A fool and his not-really-money are soon parted
-
the plaintiff Michael Terpin claimed that because of "AT&T's willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy," he lost nearly $24 million worth of cryptocurrency.
Terpin, who was using AT&T as his service provider, said the digital tokens were stolen through a "digital identity theft" of his cellphone account. Terpin was the victim of two hacks within seven months.
After the first hack, Terpin alleged that an impostor was able to get his phone number from an "insider cooperating with the hacker" without an AT&T store employee requiring him to show valid identification or provide a required password. That phone number was later used to access Terpin's cryptocurrency accounts, according to the complaint.
"What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner," the complaint alleged.
-
@DCoder said in A fool and his not-really-money are soon parted:
John McAfee continues to insist he is smarter than all of us, with an "unhackable" crypto wallet called Bitfi:
Source: @officialmcaffee
He is proven wrong in 72 hours:
Source: @ryancdotorg
Source: @ProfWoodward
Source: @cybergibbonsThe company "solves" the problem:
Source: @Bitf6i
Let's ship tamper-evident seals separately from the device they're supposed to protect, what could possibly go wrong?
Previously on "I am John McAfee, the Supreme Intelligence":
How's that hacking it? By my reckoning, it would require root-level access to the PC that they used to access their wallet thingy. And they probably shouldn't be plugging their thingy into a PC that someone else has root-level access to.
It's a bit like saying you hacked it by putting a keylogger on their PC keyboard.
-
@anotherusername said in A fool and his not-really-money are soon parted:
How's that hacking it? By my reckoning, it would require root-level access to the PC that they used to access their wallet thingy. And they probably shouldn't be plugging their thingy into a PC that someone else has root-level access to.
Presumably the device contains a private key that is never transmitted outside of the device - instead the computer sends the data to be signed/encrypted and the device sends back the signature / encrypted version.
But it is hard to find what it really does (their website is just marketing drivel) as well as what the exploit is (only some twitter posts about it?).
-
@Adynathos the way I read the tweets, there was a passphrase and salt that was entered on the computer, transferred to the wallet thingy, and then later the same passphrase and salt were found unencrypted in the computer's memory, which if I'm not mistaken should require root-level access since user-level processes aren't allowed to read the contents of memory that doen't belong to them.
-
@anotherusername said in A fool and his not-really-money are soon parted:
and then later the same passphrase and salt were found unencrypted in the computer's memory, which if I'm not mistaken should require root-level access since user-level processes aren't allowed to read the contents of memory that doen't belong to them.
Unless you have an Intel CPU?
-
Tweet thread: seven figures worth of Bitcoin
TL;DR: guest editor blindly reviews a short story, fails to recognize it as his own, thrashes it on Twitter, gets shitloads of new followers. Quietly deletes own tweets after realising the mistake, uses his new follower count to wrangle a seven figure advance for his book (expanding on the same thrashed short story, doh). Pours the advance into Bitcoin during the peak. Ends up owing the IRS $175k taxes on the advance.
-
@DCoder
A beautifully executed strategy right up until the point where he was a dumbass who "invested" it into a Ponzi scheme.
-
@DCoder Well the first 2/3rds of his master plan were pretty smart.
Anyway his advance paid the tax burden, right? So he still came out ahead.
-
@blakeyrat said in A fool and his not-really-money are soon parted:
Anyway his advance paid the tax burden, right? So he still came out ahead.
No: "In the mean time I'd sunk the advance into bitcoin at the peak, and lost it all"
-
@boomzilla Oh. Yeah ok.
-
-
I think we've talked about Tether here before, the scam widens:
-
@blakeyrat oohwee, those Treasury boys must be just looking for a reason to not like this.
-
@DCoder said in A fool and his not-really-money are soon parted:
That phone number was later used to access Terpin's cryptocurrency accounts, according to the complaint.
"What kind of idiot uses his phone number as his password?"
-
@blakeyrat said in A fool and his not-really-money are soon parted:
vaulting the so-called "stablecoin" up the market cap charts.
Um, my dudes-- "vaulting" and "up" are not "stable".
-
@Lorne-Kates said in A fool and his not-really-money are soon parted:
Um, my dudes-- "vaulting" and "up" are not "stable".
It's market cap went up because the company behind Tether whose name I forgot pulled $400 million more of them out of its ass. And it does say "so-called", what do you want?
I'm staying away from this market until this Tether thing comes crashing down, which it has to sooner or later, but goddamned. I get the whole "the market can stay irrational longer than the short sellers can stay solvent" thing now. This is ridiculous.
