Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Archival
Re: delete
by
RMaxwell
on 18/03/2014, 14:09:48 UTC
Quote from: r32godzilla on March 18, 2014, 01:11:31 PM
Quote from: RMaxwell on March 18, 2014, 12:44:46 PM
Quote from: BitcoinEXpress on March 17, 2014, 08:52:59 PM

Recently Baritus the developer of Digitalcoin reported the theft of 500,000 DGC worth about $30,000 on the open market by an employee that physically installed a key logger on his unsecured and unlocked Windows machine.

Does anyone have any idea who this employee is?

Did Baritus have an office somewhere for CryptoAve and Digitalcoin?

Even more puzzling is that Baritus will not list any of the public addresses of the "stolen" coins which would allow for tracking the coins or to even to verify a theft actually happened in the first place.

I think it is more likely this mystery employee does not exist, no theft happened and Baritus has unloaded or plans to unload the coins. He couldn't just sell them outright because of the way it would look to people that you are actively soliciting for investment money from.

Now back to the original question, Who is this mystery employee?


~BCX~

Dev said "custom keylogger" so no hardware.  no diff than grandma clicking punch the monkey on her windows box.

Tell me again why 'security guru' not using secure os and best practices???

Do people not read?? This has been explained numerous times. The theft happened on Baritus' work machine (yes he does have a job in an IT related industry) while he left it unattended via a keylogger installed by a supposed "trusted" work colleague. Now are people telling me everytime they have left left their work pc they a) Lock it and b) upon return think oh my "trusted" work colleague might have keylogged me I better run a scan. No of course bloody not. Cut Baritus a break and stop acting like you have never left your pc at work unlocked for even just a few minutes AT LEAST ONCE. If you say you haven't your full of shit.

Baritus is one of the hardest working and most decent dev's out there. He could have ripped people off many times over easily if he wanted to over the past year. He does not deserve this treatment at all and I actually feel sorry for him.

As for CryptoAve its on seperate servers totally unrelated and no coins were lost during hacking attempts due to the security measures that were already in place. Once again this is more than can be said for other exchanges that have been hacked and lost customers coins. The site is down and being reinforced as we speak.

Now that everything has been explained YET AGAIN, FFS BCX and any other muckrakers get a life and go trade/walk/gym/game or whatever else it is that you do, this dead horse has been flogged enough.

Facepalm.

Professional security + best practices = no windows ever.  Only bsd based (free/openbsd or mac) or any *nix.

Physical access = attacker can copy or destroy files only.  Never able to fool owner into running bad daemons (user or root) or mod /bin etc.  Ever.

Strong local user passwords and high granularity permissions!

Know *all* your traffic.  Plenty of (full source) tools avail from repos.

All packages signed by trusted repos + rootkit detection + key auth only for remote logins.

Watch advisories for (rare) 0-days, get fixes quickly (good luck getting fix quickly from ms!).

Compile any code (esp wallets!) from source only.  Never trust exes from anywhere but ms. Ever.

Check box for unknown hw attached. Duh.

Basic.  Learn this stuff before ur coins are gone too!