' computer ransom attack
PCisLame Discussion An unprecedented "ransomware" cyberattack that has already hit tens of thousands of victims in 150 countries could wreak greater havoc as more malicious variations appear and people return to their desks Monday and power up computers at the start of the workweek.
geekdad Discussion WCry/WanaCry Ransomware Technical Analysis
Blueismyfavcolour Discussion Revealed: The 22-year-old IT expert who saved the world from ransomware virus but lives for surfing
geekdad Discussion Microsoft's response to WannaCrypt
BlaqkAngel Discussion WannaCry - New Variants Detected
Greg-2012 Discussion 'Accidental hero' halts ransomware attack and warns: this is not over
Greg-2012 Discussion WannaCry ransomware: Researcher halts its spread by registering domain for $10.69
iliketechnews Discussion Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far
jb2386 Discussion Global ransomware cyberattack halted by a young engineer's opportunistic domain registration
mvea Discussion Defence Secretary unable to deny Trident nuclear submarines run on same outdated software hackers exploited to cripple NHS systems: 'I have complete confidence in our nuclear deterrent'
gankstar5 Discussion Cyber-attack threat escalating - Europol
Diazepam Discussion It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'
Captain_CockSmith Discussion For $10.69, British Researcher Slows Global Cyberattack
f0li Discussion A 22-year-old spent $11 and thwarted the global cyber attack
bulldog75 Discussion Ransomware attack reveals breakdown in US intelligence protocols, expert says
ManiaforBeatles Discussion A British researcher unexpectedly found and activated a "kill switch" to an "unprecedented" ransomware cyberattack that hit hundreds of thousands of computers around the globe at hospitals, government offices, transportation systems and major companies, including FedEx.
LazyProspector Discussion Global cyber-attack: Security blogger halts ransomware 'by accident'
f0li Discussion How to Accidentally Stop a Global Cyber Attacks
PCisLame Discussion Edward Snowden points blame at NSA for not preventing NHS cyber attack
ppumkin Discussion NHS Hit by Ransomware.. and many others too!
viperex Discussion A Massive Ransomware 'Explosion' Is Hitting Targets All Over the World
Mattroeing Discussion Cyber attack spreads across 74 countries; some UK hospitals crippled
Lettershort Discussion Microsoft patches Windows XP to fight 'WannaCrypt' attacks
Doener23 Discussion 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
gumgum_bazuka Discussion UK hospitals hit with massive ransomware attack
mikekavish Discussion Wanna Decryptor: what is the NSA 'atom bomb of ransomware' behind the NHS attack?
FortuitousAdroit Discussion Player 3 Has Entered the Game: Say Hello to 'WannaCry'
FortuitousAdroit Discussion Customer Guidance for WannaCrypt attacks; Microsoft releases WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003
middleeastnewsman Discussion NHS cyber-attack: Amber Rudd says lessons must be learnt
FortuitousAdroit Discussion 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
campuscodi Discussion Microsoft Releases Patch for Older Windows Versions to Protect Against Wana Decrypt0r
_JCDK Discussion PSA: Kill switch for WannaCry found and active.
bevmoon Discussion Researcher finds 'kill switch' for cyberattack ransomeware
HaroldSmith_1 Discussion Malware, from NSA documents, hacks computers worldwide
FortuitousAdroit Discussion Huge Ransomware Attack Spreads Across Globe: What to Do
jimmyradola Discussion Major Cyber-Attack Hits NHS - Hackers Demand Ransom £233
maxwellhill Discussion NSA Tools, Built Despite Warnings, Used in Global Cyber Attack
tellman1257 Discussion Full coverage of the massive ransomware attacks that hit hospitals across the world today, May 12, 2017 (Click the downward arrow to the left of "More" to see all headlines and tweets)
littleaurora Discussion Update your Windows systems now. Right now.
FortuitousAdroit Discussion Wcrypt 'ransom ware' infections over the last 24 hours
stupidstupidreddit Discussion Global extortion cyberattack hits dozens of nations
FortuitousAdroit Discussion Leaked NSA Malware Is Helping Hijack Computers Around the World
Imnaha2 Discussion Massive Global Ransomware Attack Underway, Patch Available
BauerHouse Discussion Massive ransomware cyber-attack hits 74 countries around the world
eye_josh Discussion What We Know and Don't Know About the International Cyberattack, NYT Live updates
Lighting Discussion Massive Malware Cyberattack Hits English Hospitals, FedEx. Attackers demand bitcoin.
aaron7897 Discussion Massive ransomware attack hits 74 countries
rafaelloaa Discussion Malware, described in leaked NSA documents, cripples computers worldwide
callcybercop Discussion Ransomware infections reported worldwide
PHPiyan Discussion NHS cyber-attack: GPs and hospitals hit by ransomware - BBC News
nowhathappenedwas Discussion Apparent NSA tools behind massive hospital ransomware attacks around the world
I_have_no_mercy Discussion Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool
thatshirtman Discussion Ransomware infections reported worldwide
ancsunamun Discussion WannaCrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage
stupidstupidreddit Discussion English hospitals divert ambulances after 'ransomware' cyber attack
Bevmoon Discussion Hospitals across England hit by ransomware cyber attack, systems knocked offline
Imnaha2 Discussion WCry ransomware explodes in massive distribution wave
paradiselost79 Discussion NHS England hit by 'cyber attack'
sidcool1234 Discussion NHS hospitals hit by cyber attack 'creeping' across England
Henderino Discussion NHS England hit by 'cyber attack'
LUXURY_COMMUNISM_NOW Discussion NHS cyber attack: Large-scale hack forces hospitals across England to divert emergency patients
I_have_no_mercy Discussion Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool
Grepnork Discussion Hospitals across England hit by large-scale cyber-attack
TheoDW Discussion Spanish companies hit by ransomware cyber attack
submitted by abrownn to technology [link] [comments]

The chatlog from #lightning-network discussing recent Lightning DDOS/vulnerability

