Search content
Sort by
Showing 18 of 18 results by RMaxwell
Re: [ANN] "Cubits"(QBT) HI POS Coin v2.1.3-Starbuck UPDATED!
My wallet is encrypted and I'd like to mint POS. In v2.1.3.0-Starbuck there isn't an "unlock wallet for minting only" option in the settings menu like PPC has. So the question is how do you unlock a wallet? Thx.
I think you have to unlock the whole wallet.Go to "Help" -> "Debug windows" -> "Console".
Use (type) the following command:
Code:
walletpassphrase yourpassword time_to_unlock_in_seconds
If your password is "secret" and you want to unlock the wallet "forever" (e.g. 999999 seconds):
Code:
walletpassphrase secret 999999
Before minting POS, you might check as well if your Cubits.conf contains the suggested setting:
Code:
reservebalance=1000000
splitthreshold=500
combinethreshold=100
splitthreshold=500
combinethreshold=100
Source: http://www.scificrypto.info/qbt/
Thanks very much, didn't even think of using the command line
. Staking now.Re: [ANN] "Cubits"(QBT) HI POS Coin v2.1.3-Starbuck UPDATED!
My wallet is encrypted and I'd like to mint POS. In v2.1.3.0-Starbuck there isn't an "unlock wallet for minting only" option in the settings menu like PPC has. So the question is how do you unlock a wallet? Thx.
Lets face it, was dumb move by dev to sell those coins but say they were stolen. couldnt keep story straight, then blamed it on heartbleed...facepalm
dgc had better community than most coins and could be 100x higher now. instead it is pennies (but i still like it and bought some as lottery ticket).
almost forgot, and no trades at cryptoave exchange because no one trusts it now, plus amatuer security knowledge of dev is now known by everyone.
only takes one mess up, bet the dev wishes he could go back and not dump those coins on those who trusted him...
dgc had better community than most coins and could be 100x higher now. instead it is pennies (but i still like it and bought some as lottery ticket).
almost forgot, and no trades at cryptoave exchange because no one trusts it now, plus amatuer security knowledge of dev is now known by everyone.
only takes one mess up, bet the dev wishes he could go back and not dump those coins on those who trusted him...
Nice to see some sort of sanity starting to prevail here from more people who are trying to work together for a coin that is actually serious at being more than just a pump and dump.
Raw thanks for all your hard work especially on pulling the community together and focusing on the big picture.
It makes a difference when a real leader steps up. DGC was on the brink of extermination and Baritus did nothing.
Rawdawg has clearly demonstrated he should be the chairman and leader of this coin.
~BCX~
Thanks guys! I am going to do everything in my power to get Digitalcoin where it needs to be to be able to compete with all of the bigger coins! If anyone has any questions or concerns that they want me to answer, please feel free to pm me on here, contact me in IRC #digitalcoin on the freenode network (name is the same, Rawdawg-) or email me at: admin@dgcfoundation.com
I am looking forward to everything we have coming in the near future guys! Thanks for your support.
Rawdawg
congrats to you and bcx!
humble advice...as chairman take security very seriously for ALL dgc projects...no hacking, only pro work on *nix platforms! it was joke in the past, now attract real devs and security guys involved to make dgc a top 3 coin.
and good work by you rawdawg, thats not easy job and you are obv a go-getter!
glta...will be slowly buying dgc now that a serious big boy like bcx is in!
How many stupid threads like this are you going to open on this subject? You have asked the same stuff over and over in multiple threads and have had hundreds responses already.
"This thread is self moderated for stupidity and spam only. Differing opinions and the usual BCX fan mail will not be deleted."
^^ Really? I think this thread IS spam thanks mods. How many different times can you spam the same crap under different headings?
Even if it was true coin dumps happen all the time who gives a toss? If Baritus was no longer active I might be worried but he's actively developing for DGC as normal and I was able to purchase more dgc while the price is so cheap.
We all know your obsessed with Baritus but seriously do you not have anything better to do?
