Ninjastic
Search content
Sort by
Showing 10 of 10 results by wastedbit
Post
Topic
Board Announcements (Altcoins)
Re: [ANN] CannabisCoin [CANN][X11][Official][2] Developments & Discussions
by
wastedbit
on 16/04/2015, 00:40:08 UTC
Hello.  (to devs) Is there a testimonial site\page\thread where people could post their medical background, a CANN address, and (most importantly) post photos confirming deliveries (PoCANN = Proof of Cann).

A donation site for those needing help.
Post
Topic
Board Press
Re: [2014-06-12] WSJ: Bitcoin's Place in Wealth Management
by
wastedbit
on 14/06/2014, 02:01:32 UTC
Sorry, but by "mobile", I meant the ability to send coins\money outside of bank hours.  Send coins and they can convert locally with changers.  Quotes attorney who says "Any strategy that relies on secrecy is a failure"...use reputable sites...
Post
Topic
Board Press
Re: [2014-06-12] WSJ: Bitcoin's Place in Wealth Management
by
wastedbit
on 13/06/2014, 21:38:12 UTC
Opinion piece......You should hold some mobile wealth because you  might need to send money overseas in middle of night (like to your kid, or business reason).  Piece of Mind = Cost of Volatity....

Author is financial adviser and says this happens with bigger clients.  Also discloses that he owns coins.
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 26/01/2014, 20:24:13 UTC
Quote from: wastedbit on January 26, 2014, 07:08:17 PM
Quote from: xyzzyx on January 25, 2014, 08:13:42 PM
Quote from: wastedbit on January 25, 2014, 08:02:28 PM
I'm wondering if a webpage can get a listing of your url history?

I don't know Javascript, but: http://www.w3schools.com/jsref/obj_history.asp

Quote
The history object contains the URLs visited by the user (within a browser window).

The history object is part of the window object and is accessed through the window.history property.

Note: There is no public standard that applies to the history object, but all major browsers support it.
I researched this last night for a few hours.  There are techniques to see if a browser has been to a site (like http:\\localhost); but, by design, a webpage (via javascript or DOM) does not allow review of full URL history.  Seems to use an internal browser function to check if a site has been visited - that's it - no general browsing of a client history.  You can throw the browser back to previous pages and then get the URL in DOM, but that would double buy an alias - which has never occurred.  Based on this, it appears URL history, by browser design, cannot be accessed from a webpage.  

I'll check if a webpage can read the clipboard.  That's about the only thing coming to mind.

BTW.  If anyone was clever enough to do this, they would make millions in advertising.  No need to waste time with NXT atm.
Javascript can definitely read the clipboard from a webpage.  If you copy-n-paste password, clear the clipboard after you log in NRS.

http://brooknovak.wordpress.com/2009/07/28/accessing-the-system-clipboard-with-javascript/

and

http://stackoverflow.com/questions/6413036/get-current-clipboard-content
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 26/01/2014, 19:08:17 UTC
Quote from: xyzzyx on January 25, 2014, 08:13:42 PM
Quote from: wastedbit on January 25, 2014, 08:02:28 PM
I'm wondering if a webpage can get a listing of your url history?

I don't know Javascript, but: http://www.w3schools.com/jsref/obj_history.asp

Quote
The history object contains the URLs visited by the user (within a browser window).

The history object is part of the window object and is accessed through the window.history property.

Note: There is no public standard that applies to the history object, but all major browsers support it.
I researched this last night for a few hours.  There are techniques to see if a browser has been to a site (like http:\\localhost); but, by design, a webpage (via javascript or DOM) does not allow review of full URL history.  Seems to use an internal browser function to check if a site has been visited - that's it - no general browsing of a client history.  You can throw the browser back to previous pages and then get the URL in DOM, but that would double buy an alias - which has never occurred.  Based on this, it appears URL history, by browser design, cannot be accessed from a webpage.  

I'll check if a webpage can read the clipboard.  That's about the only thing coming to mind.