bitPico [5:49 PM] If any LN testers see their connection slots full it’s us. We will release the attack code when ready. The network needs better protection against DDoS’s. (edited)
Laolu Osuntokun [5:59 PM] ? or report to specific implementations @bitPico? like the early days of bitcoin, don't think many impls have even started to start to cover dos vectors busy working on safety in other aspects
bitPico [6:00 PM] As it stands no implementation can handle connection exhaustion attacks by overflowing the underlying TCP stack.
Laolu Osuntokun [6:00 PM] not sure if any limit inbound connections yet
bitPico [6:02 PM] Doesn’t matter; we use the TCP half-open attack. This occurs at the kernel.
Laolu Osuntokun [6:02 PM] sure you'd still run into fd limits so that's not really impl specific
bitPico [6:02 PM] Yes; we exhaust the FD’s. (edited)
Laolu Osuntokun [6:04 PM] you could do the same for any active bitcoin node today, nodes would need to set up network-level mitigations unless the impls were super low level enough to detect something like that so would really depend on their default kernel settings
Matt Drollette [6:10 PM] echo 1 > /proc/sys/net/ipv4/tcp_syncookies … ?
bitPico [6:14 PM] Our Bitcoin implementation performs round-robin disconnects to induce network churn. This is one of the best methods to prevent most TCP attacks. Churn is needed in decentralized systems. It keeps them robust. Longstanding TCP connections are bad. *ie we disconnect N nodes every T mins.
Laolu Osuntokun [6:18 PM] if it's half open, how are you detecting the TCP connections then @bitPico? well for LN the connections are typically long lived @mdrollette yeh, defenses are at the kernel lvl
bitPico [6:21 PM] Round-robin disconnects free the kernel FD’s. There is also App level half-connect Works like this Syn Ack But don’t sent the Ack The connection is then half-open TCP connect scans work like this. TCP half-open scans are harder to detect.
ɹɑd [6:33 PM] Is there a way to tell lnd to listen on ipv4 instead of ipv6? When I try lnd --listen=0.0.0.0:9735 ..., it is listening on IPv6 TCP *:9735 but I need it to listen on IPv4.
Matt Drollette [6:34 PM] I think if you give it a specific IP instead of 0.0.0.0 it will only bind to that specific interface
ɹɑd [6:34 PM] ok, trying that…
bitPico [6:36 PM] Dual-stack OS will still open IPv6 Windows and Linux are VERY different TCP stacks. The behaviour is different.
ɹɑd [6:38 PM] Nice, that worked. Thanks, @mdrollette
bitPico [7:13 PM] How does LN protect from “dead end packets”? ie* onion wrapped but final destination doesn’t exist. aka routing amplification attack
kekalot [7:14 PM] :trumpet::skull:
bitPico [7:16 PM] We will test it and perform a 100,000 route amplification. We are trying to make our test kit reusable as possible to work out the kinks. (edited)
kekalot [7:16 PM] :trumpet::skull:
bitPico [7:25 PM] Seeing bad OP-SEC on LN; don’t name your node as the type of hardware. Those raspberry pi’s will go down.
kekalot [7:25 PM] :trumpet: :skull:
camelCase [7:26 PM] :joy:
bitPico [7:26 PM] ie* eclair.raspberry.pi
Abhijeet singh [8:05 PM] joined #lightning-network.
bitPico [8:48 PM] https://gist.github.com/anonymous/46f6513625579c5a920fe04b32103a03 Already running some custom attack vectors on LN nodes to see how they standup.
Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to x.x.x.x:9735 for attack vector TCPHO. Sun Mar 18 23:49:08 [INFO] - open_tcp_transports: Preparing TCP connection to We expect to perfect this testsuite by the weekend with some very useable attack vectors Sun Mar 18 23:51:19 [INFO] - operator(): TCP connection to x.x.x.x:9735 success, sending attack payload. Sun Mar 18 23:51:19 [INFO] - operator(): TCP connection to x.x.x.x:9735 failed, message = Connection refused. Sun Mar 18 23:51:19 [INFO] - operator(): TCP connection to x.x.x.x:9735 success, sending attack payload. Sun Mar 18 23:51:19 [INFO] - operator(): TCP connection to x.x.x.x:9735 success, sending attack payload. Sun Mar 18 23:51:19 [INFO] - operator(): TCP connection to x.x.x.x:9735 success, sending attack payload. Sun Mar 18 23:51:19 [INFO] - operator(): TCP connection to x.x.x.x:9735 success, sending attack payload.
:+1: If you notice weird traffic it’s us.
bitPico [9:00 PM] We are most interested in our “route payload amplification” attack vector. This attack onion wraps payloads via hop by hop where the last hop is the first hop creating a self-denial of service where the LN nodes attack themselves after long route traversal. Exploiting the anonymous nature of onion routing allows no defense to the network. Anonymous routing in and of itself creates a situation where the network can get into an endless loop of self DDoS. Once we complete the entire message serialization routines and a deadline timer the TESTBED will run standalone continuously. Prob. only take another day to complete that. We are also making attack vectors as base classes so new ones can be easily created via overrides. *ie plugin-like attack vectors
Russell O'Connor [9:22 PM] https://lists.linuxfoundation.org/pipermail/lightning-dev/2015-August/000135.html
bitPico [9:26 PM] Yes; that idea and our attack vector(s) makes the entire network fall apart. We will prove this works. (edited) When nobody trusts nobody the network collapses. Low level attacks requiring no fees are easier however. (edited) There is nothing to prevent spoofing via replay of older packets. Because onion routing requires decryption (CPU Intensive) this can also be used to clog pathways with old payloads via CPU exhaustion. (edited) This is the real reason why ToR is so damn slow; it’s constantly attacked. It has nothing to do with end users actions.
Matt Drollette [9:34 PM] https://github.com/lightningnetwork/lnd/pull/761 GitHub Switch Persistence [ALL]: Forwarding Packages + Sphinx Replay Protection + Circuit Persistence by cfromknecht · Pull Request #761 · lightningnetwork/lnd This PR builds on #629, and integrates the changes with my more recent work on forwarding packages and batch-replay protection provided via pending changes to lightning-onion repo. Save one or two ...
bitPico [9:40 PM] (#)761 doesn’t impact our AV_03 It does however cause nodes to use more CPU and possibly go to disk per the notes. If LN nodes must go to disk this is bad. The slowest code pathways make the best AV’s.
bitPico [9:52 PM] CircuitKey’s are allocated “on the heap”. (edited) Underlying implementation would use malloc/realloc/free. Instead of RAII. This is asking for an overflow into unknown memory segments. We suggest stack only allocation. Memory on the stack is trivial to maintain; it has no holes; it can be mapped straight into the cache; it is attached on a per-thread basis. Memory in the heap is a heap of objects; it is more difficult to maintain; it can have holes.
Laolu Osuntokun [9:59 PM] @bitPico cpu usage is super minimal, this isn't tor so we're not relaying like gigabytes unknown memory segments? golang is a memory safe language stuff goes on the stack, then escape analysis is used to decide what should go on the heap
bitPico [10:00 PM] Heap allocation is more of a concern here. golang is not memory safe; it uses C underneath.
Laolu Osuntokun [10:01 PM] uhh
bitPico [10:01 PM] golang is not written in golang :slightly_smiling_face:
Laolu Osuntokun [10:01 PM] yes it is... https://github.com/golang/go/blob/mastesrc/runtime/map.go GitHub golang/go go - The Go programming language
bitPico [10:02 PM] That’s like saying the C runtime is C and not ASM. The C runtime is ASM.
Laolu Osuntokun [10:02 PM] go is written in go before go 1.4 (maybe 1.5) is was written in c but still, your "attack vector" isn't an implementation level issue, it's a network/kernel level DoS recycling, syn cookies, etc, would be needed not impl level defenses (edited)
bitPico [10:07 PM] We know the answer but what does golang compile to?
Laolu Osuntokun [10:07 PM] also replay htlc's will be rejected native?
bitPico [10:08 PM] ASM
Laolu Osuntokun [10:08 PM] yeh...
bitPico [10:08 PM] So what we said is exactly true.
Laolu Osuntokun [10:08 PM] no?
bitPico [10:08 PM] It’s as vulnerable as we stated.
Laolu Osuntokun [10:08 PM]
the heap is a heap of objects; it is more difficult to maintain; it can have holes
bitPico [10:09 PM] It still allocates through OS heap memory and not onto the stack in your case here. Which means it has holes.
Laolu Osuntokun [10:10 PM] aight, lemmie know when you exploit these issues in the golang runtime here's the code if you wanna study it: https://github.com/golang/go/ GitHub golang/go go - The Go programming language
bitPico [10:11 PM] ASM is ASM. Heap is heap. Heap is bad in this case. Stack is wise. Same applies to C or C++. Avoid the heap at all costs.
Laolu Osuntokun [10:12 PM] aye aye, capt
stark [10:12 PM] replied to a thread: Seeing bad OP-SEC on LN; don’t name your node as the type of hardware. Those raspberry pi’s will go down. don't name your node at all....
bitPico [10:12 PM] https://www.cs.ru.nl/E.Poll/hacking/slides/hic4.pdf
Laolu Osuntokun [10:13 PM] cool, i'll be waiting on those exploits in the go runtime, i'm sure many others will be excited as well
bitPico [10:14 PM] Has nothing to do with go. It uses malloc underneath. Heap always uses malloc; go, c or c++ or java or whatever.
Laolu Osuntokun [10:15 PM] sure, i think many of us know how memory management works
bitPico [10:15 PM] http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/17/10_lecture.pdf Security experts avoid heap allocation. This is common knowledge. Noticed somebody commented about performance of the PR. That is because of the use of heap allocation instead of stack.
Laolu Osuntokun [10:17 PM] no, it's because of the disk I/O
bitPico [10:18 PM] So LN nodes write data to disk in case of crash? As to not lose funds? That’s what the PR says. Anyway golang uses libc; it is not compiled into pure ASM. (edited) Nevertheless we are not focusing on golang; LN in general and TCP/IP stacks.
ɹɑd [10:22 PM] @bitPico write an exploit and get back with us. Until then it just sounds like concern trolling.
bitPico [10:24 PM] Funny, we are exhausting LN TCP/IP Stacks as we type this… It’s no good if we can overtake the TCP stack and run it out of FD’s. We have 100's of connections to LN nodes and it;s automated using our hand built attack toolkit. When we increase this to 1000's then what?
Matt Drollette [10:26 PM] Isn’t that true of any TCP service though? Or are you saying there is something Lightning or lnd specific about your method?
Laolu Osuntokun [10:26 PM] it's true of any TCP service the defenses are on the kernel level
bitPico [10:27 PM] You’d need to have LN code handle millions of connections to mitigate this. We know golang will crash if this happens. But so will C.
Matt Drollette [10:29 PM] I’m beginning to wonder if @bitPico is actually performing a meta-attack on Lightning. A denial-of-service at the developer level with all this subtle trolling
bitPico [10:29 PM] This first problem is LN keeps inbound connections alive. It does not handle and drop them like a webserver. This is the only reason webservers can scale. Apache uses a timeout of 3 seconds in most cases. Currently we are connected to 45 LN nodes with over 22K connections. One variable change on our end and the network will suffer. (edited)
Matt Drollette [10:31 PM] but is that variable on the heap?
bitPico [10:32 PM] On Linux consider forcing it to require 999999 FD’s. AND do not keep-alive connections. The variable is an enum (an integer). Attack aggressiveness
Matt Drollette [10:33 PM] I’m just joking with you :stuck_out_tongue: I look forward to the write-up on the attack
bitPico [10:33 PM] Otherwise our code will keep LN nodes hung in TIME_WAIT. Anyway we are not trolling; we are BTC whales and LN must not fail. Otherwise our investment suffers. The only motivation behind this testing… As it stands LN nodes need L7 LB. Code will run overnight; sleep before we continue. Good job though on LN so far.
bitPico [10:46 PM] uploaded and commented on this image: Screen Shot 2018-03-19 at 1.44.19 AM.png
Fun stats: We’ve sucked 3.3 GB’s of bandwidth per hour from LN nodes. This will continue while we sleep. Every 80 milliseconds there is 44 attacks being performed.
bitPico [10:48 PM] :sleeping:
kekalot [1:35 AM] Seems likely. They were also the one who claimed segwit 2x would continue after it was officially canceled. Matt Drollette I’m beginning to wonder if @bitPico is actually performing a meta-attack on Lightning. A denial-of-service at the developer level with all this subtle trolling Posted in #lightning-network Mar 18th
bitcoinhunter [3:07 AM] So you put down the network @bitPico or just DDosing dev`s time ?
kekalot [3:08 AM] technically youd need multiple people to be doing it to be considered DDoS this is just DoS
Mike Rizzo [7:57 AM] joined #lightning-network.
Alphonse Pace [8:31 AM] bitpico: are you bragging about attacking computer networks on here?
Bear Shark [9:54 AM] That was the funnest 5 minutes of my life. Watching a guy go from bragging about attempting a DoS to deleting the account.
aceat64 [9:56 AM] Reporting an attack vector is fine, releasing PoC code is fine, but actually DoSing a network is a crime, and to just go online and brag about it, wow The only way that could have been worse would be if they didn't use a pseudonym
Bear Shark [9:58 AM] It's fine. He was probably sitting behind 3 tor exits and 10 VPNs (edited)
chek2fire [10:09 AM] i see c-lightning is always at 80% cpu usage
Russell O'Connor [10:12 AM] Did bitPico delete their own account themselves?
kekalot [10:26 AM] @alp?
Alphonse Pace [10:27 AM] I banned. zero tolerance for illegal shit.
chek2fire [10:29 AM] and he says hitler is alive :stuck_out_tongue:
chek2fire [10:43 AM] i dont know why but the new version of lightning-c has a huge cpu usage (edited)
chek2fire [11:06 AM] is there possible not compatibility from lnd to c-lightning? i just connect bitrefil and they say that in their lnd node bitrefill payments works in my c-lightning is not working when i try to do a payment with their ln links i always get this "code" : 205, "message" : "Could not find a route", "data" : { "getroute_tries" : 2, "sendpay_tries" : 1 } }
hkjn [12:00 PM] was that just-banned bitpico the same one as this one? https://lists.linuxfoundation.org/pipermail/bitcoin-segwit2x/2017-Novembe000689.html
Russell O'Connor [12:02 PM] I believe they claimed to be. It's hard to know for sure I guess.
Matt Drollette [12:03 PM] Lest we forget.
ASM is ASM. Heap is heap. Heap is bad in this case. Stack is wise. Avoid the heap at all costs. - bitPico
Laolu Osuntokun [1:48 PM] lmao
Sent from my Space Ship
pebble [4:52 PM] joined #lightning-network.
camelCase [10:28 PM] could be possible to run two lnd nodes in sync between them? i mean wallet-wise (edited)
Justin Camarena [8:02 AM] Bitrefill getting DDos'd lol that bitpico tho
Brandy Lee Camacho [8:21 AM] joined #lightning-network.
chek2fire [8:53 AM] my c-lightning node has very high cpu usage is always at 80% in the same time bitcoin node is at 15-17%
Gregory Sanders [8:58 AM] @chek2fire could be the gossip silliness that's being worked on, or bitPico :stuck_out_tongue: probably gossip inefficiency
chek2fire [8:59 AM] maybe someone dos my node i dont know
Laolu Osuntokun [11:46 AM] time to learn how to use iptables folks
Sent from my Space Ship (edited)
camelCase [11:50 AM] anyone knows if what i asked above is possible? like running two or more nodes that replicate the wallet so you avoid having your channels offline
gonzobon [11:55 AM] https://twitter.com/alexbosworth/status/976158861722726405 Alex Bosworth ☇@alexbosworth Lightning nodes are getting DDOS'ed, rumor is that someone from the 2x effort known as "BitPico" has taken credit for this. The Lightning services I've deployed have been attacked from the start, with botnets, etc. Deploying in adversarial conditions, decentralization is hard.
Twitter Mar 20th
camelCase [11:56 AM] well... at least we know we wasn't trolling about that lol
v33r [11:58 AM] https://twitter.com/alexbosworth/status/976158861722726405
gonzobon [11:59 AM] beat you to it @v33r_ :stuck_out_tongue:
Tomislav Bradarić [12:23 PM] something something good for bitcoin but really, better to see how sturdy things are now than when lightning starts getting adopted more, like how the last rise in popularity was at the same time as blockchain spam
gonzobon [12:28 PM] andreas put it in context as a good testing opp.
Hiro Protagonist [1:04 PM] I so wanna get my old sysasmin-devops team together to start running lightning nodes under these conditions. Every website is attacked relentlessly by DoS, spoofing, etc. Defences exist but you need skills to figure out what to do.
submitted by bitsko to btc [link] [comments]

ColossusXT Q2 AMA Ends!

