Bitcoin Bank Review 2020, Scam Exposed! Scam Crypto Robots

Unify Cryptocurrency

This is the place to go for anything UnifyCoin related! Things like news, updates, bounties, important links, testimonials, tips & tricks, guides and let's not forget... Unify memes!
[link]

Hackers have claimed to have stolen the login details of almost 7 million Dropbox users and are promising to release more password details if they're not paid a Bitcoin ransom.

submitted by spsheridan to DailyTechNewsShow [link] [comments]

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

Referral Links

Note: the URLs below are intentionally not links, because reddit blocks posts with some links; copy & paste the URL into a new browser window. Let me know if one of the offers is expired; I can probably get a new one.
American Express Blue Business Plus, or any other Amex card: refer.amex.us/STEPHGAnTp
That's a universal Amex link; click "View all Cards with a Referral Offer" or "Explore other options" to see all the cards; or see direct links below.
Chase Freedom Unlimited or Chase Freedom Flex: referyourchasecard.com/18f/9J0WMSJMOF
Discover It: refer.discover.com/s/aajw3s
Discover It Miles: refer.discover.com/s/discoverp
One Finance (savings accounts, get $20 when deposit $100, $5 when install app, $5 when use debit card first time): share.onefinance.com/invite/StephenG/c826f427
SoFi Money: sofi.com/invite/money?gcp=4c18ffe3-fa7c-4d78-8683-d6376e8fa364
SoFi student loan refi, or personal loan: sofi.com/share/3156511
Yotta Savings: withyotta.page.link/akhdD5RZ2QYsnyBx5 code: STEPHEN8
Fluz: joinfluz.app.link/FLUZ77
Chase Checking account: accounts.chase.com/raf/share/355088785
Plastiq: try.plastiq.com/1048197
DCU (Digital Federal Credit Union): send me a message with your email address
E*TRADE brokerage: refer.etrade.net/etrade7
Webull brokerage app: act.webull.com/promotion/invitation/share.html?inviteCode=GtykbApaHMKm
Robinhood: share.robinhood.com/stepheg643
Firstrade brokerage (get a free stock): share.firstrade.com/StephenVKOZ
Juno Bank: bankonjuno.com/referral/STEPsLeD
Schwab Brokerage: schwab.com/public/schwab/nn/promo/refer-prospect.html?refrid=REFER3S78B or code: REFER3S78B
TurboTax Online 20% off: fbuy.io/qv59t76z
tastyworks brokerage: start.tastyworks.com/#/login?referralCode=ZHB8MT9VT4
Instacart: inst.ct/Y3BSZzgzb3FQ or code: IUSER54F18E
Uber: uber.com/invite/pezyj or code: pezyj
Uber Eats promo code ($7 off first order): eats-pezyj
Lyft: sg1234567
Square Cash (Cash App): cash.me/app/XXTBXJR (get $15 when you send $5 to someone)
Away (luggage): refer.awaytravel.com/v/away_11

Brinks prepaid mastercard & 5% savings account: brinksprepaidmastercard.com/get-a-prepaid-card/?aid=B_RAF_1&site_id=RAF_OAC_URL&uref=9079942135
ACE Elite prepaid card & 5% savings account: aceelitecard.com/get-a-prepaid-card/?aid=ACE_RAF_1&site_id=RAF_OAC_URL&uref=8304960094
Netspend prepaid card & 5% savings account: mynetspendcard.com?uref=1394182596

Personal Capital: share.personalcapital.com/x/XD87nM
TradingView: tradingview.go2cloud.org/aff_c?offer_id=2&aff_id=13733

Pei app: getpei.com/invite enter code: imkbip
Dosh app: link.dosh.cash/STEPHEG1 or code: STEPHEG1
Drop app: b.ewd.io/code?c=0us2i or code: 0us2i
Ibotta app: ibotta.com/az36ka or code: az36ka
Checkout 51 app: checkout51.app.link/OhdB48ik8Q
Fetch Rewards app: fetchrewards.com code: J5BCY (enter in app)
Shopkick app: getsk.co/cool014385 or code: COOL014385
ReceiptPal app: app.adjust.com/oqlq9t9?label=8RT7PR2
Grubhub: fbuy.me/kT5Mu
DoorDash: drd.sh/CFo8LW/
Freshly: send me a message and I'll give you a link
OhmConnect: ohm.co/ohmg1

BeFrugal: befrugal.com/referral/?ref=GASGOAF
Affinityy: affinityy.com/?ref=MTY2ODM=
TopCashBack: topcashback.com/ref/sgt7
Extrabux: extrabux.com/5cb27229d7
MrRebates: mrrebates.com?refid=484053
Rakuten / Ebates rakuten.com/717813?eeid=28187
Giving Assistant: givingassistant.org/?rid=QjGx2mHU9l
iConsumer: iconsumer.com/tkJgfiO or code: tkJgfiO
Swagbucks: swagbucks.com/refesg77
SimplyBestCoupons: simplybestcoupons.com/?refid=60199
rebatesme: rebatesme.com/refer?uid=134250
Fuel Rewards (Shell): fuelrewards.com/fuelrewards/welcome.html?RefId=e7908f3dce4d47f39bbd46ff4e38acb6
GoCashBack: www.gocashback.com/1860530 or code JBYYVF
Fold: use.foldapp.com/Cv9HMujj (buy gift cards and get bitcoin back)
Lolli: lolli.com/ref/PjzxLWQJNg (portal that pays bitcoin)
Goodshop (cashback portal): www.goodshop.com/invite/4505068 (gives you a bonus based on cashback that people you refer earn)
Groupon: groupon.com/visitor_referral/h/4d0155fb-db60-413e-87ac-4fc26ef7fe05
Zola (create a registry and buy $50 from it, get $50 credit): www.zola.com/invite/zola20200414031329708
AwardWallet: awardwallet.com/?refCode=3cdbq14qs7

