Show Posts - xyzzyx  
Please login or register.

Login with username, password and session length
Advanced search  


Latest Stable Nxt Client: Nxt 1.12.2

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - xyzzyx

Pages: [1] 2
The Equation Group are the hackers who infiltrate air-gap computers using hacked USB and disk drive firmware:

"CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn't the first time the operators—dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group's extensive library. (Kaspersky settled on the name Equation Group because of members' strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list. Because of a self-destruct mechanism built into the malware, the researchers suspect that this is just a tiny percentage of the total; the actual number of victims likely reaches into the tens of thousands."


See also:

Pub crawl / NYT: Bank Hackers Steal Millions via Malware
« on: February 15, 2015, 01:06:03 am »
"In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.

But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems."


ORA / NAS diaspora
« on: January 31, 2015, 03:38:19 pm »
Anyone here have a NAS account with at least one out-going transaction?  If so, could you post your NAS address here.  I want to do an experiment that requires a lookup of an address with a public key on the NAS blockchain but I don't have one on that blockchain myself (no outgoing transactions from my NAS account.)  Thanks.

Nxt General Discussion / If you have an account on LTCgear.com....
« on: January 17, 2015, 08:42:17 am »
If you have an account on LTCgear.com, make sure you haven't re-used your password elsewhere.  The user list has been leaked.  See:


Remember to use different passwords for all your accounts.  Use a password manager like Lastpass or KeePass. (http://en.wikipedia.org/wiki/List_of_password_managers)

Nxt Monetary System / A reminder....
« on: January 11, 2015, 10:11:35 pm »
"NXTs as coins... NXTs r not coins, at least the creator of Nxt didn't want them to be coins. They r tokens that grant privileges to support Nxt. Deflation is not much better than inflation, "real" coins should be created on top of Nxt and be issued in quantities that keep their value constant. BCNext understands that this is very arguable, the community should decide if it wants to follow the path showed by him or stick to Bitcoin legacy with unchangeable supply of coins in hope to become rich by doing nothing."


Pub crawl / Let’s Encrypt, a new free CA
« on: November 18, 2014, 09:05:34 pm »
(Quoting from the announcement on Freedom to Tinker:)

"Let's Encrypt [is] a new certificate authority we’re creating that will begin operation in Summer 2015. What makes Let’s Encrypt different is that it takes the pain out of switching to HTTPS. Web site operators simply install a small piece of software that takes care of the entire process. This software interacts with Let’s Encrypt to validate the server’s identity, obtain a certificate, securely configure the server to use HTTPS, and automatically renew the certificate when necessary. With Let’s Encrypt, one click or one command is all it will take for a site to deploy HTTPS.
It’s also going to be free. With the rest of the process automated, arranging payment would be the one remaining headache, as well as a barrier to adoption for smaller sites and individuals. Let’s Encrypt will do away with fees and provide domain-validated certificates to nearly any server with a domain name, at zero cost."



(Comment from xyzzyx: a distributed certificate "authority" would be a nice upgrade to the above idea.)

Nxt General Discussion / Physical digital currency manufacturer
« on: October 02, 2014, 10:02:32 am »

Coinographic has a silver physical NXT coin (5000NXT) in the "coming soon" section.


I don't know anything about this company.  Caveat emptor.

Meta Nxtforum / Cutting down on spam: reCAPTCHA for SMF
« on: August 29, 2014, 03:14:58 am »
Perhaps having users fill out a captcha when posting and replying would help in slowing down the spam and bots.


"The landscape is much different now. Many large-scale mines are shifting from warehouse set-ups to data centers better equipped to deliver the massive power and cooling resources necessary to compete in a steadily accelerating industry.

CoinDesk spoke with executives from some of the biggest hardware companies in the mining space. During those discussions a picture emerged of an industry undergoing a rapid level of investment, development, and most importantly, competition.

KnCMiner director of marketing and public relations Nanok Bie put it simply: “It’s an arms race. Absolutely.”"