If the mods were serious about spam they would close this and the other related threads about this. I suspect this probably won't happen though. Oh well more free advertising for DGC if not.
"This thread is self moderated for stupidity and spam only. Differing opinions and the usual BCX fan mail will not be deleted."
^^ Really? I think this thread IS spam thanks mods. How many different times can you spam the same crap under different headings?
Even if it was true coin dumps happen all the time who gives a toss? If Baritus was no longer active I might be worried but he's actively developing for DGC as normal and I was able to purchase more dgc while the price is so cheap.
We all know your obsessed with Baritus but seriously do you not have anything better to do?
If the mods were serious about spam they would close this and the other related threads about this. I suspect this probably won't happen though. Oh well more free advertising for DGC if not.
Best way to dump large set of coins:
Say "theft" because you irc guys would be in sympathy and be buyers. Without "theft", obviously can't say there's a large dump coming because then you would know it's him dumping!
And market wasnt big enough to absorb such large amount.
So dump to you guys at much higher levels, and you all swallow them down like worms to a baby bird.
then dumper laughs to the bank and still looks like good guy.
but you hold bag at 90% loss now....
Ouch...not even a little suspicious?
Would be easier to believe dev when he said probably bug in php than blaming heartbleed now. My head spins!
Dev said only high value cave accounts attacked. So attacker hammered server w/ heartbeat requests for long time and got lucky finding some passwords in memory.
And must be just at right time when high val accounts were logging in else 99.99999% chance memory overwritten (plus password not always exposed w/ heartbleed...high val accounts must have logged in many many times to get lucky!).
Then somehow tied those passwords to only biggest accounts. Oh yeah almost forgot...need to know username and pin too!
Oh wait dev said in irc noticed gmail account hack of biggest accounts too...remember? So bad guy hacked gmail too, or planted virus assuming *all* high val accounts use windows.
Username ok, could be plain texted in email. But pin was plain texted in signup email? Cant be...then no security for pin! Where did bad guy get all these pins for high val accounts? Only if pin was plaintexted back and seen in memory (w/ password at same time...not guaranteed!).
Else only way to see is w/ db hack and unsalted fields...which is bad security not heartbleed.
All so this bad guy could get maybe a couple $k of precious dgc from low profile exchange...
Really fishy smell. But many many gullible guppies in dgc pool so perfect convenient excuse...win-win!
Dev said only high value cave accounts attacked. So attacker hammered server w/ heartbeat requests for long time and got lucky finding some passwords in memory.
And must be just at right time when high val accounts were logging in else 99.99999% chance memory overwritten (plus password not always exposed w/ heartbleed...high val accounts must have logged in many many times to get lucky!).
Then somehow tied those passwords to only biggest accounts. Oh yeah almost forgot...need to know username and pin too!
Oh wait dev said in irc noticed gmail account hack of biggest accounts too...remember? So bad guy hacked gmail too, or planted virus assuming *all* high val accounts use windows.
Username ok, could be plain texted in email. But pin was plain texted in signup email? Cant be...then no security for pin! Where did bad guy get all these pins for high val accounts? Only if pin was plaintexted back and seen in memory (w/ password at same time...not guaranteed!).
Else only way to see is w/ db hack and unsalted fields...which is bad security not heartbleed.
All so this bad guy could get maybe a couple $k of precious dgc from low profile exchange...
Really fishy smell. But many many gullible guppies in dgc pool so perfect convenient excuse...win-win!
50 BTC worth.
EDIT: Here's what I don't understand... How does he know it was his former employee?
How does he know said ex-employee made a copy of the wallet file, and keylogged the password? How does he know it wasn't someone outside who managed to hack his network or something?
EDIT: Here's what I don't understand... How does he know it was his former employee?
Quote
I lost a bit more than 560,000 DGC due to an ex-employee copying the wallet file and later key logging the password from the work computer. Most if not all of it was already dumped (those are the massive sells you noticed yesterday).