Supercuts (we each get $5 off): supercutsrewards.com/short.php?code=1H1F
DraftKings: draftkings.com/sgdrk
Ace Rewards (Ace Hardware): acehardwareapp.page.link/Fc9u
Dropbox: db.tt/OQV2OLnKdR
Boxed: boxed.com/invite/6IG3R
simplehuman.com ($10 off $20): rwrd.io/hi6ci9l?c
Purple mattress: share.purple.com/x/pGCY9k
PlushBeds: refer.plushbeds.com/Stephen6

eToro exchange: etoro.tw/310eyDs
Gemini exchange: gemini.com/share/o24jdk
Coinbase: send me a message
Coinbase Earn (free EOS): coinbase.com/earn/eos/invite/pm1695kv
Coinbase Earn (free XLM): coinbase.com/earn/xlm/invite/vr821z4m
Voyager: go.onelink.me/4gTreferral?af_sub5=STESS7 or code: STESS7 (crypto broker; trade $100 and both people get $25 in BTC)
LVL exchange ($10 free bitcoin): lvl.co/qswwx6qb or invite code qswwx6qb
bitFlyer exchange (no bonus for you, gives me a small bonus): bitflyer.com/en-us?affi=n5sshohk
Binance.US exchange (for US residents): binance.us/?ref=35012844 or Referral ID: 35012844
ShapeShift: signup.shapeshift.com/?mwr=8589-e0bb8d9b
Bittrex exchange (no bonus for you, gives me 10% of your commissions): bittrex.com/Account/Register?referralCode=FYS-2DK-G23 or code FYS-2DK-G23
Paxful (trade bitcoin for discounted gift cards, etc): paxful.com/?r=VX5Ywx44LkA
Purse.io: purse.io/?_r=5MyAl0 (discounts at amazon if pay with bitcoin; referral bonus $5 if spend $100)
p2pb2b exchange: p2pb2b.io/referral/1a955c5a-7f08-43f5-8367-bfa524c4bd88
freebitcoin (faucet / dice game): freebitco.in/?r=9293862
TREZOR hardware wallets: shop.trezor.io/?offer_id=10&aff_id=1230
Ledger hardware wallets: ledger.com?r=4ef2e7aeee27

Or if you just want to send me a donation:
BTC: 3G4JZx3KgT7djgGk6KUbUn7cZ31BbtYf2r
LTC: LR6hgNSy2ZkS7PHtAm1xcJmPy6YyQJha7d
ETH: 0x6fb827db4969d762b62345168ef559CF8194680B
XMR: 48WwtRnERgMA3pHjDVp1PpZn1eDs4tYL2adghbBJ8zdp3MjoyMZtTXQ2dKAq465jVgJdQvDp5eShkbnCmfj8vJB1MqJmPRZ

Card-specific American Express links (also see universal Amex link above, if one of these doesn't work):
Personal Amex cards:
Amex Blue Cash Preferred
Amex Blue Cash Everyday
Amex Cash Magnet
Amex Everyday
Amex Everyday Preferred
Amex Gold
Amex Platinum
Amex Delta Gold SkyMiles
Amex Marriott Bonvoy Brilliant
Amex Green
Amex Delta Platinum SkyMiles
Amex Hilton Surpass
Amex Hilton Honors Aspire
Amex Hilton Honors
Amex Delta Blue SkyMiles
Amex Delta Reserve
Business Amex cards:
Amex Business Gold Rewards
Amex Business Platinum
Amex Blue Business Plus (BBP)
Amex Blue Business Cash
Amex Business Green Rewards
Amex Delta Platinum Business
Amex Delta Gold Business
Amex Delta Reserve Business
Amex Hilton Honors Business
Amex Plum
Amex Lowe's Business Rewards
Amex Amazon Business Prime (I no longer have this card open, but the link still shows a bonus for you)
submitted by sg77 to u/sg77 [link] [comments]

We actually need 32.000 votes to get to the first page, we had a great run yesterday, let's keep it up!

We actually need 32.000 votes to get to the first page, we had a great run yesterday, let's keep it up! submitted by soepkip87 to Bitcoin [link] [comments]

Have a question? Read this FAQ first.

Note: I AM NOT A MOD. If you have a question for a mod, please send it to /beermoney. I merely wrote the FAQ.
 
 

THIS FAQ HAS BEEN MOVED. PLEASE VISIT THE WIKI FOR THE CURRENT VERSION.

 
 
 
 
 
 
 
   
 
 
 
 
 
 
 

Welcome to part 1 of the FAQ.

This section covers questions about beermoney in general. This includes questions about exchanging gift cards, what equipment to use, issues with a site not working or offers not crediting, info on posting a giveaway or tasks, taxes, using VPNS/VPS/etc, and other general questions.
 
Part two covers common terms and which sites to use. This includes questions about which sites are available, how to make money quickly, the "best" sites, work under age 18, information about Engageme.tv, and other related questions.
 
 

Notice:

If you use any autosurfing websites, do not cash out to PayPal. There is a chance your PayPal account could be permanently limited. The post specifically mentions fastcashmining.com and cashminingbot.com but others may have the same problem. You should be fine to cash out using other methods.
 
 

WHY WAS MY POST REMOVED?

Due to an increase in spam posts, new posts must be manually approved by a mod before showing up. Most posts will be approved within 12-24 hours. Please be patient during this time.
If your post has not been approved in 24 hours, you likely broke a rule or you simply weren't posting about a /beermoney topic. Having the opportunity to make money does not necessarily make your post /beermoney. Sign up bonuses, crytocurrency wallets, investments, affiliate marketing, actual jobs, and other such things are not /beermoney.
 

HOW DO I GET MY REFERRAL CODE ON THE COMMON BEERMONEY SITES LIST?

You need to be an active member of this community. Users who consistently submit top/quality content to this subreddit will receive the opportunity to put their referral link on the list. Have you seen someone being particularly helpful? Message Threw_it_to_ground to put in your nomination.
Here is more info.
 

WHY DID MY NEEVO / DEFINED CROWD TASK COUNTER GO DOWN?

This typically happens when you've missed a lot of attention checks or were kicked off the job. Don't worry, you should still get paid as long as you weren't giving bad answers. It may take a bit longer for them to validate your answers, and you may get paid a bit less due to the incorrect answers. Make sure to shoot them an email though.
 

WHY CAN'T I DO ANY TASKS FOR NEEVO / DEFINED CROWD?

  • Are you being invited to jobs? — Neevo invites their best workers to new jobs first. You may get an opportunity later.
  • Is your task counter correct? — Your number of tasks will drop if you are banned from the job for failing too many attention checks.
  • Is the job still active? — It's possible that they simply ran out of tasks. Jobs are not closed until the project is completed and verified. Check back later to see if more tasks have been added.
 