-
@coderpatsy
The NY Times article from that 2nd picture got linked up on /. this morning, and some of the pullouts are pretty damn depressing...https://www.nytimes.com/2018/08/20/technology/cryptocurrency-investor-losses.html
Kim Hyon-jeong, a 45-year-old teacher and mother of one who lives on the outskirts of Seoul, said she put about 100 million won, or $90,000, into cryptocurrencies last fall. She drew on savings, an insurance policy and a $25,000 loan. Her investments are now down about 90 percent.
“I thought that cryptocurrencies would be the one and only breakthrough for ordinary hardworking people like us,” she said. “I thought my family and I could escape hardship and live more comfortably, but it turned out to be the other way around.”
Tony Yoo, 26, a financial analyst in Los Angeles, invested more than $100,000 of his savings last fall. At their lowest point, his holdings dropped almost 70 percent in value.
But Mr. Yoo is still a big believer in the idea that these tokens can provide a new way to transact online, without the big corporate middlemen we rely on today. Many of the groups that raised money last year are still working on the products they promised, with lots of serious engineers drawn to the projects.
“There’s just so much more behind this new wave of technology and innovation that I’m sure will take over our society in due time,” Mr. Yoo said.
With prices down so much, he said he was actually looking to put more money into the markets.
That thinking has been encouraged by the people who invested in Bitcoin in 2013, when it first topped $1,000.
Mr. Roberts, the British investor who has seen most of his $23,000 vanish, is holding on to his coins in case they turn around. But for now he has stopped trading and is looking for another job.
“I’m living off the little savings I have left still in my bank account,” Mr. Roberts said. “I’ve made a mistake, and now I’m going to have to unfortunately pay the cost for the next few years.”
-
@izzion said in A fool and his not-really-money are soon parted:
But Mr. Yoo is still a big believer in the idea that these tokens can provide a new way to transact online, without the big corporate middlemen we rely on today. Many of the groups that raised money last year are still working on the products they promised, with lots of serious engineers drawn to the projects.
It seems to me that they won't be useful until the big corporate middlemen get involved. Which could mean that some of these guys working on products become new corporate middlemen.
-
It's hard forks all the way down.
Bitcoin ABC and Bitcoin SV are incompatible software, and both groups behind the implementations are seeking to trigger new code changes in November. As such, if some bitcoin cash users run one software and others run the other, it'll cause a chain split and create a new competing cryptocurrency.
What's getting lost in the debate, though, is that several notable bitcoin cash developers actually think both sides are acting out and would instead prefer to compromise.
Besides BitcoinABC and nChain, there are still other bitcoin cash implementations, including Bitcoin Classic and Bitcoin Unlimited, two software implementations that actually predate bitcoin cash.
And these veteran developers are skeptical about the two proposals getting the most attention.
"Both ABC and nChain are trying to hard fork. Both of them are not giving any rationale why. Both of them are completely not responsive to any feedback or any compromise requests from the rest of the ecosystem," wrote Bitcoin Classic lead developer Thomas Zander.
Yet, others, such as long-time crypto enthusiast and Bitcoin Magazine reporter Aaron Van Wirdum, remain pessimistic that a compromise will be reached.
Van Wirdum recently tweeted:
"Turns out if you start a coin by hard fork without consensus, precedent is to hard fork without consensus."
-
-
As a ledger system, blockchain makes quicker and more secure digital transactions.
You mean a BitCoin transaction is faster than VISA now? Quick, somebody tell the Q guys.
-
@DCoder said in A fool and his not-really-money are soon parted:
John McAfee continues to insist he is smarter than all of us, with an "unhackable" crypto wallet called Bitfi:
-
Meanwhile in Germany: Cringle and Lendstar go bust
https://translate.google.com/translate?hl=de&sl=de&tl=en&u=https%3A%2F%2Fwww.gruenderszene.de%2Ffintech%2Fcringle-insolvenzanmeldung%3Fref%3Dtrending
-
@DCoder John McAfee's medication is wearing off again…
-
@DCoder said in A fool and his not-really-money are soon parted:
John McAfee's medication
These are not the drugs you're looking for.
-
@DCoder said in A fool and his not-really-money are soon parted:
John McAfee's medication is wearing off again…
It's adaptation. He keeps needing to up the dosage…
-
-
@Zerosquare said in A fool and his not-really-money are soon parted:
Creator of just-ok antivirus says what?
The field emerged, ex novo, with computing in general.
I'd say probably Ken Thompson was the first, simply because he seems to be the first one to publish anything in the space.
Edit: Fantastic one-box there, a gigantic box with "No preview available" was just what I wanted.