BTW.  If anyone was clever enough to do this, they would make millions in advertising.  No need to waste time with NXT atm.
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 25/01/2014, 20:14:30 UTC
Quote from: opticalcarrier on January 25, 2014, 07:57:05 PM
I modified jean-lucs java vanity generator to make it search for short accounts.  Im sure its safe since fromhim
Thanks!   That is what I was using too.  I'd suggest sending your changes to Jean-Lucs and asking him to create a source fork for short names (you probably just changed a few lines of code).  Then, you can post his link for your completion.
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 25/01/2014, 20:02:28 UTC
Quote from: BitcoinForumator on January 25, 2014, 05:13:02 PM
Quote from: TwinWinNerD on January 25, 2014, 05:11:13 PM
Quote from: pinarello on January 25, 2014, 05:07:23 PM
Quote from: NxtChg.com on January 25, 2014, 05:03:28 PM
Quote from: S3MKi on January 25, 2014, 04:56:15 PM
Client 0.5.10 stood on the local machine.
My purse number 378082518108298527.
Coin purse went to 13664022353450653976.
Password length of 32 characters (5 words).
Use uppercase and lowercase letters.
Client rocked by reference to the first village,
https://bitcointalk.org/index.php?topic=345619.msg4690322 # msg4690322
Hash check.

This is getting more and more disturbing! What's happening?



Cracking 5 words is cracking 5 x 1 word

lol.... It isn't.

Other than that, i feel like this is appearing far too often for it to be random.
5xxk NXT stolen
108k NXT stolen
12,5k NXT stolen

All have the same pattern (thus being not related to EpicThomas)

Before we go into panic modes, wasn't the red line of them all that they used passwords that weren't really strong?
This account also purchased aliases, albeit 4 days prior.  I'm wondering if a webpage can get a listing of your url history?  When you register an alias, the secretphrase is in plain text in the URL.  Purging history after an alias purchase should always be done.  Also, don't buy alias on your main account.
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 25/01/2014, 19:49:46 UTC
Quote from: opticalcarrier on January 25, 2014, 05:40:26 PM
new 9 digit vanity account: 640915453
Code:
{"hallmark":"0eef079d88b20e41c1ac1f0ad7ece8ef94d34a27096d048ed96207ffd5b21f750a0049726f6c6c5568617465640000008a2d330193dfc7fe4c327db84be870b50ec9dc5d7182722f7711db721f7f0f9cc246383d0a94d485da999d1131ad49817ffe2605b07c7b670cfb98c4211e2fcf75e06af443"}
Which vanity engine are you using, the Java version?  Reason that I ask is that some are suspecting the vanity engine in thefts.

If the java client, have you also reviewed this code?  The code I looked at only has the following imports:

import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.MessageDigest;  <- SHA256 conversion routine
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Pattern;

Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 21/01/2014, 23:45:41 UTC
Quote from: TwinWinNerD on January 21, 2014, 11:01:09 PM
Quote from: wastedbit on January 21, 2014, 10:42:07 PM
Quote from: salsacz on January 21, 2014, 09:29:55 PM
Quote from: TwinWinNerD on January 21, 2014, 08:46:38 PM
Actually I am still not 100% sure how it happend. We came to the conclusion that it must be a Keylogger/trojan BUT then they would have had access to many online wallets and exchanges, and ONLY my NXT accounts were compromised. So overall strange, but it could have been avoided with using Linux or upping my Windows security.

You followed a link from this user, who deleted his posts:
https://bitcointalk.org/index.php?action=profile;u=120275

And you downloaded hacked program from this newbie:
https://bitcointalk.org/index.php?action=profile;u=170751;sa=showPosts
What is this about?  It is not clear from the links.

BTW.  I take it as policy to delete old postings that are no longer relevant.  Why not?

Well, i got hacked, and he states the 2 links that i used before i was hacked.
This really sucks.  Based on the length of the passwords that you posted, you were using the Java routine, correct?  That code is visible and readable.  {You can change the .jar extention to .zip; then you can extract the java source code.}  I've parsed it (then and now) and not seen anything in it that could do this.  I have used both programs on my PC for weeks and accessing my account - though I no longer would suggest anyone use the EXE without public source.  

On the 8423671173148912884 account, did you buy alias?  That is dangerous to do with you main account.  The secretphrase is visible in the History and I was able to find it in a windows file of urls on my PC even after purging history.

Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
wastedbit
on 21/01/2014, 22:42:07 UTC
Quote from: salsacz on January 21, 2014, 09:29:55 PM
Quote from: TwinWinNerD on January 21, 2014, 08:46:38 PM
Actually I am still not 100% sure how it happend. We came to the conclusion that it must be a Keylogger/trojan BUT then they would have had access to many online wallets and exchanges, and ONLY my NXT accounts were compromised. So overall strange, but it could have been avoided with using Linux or upping my Windows security.

You followed a link from this user, who deleted his posts:
https://bitcointalk.org/index.php?action=profile;u=120275

And you downloaded hacked program from this newbie:
https://bitcointalk.org/index.php?action=profile;u=170751;sa=showPosts
What is this about?  It is not clear from the links.

BTW.  I take it as policy to delete old postings that are no longer relevant.  Why not?