And on another note (Mar 26 2014):
"This requires a lot of electricity. Carlson said more than three megawatts fuel MegaBigPower's global operations, including Poland. The two buildings in Washington are about 16,000 square feet total, with just about all available space used for mining and power equipment. Carlson said he's "bumping up" against the maximum amount of electricity he can get into his buildings."


Nxt General Discussion / Viewing messages on nexern's explorer
« on: August 25, 2014, 05:46:28 am »
Did you know you can view the contents of messages between accounts using nexern's block explorer?  For example:



Pub crawl / Gyrophone: phone gyro as clandestine listening device.
« on: August 21, 2014, 01:41:54 am »
"We show that the MEMS gyroscopes found in modern smart phones are sufficiently sensitive to measure acoustic signals in the vicinity of the phone.... Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can neverless eavesdrop on speech in the vicinity of the phone."


Alternate Cryptocurrencies / Inside a Chinese Bitcoin Mine -- Bitsmith
« on: August 12, 2014, 12:56:08 am »
"The mining operation resides on an old, repurposed factory floor, and contains 2500 machines hashing away at 230 Gh/s, each.... The place consumes a massive amount of electricity. The operators told me that the power bill of this specific operation is in excess of ¥400,000 per month (that’s about $60,000 USD)."

(Seen on Reddit.)

Pub crawl / Live world map of DDoS attacks.
« on: August 05, 2014, 10:21:48 pm »
"Norse Dark Intelligence

Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports)."


(Seen on Reddit)

Haven't tried it myself, but just noticed this site:


Say it out loud.  Corporate rebranding and name change coming in 1... 2...

"Using documents leaked by Edward Snowden, hackers have built bugs that can be attached to computers to steal information in a host of intrusive ways

RADIO hackers have reverse-engineered some of the wireless spying gadgets used by the US National Security Agency. Using documents leaked by Edward Snowden, researchers have built simple but effective tools that can be attached to parts of a computer to gather private information in a host of intrusive ways.

The NSA's Advanced Network Technology catalogue was part of the avalanche of classified documents leaked by Snowden, a former agency contractor. The catalogue lists and pictures devices that agents can use to spy on a target's computer or phone. The technologies include fake base stations for hijacking and monitoring cellphone calls and radio-equipped USB sticks that transmit a computer's contents.

But the catalogue also lists a number of mysterious computer-implantable devices called 'retro reflectors' that boast a number of different surreptitious skills, including listening in on ambient sounds and harvesting keystrokes and on-screen images."


Pub crawl / Keyboard layout question for non-US users
« on: July 17, 2014, 02:51:54 am »
The Qwerty keyboards I own are all in US and a Dansk layouts.  On the US layouts, the tilde character  ~  is convenient to type, as are the less than  <  and greater than  >  symbols.  On the Dansk layout, they are all also easy to access even though they are different keys and require more shift/alt combos than the US layout.

On your non-US keyboard, are these symbols readily available?  Would you rate their access on your non-US keyboard as easy to access or difficult to access?

Thanks for your feedback.

"Information shared by Bittrex , this is not a fork guys but a double-spend attack so to seem , the attacker had created a transaction within a private network and had moved the coins within 6 separately created blocks thus bypassing the 6 confirmations check at Bittrex end and they had allegedly dumped the coins for BTC and withdrawn the same and while the network reaching that block had orphaned it thereby the Bittrex wallet being short of the 937620 coins."

(seen on https://bitcointalk.org/index.php?topic=576337.msg7864006#msg7864006 )

Not that I think this is surprising to most reading here, although unexpcted to me that there's some leaked NSA source code out there from which these revelations originate.

Interesting that Linux Journal is considered an "extremest organization" though.  Good thing I let my print subscription run out in 2002.  ;)


Latest social engineering/email password hack has made it into the bitcointalk thread "List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses":


Pages: [1] 2