-
-
@Zerosquare said in A fool and his not-really-money are soon parted:
Am I a wannabe? I fucking invented cybersecurity. Get your fucking facts right
— John McAfee (@officialmcafee) September 1, 2018
Tweet thread about McAfee's good old days:
Unrolled for convenience:
OK, folks, I hear that John McAfee claims to have invented cyber security. (I don't know; he has blocked me.)
Gather 'round the fire, kids, for a short story, because I was around at the time.
Of course, John didn't invent cyber security. It existed long before there were computer viruses. The names of the inventors of the login prompt and the file access rights are probably lost in the mists of time.
It might be surprising to many, but John didn't invent the anti-virus program, either. The idea is immediately obvious to anyone who sees an infected program - write a program to repair (disinfect) it, and many did.
I did it in 1988 but I definitely wasn't the first. Alan Solomon did it in 1986, I think (@gcluley?). Joe Hirst did it even before that. (Man, his disassemblies of viruses were great!) Fred Cohen advocated the use of integrity checkers against viruses in 1984.
Ross Greenberg made an access control program (FluShot) in 1987.
I first heard of McAfee Associates and the anti-virus program SCAN in 1989.
So, what did McAfee invent? A couple of things.
First, he invented the bulk virus scanner. Before him, we would make a separate program for each virus, or for a handful of viruses, or one program trying to solve the virus issue completely (by monitoring access to infectable objects).
He made an effort to produce a single program that could only detect (removal was done by a separate program) every single virus known to him.
Second, he invented overhyping the issue, scaring people (he single-handedly started the Michelangelo virus scare; look it up), and convincing them to pay him for his program.
Now let me tell you a few things about his competence in security matters, which wasn't any better back then than it is now.
Originally, his scanner did a dumb scan for scan strings (sequences of bytes) that were taken from the known viruses. (Basically, a binary grep. But even grep was smart in comparison.) Problem is, even with only a few known viruses, this tends to be very slow.
So, he sped it up by reading only small parts from the beginning and the end of the file - because a virus can't be anywhere else in the file, right?
Well, of course it can be. Even one of the first viruses, Lehigh, hides itself in an area normally containing zeroes of the file it infects (http://COMMAND.COM ).
But just following the entry point and checking what's there (instead of doing a dumb scan of even just portions of the file) was too complicated for John to figure out, at least initially.
Then, there was the matter of preserving the integrity of his software. You see, there were no digital signatures at the time (RSA was still patented) and his software was distributed as "shareware".
This means that everybody was free to copy it around but if they liked it and used it, they were honor-bound to buy a license for it.
But what if a bad guy took a copy of the software and modified it to do something bad? Clearly, some form of ensuring its integrity was needed.
McAfee's "solution" was to include in the package another program, called VALIDATE, which took an arbitrary file (e.g., his virus scanner) and computed some kind of hash of it. The hash was then recorded in the documentation.
So, the recipients of the package could repeat the procedure and check that the generated hash matched the one listed in the docs.
Do you see a problem with this approach yet? Hold my beer, we're far from finished.
You see, the "hash" wasn't a cryptographic hash. (To be honest, MD4 wasn't invented yet.) It was a CRC-16. Any of you who know anything about cryptography are probably rolling on the floor laughing at this point.
You see, not only CRC hashes aren't cryptogaphically secure, but a 16-bit hash of any kind could be brute-forced on a single PC even in those distant times.
When this was pointed out to John, he, in a stroke of genius, decided to "solve" the issue by making the program output two different CRC-16 hashes. Surely that can't be broken! Checkmate, hackers.
Of course, anyone who knows the first thing about cryptography is laughing even louder at this point. You see, forging two CRC-16s simultaneously is no harder than forging a single CRC, the generator polynomial of which is a multiple of the generator polynomials of the two CRCs.
And since the two generator polynomials McAfee used weren't even relatively prime (i.e., they had a common factor), the level of "security" his CRCs provided wasn't even 32 bits - it was only 31 bits.
But all this didn't matter at all, because nobody in their right mind would bother forging CRCs when a much easier attack existed. Remember, the "correct" result of the CRCs was listed in the documentation.
So, the Bulgarian virus author known as "The Dark Avenger" took his program, modified it to spread virus instead, and then modified the documentation to list the CRCs of the modified program instead. Voila.
Anyway. Back then John McAfee was the same technically incompetent schmuck that he is now. It's not age or drugs that have damaged him - he has always been this way.
Nowadays McAfee Anti-Virus is one of the best anti-virus products around. But John McAfee deserves none of the credit. His anti-virus was crap. It sucked at detection, it sucked at identification, and it sucked at disinfection.
In the mid-90s John was kicked out of McAfee Associates (or he resigned, depending on who you ask), the company threw away his shitty product and bought Dr. Solomon's Anti-Virus Toolkit - one of the best anti-virus products in the world at the time.