Thank you for being a part of the ColossusXT Reddit AMA! Below we will summarize the questions and answers. The team responded to 78 questions! If you question was not included, it may have been answered in a previous question. The ColossusXT team will do a Reddit AMA at the end of every quarter.
The winner of the Q2 AMA Contest is: Shenbatu
Q: Why does your blockchain exist and what makes it unique?
A: ColossusXT exists to provide an energy efficient method of supercomputing. ColossusXT is unique in many ways. Some coins have 1 layer of privacy. ColossusXT and the Colossus Grid will utilize 2 layers of privacy through Obfuscation Zerocoin Protocol, and I2P and these will protect users of the Colossus Grid as they utilize grid resources. There are also Masternodes and Proof of Stake which both can contribute to reducing 51% attacks, along with instant transactions and zero-fee transactions. This protection is paramount as ColossusXT evolves into the Colossus Grid. Grid Computing will have a pivotal role throughout the world, and what this means is that users will begin to experience the Internet as a seamless computational universe. Software applications, databases, sensors, video and audio streams-all will be reborn as services that live in cyberspace, assembling and reassembling themselves on the fly to meet the tasks at hand. Once plugged into the grid, a desktop machine will draw computational horsepower from all the other computers on the grid.
Q: What is the Colossus Grid?
A: ColossusXT is an anonymous blockchain through obfuscation, Zerocoin Protocol, along with utilization of I2P. These features will protect end user privacy as ColossusXT evolves into the Colossus Grid. The Colossus Grid will connect devices in a peer-to-peer network enabling users and applications to rent the cycles and storage of other users’ machines. This marketplace of computing power and storage will exclusively run on COLX currency. These resources will be used to complete tasks requiring any amount of computation time and capacity, or allow end users to store data anonymously across the COLX decentralized network. Today, such resources are supplied by entities such as centralized cloud providers which are constrained by closed networks, proprietary payment systems, and hard-coded provisioning operations. Any user ranging from a single PC owner to a large data center can share resources through Colossus Grid and get paid in COLX for their contributions. Renters of computing power or storage space, on the other hand, may do so at low prices compared to the usual market prices because they are only using resources that already exist.
Q: When will zerocoin be fully integrated?
A: Beta has been released for community testing on Test-Net. As soon as all the developers consider the code ready for Main-Net, it will be released. Testing of the code on a larger test network network will ensure a smooth transition.
Q: Is the end goal for the Colossus Grid to act as a decentralized cloud service, a resource pool for COLX users, or something else?
A: Colossus Grid will act as a grid computing resource pool for any user running a COLX node. How and why we apply the grid to solve world problems will be an ever evolving story.
Q: What do you think the marketing role in colx.? When ll be the inwallet shared nodes available...i know its been stated in roadmap but as u dont follow roadmap and offer everything in advance...i hope shared MN's to be avilable soon.
A: The ColossusXT (COLX) roadmap is a fluid design philosophy. As the project evolves, and our community grows. Our goal is to deliver a working product to the market while at the same time adding useful features for the community to thrive on, perhaps the Colossus Grid and Shared Masternodes will be available both by the end of Q4 2018.
Q: When will your github be open to the public?
A: The GitHub has been open to the public for a few months now.
You can view the GitHub here: https://github.com/ColossusCoinXT
The latest commits here: https://github.com/ColossusCoinXT/ColossusCoinXT/commits/master
Q: Why should I use COLX instead of Monero?
A: ColossusXT offers Proof of Stake and Masternodes both which contribute layers in protection from 51% attacks often attributed with Proof of Work consensus, and in being Proof of Work(Monero) ColossusXT is environmentally friendly compared to Proof of Work (Monero). You can generate passive income from Proof of Stake, and Masternodes. Along with helping secure the network.What really sets ColossusXT apart from Monero, and many other privacy projects being worked on right now, is the Colossus Grid. Once plugged into the Colossus Grid, a desktop machine will draw computational horsepower from all the other computers on the grid. Blockchain, was built on the core value of decentralization and ColossusXT adhere to these standards with end-user privacy in mind in the technology sector.
Q: With so many coins out with little to no purpose let alone a definitive use case, how will COLX distinguish itself from the crowd?
A: You are right, there are thousands of other coins. Many have no purpose, and we will see others “pumping” from day to day. It is the nature of markets, and crypto as groups move from coin to coin to make a quick profit. As blockchain regulations and information is made more easily digestible projects like ColossusXT will rise. Our goal is to produce a quality product that will be used globally to solve technical problems, in doing so grid computing on the ColossusXT network could create markets of its own within utilizing Super-computing resources. ColossusXT is more than just a currency, and our steadfast approach to producing technical accomplishments will not go unnoticed.
Q: Tell the crowd something about the I2P integration plan in the roadmap? 🙂
A: ColossusXT will be moving up the I2P network layer in the roadmap to meet a quicker development pace of the Colossus Grid. The I2P layer will serve as an abstraction layer further obfuscating the users of ColossusXT (COLX) nodes. Abstraction layer allows two parties to communicate in an anonymous manner. This network is optimised for anonymous file-sharing.
Q: What kind of protocols, if any, are being considered to prevent or punish misuse of Colossus Grid resources by bad actors, such as participation in a botnet/denial of service attack or the storage of stolen information across the Grid?
A: What defines bad actors? ColossusXT plans on marketing to governments and cyber security companies globally. Entities and individuals who will certainly want their privacy protected. There is a grey area between good and bad, and that is something we can certainly explore as a community. Did you have any ideas to contribute to this evolving variable?What we mean when we say marketing towards security companies and governments is being utilized for some of the projects and innovating new ways of grid computing.
Security: https://wiki.ncsa.illinois.edu/display/cybersec/Projects+and+Software
Governments: https://www.techwalla.com/articles/what-are-the-uses-of-a-supercomputer
Q: The Colossus Grid is well defined but I don't feel easily digestible. Has their been any talk of developing an easier to understand marketing plan to help broaden the investoadoptor base?
A: As we get closer to the release of the Colossus Grid marketing increase for the Colossus Grid. It will have a user friendly UI, and we will provide Guides and FAQ’s with the release that any user intending to share computing power will be able to comprehend.
Q: Can you compare CollossusXT and Golem?
A: Yes. The Colosssus Grid is similar to other grid computing projects. The difference is that ColossusXT is on it’s own blockchain, and does not rely on the speed or congestion of a 3rd party blockchain. The Colossus Grid has a privacy focus and will market to companies, and individuals who would like to be more discreet when buying or selling resources by offering multiple levels of privacy protections.
Q: How do you guys want to achieve to be one of the leaders as a privacy coin?
A: Being a privacy coin leader is not our end game. Privacy features are just a small portion of our framework. The Colossus Grid will include privacy features, but a decentralized Supercomputer is what will set us apart and we intend to be leading this industry in the coming years as our vision, and development continue to grow and scale with technology.
Q: With multiple coins within this space, data storage and privacy, how do you plan to differentiate COLX from the rest? Any further partnerships planned?
A: The Colossus Grid will differentiate ColossusXT from coins within the privacy space. The ColossusXT blockchain will differentiate us from the DATA storage space. Combining these two features with the ability to buy and sell computing power to complete different computational tasks through a decentralized marketplace. We intend to involve more businesses and individuals within the community and will invite many companies to join in connecting the grid to utilize shared resources and reduce energy waste globally when the BETA is available.
Q: Has colossus grid had the best come up out of all crypto coins?
A: Possibly. ColossusXT will continue to “come up” as we approach the launch of the Colossus Grid network.
Q: How far have Colossus gone in the ATM integration
A: ColossusXT intends to and will play an important role in the mass adoption of cryptocurrencies. We already have an ongoing partnership with PolisPay which will enable use of COLX via master debit cards. Along with this established relationship, ColossusXT team is in touch with possible companies to use colx widely where these can only be disclosed upon mutual agreement.
Q: How does COLX intend to disrupt the computing industry through Grid Computing?
A: Using the Colossus Grid on the ColossusXT blockchain, strengthens the network. Computers sit idly by for huge portions of the day. Connecting to the Colossus Grid and contributing those idle resources can make use of all the computing power going to waste, and assist in advancing multiple technology sectors and solving issues. Reducing costs, waste, and increased speed in technology sectors such as scientific research, machine learning, cyber security, and making it possible for anyone with a desktop PC to contribute resources to the Colossus Grid and earn passive income.
Q: What kind of partnerships do you have planned and can you share any of them? :)
A: The ColossusXT team will announce partnerships when they are available. It’s important to finalize all information and create strong avenues of communication between partners ColossusXT works with in the future. We are currently speaking with many different exchanges, merchants, and discussing options within our technology sector for utilizing the Colossus Grid.
Q: Will shared Masternodes be offered by the COLX team? Or will there be any partnerships with something like StakingLab, StakeUnited, or SimplePosPool? StakingLab allows investors of any size to join their shared Masternodes, so any investor of any size can join. Is this a possibility in the future?
A: ColossusXT has already partnered with StakingLab. We also plan to implement shared Masternodes in the desktop wallet.
Q: How innovative is the Colossus Grid in the privacy coin space?
A: Most privacy coins are focused on being just a currency / form of payment. No other project is attempting to do what we are doing with a focus on user privacy.
Q: Hey guys do you think to integrated with some other plataforms like Bancor? I would like it!
A: ColossusXT is in touch with many exchange platforms, however, due to non disclosure agreements details cannot be shared until it is mutually decided with the partners. We will always be looking for new platforms to spread the use of colx in different parts of the world and crypto space.
Q: What is the reward system for the master node owners?
A: From block 388.800 onwards, block reward is 1200 colx and this is split based on masternode ownestaker ratio. This split is based on see-saw algorithm. With an increasing number of masternodes the see-saw algorithm disincentivizes the establishment of even more masternodes because it lowers their profitability. To be precise, as soon as more than 41.5% of the total COLX coin supply is locked in masternodes, more than 50% of the block reward will be distributed to regular staking nodes. As long as the amount of locked collateral funds is below the threshold of 41.5%, the see-saw algorithm ensure that running a masternode is financially more attractive than running a simple staking node, to compensate for the additional effort that a masternode requires in comparison to a simple staking node.Please refer to our whitepaper for more information.
Q: What other marketplaces has the COLX team been in contact with?
Thanks guys! Love the coin and staff
A: ColossusXT gets in touch for different platforms based on community request and also based on partnership requests received upon ColossusXT business team’s mutual agreement. Unfortunately, these possibilities cannot be shared until they are mutually agreed between the partners and ColossusXT team due to non disclosure agreements.
Q: What do you think about the new rules that will soon govern crypto interactions in the EU? they are against anonymous payments
A: Blockchain technology is just now starting to become clear to different governments.
ColossusXT's privacy features protect the end-user from oversharing personal information. As you are probably aware from the multiple emails you've received recently from many websites.
Privacy policies are always being updated and expanded upon. The use of privacy features with utility coins like ColossusXT should be a regular norm throughout blockchain. This movement is part is about decentralization as much as it is about improving technology.
While this news may have a role to play. I don't think it is THE role that will continuously be played as blockchain technology is implemented throughout the world.
Q: Any hints on the next big feature implementation you guys are working on? According to road map - really excited to hear more about the Shared MN and the scale of the marketplace!
A: Current work is focused on the privacy layer of Colossus Grid and completing the updated wallet interface.
Q: Why choose COLX, or should I say why should we believe in COLX becoming what you promise in the roadmap. What are you different from all the other privacy coins with block chain establishment already in effect?
A: ColossusXT is an environmentally friendly Proof of Stake, with Masternode technology that provide dual layers of protection from 51% attacks. It includes privacy features that protect the user while the utilize resources from the Colossus Grid. Some of the previous questions within this AMA may also answer this question.
Q: What tradeoffs do you have using the Colossus Grid versus the more typical distribution?
A: The advantage of supercomputers is that since data can move between processors rapidly, all of the processors can work together on the same tasks. Supercomputers are suited for highly-complex, real-time applications and simulations. However, supercomputers are very expensive to build and maintain, as they consist of a large array of top-of-the-line processors, fast memory, custom hardware, and expensive cooling systems. They also do not scale well, since their complexity makes it difficult to easily add more processors to such a precisely designed and finely tuned system.By contrast, the advantage of distributed systems (Like Colossus Grid) is that relative to supercomputers they are much less expensive. Many distributed systems make use of cheap, off-the-shelf computers for processors and memory, which only require minimal cooling costs. In addition, they are simpler to scale, as adding an additional processor to the system often consists of little more than connecting it to the network. However, unlike supercomputers, which send data short distances via sophisticated and highly optimized connections, distributed systems must move data from processor to processor over slower networks making them unsuitable for many real-time applications.
Q: Why should I choose Colossus instead of another 100,000 altcoins?
A: Many of these alt-coins are all very different projects. ColossusXT is the only Grid computing project with a focus on user privacy. We have instant transactions, and zero-fee transactions and ColossusXT is one of the very few coins to offer live support. Check out our Whitepaper!
Q: Will there be an option (in the future) to choose between an anonymous or public transaction?
A: Zerocoin is an evolution of the current coin mixing feature. Both allow an individual to decide how they would like to send their transactions.
Q: What exchange has highest volume for ColossusXT, and are there any plans for top exchanges soon ?
A: Currently Cryptopia carries the majority of ColossusXT volume. We are speaking with many different exchanges, and preparing requested documentation for different exchanges. ColossusXT intends to be traded on every major exchange globally.
Q: What is the TPS speed that colx blockchain achieves?
A: ColossusXT achieves between 65-67 TPS depending on network conditions currently.
Q: Plans on expanding the dev team?
A: As development funds allow it, the team will be expanded. Development costs are high for a unique product like ColossusXT, and a good majority of our budget is allocated to it.
Q: Can you explain what is and what are the full porpose of the COLOSSUSXT GRID PROJECT ?
A: Colossus Grid is explained in the whitepaper. The uses for grid computing and storage are vast, and we are only starting to scratch the surface on what this type of computing power can do. There is also a description within the formatting context within the AMA of the Colossus Grid.
Q: Is there mobile wallet for Android and iOS? If not, is there a roadmap?
A: There Android wallet is out of beta and on the Google PlayStore: iOS wallet is planned for development.
The roadmap can be found here: https://colossusxt.io/roadmap/
Q: Is ColossusXT planning on partnering up with other cryptocurrency projects? Such as: Bread and EQUAL.