This will not affect anything when it comes to DGC's development. I'm probably more motivated if anything.
This will not affect anything when it comes to DGC's development. I'm probably more motivated if anything.
How does he know said ex-employee made a copy of the wallet file, and keylogged the password? How does he know it wasn't someone outside who managed to hack his network or something?
Reason #54 why the whole story is utter BS.
~BCX~
Dev says hack of exchange and massive losses due to heartbleed. http://digitalcoin.co/forums/index.php/topic,1010.0.html
And he detected heartbleed before anyone else so really impressive skill, I feel better trusting dev now.
Do people not read?? This has been explained numerous times. The theft happened on Baritus' work machine (yes he does have a job in an IT related industry) while he left it unattended via a keylogger installed by a supposed "trusted" work colleague. Now are people telling me everytime they have left left their work pc they a) Lock it and b) upon return think oh my "trusted" work colleague might have keylogged me I better run a scan. No of course bloody not. Cut Baritus a break and stop acting like you have never left your pc at work unlocked for even just a few minutes AT LEAST ONCE. If you say you haven't your full of shit. Anyway even if the machine was locked a person with physical access such as the work colleague can still get into the machine another time and install the keylogger if they wanted to.
Baritus is one of the hardest working and most decent dev's out there. He could have ripped people off many times over easily if he wanted to over the past year. He does not deserve this treatment at all and I actually feel sorry for him losing such a large sum of his personal dgc via such a callous, brazen act from a trusted person. No one expects their work pc to be hacked by a colleague now do they?? Therefor most normal folk would obviously not be going above and beyond to secure such a machine at work given the usually low level threat in that environment.
CryptoAve on the other hand is highly secured and on seperate servers totally unrelated and no coins were lost during hacking attempts due to the security measures that were already in place. Once again this is more than can be said for other exchanges that have been hacked and lost customers coins. The site is down and being reinforced as we speak.
Now that everything has been explained YET AGAIN, FFS BCX and any other muckrakers get a life and go trade/walk/gym/game or whatever else it is that you do, this dead horse has been flogged enough.
Baritus is one of the hardest working and most decent dev's out there. He could have ripped people off many times over easily if he wanted to over the past year. He does not deserve this treatment at all and I actually feel sorry for him losing such a large sum of his personal dgc via such a callous, brazen act from a trusted person. No one expects their work pc to be hacked by a colleague now do they?? Therefor most normal folk would obviously not be going above and beyond to secure such a machine at work given the usually low level threat in that environment.
CryptoAve on the other hand is highly secured and on seperate servers totally unrelated and no coins were lost during hacking attempts due to the security measures that were already in place. Once again this is more than can be said for other exchanges that have been hacked and lost customers coins. The site is down and being reinforced as we speak.
Now that everything has been explained YET AGAIN, FFS BCX and any other muckrakers get a life and go trade/walk/gym/game or whatever else it is that you do, this dead horse has been flogged enough.
@r32
I can't help but notice you seem to have really deep insights into Baritus' thinking and actions but I love how the story keeps
So your story is Baritus kept $30,000 on an unsecured public Windows machine that he only had access to a few hours a day while at work. Most IT firms have an internal network that is run by an admin that has access to every machine. If Baritus wasn't said admin, then this story becomes even more unbelievable than it already is.
I guess I am going to have to solve this mystery the old fashioned way through research. Figure out who Baritus is in real life, figure out where he works ad see if we can flush that thieving scoundrel of an employee out. Notice I didn't say I would out Baritus here. Of course none of this would be necessary if Baritus would post the addresses.
~BCX~
Since dev doesnt know security, maybe you could mentor? Seem like good way to be postive and help rep.
Recently Baritus the developer of Digitalcoin reported the theft of 500,000 DGC worth about $30,000 on the open market by an employee that physically installed a key logger on his unsecured and unlocked Windows machine.
Does anyone have any idea who this employee is?
Did Baritus have an office somewhere for CryptoAve and Digitalcoin?
