elective-stereophonic
elective-stereophonic
Show Posts - capodieci singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.11.15 | Latest Experimental Nxt Client: Nxt 1.12.0e

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - capodieci

Pages: 1 ... 64 65 [66] 67 68
1301
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: July 01, 2014, 07:52:20 am »
Yes, I really did call it on me, but just ethics stops me from running a account generator script, and a balance verification script, to see if I managed to generate successfully the password for an account that does already exists, and do what someone did to me ;) And yes, the windows machine I used was an office machine (the one of our meeting room) and I should have not used it. I did it as I could not manage to install a wallet on my Apple computer (due to the Java required to run the existing one, not compatible with the one provided by Apple) and I was curious to see all the other functionalities, including forging NXTs... and rather than creating a new wallet I used one I created just for experiments with a silly password... We still don't know if the password has been cracked as it was easy (80% possibility this is the reason) or someone spying in my machine keylogged it (20% possibility this is the reason). The only thing we know 100% sure is that it has been my incompetence that has lead to this loss, but I wonder how many others fall for the wrong choice of a password (private key) and end up loosing their NXT coins! This is for sure something that needs to be addressed if we want NXT to be used by the masses that are not security savvy. If you read my profile in my website http://www.capodieci.com (the "an IT artisan" section) you will notice that I am not a novice in IT and i feel quite ashamed for what did happen to me. I just guess what may happen to many others ;)

Good thing the NXT community is full of nice and loving people. It really makes the difference that technology can't make <3

1302
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 30, 2014, 04:00:26 pm »
Guys, I have tears at my eyes. WOW. So so kind of you!

It means to me much more than the actual exchange value of the NXT ;)

1303
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 30, 2014, 10:23:32 am »
Hi Sparta_Cus, my "safe" account is: NXT-J2AX-AJ74-WV4Y-B5ME9 (in old format: 10642678013309223197). Someone kindly just donated me NXT50 :)

ShadowBroker I still haven't had the heart to see what did happen to that stolen funds, but seems I got no notification of transfers in that account. Whoever did it, it is doing it systematically. I am pretty sure I am not the only one, it takes some guts to admit to have been stolen money for a stupid choice. Most may remain in silent shame. There may be many account with more or less funds in it that are waiting NXT to be worth much more. The thief is either very scared, or not in need of money, else it would have already cashed in those stolen NXT...

I am slowly getting over the trauma of the loss. Getting ready to offer trust one more time to NXT. I Believe it will, in a relatively short future, even overcome BitCoins. I will do my part in helping this to happen!

I apologise I did not replied earlier, I been traveling (I am now in Europe with my family for an holiday). I do appreciate all the brainstorming the community has been doing, I really feel the love (as much as I feel my "stupidity" to have overviewed the fact my password was really too weak).


1304
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 21, 2014, 06:34:09 am »
joefox, I sent it to you

1305
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 21, 2014, 06:23:49 am »
Well, if the passphrase is in a rainbow table I would be surprised. If it is so easy to crack it, someone should have already posted it here, right? I mean, we even know it is 30 chars long, that it is all lowercase letters and no numbers or symbols, that is a repeated pattern... All info the potential cracker didn't have. I guess it is not so easy after all to crack it even with all this info available... Or I am wrong?

1306
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 21, 2014, 06:11:50 am »
Sparta_cuss, I am not using that PC anymore, obviously. The other wallet I have is created with wallet.mynxt.info so it should be safer than a client... I am not familiar with "forkedchain's assessment" I will google it.

Eadequa I use lastpass, but when I created that wallet I did it just to experiment and on my phone with that client that wasn't working properly. I should have NOT used that account to store such a big amount of NXT. My fault.

1307
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 21, 2014, 05:25:59 am »
I just woke up, and not, it wasn't a nightmare... :( My conclusions are 50/50 faults of spyware and weak passphrase.

I woke up with the full intention to do things again, properly. I want faith in humanity (and NXT) restored...

Not something anyone has to do, but I have another wallet (10642678013309223197) where if you feel to, you can donate some to help me restore my balance, and my faith in NXT and humanity!

Furthermore I stand to the offer to the NXT community I did before this traumatic experience. Any donation will go toward that job. Read more here: https://nxtforum.org/nxt-promotion/supporting-nxt-promotion-with-a-kick-ass-video-animation/

1308
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 09:58:22 pm »
Thanks. I did set it on the address that is been used to store the stolen NXT Coins :)

1309
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 09:52:26 pm »
well, tennis is a dictionary word, mine had no dictionary words in it. But still, a repeated pattern.