A: ColossusXT plans on partnering with other crypto projects that make sense. We look for projects that can help alleviate some of our development work / provide quality of life upgrades to our investors so that we can focus on Colossus Grid development. When absolutely love it when the community comes to us with great projects to explore.
Q: Did you ever considered a coinburn? Don't you think a coin burn will increase COLX price and sustain mass adoption? Do you plan on keeping the price of COLX in a range so the potential big investors can invest in a not so much volatile project?
A**:** There are no plans to do a coinburn at this time. Please check out our section in the whitepaper about the supply.
Q: what is the next big exchange for colx to be listed ?
A: There are several exchanges that will be listing ColossusXT soon. Stay tuned for updates within the community as some have already been announced and future announcements.
  1. CryptalDash
  2. NextExchange
  3. CoinPulse
  4. CoinSwitch (Crowdfunding)
  5. Plaak (Crowdfunding)
Q: How will Colx compete with other privacy coins which claim to be better like Privacy?
A: ColossusXT is not competing with other privacy coins. ColossusXT will evolve into the Colossus Grid, which is built on the backbone of a privacy blockchain. In our vision, all these other privacy coins are competing for relevancy with ColossusXT. There are also similar responses to question that may hit on specifics.
Q: Does COLX have a finite number of coins like bitcoin?
A: No, ColossusXT is Proof of Stake. https://en.wikipedia.org/wiki/Proof-of-stake
Q: What are the advantages of COLX over other competitor coins (eg. ECA)?
A: The only similarities between ColossusXT and Electra is that we are both privacy blockchains. ColossusXT is very much an entirely different project that any other privacy coin in the blockchain world today. The Colossus Grid will be a huge advantage over any other privacy coin. Offering the ability for a desktop machine to rent power from others contributing to the Colossus Grid and perform and compute high level tasks.
Q: How do you feel about some countries frowning upon privacy coins and how do you plan to change their minds (and what do you plan to do about it?)
A: The ColossusXT team tries to view opinions from multiple perspectives so that we can understand each line of thinking. As blockchain technology becomes more widely adopted, so will the understanding of the importance of the privacy features within ColossusXT. Privacy is freedom.
Q: How do you see COLX in disrupting cloud gaming services such as PlayStation Now?
A: Cloud gaming services have not been discussed. Initial marketing of our private grid computing framework will be targeted at homes users, governments, and cyber security firms who may require more discretion / anonymity in their work.
Q: Since colx is a privacy coin and is known for its privacy in the transactions due to which lot of money laundering and scams could take place, would colx and its community be affected due to it? And if does then how could we try to prevent it?
A: ColossusXT intends to be known for the Colossus Grid. The Colossus Grid development will be moved up from Q1 2019 to Q3 2018 to reflect this message and prevent further miscommunication about what privacy means for the future of ColossusXT. Previous answers within this AMA may further elaborate on this question.
Q: When do you plan to list your coin on other "bigger" exchanges?
A: ColossusXT is speaking with many different exchanges. These things have many different factors. Exchanges decide on listing dates and we expect to see ColossusXT listed on larger exchanges as we approach the Colossus Grid Beta. The governance system can further assist in funding.
Q: What was the rationale behind naming your coin ColossusXT?
A: Colossus was a set of computers developed by British codebreakers in the years 1943–1945. XT symbolises ‘extended’ as the coin was forked from the original Cv2 coin.
Q: Can you give any details about the E Commerce Marketplace, and its progress?
A: The Ecommerce Marketplace is a project that will receive attention after our development pass on important privacy features for the grid. In general, our roadmap will be changing to put an emphasis on grid development.
Q: How will someone access the grid, and how will you monetize using the grid? Will there be an interface that charges COLX for time on the grid or data usage?
A: The Colossus Grid will be integrated within the ColossusXT wallet. Buying & Selling resources will happen within the wallet interface. You won't be able to charge for "time" on the grid, and have access to unlimited resources. The goal is to have users input what resources they need, and the price they are willing to pay. The Colossus Grid will then look for people selling resources at a value the buyer is willing to pay. Time may come into play based on which resources you are specifically asking for.
Q: Are there any plans to launch an official YouTube channel with instructional videos about basic use of the wallets and features of COLX? Most people are visually set and learn much faster about wallets when actually seeing it happen before they try themselves. This might attract people to ColossusXT and also teach people about basic use of blockchain and cryptocurrency wallets. I ask this because I see a lot of users on Discord and Telegram that are still learning and are asking a lot of real basic questions.
A: ColossusXT has an official YT account with instructional videos: https://www.youtube.com/channel/UCCmMLUSK4YoxKvrLoKJnzng
Q: What are the usp's of colx in comparing to other privacy coins?
A: Privacy coins are a dime a dozen. ColossusXT has different end goals than most privacy coins, and this cannot be stated enough. Our goal is not just to be another currency, but to build a sophisticated computing resource sharing architecture on top of the privacy blockchain.
Q: A new exchange will probably gain more liquidity for our coin. If you might choose 3 exchanges to get COLX listed, what would be your top 3?
A: ColossusXT intends to be listed on all major exchanges globally. :)
Q: What is the future of privacy coins? What will be the future colx userbase (beyond the first adopters and enthusiasts)?
A: The future of privacy is the same it has always been. Privacy is something each and everyone person owns, until they give it away to someone else. Who is in control of your privacy? You or another person or entity?The future of the ColossusXT user base will comprise of early adopters, enthusiast, computer science professionals, artificial intelligence, and computational linguistics professionals for which these users can utilize the Colossus Grid a wide range of needs.
Q: Will ColossusXT join more exchanges soon??
A: Yes. :)
Q: So when will Colossus put out lots of advertisement to the various social media sites to get better known? Like Youtube videos etc.
A: As we get closer to a product launch of the Colossus Grid, you’ll begin to see more advertisements, YouTubers, and interviews. We’re looking to also provide some presentations at blockchain conferences in 2018, and 2019.
Q: In your opinion, what are some of the issues holding COLX back from wider adoption? In that vein, what are some of the steps the team is considering to help address those issues?
A: One of the main issues that is holding ColossusXT back from a wider adoption is our endgame is very different from other privacy coins. The Colossus Grid. In order to address this issue, the ColossusXT team intends to have a Colossus Grid Beta out by the end of Q4 and we will move development of the Colossus Grid from Q1 2019 to Q3 2018.
Q: Or to see it from another perspective - what are some of the biggest issues with crypto-currency and how does COLX address those issues?
A: Biggest issue is that cryptocurrency is seen as a means to make quick money, what project is going to get the biggest “pump” of the week, and there is not enough focus on building blockchain technologies that solve problems or creating legitimate business use cases.
For the most part we believe the base of ColossusXT supporters see our end-game, and are willing to provide us with the time and support to complete our vision. The ColossusXT team keeps its head down and keeps pushing forward.
Q: I know it's still early in the development phase but can you give a little insight into what to look forward to regarding In-wallet voting and proposals system for the community? How much power will the community have regarding the direction COLX development takes in the future?
A: The budget and proposal system is detailed in the whitepaper. Masternode owners vote on and guide the development of ColossusXT by voting on proposals put forth by the community and business partners.
Our goal is to make this process as easy and accessible as possible to our community.
Q: Will there be an article explaining the significance of each partnership formed thus far?
A: Yes, the ColossusXT team will announce partners on social media, and community outlets. A detailed article of what partnerships mean will be available on our Medium page: https://medium.com/@colossusxt
Q: What potential output from the Grid is expected and what would it's use be?
For example, x teraflops which could process y solutions to protein folding in z time.
A: There are many uses for grid computing. A crypto enthusiast mining crypto, a cyber security professional cracking a password using brute force, or a scientist producing climate prediction models.
The resources available to put towards grid projects will be determined by the number of nodes sharing resources, and the amount of resources an individual is willing to purchase with COLX.
All individuals will not have access to infinite grid resources.
Q: Is there a paper wallet available?
A: Yes, see https://mycolxwallet.org
Q: Is there a possibility of implementing quantum computer measures in the future?
A: This is a great idea for potentially another project in the future. Currently this is not possible with the Colossus Grid. Instead of bits, which conventional computers use, a quantum computer uses quantum bits—known as qubits. In classical computing, a bit is a single piece of information that can exist in two states – 1 or 0. Quantum computing uses quantum bits, or 'qubits' instead. These are quantum systems with two states. However, unlike a usual bit, they can store much more information than just 1 or 0, because they can exist in any superposition of these values.
Q: Do you plan to do a coin burn?
A: No future coin burns are planned. Anything like this would go through a governance proposal and Masternode owners would vote on this. This is not anything we’ve seen within the community being discussed.
Q: Can I check the exact number of current COLX master node and COLX staking node?
A: Yes. You can view the Masternodes and the amount of ColossusXT (COLX) being staked by viewing the block explorer.
Block explorer: https://chainz.cryptoid.info/colx/#!extraction
Q: What incentive could we give a youtuber to do the BEST video of ColossusXT (COLX)?
A: We've been approached by several YouTubers. The best thing a YouTuber can do is understand what ColossusXT is, join the community, ask questions if there is something they don't understand.
The problem with many YouTubers is that some of them are just trying to get paid, they don't really care to provide context or research a project.
Disclaimer: This is not all YouTubers, but many.
Q: In which ways is the ColossusGrid different from other supercomputer / distributed computing projects out there. Golem comes to mind. Thanks!
A: The main difference is that we are focused on the end users privacy, and the types of users that we will be targeting will be those that need more discretion / anonymity in their work. We are building framework that will continue to push the boundaries of user privacy as it relates to grid computing.
Q: Can we please complete our roadmap ahead of schedule? I find most other coins that do this actually excell in terms of price and community members. Keep on top of the game :)
A: The Colossus XT roadmap is a very fluid document, and it is always evolving. Some items are moved up in priority, and others are moved back. The roadmap should not be thought of something that is set in stone.
Q: Does COLX have master nodes?
A: Yes. ColossusXT has masternodes.
Q: Have thought about providing a method to insert a form of payment in colx in any page that wants to use cryptocurrencies in a fast and simple way in order to masive adoption????
A: There is already this option.https://mycryptocheckout.com/coins/
Q: What do you think your community progress till now?
A: The community has grown greatly in the last 3 months. We’re very excited to go from 13 to 100 questions in our quarterly AMA. Discord, Telegram, and Twitter are growing everyday.
Q: I noticed on Roadmap: Coinomi and ahapeshift wallet integration. Can you tell me more about this? I am new in crypto and new ColX investor so I don't know much about this. Thanks and keep a good work.
A: Coinomi is a universal wallet. ColossusXT will have multiple wallet platforms available to it. Shapeshift allows you to switch one crypto directly for another without the use of a coupler (BTC).
Q: Is "A general-purpose decentralized marketplace" written in the whitepaper the same as "E-COMMERCE MARKETPLACE" written on the roadmap?
Please tell me about "A general-purpose decentralized marketplace" or "E-COMMERCE MARKETPLACE" in detail.
A: Details will be posted as we get closer to the marketplace. It will be similar to other marketplaces within blockchain. Stay tuned for more information by following us on Twitter.
Q: History has shown that feature-based technologies always get replaced by technologies with platforms that incorporate those features; what is colossius big picture?
A: The Colossus Grid. Which has been explained within this AMA in a few different ways.
Q: What are the main objectives for COLX team this year? Provide me 5 reason why COLX will survive in a long term perspective? Do you consider masternodes working in a private easy to setup wallet on a DEX network? Already big fan, have a nice day!
A: Getting into Q3 our main object is to get a working product of the Colossus Grid by the end of Q4.
  1. Community - Our community is growing everyday as knowledge about what we’re building grows. When the Colossus Grid is online we expect expansion to grow at a rapid pace as users connect to share resources.
  2. Team - The ColossusXT team will continue to grow. We are stewards of a great community and an amazing project. Providing a level of support currently unseen in many other projects through Discord. The team cohesion and activity within the community is a standard we intend to set within the blockchain communities.
  3. Features - ColossusXT and The Colossus Grid will have user friendly AI. We understand the difficulties when users first enter blockchain products. The confusion between keys, sending/receiving addresses, and understanding available features within. Guides will always be published for Windows/Mac/Linux with updates so that these features can be easily understood.
  4. Colossus Grid - The Colossus Grid answers real world problems, and provides multiple solutions while also reducing energy consumption.
  5. Use Case - Many of the 1000+ other coins on the market don’t have the current use-case that ColossusXT has, let alone the expansion of utility use-cases in multiple sectors.
Q: Will the whitepaper be available in Portuguese?
A: Yes. We will be adding some language bounties to the website in the future. Stay tuned.
Q: Notice in your white paper there are future plans for decentralised governance and masternode voting. While all that is great, how do you plan on mitigating malicious proposals from getting through by gaming the system (i.e. bot votes, multiple accounts, spam,etc)?
A: You cannot game the system. Masternode owners get 1 vote.
Q: Been a massive fan of this project since Dec last year, anyways what was the reason you guys thought of putting XT at the end of Colossus. :)
A: XT symbolizes ‘extended’ as the coin was forked from the original Cv2 coin.
Q: Do you plan a partnership within the banking industry to capitalize on such large amounts of money being moved continuously?
A: The focus will be on the Colossus Grid and Grid computing, with the option to participate in the financial sector of Blockchain through Polis Pay, and other partnerships that can be announced in the future.
Q: When will be COLX supported By The Ledger Wallet?
A: Integration with cold storage wallet is planned. I myself (PioyPioyPioy) have a Nano Ledger S and I love it!
Q: Where do you see yourself in five years?
A: The goal 5 years from now would be to be a leading competitor in cloud computing and storage. Providing government, private cybersecurity, and individuals with efficient solutions to Super-computing, cloud storage through Blockchain infrastructure. I would like to see hardware options of connecting to the grid to utilize resources after the Colossus Grid is online, and I think this can contribute to many use-case scenarios.
Q: How can I suggest business partnerships and strategic ideas etc to the ColossusXT team?
A: Join us in Discord. Members of the team here are active daily, you can also contact us at: [[email protected]](mailto:[email protected])
Q: A great project requires good funding. How do you plan to incorporate fund sourcing and management into the long-term planning of this project
A: Check out our governance section within the whitepaper. :)
Website: https://colossusxt.io
Whitepaper: https://colossuscoinxt.org/whitepape
Roadmap: https://colossuscoinxt.org/roadmap/
Follow ColossusXT on:
Twitter: https://twitter.com/colossuscoinxt
Facebook Page: https://www.facebook.com/ColossusCoin/
Telegram: https://web.telegram.org/#/im?p=s1245563208_12241980906364004453
Discord: https://discord.gg/WrnAPcx
Apply to join the team: https://docs.google.com/forms/d/1YcOoY6nyCZ6aggJNyMU-Y5me8_gLTHkuDY4SrQPRe-4/viewform?edit_requested=true
Contribute an idea: https://colossusxt.fider.io/
Q2 AMA Questions: https://www.reddit.com/ColossuscoinX/comments/8ppkxf/official_colossusxt_ama_q2/
Previous AMA: https://www.reddit.com/ColossuscoinX/comments/8bia7o/official_colossusxt_ama/
submitted by PioyPioyPioy to ColossuscoinX [link] [comments]