WHY HASN'T MY NEEVO / DEFINED CROWD PAYMENT HASN'T ARRIVED YET?

Give them some time. They pay out after the job has been completed and validated. It can take a few weeks to get paid. If the job has been closed for a few weeks and you still haven't received payment, send them an email: [email protected]
 

I HAVE A QUESTION ABOUT QUICKTHOUGHTS / IPOLL

Is It Legit? Quickthoughts does pay some people. However, they are extremely ban happy. You WILL be banned eventually.
Making A Second Account You are not permitted to make a second account under any circumstances. It does not matter if you were wrongfully banned.
Rewards iPhone only gets iTunes and Android only gets Amazon. If you are unhappy about your selection, consider selling or trading your gift card in one of the places mentioned later on in this post. It is possible to log into your account from another device, but this increases your chances of being banned.
Payments Surveys pay between $0.50 and $2 per survey. Different people make different rates depending on their demographics.
Limits You are only permitted to complete 5 surveys per day.
Taxes As with every other site, you have to file taxes.
No Network Connection / Problem With Your Account You were likely banned. Sometimes there is a legitimate network connection problem, but that's their typical ban message.
Why Was I Banned? It happens all the time, even to legit users. Try messaging support and see if they will unban you. Their automated banning system is a bit touchy, and support doesn't seem to care.
Support Not Replying It can take a while for them to get back to you. You need to be patient. If you haven't heard back in a few weeks, try sending another email.
Note: Quickthoughts and IPoll are run by the same company.
 

WHERE CAN I EXCHANGE GIFT CARDS FOR PAYPAL/BITCOIN/ETC?

If you are looking for a way to sell Amazon Balance, check out this post.
If you want to exchange cash methods, check out /Cash4Cash.
 

HOW CAN I EXCHANGE GOOGLE PLAY CREDITS FOR PAYPAL/BITCOIN/ETC?

There's no easy way to do it. Your options include:
  1. Find someone willing to trade an app for money (you buy the app for them, they give you money).
  2. Make an app and set up a payment system. Then spend your credits through the app you made.
  3. Complete an offer on a site like Swagbucks where you are awarded for spending credits.
 

MTURK DENIED MY APPLICATION. WHY?

Mturk is only available for users age 18 or older. They primarily invite US citizens and permanent residents, but some international workers are accepted as well. Their selection process is seemingly random. If you weren't accepted, you may unexpectedly be approved in the following weeks/months.
 

WHY AM I NOT GETTING ANY SURVEYS?

  • Did you just join yesterday? — New users often see more surveys available on their first day due to the site already having a batch of surveys available. You need to wait for more to get added.
  • Is it during a holiday or a summewinter break? — Many sites such as mTurk and Prolific offer academic studies. This means that there will be more surveys during the school year, and far fewer during summer and holiday breaks. Also, there are more people looking for work during the breaks.
  • Are you checking the site constantly? — Surveys go quickly on the better paying sites. You may only get a few seconds to a couple minutes to accept the task.
  • Are you outside the USA? — There tends to be fewer surveys for non-USA workers.
  • Were you speeding or lying on previous surveys? — You may have been banned.
If you still aren't seeing any surveys after a few weeks, you may just not be in a desirable demographic. It doesn't hurt to contact support to ensure there isn't anything wrong with your account, but chances are there just hasn't been a survey needing you yet.
 

THESE @#%& SURVEYS KEEP DISQUALIFYING ME!!

Yes, that will happen.
 

BUT I SPENT 30 MINUTES ON IT!

Yup. It happens. Survey portals are notorious for disqualifying people. Sites that specialize in doing just surveys tend to be better. Basically, if you're on a site that has an offer wall and surveys, expect disqualifications to happen.
 
There are a few ways to prevent it, but nothing is guaranteed.
  1. Take a couple screenshots as you progress through the survey, especially towards the end. Sometimes support will credit you if you bring it to their attention.
  2. Don't rush, and don't walk away in the middle of a survey. If you're getting disqualified a lot, try counting to 5 after each question.
  3. Always be consistent in your answers. There are a lot of questions designed to figure out if you're telling the truth or not. If your answers keep changing, you'll be disqualified.
  4. Watch out for attention check questions. Sometimes questions will ask you to select a certain response, answer questions about text you've just read, or ask you silly questions such as "Are you an alien?".
 

OFFERS AREN'T CREDITING ME!

Make sure you don't have an adblock or any other extensions that could be interfering with it. Allowing the site isn't enough, you need to disable them. I recommend using a separate browser or profile for doing offers. It's also incredibly important to clear your cache between offers. Vanilla cookie manager is a good extension for this. Even if you do clear the cache, some offers just don't like to credit. /Swagbucks is a great place to see what offers are currently crediting easily. Since many sites use the same offer walls, you can probably find the same offers on another site.
If you met the requirements for an offer and it didn't credit, the only way to get credited is to contact the support for the offer wall and show them proof that the requirements were met.
 

I'M HAVING A PROBLEM WITH A SITE

Is your cash out taking forever? or Is the site just not working right? - Look on a relevant subreddit, facebook or twitter. If there is a problem, people will be posting about it. If there's no mention of the problem, try asking on those subreddits, facebook or on twitter. If you don't know where to look, just go to google and type in the website name and what site you're looking for. For example "Swagbucks reddit" will bring you right to /Swagbucks. This works for facebook, twitter, whatever you need. If all else fails, contact support.
 
Is the site not loading? Try clearing your cookies. If that doesn't work, try another browser or another device. If it still isn't working, follow the advice above about "Is the site just not working right?". If you can't find anything about it, try waiting an hour or two, or even wait until the next day. There could be some issue on the website. If all else fails, contact support.
 
Can't login? Follow the instructions above about the site not loading. There's also a chance you've been banned. Some companies won't alert you to bans and will just suddenly remove your ability to login. Follow the advice below for "Have you been banned for no reason?"
 
Have you been banned for no reason? Contact support. There is absolutely nothing we can do for you here. A few site owners browse this place, but the bulk of us are just general users. Just be polite and friendly. If you didn't do anything wrong, you'll likely get your account unbanned. Sometimes a site's fraud detection is triggered on accident.
If you were banned by Quickthoughts, you likely will not be unbanned, but it still doesn't hurt to send them a message.
 