1310
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 09:40:00 pm »
Yes, tomorrow will be devoted to a new birth of a new NCT wallet. On Linux. with super secure passphrase. My bad I did start testing it so I didn't care, and then I dragged on without changing wallet. I had a few times the thought that I should have made a new one and transfer all there, but I didn't act fast enough. Oh well, karma will do its work. Whoever stole my NXT can always anonymously return them or use them to pay hospital bill ;P

openssl rand -base64 128 will be it!

Anyways the other malware scanner has completed its scan, and found nothing (yes, whatever Avira found I deleted):









Malwarebytes Anti-Malware

Scan Date: 6/21/2014
Scan Time: 5:02:21 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.20.12
Rootkit Database: v2014.06.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263171
Time Elapsed: 24 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

1311
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 09:30:06 pm »
I guess I learned my lesson. A few months of savings gone like this makes me sad. and wiser for the future.

1312
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 09:19:16 pm »
sure via email I am ok to pass it to someone. Not to post it on the forum :) And it is 5.18 am here, and my alarm is set at 6.25... Maybe I just skip sleeping. Would I be able to sleep anyways? And wow, you got a lot of NXT stolen. Do you still trust all this?

1313
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 09:04:02 pm »
That's correct Berzerk, all only lowercase letters, no vocabulary words, and it is a short string repeated many times

1314
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:59:54 pm »
it is more like dgfhjgkljhdgfhjgkljhdgfhjgkljh

1315
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:57:22 pm »
My main computer is OSX (Apple) and that Windows machine si the one for the meeting room of the office... No forum access there or any other thing.

The antivirus has completed the scan. The infected files are files I downloaded and not used. Only one infected app I did launch by mistake today, while I was on with the NXT client. If that app start logging when executed and sends out keylogs and screenshots, then whoever did watch me may have had the time to learn NXT before stealing. Eh, another way to get NXT known around.

Here is the report from Avira:

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Saturday, June 21, 2014  03:18

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'mbam-setup-2.0.2.1012.tmp' - '35' Module(s) have been scanned
Scan process 'mbam-setup-2.0.2.1012.exe' - '22' Module(s) have been scanned
Scan process 'mbam-setup-2.0.2.1012.tmp' - '33' Module(s) have been scanned
Scan process 'mbam-setup-2.0.2.1012.exe' - '22' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '30' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '122' Module(s) have been scanned
Scan process 'avcenter.exe' - '122' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '102' Module(s) have been scanned
Scan process 'avgnt.exe' - '96' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '42' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '167' Module(s) have been scanned
Scan process 'Avira.OE.ServiceHost.exe' - '129' Module(s) have been scanned
Scan process 'taskhost.exe' - '55' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '76' Module(s) have been scanned
Scan process 'vncserverui.exe' - '52' Module(s) have been scanned
Scan process 'Caffeinated.exe' - '36' Module(s) have been scanned
Scan process 'StikyNot.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '32' Module(s) have been scanned
Scan process 'CheckNDISPort_df.exe' - '45' Module(s) have been scanned
Scan process 'Explorer.EXE' - '173' Module(s) have been scanned
Scan process 'Dwm.exe' - '29' Module(s) have been scanned
Scan process 'taskhost.exe' - '69' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'python.exe' - '61' Module(s) have been scanned
Scan process 'python.exe' - '61' Module(s) have been scanned
Scan process 'python.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'python.exe' - '64' Module(s) have been scanned
Scan process 'PythonService.exe' - '47' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'python.exe' - '57' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'python.exe' - '62' Module(s) have been scanned
Scan process 'PythonService.exe' - '34' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '25' Module(s) have been scanned
Scan process 'memcached.exe' - '18' Module(s) have been scanned
Scan process 'conhost.exe' - '15' Module(s) have been scanned
Scan process 'vncserver.exe' - '47' Module(s) have been scanned
Scan process 'PythonService.exe' - '34' Module(s) have been scanned
Scan process 'vncservice.exe' - '31' Module(s) have been scanned
Scan process 'HPSIsvc.exe' - '49' Module(s) have been scanned
Scan process 'DpHost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'spoolsv.exe' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '75' Module(s) have been scanned
Scan process 'iZHost.exe' - '40' Module(s) have been scanned
Scan process 'atieclxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '70' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1408' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\ZKTeco\AccessControl\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
   