Further evidence that, despite what's detractors desperately want you to believe, fair value is accurately tracking the wealth in the market in real time! Monero's fair value decreases by 40% as miners leave network!

EDIT As strong evidence that I am correct this thread was shadow deleted from Monero as you can see here. What's more, I was also not only banned from dashpay for calling Flenst a liar, but the moderators of cryptotechnology also shadow deleted the thread and banned me for two weeks for posting it!! You can see that thread with the great discussion here
Popular thread, roughly 40% upvoted which is suprising considering the audience, and around 40 comments! Censorship and suppression of information are usually the first signs of fire!! bitcoin was taken over by censorship and deletion of posts and they just deleted this information exposing the current damaging situation!
EDIT 2 As further evidence that I'm correct. I posted this thread in the following subreddits and along with this one they are ALL being vote brigaded down! Most of them had 5-7 upvotes before and now they're all at 0! Where there's smoke there's fire! If they're suppressing it then it must be true!
btc thread
zec thread
pivx thread
cryptocurrency247 thread
ethtrader thread
In this thread we can see that the Monero network is currently undergoing some issues with their hashrate. It has spiked recently, nearly doubling since the beginning of the year, even though the number of miners has been steadily declining since the same period. This likely means that Monero is experiencing another round of ASIC mining, which means that bitmain or whoever got around their anti-ASIC algorithms switches somehow.
But that's not the important point. What's important is to notice that Monero's fair value has also been declining since that same period of time. From a high of 21.22 on Jan 5 2019 to a low of 15.85 yesterday for a decline of 25.3% in value in a month! That means 2 things:
  1. Yes, fair value is very real and most likely very accurate.
  2. Yes, Monero's fair value can be accurately calculated despite not having 2 of the four fair values (because the other two are also fair values so lacking those final two only increases the error of the calculation, it doesn't obviate it)
Why is that important though? And how is that proof? Understand what this means, right now there are fewer entities mining more blocks on the monero chain using ASICs. In other words, they're bankrupting the botnet miners and the little guys who can't find blocks fast enough to get paid and pay their operating costs.
Which means they have to shut their equipment and their nodes off. Which means economic activity on the network has also been declining as a result (from miners not being able to get paid, monero's only current functional use case). In other words, fair value has been telling us accurately as it's been happening, that people are leaving the monero network and its value is declining! All of this while Monero's exchange price hasn't budged besides the rest of the market movements! Which proves to us that FAIR VALUE is accurate and price is NOT/highly manipulated!
submitted by thethrowaccount21 to dashpay [link] [comments]

Yay we are making money! What's next?