Did you cash out to the wrong PayPal account? First, add that email address to your PayPal account. You can have multiple emails attached. Next, contact support and ask for guidance. If they already sent the payment, it may get stuck in limbo. If they didn't already send it, they may be able to send it to the correct email. It's best to contact support as soon as you can, so that they can advise you on the proper steps for you to get paid.
 
Having another problem? You're best off just contacting support. Most of the people here are general users. If you need individualized help, contact support.
 

I CONTACTED SUPPORT AND GOT AN AUTOMATED REPLY. WHAT NOW?

If you get a reply and it doesn't answer your question, then send a polite reply. Make sure to restate what you said in the previous email. Don't just copy and paste; they may have misunderstood what you needed the first time. Keep it short and to the point.
Under no circumstances should you yell, swear, or be rude to the staff. Remember, you are asking for their help. Being rude will only get you longer wait times, more copy and pasted responses, and potentially banned. Support is more likely to help those who are polite, so say hello and thank you with each email.
 

HOW DO I TRACK MY EARNINGS?

Most people use a spreadsheet. Here are a few options: One | Two | Three
If you're interested in making your own spreadsheet, here are a few ideas: One | Two
 

WHAT EQUIPMENT SHOULD I USE?

Routers/access points Many people recommend /Ubiquiti I used a cheap TP-link which worked well for up to around 15 devices.
Phones/Tablets At the bare minimum, you want a dual core with Android 4.4.2. I highly recommend getting at least Android 5.0, as many apps will not work with lower spec devices. A few places to check out would be Walmart, Best Buy, Tracfone, Straight Talk, and Amazon. Sales are fairly random, so keep your eye out. You can also get devices on eBay and C7Recycle but do take note that these are often used/refurbished devices and they may not last as long. Sometimes it's cheaper in the long run to just buy new devices.
Laptops Look on ebay or craigslist. Buying used will usually get you a better price than buying new. You want at least a dual core with 4GB of RAM, but a quad core with 8GB of RAM will do you much better.
Powered USB Hubs Many people like these. Never cheap out on your USB hubs - get a quality brand hub or stick with the OEM chargers.
Various Extensions Check out this post. - Although, I disagree about the auto refresher and adblock. Both of those can get you banned by many beermoney sites. FRQc is also great. Just set it to "auto low" and all of the flash videos will load faster.
Check out /BeermoneyHomeNetwork for help with configurations. The posts are old, but the info is solid. It's just one of those things that doesn't change.
 

DO I HAVE TO FILE TAXES?

Short answer: Yes.
Long answer: It doesn't matter if you get PayPal, Cryptocurrency, Gift Cards, physical items, or whatever else. It is all considered income because you are earning it in exchange for a service. In the USA, once you earn $400 in self employment you are required to file taxes. If you earn $600 or more with any individual site in a year, you should receive a 1099 from them. Even if you don't make $600, or don't get the form, you're still supposed to report any amount you earn. There are a few circumstances in which someone doesn't need to file taxes, and if you think you would be in one of those circumstance, you should speak to a certified tax consultant.
Here's more information.
 

WHEN SHOULD I CASH OUT?

Always cash out as soon as possible, unless there is some sort of discount for saving up your points. You never know when you might get banned or a website might go away. Building up your points is just increasing how much you have to lose. The points are not yours until the money is in your possession.
 

HOW DO I TELL IF SOMETHING IS LEGIT OR A SCAM?

If a post is at least 48 hours old or made by a user with flair beside their name, it is likely legit. Known scams get removed pretty quickly. GPT sites are more likely to be a scam than any other type of site posted here. If you are worried about being scammed, I highly recommend sticking to the more well known sites in this FAQ and the Common Beermoney Sites List. You can also ask the poster for proof that they were paid by a site. If they can't prove they've been paid, they are only looking for referrals. I don't recommend signing up on sites when the user can't provide payment proof.
 

Here's a few things to look out for:

  1. If they send you a check and ask you to return part of the money, it is a scam. The check will bounce, and you will be out the money. If an employer needs you to buy something, they will either buy it with a company card, or ask you to send a receipt for a refund. If they've already sent the check, you can give it to your local police department if you want. Just block all communication from them.
  2. They pay a ridiculous amount of money or claim to pay "the most". Very few surveys pay more than $10/hour. You won't get more than about a penny to click links. Videos rarely pay more than a couple pennies. This is about the maximum, and it's very common to make half this rate or lower. If the site is claiming to pay so much more than anywhere else, it's a scam.
  3. You get an offer or interview from a site or job you didn't apply for. Be especially cautious if they want to do the interview over google hangouts.
  4. You are being asked to work for free as a "sample", or you are asked to install a program and wait to be accepted at a later date.
  5. They have a high minimum cash out amount (above $25). Many sites have $1-10 minimums.
  6. You are required to refer people to get paid.
  7. You have to spend money to use the program. Even if it is an "optional" fee, be careful. This includes "training fees".
  8. They don't disclose what type of work you're going to do. Sometimes job listings need to be vague for non-disclosure reasons, but you should always be able to get a general description of the work you will perform.
  9. The website or post is full of grammar errors. An error here or there is bound to happen, but any legit site is going to put in effort to look good.
  10. It's never been mentioned on this subreddit and/or you can't find reviews on google. Unless it's a completely new service, you should be able to find something about it somewhere.
  11. Most importantly - does it feel too good to be true? Does it feel sketchy? Is there something that is just off, but you can't put your finger on it? Trust your instinct, and come here to find out if anyone else has heard of the site. Do a search first, and if you can't find anything, then make a post about it.
There are exceptions to most of these, but these are some things to be on the lookout for. Here are a few more safety tips.
Also, never trust what a blog says. They are trying to get your referral link, so they will pretend the site is better than it is. If you see the site on /beermoney, look in the comments. If the poster is making outrageous claims, usually someone will leave a comment about it.
 

I WANT TO DO A GIVEAWAY FOR EVERYONE HERE. AM I ALLOWED TO DO THAT?

Giveaways without any stipulations or endorsements are permitted. If you intend to promote a site/link/etc or require users to sign up somewhere or complete a task, you must get moderator approval prior to posting. Failing to do so may result in a ban. Due to an incident users are no longer allowed to simply host their own giveaways. When in doubt, message the mods.
 