Even more puzzling is that Baritus will not list any of the public addresses of the "stolen" coins which would allow for tracking the coins or to even to verify a theft actually happened in the first place.
I think it is more likely this mystery employee does not exist, no theft happened and Baritus has unloaded or plans to unload the coins. He couldn't just sell them outright because of the way it would look to people that you are actively soliciting for investment money from.
Now back to the original question, Who is this mystery employee?
~BCX~
Dev said "custom keylogger" so no hardware. no diff than grandma clicking punch the monkey on her windows box.
Tell me again why 'security guru' not using secure os and best practices???
Do people not read?? This has been explained numerous times. The theft happened on Baritus' work machine (yes he does have a job in an IT related industry) while he left it unattended via a keylogger installed by a supposed "trusted" work colleague. Now are people telling me everytime they have left left their work pc they a) Lock it and b) upon return think oh my "trusted" work colleague might have keylogged me I better run a scan. No of course bloody not. Cut Baritus a break and stop acting like you have never left your pc at work unlocked for even just a few minutes AT LEAST ONCE. If you say you haven't your full of shit.
Baritus is one of the hardest working and most decent dev's out there. He could have ripped people off many times over easily if he wanted to over the past year. He does not deserve this treatment at all and I actually feel sorry for him.
As for CryptoAve its on seperate servers totally unrelated and no coins were lost during hacking attempts due to the security measures that were already in place. Once again this is more than can be said for other exchanges that have been hacked and lost customers coins. The site is down and being reinforced as we speak.
Now that everything has been explained YET AGAIN, FFS BCX and any other muckrakers get a life and go trade/walk/gym/game or whatever else it is that you do, this dead horse has been flogged enough.
Facepalm.
Professional security + best practices = no windows ever. Only bsd based (free/openbsd or mac) or any *nix.
Physical access = attacker can copy or destroy files only. Never able to fool owner into running bad daemons (user or root) or mod /bin etc. Ever.
Strong local user passwords and high granularity permissions!
Know *all* your traffic. Plenty of (full source) tools avail from repos.
All packages signed by trusted repos + rootkit detection + key auth only for remote logins.
Watch advisories for (rare) 0-days, get fixes quickly (good luck getting fix quickly from ms!).
Compile any code (esp wallets!) from source only. Never trust exes from anywhere but ms. Ever.
Check box for unknown hw attached. Duh.
Basic. Learn this stuff before ur coins are gone too!
Recently Baritus the developer of Digitalcoin reported the theft of 500,000 DGC worth about $30,000 on the open market by an employee that physically installed a key logger on his unsecured and unlocked Windows machine.
Does anyone have any idea who this employee is?
Did Baritus have an office somewhere for CryptoAve and Digitalcoin?
Even more puzzling is that Baritus will not list any of the public addresses of the "stolen" coins which would allow for tracking the coins or to even to verify a theft actually happened in the first place.
I think it is more likely this mystery employee does not exist, no theft happened and Baritus has unloaded or plans to unload the coins. He couldn't just sell them outright because of the way it would look to people that you are actively soliciting for investment money from.
Now back to the original question, Who is this mystery employee?
~BCX~
Dev said "custom keylogger" so no hardware. no diff than grandma clicking punch the monkey on her windows box.
Tell me again why 'security guru' not using secure os and best practices???
"Personnal issue my ass! Why do a PUBLIC THREAD THEN?"
Way to get instant price support for large sale:
- Not enough buy walls to dump so many quietly.
- So announce as theft to the community.
- Existing holders need to support price of their position, others vulture, doesnt matter
- Lots of btc step up at accepteble prices to absorb it.
- Profit.
- Oh and never release address details...
I'm not sure what all the fuss is about here.
My account was one of the "Compromised" accounts on CryptoAve.
I received a notice that someone had tried to reset my password. Upon receiving this message, naturally, I freaked out and immediately tried to access my CryptoAve account.