The past couple of months, especially the last week, has been pretty euphoric for the price of our green coin. In this post I want to attempt to explain how we got here, where we are now and what's next. Tell me if I missed something, or if my interpretation of what happened (or what is to come) is not how you see things. Obviously this is all my personal opinion, I hope it will start a healthy discussion about the future of the coin and it's community!
How we got here
To explain the recent bull run we have to look back a couple of months. Vertcoin implemented segwit and was one of the first coins to complete an atomic swap. Personally this was the first time I heard of the coin, after reading around for a bit I didn't think too much of it; “oh an other Bitcoin clone with some extra gimmicks, cool.” Obviously there would be a spike in price because of the attention, but I didn't yet realize what potential the coin had or what made it unique. Judging by the price action I wasn't the only one. The community seemed nice and ASIC resistance seemed like a smart hedge against the bigger PoW coins, but a small coin is still a small coin. Who knows what happens next right? Well some of you did...
Skip forward a few months and the whole Segwit2x debate starts to get more and more serious and uncertainty about the future market starts to grow. I don't want to get into a debate about this one. Simply because there doesn't seem to be any genuine debate about it at all. It feels like the whole debacle devolved in both parties regurgitating their talking points and pointing out how the opposing side is lying/power hungry/satan himself. What did bother me quite a bit (bit! Get it?) was the fact that market forces was pretty much left out of this discussion. Which is a bad sign to me. Ideology and principle is fine and all, but we have to go with what works, not with what is forced the hardest. We are talking about creating an alternative currency to fiat based on neutrality principle, how is market mechanism not the main tool?! Well that's where the ASIC centralization rears it's head. This whole debacle wouldn't have gone this far if mining power was spread evenly, if both parties can't agree they can split up and start their own project. Now we have 2 parties that are straight up hostile towards each other and the normal user can either join one party or watch from the sideline. This is where I started to look for alternatives for Bitcoin because I was done with the whole centralization problem. At first I moved in to Litecoin, but this coin is actually as centralized, or even more, as Bitcoin is. All though I love that community and the hard work the developers put in, hell vertcoin wouldn't be here without them, I couldn't get over the idea that Litecoin now might be a good alternative for what I want in a coin, but it isn't this way because the users demanded it, it's this way because the miners allow it to be. This is (obviously) the point I bought Vertcoin, the whole ASIC resistance thing started to make a whole lot of sense all of a sudden.
Where we are now
I'm guessing the most recent bull run didn't start because of these events, the Ledger adaptation seemed to be the main initial driver. People were reminded that Vertcoin existed and most probably realized that Ledger exposure means more price action. This exposure did create awareness about the ASIC resistance part. The timing is almost perfect though, the whole segwit FUD starts to reach new highs, alt market goes down and the people who lost confidence in the Bitcoin project start to look for alternatives, and Vertcoin says hello.
This massive bull run might not be close to done yet, considering the general uncertainty in the rest of the cryptomarket. Vertcoin, at the moment, is a good hedge against ASIC coins while other alts are sinking. The momentum now reminds me of the insane run ANS/NEO had a while back. At a certain point more and more people notice this coin that just keeps making massive gains, has a solid foundation, a low price and a relative small market cap. It's not unthinkable this run will keep going during this FUD month, I would absolutely not be surprised if Vertcoin hits top 20 within a month because of this, but there will be a correction. Especially if this run keeps going, it will mean more people buy Vertcoin to profit short term instead of buying it for it's long term potential.
So... What's next?
I think this is the beauty of Vertcoin. Since we are ASIC resistant it means everyone can profit from mining, which mean EVERYONE should mine. I'd like to compare Vertcoin's method to an other ASIC resistant coin, Monero. Monero shares this part of the philosophy, the coin should be by the people, for the people. BUT, the Monero mining isn't the easiest to get into. It's mostly a tech savvy and highly ideological motivated crowd. This group isn't that adverse to put in the effort to mine. However, this is not the target group Vertcoin aims for, Vertcoin seems to go for more general adaptation. This is where Vertcoin shines, the one click miner makes it easy for the beginner to mine for themselves. It's still in beta, it's not as easy as it could be and AMD videocards aren't optimized yet, but this will all happen. Most people reading this, especially through this wall of text, will have little qualm with starting to mine Vertcoin at it's current state. Soon it will be easy enough to let mom and pop do it too! I highly encourage people to spread the word on this and start mining, because we simply need it. Last time I checked were are on 2 Thash/s, which compared to other cryptos isn't that much. Think of it like the old days of P2P downloading (member Napster and KaZaa? I member). Those networks don't work if no one seeds, our network isn't secure if people don't mine. The plus is, this time you actually get paid for participating!
ASIC resistance has some other advantages and some disadvantages we shouldn't ignore. The Monero crowd realized that mining could be implemented on sites as an alternative to ads, which seems to be a great idea. The network get's more security, the coin more exposure and the humble internet surfer no ads! It does however open up other forms of centralization. Big sites implementing these methods would indirectly control a bigger portion of the hashrate. Not only this, but the mining is open for malware implementation. Why not infect some office pc's with a miner directed at your Vertcoin address? Or to go full doom and gloom, what about a double spend botnet attack on the network?
These concerns are not that pressing today, we can enjoy and celebrate our achievements for now. But soon we need to get back to it. Start mining everyone and start thinking about how we can protect the network form these risks! Lastly, create awareness among other investors how easy and important it is to mine! The added bonus is of course, the more people mine, the less tempted they are to buy in and get out at a profit!
EDIT:
People, this is all about healthy discussion. Don't downvote opinion you don't agree with, upvote the whole debate if you think the subject is important.
submitted by HashedEgg to vertcoin [link] [comments]

Sono tornato e voglio sapere tutto quello che è successo in mia assenza!

Buongiorno eccomi qui. Per anni ho avuto la fissa della tecnologia. Appena mi alzavo la mattina la prima cosa che facevo era...la pipì. Ma poi correvo a leggere tutte le news che ruotavano intorno al mondo tecnologico e quindi: slashdot, techchrunch, punto-informatico ecc...
Poi nel 2011 ho perso completamente interesse, mi sembrava che il mondo con le app si fosse appiattito e che la tecnologia intorno al mondo IT fosse meno interessante, ma forse ero solo io che avevo bisogno di staccare la spina. Ora però voglio tornare, voglio di nuovo sapere tutto ciò che sta accadendo e che è accaduto negli anni passati.
Ho voglia però di essere aggiornato. Quali sono state secondo voi le tecnologie software/hardware, i servizi e le acquisizioni più importanti degli ultimi sei anni?
Aggiornerò questo post creando una timeline man mano che ognuno di voi fornirà informazioni attraverso i commenti.
TIMELINE
submitted by ildormiglione to ItalyInformatica [link] [comments]

Ad-blockers, ads, and nasty malware.

So I keep getting all of these sites that whine about their ads being blocked. I'm all devil's advocate and do understand ads and I do like these sites, but lately, I'm flat out refusing to turn off my ad-blocking even if I like the site. Sadly I know that this will harm the site when thousands or millions of ads are being blocked, and I don't like that people's efforts are not being rewarded.
However, there is a reason I now refuse to disable it whatsoever -- I work in a repair shop, and I've been getting more and more infected computers come in, and some of these people aren't idiots. They have good respected AV products, they have anti-malware programs installed, I can tell by how neat their desktops are that they're fairly intelligent and not the blind clickers. But they're still infected.
And I figured out the method of attack a while back -- ads. Apparently there are some ad networks that are being infected with malware, and it appears that they can't police themselves due to the sophistication of these bad ads' makers. Sadly no amount of AV/Malware can protect against some of these due to the constant updating and 0-day exploits being used.
I understand that servers and bandwidth and content cost money, and I'd like to find some way to have my pages, but allow these people to collect revenue. I read about the bitcoin browser and its ad network but I fear it will just end up with the same issues once it gets popular enough, since botnet-makers, script-kiddies and other jerks get their kicks from messing with other people's lives.
Any good solution that lets me see pages while allowing the content providers have their cake too? Or... is the cake a lie, no matter what...?
*edit and aside: BTW-- if you content providers are seeing this... pop-ups are pop-ups, no matter how you flippin' disguise them. Stop with the retarded 'cover the page in stupid' thing. Its bloody damned annoying. (News sites, I'm primarily looking at you)
submitted by liath_ww to pcmasterrace [link] [comments]

The Massive Value Prop of SUMOkoin: a Corporate Lawyer's Analysis

Can you guys help us all out and upvote those posts?
Trying to do my part to spread the word.
MERRY CHRISTMAS TEAM! (SKIP TO END FOR TLDR :)
[Note: this post was originally drafted on Christmas Day and subsequently edited]
[Disclaimer: I am posting this in triplicate on cryptocurrency cryptomarkets monero for visibility]

***Intro*** 
This is my first try at one of these. I am going to make a case for SUMOkoin (SUMO on Cryptopia) from a pure VALUE perspective. I’ve been researching privacy coins deeply and feel I’ve reached a sufficient conclusion to merit sharing SUMO.
SUMOkoin is a fork of MONERO (XMR). In my opinion, XMR is hands down the most undervalued coin in the top 15. Once people figure out how to value privacy into the value of a coin, XMR, along with the other privacy coins like SUMO, will skyrocket.
I am not here to argue SUMO is superior to XMR. That’s not what this post is about. I don’t find debating the merits of SUMO vs. XMR interesting as investing in SUMO has nothing to do with SUMO overtaking XMR. If anything, I’d argue that the merits of XMR underline the value of SUMO. What I do find interesting is return on investment (“ROI”). If you do want to argue about XMR vs. SUMO, I can point you to this infographic: https://i.redd.it/0eqfkg1hq2501.jpg

***Background*** 
I’m a corporate lawyer in Silicon Valley. my practice focuses on venture capital financing (“VC)”) and mergers & acquisitions (“M&A”). basically I spend all day every fucking day reviewing and revising cap tables, stock purchase agreements and merger agreements.
I started using BTC in 2014 in conjunction with silk road and TOR. I had a minor conniption when I recently calculated how much BTC I handled in 2014. My 2017 has been good with IOTA at sub $0.30, POWR at $0.12, ENJIN at $0.02, REQ at $0.05, ENIGMA, and PHORE.
My crypto investing philosophy is based on betting long odds. As Warren Buffet said, consolidate to get rich, diversify to stay rich. That said I strongly recommend you have an IRA and/or 401(k) in place prior to venturing into crypto. But when it comes to crypto, I’d happily strike out several times to have a chance at hitting a 100x. This is probably born out of working with VCs who do the same only with companies, not coins. I view myself as a mini-VC in the cryptosphere.
__
The Number 1 thing I've taken away from corporate law is that it pays to get in EARLY
Did you know that the typical founder buys their shares for $0.00001 per share? So if a founder owns 5 million shares, they bought those shares for $50 total. The typical IPO goes out the door at $10-20 per share. My iPhone calculator says ERROR when it tries to divide $10/0.00001 because it runs out of screen space.
At the time of this writing, SUMO has a Marketcap of $5 million. Given it’s market cap and its XMR-likeness, I am positive SUMO is the best value investment in the Privacy Coin arena at this time. PHR is another competitor, but at $50m market cap, I feel it has lost its mega potential for you and me.