I WANT TO PAY PEOPLE TO DO A TASK FOR ME. CAN I MAKE A POST ON HERE?

Depends. What type of task are you offering?
When in doubt, message the moderators and ask if it's allowed.
 

HOW DO I GET REFERRALS?

  • Invite your friends and teach them how to use the sites.
  • Advertise on social media.
  • Find a new website that has paid you and hasn't been discussed here (search first!) then advertise it here (with lots of info and payment proof!)
  • Consistently submit top/quality content to this subreddit for the opportunity to have your referral put on the Common Beermoney Sites List.
  • Pay for referrals (make sure the site allows it first!).
  • Join a referral chain.
 

DO I NEED TO USE MY REAL INFO? (name/address/birth date)

Absolutely. You need to have correct info on the sites that pay you. Lying about anything can cause a whole lot of trouble, including getting your account banned.
 

BUT WON'T I GET SPAM MAIL?

From The Website Paying You? It's highly unlikely that the sites that pay you will waste their money sending you spam mail. You may get something for verification, but that's about it.
From The Surveys? It's very rare unless they are sending a payment, a product for testing, or they are requesting a follow-up. Most surveys won't even ask for this info, and on the rare occasion they do, it's typically to avoid repeat submissions.
From The Offers? Sometimes. Most of them won't send you anything even if they say they will. Charities, credit cards, banks, and other similar services will spam you non-stop though.
In Your E-mail? Absolutely. Make sure to use a separate e-mail for beermoney work, especially if you're going to be doing offers.
 

THIS SITE NEEDS A PHONE NUMBER FOR VERIFICATION. CAN YOU HELP ME?

Free OptionsGoogle Voice | List of free services | Ask a family member or friend
Paid services/phoneverification | List of paid services
 

CAN I USE A VPN, VPS, OR OTHER SOFTWARE TO PRETEND I'M FROM ANOTHER COUNTRY?

No. You can get banned for doing this. Usually they ban you right after you redeem your first reward. The location is restricted for a reason.
 

CAN I USE AN EMULATOR OR A VIRTUAL MACHINE?

No. Third party software is not allowed, and you can be banned for it.
 

IS BEERMONEY DEAD/DYING?

No. Don't listen to the trolls. Beermoney changes over time. Some methods are less lucrative now than in the past. Some are more lucrative. Some have less sites offering the service, and some have more. Passive methods are on the decline, but beermoney is more than just passive methods.
 

WHY ARE MY COMMENTS/POSTS BEING DOWNVOTED?

Every post will get a few downvotes. You can't please everyone. If you get down to -5 or lower, you might want to take a look at what you're typing. Beermoney users in general are more likely to upvote than to downvote, so either you're breaking a rule, spreading false info, or you're just being rude.
 
If you saw something in this FAQ that you think is wrong, is confusing, or you think needs more information, please let me know and I will look over it.
 

Have another question? Check the FAQ part 2 or try searching first!

You can use the reddit search bar, https://www.redditsearch.io/, or even a google search with "beermoney" in it to find lots of useful information.

Here's more info on how to use the searches.

submitted by Mikazah to beermoney [link] [comments]

Deep Web/Dark Web Vigilante Nightmare

A little backstory when this happened; I was 22 years old and had just graduated from college with a bachelors degree in computer programming and was feeling like a hot shot. I moved into a nice little studio apartment which was actually a motel room at one point, before the apartment company took over and did renovations. The area was nice, with lots of trees, beautiful views and a small river that ran behind the apartments. Being situated 10 miles outside of the city, meant that there were not that many people who frequented our area, but I was glad of that, as it would be nice to have some peace and quiet to focus on my programming and web design skills.

I remember hearing everyone in high school and college rambling about being on the Deep or Dark Web as you may say, the uses are actually quite interchangeable, however, they also are 2 very different parts of the internet as a whole. You have the Clearnet, that can be accessed by anyone with an internet connection and search engine such as Google, then you have the Deep Web, which is the greater part of the internet that is hidden and cannot be accessed without a special program or browser such as Tor, and finally part of and inside of the Deep Web, you have the Dark Web or even Dark Net where most of the horrific stories you hear about take place.

Hearing all of these stories from either friends, or from reading them online over the years intrigued me and set me on the career path that, at the time, I thought I truly wanted. Now, not so much. My goal was simple, to create a program that would run without the use of a script, that would actually be disguised as a picture file. If someone opened the file, then my program would execute and be able to look directly into the computer systems full log records and would be able to sniff out the original IP address of the affected computer, as well as any personal information such as names, birthdays, credit card numbers, etc.

Now I know what you are thinking, I was definitely up to no good in creating a program like this, but you would be completely wrong. After hearing of some of the truly horrifying people that hide on the Dark Web, and seeing as many of the stories end with those same people never getting caught, I could not fathom why nobody made a program to catch these people. I worked out how I could catch these people, think like, and to pretend to be one of those people.

When I had finally compiled the program, compressed it down to less than 1mb and disguised it like a picture file I planned to use, I was ready to test it out. I pulled out my old junky laptop that I used for school. The thing was a pure piece of shit, and the perfect test bed for anything that I created. I connected the laptop to the internet and created a test email and sent the file. I had to test different methods of delivery, so I also used a private dropbox so I could test email delivery and opening, direct placement from a flash drive, and the big one that I was counting on, downloading the file and opening it from the internet outside of email programs.

When all 3 methods worked and started sending the plethora of data to my main laptop in the form of updated notepads, I jumped for joy. I thought to myself,

So, basic IP and personal information sniffing works, what about if they are pros, using multiple VPNs and the like?

I installed 2 separate VPN programs on my test laptop, and even connected to a proxy server through them to test the results. They still came back the same just showing the additional IP addresses from the VPN. I was now ready to hunt these people. My studying in school paid off having allowed me the knowledge to be able to create this amazing tool. I would make my own show like Chris Hansen's “To Catch a Predator” but mine would be called, “To Catch a Webber”. Yes my ego was extremely high at the time,, but I could not celebrate, not until I knew that it 100% worked without a doubt against a third party.

This is when things really began to get interesting. I had Tor and the Hidden Wiki opened up, my VPN fully configured and I was ready to go. I wanted to get to the Dark Web and most people find it by clicking something randomly. I selected a random site from the Hidden Wiki to begin my journey. Just a basic news board, mainly spreading support to those who are oppressed around the world. I clicked on another link and it took my to a blank page. I waited a few seconds and still nothing so I went back and tried another link.