  • Archive type: RSRC

    --> C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
        [1] Archive type: RSRC
      --> C:\Users\user\Desktop\others\LJP1100_P1560_P1600_Full_Solution.exe
          [2] Archive type: 7-Zip SFX (self extracting)
        --> C:\Users\user\Desktop\others\usb\Att2007_English.zip
            [3] Archive type: ZIP
          --> Att2007/ATTSMS.exe
              [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\user\Desktop\others\usb\Att2007_English.zip
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\Att\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Att.exe
  [DETECTION] Is the TR/PWS.2184704 Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\ATTSMS.exe
  [DETECTION] Is the TR/Orsam.A.852 Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Biokey.ocx
  [DETECTION] Is the TR/Orsam.A.171 Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Update.exe
  [DETECTION] Is the TR/PWS.541696.4 Trojan
        --> C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\20130723_255.rar
            [3] Archive type: RAR
          --> Access Control2.0_1043\Files\ATTSMS.exe
              [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\20130723_255.rar
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\Access Control2.0_1043\Files\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
        --> C:\Users\user\Downloads\att2007.zip
            [3] Archive type: ZIP
          --> att2007/files/Biokey.ocx
              [DETECTION] Is the TR/Orsam.A.171 Trojan
              [WARNING]   Infected files in archives cannot be repaired
          --> att2007/files/Update.exe
              [DETECTION] Is the TR/PWS.541696.4 Trojan
              [WARNING]   Infected files in archives cannot be repaired
          --> att2007/files/Att.exe
              [DETECTION] Is the TR/PWS.2184704 Trojan
              [WARNING]   Infected files in archives cannot be repaired
          --> att2007/files/ATTSMS.exe
              [DETECTION] Is the TR/Orsam.A.852 Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\user\Downloads\att2007.zip
  [DETECTION] Is the TR/Orsam.A.852 Trojan

Beginning disinfection:
C:\Users\user\Downloads\att2007.zip
  [DETECTION] Is the TR/Orsam.A.852 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\Access Control2.0_1043\Files\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\20130723_255.rar
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Update.exe
  [DETECTION] Is the TR/PWS.541696.4 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Biokey.ocx
  [DETECTION] Is the TR/Orsam.A.171 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\ATTSMS.exe
  [DETECTION] Is the TR/Orsam.A.852 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Att.exe
  [DETECTION] Is the TR/PWS.2184704 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\Att\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\Att2007_English.zip
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Program Files\ZKTeco\AccessControl\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.


End of the scan: Saturday, June 21, 2014  04:49
Used time:  1:22:24 Hour(s)

The scan has been done completely.

  20839 Scanned directories
 368644 Files were scanned
     16 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
     10 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 368628 Files not concerned
   2233 Archives were scanned
      6 Warnings
     10 Notes
 476295 Objects were scanned with rootkit scan
      0 Hidden objects were found

1316
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:44:10 pm »
This is where my NXT are now:

http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=18415586754565610063

Is there an anonymizer on NXT as there is in BitCoin? I will follow any single transaction out of that wallet and google them all ehehhe

1317
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:42:00 pm »
Berzerk, half password is the same as the full password, so yes, while it is not a 200chars random characters string, it still takes quite a lot of loops to brute force all the existing wallets with all possible text passwords for variable lengths (including 30 chars)...

Or at least, this is my feeling... but I am for sure not educated enough to state it as a fact.

I been victim of malware IMO.

More than all, if whoever stole my NXT used a non safe passphrase I wouldn't mind to get back my NXT as there is no outgoing transaction yet...

1318
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:35:29 pm »
My consideration, as it contains no vocabulary words, is that a brute force is quite a low possibility on how the NXT Coins got stolen. My 1st assumption is that my Windows machine is indeed full of spyware and malware and trojans and even the human flu virus. In fact Avira has already 16 detections. I will see the log as soon as it is over on what files and what treats those detection are.

I feel that the Android client I used has no involvement whatsoever, so the nodes I used with that app. I understood - if what I did read was true - that the passphrase would not have been sent to the server but just used locally to sign transactions.

Is there any way to bruteforce the creation of a passphrase that generate the wallet where my NXT have been sent to (18415586754565610063)?

1319
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:28:00 pm »
ChuckOne the passphrase is unique, but still - unless it could give me back my stolen NXT - I don't feel wise to share it. Not wise, true.

1320
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:26:31 pm »
PF That would be awesome to do, but I have no means, as the Internet connection here is too slow for such big chunk of data...

Pages: 1 ... 64 65 [66] 67 68
elective-stereophonic
elective-stereophonic
assembly
assembly