I was still able to log in, my coins were safe. I changed my passwords for CryptoAve as well as my email to be safe.
CryptoAve shut down, I made a request to withdraw my coins and I have received my coins.
So, if my account was compromised and my coins were lost, why are they now safely in my wallets in cold storage?
This is a non issue.
Baritus had some personal coins stolen, which is nobody's business. In retrospect, he should have just kept his mouth shut and avoid all this. If he would have done this, then people would only be speculating on why so many coins would have been dumped on March 8th. He tried to be honest with everyone and ended up being accused of everything under the sun.
Sucks for him, sucks for CryptoAve.
The good news is, all this bad press is allowing me to pick up some really cheap DGC
My account was one of the "Compromised" accounts on CryptoAve.
I received a notice that someone had tried to reset my password. Upon receiving this message, naturally, I freaked out and immediately tried to access my CryptoAve account.
I was still able to log in, my coins were safe. I changed my passwords for CryptoAve as well as my email to be safe.
CryptoAve shut down, I made a request to withdraw my coins and I have received my coins.
So, if my account was compromised and my coins were lost, why are they now safely in my wallets in cold storage?
This is a non issue.
Baritus had some personal coins stolen, which is nobody's business. In retrospect, he should have just kept his mouth shut and avoid all this. If he would have done this, then people would only be speculating on why so many coins would have been dumped on March 8th. He tried to be honest with everyone and ended up being accused of everything under the sun.
Sucks for him, sucks for CryptoAve.
The good news is, all this bad press is allowing me to pick up some really cheap DGC
I'm not sure why 3 pages have gone by and no one has acknowledged this post.
MY ACCOUNT WAS ONE OF THE COMPROMISED ACCOUNTS AND I LOST NO COINS!
So what's the problem? Why is anyone even being questioned here? This is a NON ISSUE.
The only person with lost coins here is Baritus himself... and even if he chose to sell his own coins... that's his right. They are his to do with as he pleases.
Because thread is actually about:
Dev gets hacked with custom keylogger on his windows box.
Handwaves, no public address to verify 500k gone.
Exchange gets hacked but only 9 accounts, no way to verify.
Says bug somewhere in php libs.
No wait, gmail insecure.
No wait, others dumb enough to use windows, must be trojan against (only) those 9.
No wait, it's all the baddies attacking my php.
No wait, I said in irc there are NO bugs in my code.
Oh wait, if I can't find bug I'll give up and large holders can have code.
Maybe not issue for you...
I am hesitant to post in such an ill-tempered thread, but the conversation linked above is, simply put, terrifying!
If there really is a trojan out in the wild capable of doing the stuff Baritus wrote, the implications are catastrophic.
Speaking as a code-blind person, would it be wrong to assume that one or all of the exchanges (I think there's eleven?) could be literally sitting on a time bomb right now?
through some PHP bug(I'm guessing) or some trojan that's going around, some hacker was able to reset password on c ave
for a few users
not sure how it's possible since I already looked at all my code and it doesn't allow for it ever
and the other odd things is, they were able to get the verification email codes
from the user's email accounts
which I am not sure of how they did it either
good news is, I had detection kick in that locked out those accounts
so I still have everyone's funds
but the bad news is, someone has a trojan embedded in a lot of crypto community or some unknown bug in PHP makes it completely insecure
No worries, just misdirection to hide real issue.
Only way you get viruses or keyloggers is ignorance by using windows. Very little chance if you use secure operating system, not swiss cheese like ms software.
So don't be dumb and lazy...protect your coins!
But dev said in irc y'day, "if I can't fix bug then I'll turn code over to largest holders. They can do what they want with it" (no exact but close enough).
Whats that mean?
(now fanbois brush off "oh no retard he just meant worst case, will never happen"
lol no, escape hatch? + mystery keylogger + ...)
Deeper...
Whats that mean?
(now fanbois brush off "oh no retard he just meant worst case, will never happen"
lol no, escape hatch? + mystery keylogger + ...)
Deeper...
