Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
opticalcarrier
on 31/01/2014, 15:17:48 UTC
Quote from: rickyjames on January 31, 2014, 03:02:31 PM
Quote from: TwinWinNerD on January 31, 2014, 09:05:10 AM
Quote from: NxtChg.com on January 31, 2014, 08:59:37 AM
Quote from: dzarmush on January 31, 2014, 07:55:32 AM
Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question Smiley

What the hell? How is that possible?

It is already known that there is a bot running that checks the balances of very simple passwords. If you send some NXT to accounts of passphrases "1" or smthg, it will be gone within 45 seconds!


This is really scary.  There is apparently a continuous, ongoing attack against NXT looking for weak passwords.  There is no way to know how many hackers are doing this or how much computer horsepower is being directed towards this because the attack can be run offline against a copy of the blockchain.  Every day we are signing up 100 users on average and we are hoping to get many, many more.  NEW USERS ARE NOT BEING TOLD OFTEN ENOUGH OR STRONGLY ENOUGH ABOUT THE IMPORTACE OF A LOOOONG RANDOM PASSWORD.  Every day new users are coming in and using a short password and immediately lose their NXT just like dzarmush did.  

They do not put a happy smile after their experience.

They do not put a happy smile after their experience.  

They do not put a happy smile after their experience.  

I truly believe that one of the biggest threats to NXT is word of mouth about poor security.  "Yeah, I tried to buy some NXT, it was stolen in 24 hours, better steer clear of that coin..."

That kind of talk - and the poor security hygene that precipitate it - needs to be nipped in the bud NOW.  We only get a fresh reputation once - and people are losing NXT at an alarming rate, at least it seems that way to me.

Some day when I am all caught up (ha ha ha) I want to start a Wiki page listing every known past instance of lost NXT and have new users record their experiences on what happened to them in some kind of table.  This is data we need to be accumulating.

https://bitcointalk.org/index.php?topic=345619.msg4799666#msg4799666

I wish my idea would get some traction.  Also, look at the HUGE EMPTY BOX available when we type in a passphrase.  Why is there not some info in that box for a new user to read, warning that their NXT WILL be stolen if they use a simple word/phrase, even a long sentence if it is in some vulgate?