This one took me to some jewelry site. After reading some, I noticed the end of each ad boasted that the jewelry was stolen from graves fresh and old with some being claimed to be thousands of years old. Like most sites on the Deep and Dark Web, bitcoin was the currency in use on the website. I saw enough there and was about to go back and try another link when a chatbox popped up with the generic name “Admin” followed by a message.

“Hello! Welcome to our site, everything here is 100% authentic, antique and unique! Is there anything specific you are looking for today?”

I must admit, I wasn’t caught off guard at all, with normal online stores, this is pretty standard protocol. I typed out my reply confidently,

“You know I was actually just looking at your selection. So much to choose from, it’s a little overwhelming and I am just mainly browsing.”

Within literally 5 seconds I had a reply from the Admin,

“We look forward to seeing your purchase! Please let us know if we can assist you further!”

Ok, now that seriously took me back. They told me they look forward to seeing my purchase? Fuck that I clicked out without even replying. I had double checked my setup and I was still 100% anonymous, my VPN was still working so that eased my paranoia. I clicked another link and this time I was taken to a black web page with white text in the center. I could not read the text, in fact, when I looked closer, it didn’t even look like any real writing at all. I clicked it and a box popped up asking for what I am assuming was login info. Obviously I didn’t have that, but oddly enough, yet another chatbox popped up and I just see,

“I got you.”

Info started being entered into the first box. The next screen I see is white with what appeared to be a directory to many different areas. The chatbox appeared again and read,

“Enjoy and behave.”

I had no clue who that was, or where to even start in the directory. I know there are so many horrible people hiding on the Dark Web, but I wanted to stop the killers more than anything else. I heard so many stories of Red Rooms and people being kidnapped and used for others pleasure and dying horrific deaths and I had to help stop that, I was on a mission. I clicked a random link and the page slowly loaded. There were 3 pictures displayed, a storm, a green pasture in sunlight, and a knife. Obviously I clicked on the knife and was loaded into the Dark Web equivalent of a sick and sadistic instagram of death.

I saw one picture of an older guy laying on a couch with a gag in his mouth titled, Vomit Death. A small description said the poster thought it would be funny to watch their friend drown in their own drunken vomit. They went on to brag about how the gag relieved them of any legal responsibility in the death because it was deemed a stupid drunken game. I wanted to nail that fucker, but continued on.

Another image was of a young girl, probably early 20’s hanging from a tree with the title, At Death I Part. The small description read,

“You wanted ‘til death do us part, now you have it and I’m free.”

This one confused me then and still does now for a couple reasons. Was this a suicide or a murder and who posted it? The next picture I saw really caught my eye. It looked like one of the pieces of jewelry I had looked at on the jewelry site. A bracelet, in fact the very one, the exact one that prompted the chat log to pop up. At this point I knew better than to click on it, but I was also arrogant in my ego and had full confidence in my program. I clicked the picture. This time there was a small handwritten note in the picture,

“Hello! We need your business, you did not make a purchase.”

After reading that and feeling my heart practically stop, I was then automatically redirected back to the jewelry site and looking at the same damn bracelet. Immediately the chatbox popped up with the Admin and read,

“We knew you would be back to make your purchase!”

I did not even know what to say before they added,

“The site you were just on is also run by us, we helped you login so you could get a small taste of our different varieties of content. Access is subscription based, and you pay for access by buying our jewelry. Furthermore, if you do not make a purchase, then we will restrict further and future access to our sites as well as release your browsing habits to your family and friends. You have 10 minutes to decide.”

I simply replied,

“Searching is not a crime, I did not find much value in your other websites, I have seen better and I don’t wear jewelry so, sorry, no sale.”

I felt like a smug bastard knowing they couldn’t know who I am personally or even track me, but the reply I got shocked me,

“Whatever sites contain the content you viewed is all under us. You don’t know what you are getting in to or how big our business is. Simply make a small purchase and we can move on.”

I get aggressive sales tactics, but this takes the cake in being intertwined with blackmail and extortion. I wouldn’t have it and replied,

“I refuse to be blackmailed or extorted by people or entities claiming to have false information on me. Unlike you people, I have proof of a better site that does not strong arm their users, you cannot provide any information to me, about me, like I’m sure you can others and you know this.”

Admin typed back,

“You have no proof, you are probably some kid acting out. Tell you what, show me your proof and I will show you mine.”

Arrogant and with the time I had been waiting for having arrived, I uploaded the image to a secure site and messaged them when it was done. I did not get a reply right away, but after about 3 minutes I knew they opened the image thus executing the hidden program because I started getting a plethora of log updates. This happened for about 5 minutes before the logs stopped updating and another 5 minutes before the Admin finally came back and said,

“I thought you had proof of a better site than ours James. Truly I am disappointed but not surprised, no site tops what we provide as a whole. And you do not even understand how deep things go. As for the picture of your cat, very sneaky, but you did not consider your 1 serious flaw, that anyone with knowledge of how your little toy works, can reverse engineer it, dismantle it, and can find where the information is being sent to. You are in a very nice, secluded area, and easily traceable, unlike me, who is operating under many different aliases, stolen identities and on throwaway laptops. I can be mobile in a matter of seconds, gone without a trace. Let me share a couple things with you to help you make the wise choice in your situation. Our image site of the deceased that you saw and clicked through, well, some of those people are people who become an issue, and their jewelry, one of the millions of pieces we have available currently on top of what we have collected over the years. Now, are you going to make your purchase?”

My jaw hit the floor. I was fucking speechless and this lunatic was absolutely right. I did not account for being back-traced through my own program because of my arrogance. Not to mention the fact that if they were really using multiple identities, tracking down the perp just isn’t going to happen. I couldn’t reply, I was frozen in fear when another bit of text popped up in the chatbox,

“James, I know you are still there. Just make a purchase James, and we both disappear afterward and have no further contact. I don’t want to send my associates to you, you haven’t truly insulted us yet, just make a purchase and this can all be done. Don’t spit in the face of our work.”