***Merits of SUMO*** 
So what’s so good about SUMOkoin? Didn’t you say it was just a Monero knock-off?
1) Well, sort of. SUMO is based on CryptoNote and was conceived from a fork of Monero, with a little bit of extra privacy thrown in. It would not be wrong to think SUMO is to Litecoin as XMR is to Bitcoin.
2) Increased Privacy. Which brings us to point 2. SUMO is doing a couple things to increase privacy and nimbleness simultaneously. Monero currently does many of these too — though at the fork MONERO could not. Don’t forget Monero is also 5.5 billion market cap to SUMO’s 5 million.
a) RingCT. All transactions are RingCT (ring confidential transactions) and the minimum “mixin” transactions is 13 (12 plus the original transaction) which gives passes the threshold to resist blockchain attacks. No transactions made on the SUMO blockchain can ever be traced to the actual participants. Nifty huh?
b) Sub-addresses. The wallet deploys disposable sub-addresses to conceal your real sumo wallet address even from senders (who typically would need to know your actual address to send currency). Monero also does this.
3) Fungibility aka “Digital Cash”. This term gets thrown about a bunch, but basically, it means ‘how close is this coin to cash in terms of usage?’ Well, Sumokoin is one of a few cryptos that can boast true fungibility — SUMO can act just like physical cash i.e. no other people can find where the money comes from and how many have been transferred.
5) Mining Made Easy Mode. Seeing as SUMO was a fork, and not an ICO, they didn’t have to rewrite the wheel. Instead they focused on putting together some solid fundamentals like a great wallet and a dedicated mining application that lets you start mining with your current CPU. Check out the “Sumojoin Easy Minder” - simply run and start mining.
6) Intuitive and Secure Wallet. This shouldn’t come as a surprise, yet in this day and age, apparently it is not a prereq. They already have a GUI wallet, litewallet, plus those unlimited sub-addresses to boot that I mentioned above.
7) Decentralization. SUMO is botnet-proof, and therefore botnet mining resistant. When a botnet joins a mining pool, it adjusts the mining difficulty, thereby balancing the difficulty level of mining.
8) Dev Team // Locked Coins // Future Development Funds. There are lots of things that make this coin a ‘go.’ but perhaps the most overlooked in crypto is that the devs have done an excellent job delivering ahead of schedule. If you’re an engineer or have managed projects, you know how difficult hitting projected deadlines can be. These guys update github very frequently and there is a high degree of visibility. The devs have also time-locked their pre-mine in a publicly view-able wallet for years so they aren't bailing out with a pump and dump. The dev team is based in Japan.
9) Broad Appeal. If marketed properly, SUMO has the ability to appeal to older individuals venturing into crypto due to the fungibility / similarities to cash. This is not different than XMR, and I expect it will be exploited in 2018 by all privacy coins. It could breed familiarity with new money, and new money is the future of crypto.
10) Marketing. Which brings me to my final point - and it happens to be a weakness. SUMO needs a community effort to distribute information to the masses. A good example is Vert Coin. Their team is very good at disseminating information. I’m not talking about hyping a coin; I’m talking about how effectively can you spread facts about your product to the masses.
To get mainstream SUMO needs something like this VertCoin post: https://www.reddit.com/vertcoin/comments/7ixkbf/vertbase_a_vertcoin_to_usd_exchange/

***Market Cap Discussion*** 
For a coin with using Monero’s tech, 5 million is minuscule. For any coin, 5 mil is nothing. Some MC comparisons [as of December 25th, 2017]:

Let's talk about market cap ("MC") for a minute.
It gets tossed around a lot, but I don’t think people appreciate how important getting in early can be. Say you buy into SUMO at 5 million MC. Things go well and 20 million new money gets poured into SUMO. Now the MC is 25 million. Your gains are 4x (you invested $1,000 and now you have 5,000, netting 4,000).
Now let’s says say you bought at 10 million instead of 5 million. $15 mill gets poured in until the MC again reaches 25 mil. Your gains are 1.5x (you put in $1,000, you now have 2,500, netting 1,500)
Remember: investing at 5 mil MC vs. 10 mil MC represents an EXTREMELY subtle shift in time of investment (“TOI”). But the difference in net profit is dramatic. the biggest factor is that your ROI multiplier is locked in at your TOI — meaning every 25 million that gets added to the MC pot, you 4X you're returns.
Example MC = 100
I strongly believe SUMO can and will 20x in Q1 2018 and 100x by end of Q4 2018 reach $500,000 MC. There is ample room for a tricked out Monero clone at 500 MC. That’s 100x.
Guess how many coins have 500 mil market caps? 48 as of this writing. 48! Have many of these coins with about ~500 mil MC have you heard of?
MaidSafeCoin?
Status?
Decred?
Veritaseum?
SUMO has potential to surpass those.

***The Importance of Privacy*** 
I want to close with a brief discussion of privacy as it relates to fundamental rights and as to crypto. 2018 will be remembered as the Year of Privacy Coins. Privacy has always been at the core of crypto. This is no coincidence. “Privacy” is the word we have attached to the concept of possessing the freedom to do as you please within the law without explaining yourself to the government or financial institution.
Discussing privacy from a financial perspective is difficult because it has very deep political significance. But that is precisely why it is so valuable.
Privacy is the right of billions of people not to be surveilled. We live in a world where every single transaction you do through the majority financial system is recorded, analyzed and sold — and yet where the money goes is completely opaque. Our transactions are visible from the top, but we can’t see up. Privacy coins turn that upside down.
Privacy is a human right. It is the guarantor of American constitutional freedom. It is the cornerstone of freedoms of expression, association, political speech and all our other freedoms for that matter. And privacy coins are at the root of that freedom. What the internet did for freedom of information, privacy coins will do for freedom of financial transactions.

***TL;DR:*** 
2018 = Year of Privacy Coins // Monero is legit aka is the most undervalued coin in the Top 15 // SUMO is low MC clone meaning great ROI opportunity // ROI is everything // did I mention ROI is everything? // Consolidate to get rich; diversify to stay rich // extra strong code foundation + strong dev team + SUMO team financial incentives locked in multi-year vesting schedule // un-limited sub-addresses associated with Wallet & Litewallet means complete anonynimity // RingCT w/ 12+1 minimum mixins means complete confidentiality // legit Fungibility (like cash) means MARKET VALUE of privacy is baked into the currency // Mining Made Easy for those interested/able // is Botnet mining resistant // has unique market appeal to UNSOPHISTICATED DEEP pockets due to similarity to cash.

Legal Disclaimer
THIS POST AND ANY SUBSEQUENT STATEMENTS BY THE AUTHOR DO NOT CONSTITUTE LEGAL OR FINANCIAL ADVICE AND IS NOT INTENDED TO BE LEGAL OR FINANCIAL ADVICE OR RELIED UPON. NO REFERENCES TO THIS POST SHALL BE CONSTRUED AS LEGAL OR FINANCIAL ADVICE. THIS POST REPRESENTS THE LONE OPINION OF A NON-SOPHISTICATED INVESTOR.
submitted by UCBerzerkeley to sumokoin [link] [comments]

Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know.