End of story.
Bonus:
When I was young and stupid, I wanted to study in the USA. I wrote him a letter, asking him if I could get a job in his company part time, so that I could support myself during my studies. I still keep the letter he sent me in reply.
Basically, his answer was that he can't hire me because I'm obviously a KGB or GRU agent.
-
@DCoder said in A fool and his not-really-money are soon parted:
Nowadays McAfee Anti-Virus is one of the best anti-virus products around.
-
@pie_flavor He can be considered right if you have a broad definition of "best". We are after all talking about anti-virus products.
-
@JBert I'd take MBAM over McAfee any day of the week. I still can't fathom how there can be a product so goddamn insane that you need a separate tool to uninstall it properly.
-
@pie_flavor said in A fool and his not-really-money are soon parted:
I still can't fathom how there can be a product so goddamn insane that you need a separate tool to uninstall it properly.
You're talking about Visual Studio?
-
@TimeBandit Nah, Lotus Notes.
-
@TimeBandit said in A fool and his not-really-money are soon parted:
You're talking about Visual Studio?
By the time we upgrade compilers, it's time for a hardware refresh for me. No uninstall needed!
-
@blakeyrat said in A fool and his not-really-money are soon parted:
@TimeBandit Nah, Lotus Notes.
Once Lotus Notes ate your brain, you won't have the mental capacity to uninstall it anyway.
-
@topspin said in A fool and his not-really-money are soon parted:
@blakeyrat said in A fool and his not-really-money are soon parted:
@TimeBandit Nah, Lotus Notes.
Once Lotus Notes ate your brain, you won't have the mental capacity to uninstall it anyway.
Or the typing ability. You're probably stuck with something like Apple's one button mouse.
-
Speaking of near-useless software that can barely do it's own job right...
-
Since I'm here, let's do our usual "cryptocurrency scam {month year}" search.
And-- umm--
I can't even begin to unravel this one, but it looks like, roughly:
- A bunch of India actors, politicians and other rich assholes latched onto the defunct BitConnect
- Promised rich investors lots of money
- Scammed those investors in various ways including KIDNAPPING them for ransom
- One of the scammers claims he was shaken down by police for $1.8M, and filed a lawsuit
- The investigation into the lawsuit opened up a huge can of worms which in turn exposed the entire networks
- Lots of people arrested
- $3 BILLION dollars?
Good work, August 2018. You didn't disappoint.
-
@Lorne-Kates Wow.
The kidnappings really put it over the top for me.
-
@blakeyrat said in A fool and his not-really-money are soon parted:
@Lorne-Kates Wow.
The kidnappings really put it over the top for me.
BITCONNEEEEEEECT!
-
And an excellent reply:
"burning man style cryptocurrency cruise": Those certainly are all words.
-
@DCoder I can't wait to hear her after action report on that.
-
@DCoder said in A fool and his not-really-money are soon parted:
‘burning man style cryptocurrency cruise.’
Mmm, yes, boats-- well known for their ability to have massive, raging flames on their wooden decks.
...
oh wow what if that was on purpose? Someone finally found a way to lure all these idiots to one place and wipe them all out at once. Sail to international waters, light the boat on fire, and sink whatever remains of the corpses. This is actually the best use of a cryptoscam I could have ever imagined.
-
@Lorne-Kates said in A fool and his not-really-money are soon parted:
Sail to international waters
And completely legal.
Filed under: probably not
-
Turns out that blockchains are not very good for voting, either. Who knew?
-
@Zerosquare said in A fool and his not-really-money are soon parted:
Turns out that blockchains are not very good for voting, either. Who knew?
"In particular, if malware on a voter's device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration."
Well no fucking shit. There isn't any network technology that'll prevent that, and if you thought otherwise, you deserve what you get.
-
@pie_flavor said in A fool and his not-really-money are soon parted:
@Zerosquare said in A fool and his not-really-money are soon parted:
Turns out that blockchains are not very good for voting, either. Who knew?
"In particular, if malware on a voter's device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration."
Well no fucking shit. There isn't any network technology that'll prevent that, and if you thought otherwise, you deserve what you get.
You should totally moment that on the article.
-
@Tsaukpaetra said in A fool and his not-really-money are soon parted:
@pie_flavor said in A fool and his not-really-money are soon parted:
@Zerosquare said in A fool and his not-really-money are soon parted:
Turns out that blockchains are not very good for voting, either. Who knew?
"In particular, if malware on a voter's device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration."
Well no fucking shit. There isn't any network technology that'll prevent that, and if you thought otherwise, you deserve what you get.
You should totally moment that on the article.
Laugh as yep?