I slammed my laptop to the ground and started stomping it out like the scene in Office Space where they beat the shit out of a printer. Pieces were flying all over the place and it was just an unrecognizable pile of metal and bits. I was on a month to month lease at the time and moved out the next day to another place in the city. It was more expensive and the location sucked, but knowing I had lots of others around me constantly made me feel safe and still does. That was 3 years ago and I am still living in the place I moved to after this happened. I have since stuck to web design and have stayed far away from the Deep and Dark Web. Nothing has come of this that I know of, but they could still be out there, watching and waiting, and then I may become part of their content...

To be Narrated soon on YouTube @ Nightmare Storytime!
submitted by Nightmare_Storytime to nosleep [link] [comments]

10 Price Predictions for 10 Top Cryptocurrencies — Aug 2018

So, you’re sitting at your computer with money to invest.
You have made some good money already in the market, but you want more.
Cryptocurrencies reached a record **$800 billion in market value** then came crashing back down to earth and sit right around $200-$300 billion today.
The price movement of top currencies remains a mystery. But it doesn’t have to be.

THE PAIN OF UNCERTAINTY

Cryptocurrencies are volatile, irrational beasts.
Simple methods of forecasting grossly oveunderestimate the potential of a volatile currency.
For example, moving averages are used frequently to estimate future prices. Moving averages, however, suffer from many pitfalls that make them poor estimators of volatile markets.
Every great and successful investor has a plan. You will add one more tool to your arsenal today.

A BETTER METHOD FOR ESTIMATING CRYPTO PRICES

In my prior article about estimating the movement of Bitcoin Prices, I spoke of a method that is used frequently in the stock world to estimate prices.
This method is a Monte Carlo simulation using the geometric Brownian motion model.
I won’t cover off on the full methodology here, but essentially I am going to:
  1. Get historical daily prices for 10 top cryptocurrencies
  2. Calculate daily returns
  3. Simulate a day, month, and year
  4. Simulate a day, month, and year 1,000 times each
By the end of the article, you will have the following:
A note on forecasting, simulations, and recommendations: Monte Carlo simulations are to be used as guidelines and tools, not as gospel. I am not offering financial or investing advice.

BITCOIN

What is Bitcoin?

You know what Bitcoin is, stop it.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Bitcoin fell between $3,959, and $12,626 with a median of $6,970 over a 1-month time period.

BITCOIN CASH

What is Bitcoin Cash?

From the Bitcoin Cash project website:
“Bitcoin Cash is peer-to-peer electronic cash for the Internet. It is fully decentralized, with no central bank and requires no trusted third parties to operate.”
Really, it was an additional currency that was created after a fork from Bitcoin core.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Bitcoin Cash fell between $253, and $1,501 with a median of $624 over a 1-month time period.

ETHEREUM

What is Ethereum?

Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.
Ethereum has been busy recently. Multiple steps have been pushed in motion for the upcoming large change — reaching a new consensus method.
From Jordan Daniel at ethnews.com:
Ethereum’s Byzantium hard fork was only one half of a two-part process designed to transition the decentralized application platform to a new method for reaching consensus — proof-of-stake. The next hard fork, called Constantinople, was recently discussed during an Ethereum core developer meeting and could include Vitalik Buterin’s Casper update.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Ethereum fell between $200, and $827 with a median of $405 over a 1-month time period.

EOS

What is EOS?

EOS is a blockchain-based, decentralized operating system, designed to support commercial-scale decentralized applications by providing all of the necessary core functionality, enabling businesses to build blockchain applications in a way similar to web-based applications.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of EOS fell between $2.48, and $19.92 with a median of $6.78 over a 1-month time period.

LITECOIN

What is Litecoin?

Litecoin’s claim to fame is faster transaction processing times. It uses a scrypt-based mining proof-of-work algorithm to target the regular computers and GPUs most people already have.
The ability to target regular computers and GPU’s happens to be a huge differentiator from the crowded mining population of Bitcoin.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Litecoin fell between $34.45, and $131.88 with a median of $67.53 over a 1-month time period.

RIPPLE

What is Ripple?

Ripple is a system created for banks to enable immediate payments and lower costs.
The vision of the Ripple creators is to allow a bank transfer in a few seconds (instead of the horribly annoying 2–3 business days).
Of note, is that Ripple is a U.S. based company. From the xrphodor blog:
Ripple is a US-based company. Why is this an important point to consider? A US-based company like Ripple is subject to some very stringent laws regarding securities trading and money transmission. These include requirements that define how Ripple might interact with crypto markets and both institutional and retail crypto traders.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Ripple fell between $0.13, and $1.05 with a median of $0.37 over a 1-month time period.

STELLAR

What is Stellar?

Stellar is a platform that connects banks, payments systems, and people. Integrate to move money quickly, reliably, and at almost no cost.
XLM is a completely decentralized consensus platform. It is designed to support any type of currency. It has a built in decentralized exchange that can be used to trade any type of currency or asset.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Stellar fell between $0.11, and $0.81 with a median of $0.29 over a 1-month time period.

IOTA

What is IOTA?

IOTA is a public distributed ledger that stores transactions in a directed acyclic graph (DAG) structure, called a Tangle. The Tangle is used in place of the blockchain structure commonly used by other cryptocurrencies, such as Bitcoin.
IOTA is a cryptocurrency designed specifically for the Internet of Things (IoT) that can be used for the secure sale and sharing of data streams.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of IOTA fell between $0.24, and $1.39 with a median of $0.58 over a 1-month time period.

QTUM

What is QTUM?

Qtum is an open source Blockchain project that is developed by the Singapore-based Qtum Foundation. Qtum is a hybrid blockchain application platform.
Qtum’s core technology combines a fork of bitcoin core, an Account Abstraction Layer allowing for multiple Virtual Machines including the Ethereum Virtual Machine (EVM) and Proof-of-Stake consensus aimed at tackling industry use cases.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of QTUM fell between $1.51, and $15.34 with a median of $4.89 over a 1-month time period.

NEO

What is NEO?

NEO (formerly known as AntShares) is a smart asset platform and the first open source public blockchain project in China. Smart assets are the combination of smart blockchain contracts and digital assets.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Stats

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of NEO fell between $9.67, and $52.02 with a median of $23.49 over a 1-month time period.

DASH

What is Dash?

From CoinLib:
Dash (formerly known as Darkcoin and XCoin) is an open source peer-to-peer cryptocurrency. On top of Bitcoin’s feature set, it currently offers instant transactions (InstantSend), private transactions (PrivateSend) and operates a self-governing and self-funding model that enables the Dash network to pay individuals and businesses to perform work that adds value to the network.
Dash’s decentralized governance and budgeting system makes it a decentralized autonomous organization (DAO).