This article is no longer being maintained, please see the new version here. Thanks.
tl;dr: I hope you have backups. It's legit, it really encrypts. It can jump across mapped network drives and encrypt anything with write access, and infection isn't dependent on being a local admin or UAC state. Most antiviruses do not catch it until the damage is done. The timer is real and your opportunity to pay them goes away when it lapses. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup, or be SOL.
Vectors: In order of likelihood, the vectors of infection have been:
  • Email attachments: A commonly reported subject is Payroll Report. The attachment, most of the time, is a zip with a PDF inside, which is actually an executable.
  • PCs that are unwitting members of the Zeus botnet have had the virus pushed to them directly.
  • There is currently one report of an infection through Java, using the .jnlp file as a dropper to load the executable.
Variants: The current variant demands $300 via GreenDot MoneyPak or 2 BTC. I will not attempt to thoroughly monitor the price of bitcoins for this thread, use Mt. Gox for the current exchange rate. Currently the MoneyPak is the cheaper option, but last week Bitcoins were. Two variants, including a $100 variant and a $300 that did not offer Bitcoin, are defunct.
Payload: The virus stores a public RSA 2048-bit key in the local registry, and goes to a C&C server for a private key which is never stored. The technical nuts and bolts have been covered by Fabian from Emsisoft here. It will use a mix of RSA 2048-bit and AES 256-bit encryption on files matching these masks:
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif
This list of file masks may be incomplete. Trust this list at your peril. When in doubt, CryptoLocker will show you what files it has encrypted by clicking the relevant link in the virus's message.
It will access mapped network drives that the current user has write access to and encrypt those. It will not attack server shares, only mapped drives. Current reports are unclear as to how much permission is needed for the virus to encrypt a mapped drive, and if you have clarification or can test in a VM please notify me via message.
By the time the notification pops up, it's already encrypted everything. It's silent until the job is done.
Many antiviruses have been reported as not catching the virus until it's too late, including MSE, Trend Micro WFBS, Eset, GFI Vipre, and Kaspersky. They can further complicate matters by reverting registry changes and removing the executables, leaving the files behind without a public or private key. Releasing the files from quarantine does work, as does releasing the registry keys added and downloading another sample of the virus.
Windows XP through 8 have all reported infections.
What's notable about this virus, and this is going to lead to a lot of tough decisions, is that paying them to decrypt the files actually does work, so long as their C&C server is up. They verify the money transfer manually and then push a notification for the infected machine to call home for the private key again, which it uses to decrypt. It takes a long time to decrypt, at the rate of roughly 5GB/hr based on forum reports. The virus uses the registry to maintain a list of files and paths, so not moving the files around is vital to decryption if you are paying them.
Also notable is that the timer it gives you to pay them does appear to be legitimate, as multiple users have reported that once the timer ran out, the program uninstalled itself. Reinfecting the machine does not bring a new timer. I was not able to verify the uninstallation of the program after the timer ran out, it appears to be dependent on internet access.
Due to the nature of the encryption, brute-forcing a decrypt is essentially impossible for now.
Removal: Removing the virus itself is trivial, but no antivirus product (or any product, for that matter), will be able to decrypt the files until the private key is found.
File Recovery: There are only a handful of options for recovering encrypted files, and they all rely on either having System Restore/VSS turned on or having a backup disconnected from the infected machine. Cloud backup solutions without versioning are no good against this as they will commit the encrypted files to the cloud.
I had a Carbonite employee message me regarding my earlier statement that Carbonite is no good against this virus. It turns out that versioning is included in all Carbonite plans and support all agent OSes except Mac OS X which is outside the scope of this thread anyway. They have the ability to do a mass reversion of files, but you must call tech support and upon mentioning CryptoLocker you will be escalated to a tier 3 tech. They do not mention this ability on the site due to the potential for damage a mass reversion could do if done inadvertently. These are my own findings, independent of what the employee told me. Crashplan and other versioning-based backup solutions such as SonicWALL CDP should also work fine provided the backups are running normally.
Using the "Previous Versions" tab of the file properties is a cheap test, and has had mixed results. Using ShadowExplorer on Vista-8 will give you a much easier graphical frontend for restoring large amounts of files at once (though this will not help with mapped drives, you'd need to run it on the server in that case). Undelete software doesn't work as it encrypts the files in place on the hard drive, there is no copying going on. The big takeaway is that cold-storage backups are good, and they will make this whole process laughably easy to resolve.
Prevention: As this post has attracted many home users, I'll put at the top that MalwareBytes Pro, Avast! Free and Avast! Pro (defs 131016-0 16.10.2013 or later) will prevent the virus from running.
For sysadmins in a domain environment, one way to prevent this and many other viruses is to set up software restriction policies (SRPs) to disallow the executing of .exe files from AppData/Roaming. Grinler explains how to set up the policy here.
Visual example. The rule covering %AppData%\*\*.exe is necessary for the current variant. The SRP will apply to domain admins after either the GP timer hits or a reboot, gpupdate /force does not enforce it immediately. There is almost no collateral damage to the SRP. Dropbox and Chrome are not effected. Spotify may be affected, not sure. I don't use it.
Making shares read-only will mitigate the risk of having sensitive data on the server encrypted.
Forecast: The reports of infections have risen from ~1,300 google results for cryptolocker to over 150,000 in a month. This virus is really ugly, really efficient, and really hard to stop until it's too late. It's also very successful in getting people to pay, which funds the creation of a new variant that plugs what few holes have been found. I don't like where this is headed.
Some edits below are now redundant, but many contain useful information.
9/17 EDIT: All 9/17 edits are now covered under Prevention.
10/10 EDIT: Google matches for CryptoLocker are up 40% in the last week, and I'm getting 5-10 new posts a day on this thread, so I thought I'd update it with some interesting finds from fellow Redditors.
  • soulscore reports that setting the BIOS clock back in time added time to his cryptolocker ransom. Confirmed that the timer extends with the machine offline, but that may be cosmetic and I don't like your chances of this actually helping if your timer runs out on the server side.
  • Spinal33 reports that AV companies are catching up with CryptoLocker and are blocking websites that are spawned in the virus's domain generation algorithm. This effectively means that some people are locked out of the ability to even pay the ransom. (Technically they could, but the virus couldn't call home.)
  • Malwarebytes is claiming that MBAM Pro will catch CryptoLocker. If someone wants to test them on it, be my guest. Confirmed
  • CANT_ARGUE_DAT_LOGIC gave some insight on the method the virus uses when choosing what to infect. It simply goes through folders alphabetically and encrypts all files that match the filemasks towards the top of this post. If you are lucky enough to catch it in the act of encrypting and pull the network connection, the CryptoLocker message will pop up immediately and the countdown will begin. Helpful in determining what will need to be taken into account for decryption.
EDIT 2: We had a customer that ignored our warning email get infected so I will have my hands on an infected PC today, hope to have some useful info to bring back.
10/10 MEGA EDIT: I now have an active CryptoLocker specimen on my bench. I want to run down some things I've found:
  • On WinXP at least, the nested SRP rule is necessary to prevent infection. The path rule needs to be %AppData%\*\*.exe
  • An alternate link to the virus sample is http://gktibioivpqbot.net/1002.exe
  • Once the program runs it spawns two more executables with random names in %userprofile%. Adding a SRP to cover %userprofile%\*.exe may be desired, though this will prevent GoToMyPC from running at a bare minimum.
  • This user was a local administrator, and CryptoLocker was able to encrypt files in other user's directories, though it did not spawn the executables anywhere but the user that triggered the infection. When logged in under a different account there is no indication that a timer is running.
  • The environment has server shares but no mapped drives and the shared data was not touched, even though a desktop shortcut would've taken the virus to a share. I suspect that will be covered in the next iteration.
  • The list of masks above does not appear to be totally complete. PDF files were encrypted and were not originally part of the set of file masks. That is the only exception I noticed, everything else follows the list. Conveniently (/s), CryptoLocker has a button you can click that shows the list of files it's encrypted.
  • The current ransom is $300 by MoneyPak or 2BTC, which at the time of writing would be $280 and change.
  • Fabian reported that registry data is stored at HKCU/Software/CryptoLocker. I cannot glean the meaning of the DWORD values on files but I do notice they are unique, likely salts for the individual files. I'm curious what purpose that would serve if the private key was revealed as the salts would be useless.
  • I have confirmed the message soulscore left that setting the BIOS timer back a few hours adds an equal amount of time. No telling whether that will work once it has a network connection and can see the C&C server, though.
  • The virus walked right through an up-to-date version of GFI Vipre. It appears AV companies either consider the risk too low to update definitions or, more likely, they're having trouble creating heuristic patterns that don't cause a lot of collateral damage.
10/11 EDIT: I ran Daphne on the infected PC to get a better idea of what might be going on. lsass.exe is running like crazy. Computer's had it's CPU pegged all day. I noticed the primary executable running from %AppData% has a switch on the end of the run command, which in my case is /w000000EC. No idea what that means.
10/15 EDIT: I just wanted to thank all the redditors that have submitted information on this. I have some interesting new developments that I'll be editing in full tomorrow.
10/18 EDIT: Hello arstechnica! Please read through comments before posting a question as there's a very good chance it's been answered.
New developments since 10/15:
  • We have confirmation that both Malwarebytes Antimalware Pro and Avast Free and Pro will stop CryptoLocker from running. My personal choice of the two is MBAM Pro but research on your own, AV Comparatives is a wonderful resource.
  • We have reports of a new vector of infection, Java. This is hardly surprising as Zeus was already being transmitted in this fashion, but Maybe_Forged reports contracting the virus with a honeypot VM in this manner.
  • zfs_balla made a hell of a first post on reddit, giving us a lot of insight to the behavior of the decryption process, and answered a frequently-asked question. I'm paraphrasing below.
A file encrypted twice and decrypted once is still garbage.
The waiting for payment confirmation screen stayed up for 16 days before a decryption began, so don't lose hope if it's been up a while.
The DWORD values in the registry have no bearing on decryption. Renaming an encrypted file to one on the list in the registry will decrypt it. However, I would presume this would only work for files that the virus encrypted on that machine as the public key is different with every infection.
Adding any new matching files to somewhere the virus has access will cause them to be encrypted, even at the "waiting for payment confirmation" screen. Be careful.
Hitting "Cancel" on a file that can't be found doesn't cancel the entire decryption, just that file.
EDIT 2: I've rewritten the bulk of this post so people don't have to slog through edits for important information.
10/21 EDIT: Two noteworthy edits. One is regarding Carbonite, which is apparently a viable backup option for this, it is covered under File Recovery. The other is regarding a piece of software called CryptoPrevent. I have not tried it, but according to the developer's website it blocks %localappdata%\*.exe and %localappdata%\*\*.exe which is not necessary for the current variant and will inflict quite a bit of collateral damage. I have no reason right now to doubt the legitimacy of the program, but be aware of the tradeoffs going in.
I'm now at the 15000 character limit. Wat do?
submitted by bluesoul to sysadmin [link] [comments]

Botcoin: Bitcoin-mining on botnets (NDSS '14 talk) Botnet mines Bitcoins -- SatoshiDice Sold -- Primecoin? DEMO - Bitcoin Fake Transaction FV With Blockchain Beta Version ✅ 6/28/19 Cryptocurrency Mining Botnet Arrives Through ADB  AT&T ThreatTraq Selling Cheap and powerfull botnet (130gbps) paypal&bitcoin

The Bitcoin.com mining pool has the lowest share reject rate (0.15%) we've ever seen. Other pools have over 0.30% rejected shares. Furthermore, the Bitcoin.com pool has a super responsive and reliable support team. Digital money that’s instant, private, and free from bank fees. Download our official wallet app and start using Bitcoin today. Read news, start mining, and buy BTC or BCH. Criticism. If the name Stealthcoin doesn't describe another use for this software, consider an alternate name: "Bitcoin - Botnet Edition". Kaspersky Internet Security 11.0.1.400 identifies the editor.exe as beeing infected with Trojan.Win32.Scar.dzmz. A crypto-mining botnet has been hijacking MSSQL servers for almost two years. Vollgar botnet launches brute-force attacks against MSSQL databases to take over servers and install Monero and Vollar ... The botnet experiment with a Bitcoin-mining module for a week, before dropping the module altogether. The second was an IoT malware strain named Linux.MulDrop.14 , detected by Dr.Web in June 2017.

[index] [3680] [14041] [2195] [8062] [31460] [19661] [15968] [828] [4548] [40507]

Botcoin: Bitcoin-mining on botnets (NDSS '14 talk)

AT&T Archives: The Dew Line (Bonus Edition) - Duration: 30:19. AT&T Tech Channel 18,607 views. 30:19 . CloudBots: Harvesting Crypto Coins Like a Botnet Farmer - Duration: 51:14. Black Hat 4,321 ... This is for educational purposes only, don't abuse this knowledge. Learn how to earn money spreading around hidden monero miners. Download here: https://driv... This video is unavailable. Watch Queue Queue. Watch Queue Queue Botcoin: Bitcoin-mining on botnets (NDSS '14 talk) Danny Y. Huang. Loading... Unsubscribe from Danny Y. Huang? Cancel Unsubscribe. Working... Subscribe Subscribed Unsubscribe 155. Loading ... This video is unavailable. Watch Queue Queue. Watch Queue Queue

#