Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
TwinWinNerD
on 31/01/2014, 17:06:54 UTC
Quote from: rickyjames on January 31, 2014, 03:02:31 PM
Quote from: TwinWinNerD on January 31, 2014, 09:05:10 AM
Quote from: NxtChg.com on January 31, 2014, 08:59:37 AM
Quote from: dzarmush on January 31, 2014, 07:55:32 AM
Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question Smiley

What the hell? How is that possible?

It is already known that there is a bot running that checks the balances of very simple passwords. If you send some NXT to accounts of passphrases "1" or smthg, it will be gone within 45 seconds!


This is really scary.  There is apparently a continuous, ongoing attack against NXT looking for weak passwords.  There is no way to know how many hackers are doing this or how much computer horsepower is being directed towards this because the attack can be run offline against a copy of the blockchain.  Every day we are signing up 100 users on average and we are hoping to get many, many more.  NEW USERS ARE NOT BEING TOLD OFTEN ENOUGH OR STRONGLY ENOUGH ABOUT THE IMPORTACE OF A LOOOONG RANDOM PASSWORD.  Every day new users are coming in and using a short password and immediately lose their NXT just like dzarmush did.  

They do not put a happy smile after their experience.

They do not put a happy smile after their experience.  

They do not put a happy smile after their experience.  

I truly believe that one of the biggest threats to NXT is word of mouth about poor security.  "Yeah, I tried to buy some NXT, it was stolen in 24 hours, better steer clear of that coin..."

That kind of talk - and the poor security hygiene that precipitate it - needs to be nipped in the bud NOW.  We only get a fresh reputation once - and people are losing NXT at an alarming rate, at least it seems that way to me.

Some day when I am all caught up (ha ha ha) I want to start a Wiki page listing every known past instance of lost NXT and have new users record their experiences on what happened to them in some kind of table.  This is data we need to be accumulating.

You say that it is scary, but that is exactely what is happening with BTC and the brainwallet apllication. Someone created huge rainbowtables and runs a bot that detects incoming tx and just sweaps all accounts. Everything that is shorter than 12-14 digits ist just sweapt within <0.5 seconds.