Author Archives: shinohai

Steem Hacked

Posted on by

Steem, the latest "Social media" website announced early Friday that the website has suffered "a cyber attack" of an undisclosed nature. (archived)The blog post stated that "In the attack, fewer than 260 accounts were compromised, and less than $85,000 worth of Steem Dollars and Steem may have been stolen." CEO Ned Scott said. The company wasted no time informing the internet police and FBI of the attack, and claim that the hack is now contained and that no user accounts or wallets are at risk and they really mean it this time. The blog post also stated that any users whose accounts were compromised will be completely reimbursed.

Steem the currency currently has a market cap of $ 336,938,441 USD and is #3 in ranking on coinmarketcap.com, just below Ethereum at the time of writing. Each Steem currently trades for around $4.00, and total supply of these cowpies is 83,922,001. 24 hour volume was slightly under 2 million USD. Peace in Our Time.

DAO Is Empty Again

Posted on by

The DAO, everyone's favorite flaming tire in a shitpit, is reportedly empty again after members of a so-called robin hood group emptied it in an emergency move after yet another attack was launched on the platform. Copious amounts of jenkem were passed around the r/ethereum subreddit to huff as users agreed the latest batch was some of the most potent to date, perhaps due to the added corn content.

Antminer Flaw Allows Machine Takeover

Posted on by

An Australian security researcher has discovered a flaw in Antminer Bitcoin miners that can be leveraged with CGMiner to obtain complete control of the victim's mining resources. Tim Noise stated that the majority of devices are configured from the factory with a web interface without a password set, which can then be silently adjusted to redirect the mining proceeds to the attackers wallet. Further lulz were had when it was noted that the OpenWRT software is running most operations, including CGMiner as root user. The flaw was tested on the ubiquitous Antminer S5, and Noise is currently testing the proof of concept on the S7 series of devices to see if it can be duplicated. He has posted his version of the exploit code, dubbed "Queen Ant" on shithub. BitMain did not comment on the announcement.

Activity On ChangeTip Today

Posted on by

The 7 remaining ChangeTip users1 cheered themselves on Twitter today as they moved a whopping 0.2 Bitcoin across their ailing network. Since the acquisition of their staff by AirnBNB, ChangeTip the product apparently no longer has sufficient staff to spam social media or further develop the service in any meaningful way. A request to the BitGive charity to comment on the donation was unanswered, and the request to twitter user @CharlesCNorton (WOT:nonperson) was blocked. (archived)

  1. estimated  

Meh Of The Week: Coinbase Can't Serve Canada

Posted on by

Coinbase has announced that it will no longer be servicing Canadian customers after August 1, 2016. Canadian fiat interface Vogogo abruptly decided to shut down it's service, leaving Coinbase no way to hawk it's imitation Bitcoin to users located there. Current users have been given a deadline of July 29th to convert their Canadian dollars to Bitcoin, or withdraw to a bank account. Users who fail to do so will be subject to account suspension, leaving remaining users in the scheme forced to pay exorbitant fees to recover their finds. Coinbase notably supported the failed XTCoin and ClassicCoin coup attempts which both failed like their Canadian fiat interface Vogogo. Sorry for your loss.

Water Charity Maximizes Their Marketing On Paypal's Venmo

Posted on by

A charity group has reportedly unwittingly used a vulnerability in Paypal's Venmo service to spam users, and perform a DoS attack on it's own network. waterislife.com reportedly used the loophole to automatically send 1 cent to a person every time they used the service to purchase products online, with one example message stating "“1 cent can’t buy you pizza. But for just 3 cents, you can buy someone clean water for a day.” There is no current restriction on the number of successive requests allowed by a single user, leaving one to expect other mass advertisers will quickly follow suit. Venmo has yet to offer word as to whether imitating the mass spam transaction service ChangeTip will be considered a bug or a feature. WaterIsLife did not disclose how much the campaign cost them to run, but reportedly received $400 USD in donations on the first day.

Avid Life Media Under FTC Investigation

Posted on by

Fallout from the Ashley Madison hack continues, with parent company Avid Life Media now the focus of a U.S. Federal Trade Commission investigation. CEO Rob "more could perhaps have been spent on security" Segal (WOT:nonperson) said the company is spending millions to improve zher security and did not reveal if the investigation was targeting zher use of fake profiles and fembots to lure desperate customers to the site. He offered only "That's a part of the ongoing process that we're going through … it's with the FTC right now." The company boasts they have "roughly $50 million" USD to be used for "fostering partnerships" with other dating sites.

CoinJoin Not A Privacy Tool After All

Posted on by

Joinmarket, the Bitcoin tumbler service apparently popular among darknet market aficionados today announced that their service isn't actually very anonymous after all. Project developer Chris Belcher (WOT:nonperson) stated that "there are some possible vulnerabilities which could be exploited to spy on every user." While this was identified approximately one year ago, nothing was done to remedy the issue until multiple users noticed deanonymizing attacks happening in real time. Belcher assures his users that "We have a pretty good idea how to fix this" and after discussing the matter with CoinJoin creator Gregory Maxwell (WOT:gmaxwell) they together suppose they have an algorithm that will make it more difficult for attackers to uncover information on utxo's. It was admitted  that "This algorithm is not intended as a complete solution to that issue" leaving darknet market users with another steaming pile of shitware.

Ether Huffers Continue Fall Into Depravity

Posted on by

Flaming tire fire in a shitpit Ethereum showed signs of fermentation related to the fork today, as prices1 dropped below the $10 mark. 24 hour trading stats on coinmarketcap.com showed a -13.62 % drop at the time of writing, with the DAO also plummeting -18.13 %. Even while Ethereum's Phil Daian (WOT:nonperson) watches his "innovative project" burn to the ground, Buterin (WOT:nonperson) seems to feel he can offer the Bitcoin community advice on how to fix their blocksize issues. His suggestion is to remove transaction signatures.2 The Bitcoin Foundation however has already made it quite clear that that isn't gonna happen. Sorry for your loss.

  1. To the extent jenkem can have a price. Turn out this whole time they thought they were huffing ether it was jenkem all along!  

  2. Transaction signatures are THE most important part of the whole cryptocurrency enterprise from both the crypto and currency perspectives.  

Symantec Snake Oil Goes Rancid

Posted on by

Researches with Googles Project Zero security team announced on Wednesday a major vulnerability affecting nearly all Symnatec snake-oil antivirus products. The kernel vulnerability requires no user action, which would allow attackers to corrupt system memory without requiring users to even open an email used to trigger the flaw.

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.

Symnatec indicated they were not aware of anyone actually exploiting the bug as of yet, and responded by making a new panacea that supposedly fixes the problem.