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Dash fell between $15.23, and $3,125 with a median of $198 over a 1-month time period.

BONUS: MONERO

What is Monero?

Monero attempts to solve privacy and fungibility issues that persist in Bitcoin.
Part of the algorithm for Monero automatically mixes transactions with previous transactions and does this by implementing ring signatures.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Stats

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Monero fell between $24.20, and $508.99 with a median of $115.44 over a 1-month time period.

BONUS: Zcash

What is Zcash?

From the Blockchainhub infographic:
Zcash is a permissionless cryptocurrency that can fully protect the privacy of transactions using zero-knowledge cryptography.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
Simulation Statistics

Verdict

In 95% of model simulations, the price of Zcash fell between $49.34, and $419.23 with a median of $147.27 over a 1-month time period.

Bonus: CARDANO

What is Cardano?

From Coincheckup:
Cardano is a decentralised public blockchain and cryptocurrency project and is fully open source. Cardano is developing a smart contract platform which seeks to deliver more advanced features than any protocol previously developed.

One-Month Simulation

Graph of one-month simulation

One-Month Simulated 1,000 Times

Graph of one-month simulated 1,000 times

Simulation Statistics

Here are the results of simulating Daily, Monthly, and Yearly coin prices 1,000 times each.
[Simulation Statistics}(https://cdn-images-1.medium.com/max/2324/1*aAhJ6BvgGTvHNqESN1dzQw.png)

Verdict

In 95% of model simulations, the price of Cardano fell between $0.04, and $0.42 with a median of $0.13 over a 1-month time period.

YOUR VERY OWN FORECASTING TOOL

Since i’m so nice, I went ahead and created a forecasting tool for you to use.
Example of the workbook in action

SERVICES USED:

  1. Microsoft Excel 2016 for Windows or Mac, or Excel Online
  2. Cryptosheets Excel Add-in
  3. Cryptocompare API
Full disclosure: The Excel add-in has a free tier with a limited 100 requests, and a paid upgrade option past that. However, no one should be refused access on the basis of money (especially true for students and less fortunate). Send me a message, and I will make sure you are not left in the dark.

A NOTE ON SECURITY

Users have expressed hesitation about downloading an Excel workbook on their main computer, so I will attempt to ease those concerns:

WHAT IT PULLS:

GETTING THE SPREADSHEET TO WORK FOR YOU

Click this link to download the workbook
  1. Install the Cryptosheets add-in for Excel
  2. Log-in to Cryptosheets using Google, or your regular e-mail
  3. Upon successful log-in, refresh the Cryptocompare pull

UPDATING TO DIFFERENT CRYPTOCURRENCIES

For a quick demonstration, see here

TROUBLESHOOTING

When I open the add-in, I get a white screen…why? Most likely this is due to an ad blocker (such as uBlock Origin or Bitdefender). On Windows, the add-in relies on Internet Explorer stability to function properly. Make sure nothing is blocking Internet Explorer.
My add-in is stuck in a “Loading” loop…how do I fix it? See the tutorial here to fix: How to fix a loading loop

CONCLUSION

Whether you are investing in Bitcoin, Ethereum, or SpankCoin, it is imperative to have a plan. Most notably, a worst-case scenario.
The Monte Carlo simulation is a fantastic way to get a range of prices for a cryptocurrency. And after reading this, you can see how the final values change drastically depending on what you are looking at.
I urge you to download the sheet and try your own hand at simulating different coins.
Cheers, and happy hunting
Click this link to download the workbook

RELATED POSTS

Financial Modeling for Cryptocurrencies: A CoinMarketCap Spreadsheet That Doesn’t Suck
Introducing Cryptosheets: Real-time Excel Add-in for Cryptocurrencies
submitted by 1kexperimentdotcom to CryptoCurrency [link] [comments]

Update to my blockchain.info theft

From this thread http://www.reddit.com/Bitcoin/comments/1z0ug6/blockchaininfo_wallet_emptied_as_far_as_i_can/
I got nailed good, and I have no idea when where or how. I'm not a risky clicker and I'm pretty good at seeing fake/phising sites.
Basically whoever did it, or however they did it kicked my ass. I am a computer professional and I generally know my shit. My best guess is that they did do it via the browser. That day the only sites I visited were blog.coinkite.com and this subreddit.
I guess if you are using the blockchain.info site, make sure you have 2FA (I did) and the double password (I did not) Also, avoid the backup to anything but a USB stick. It seems like everyone who's gotten owned has been because they downloaded or emailed themselves a backup. I've not got a nice weekend ahead of reformatting 3 computers. I'll probably also send a few bitcents to that address again and see what happens.
tldr: After 20+ hours of checking my computers, email accounts, backup accounts and network for security issues, I found none of them to be compromised. Best guess is a website somehow grabbed my private key via a java exploit or phish. Also kudos to whoever did it, you got me good.
My takeaway from this: Dedicated airgap computer with wallet. paper storage, one time use addresses, no more blockchain. Price paid for lesson: 1btc
edit I wrote some tips for those who might not have known about some of the security features and issues with blockchain.info
http://www.reddit.com/Bitcoin/comments/1z78vq/psa_is_your_blockchaininfo_wallet_safe_some_tips/
submitted by CyberSol to Bitcoin [link] [comments]

My blockchain.info bitcoins just disappeared!

This transaction: https://blockchain.info/address/1BdcBn6Hri5va5RhX2bgqfaRK1TxaZ4ZYm
My 4.3794606 just got stolen!
My blockchain password is long and secure, and I have google auth enabled. How the hell can someone hijack my coins?! It holds the only record of my private key I'm aware of, but the fact they appeared to sweep a whole bunch of accounts looks like they found an exploit or something.
What are the best forensic options available to the bitcoin world today? I'm really very unimpressed!
Thankfully, I moved most of my coins to gox a few days ago... but $4500AUD still burns hard!
EDIT: I did have dropbox backup enabled, also with 2FA enabled, and there are no unexpected dropbox logins in the log.
EDIT: Great, and now the rest is gone too!
submitted by manuevans to Bitcoin [link] [comments]

I've just had 0.11125306 BTC stolen (Blockchain.info) - can anyone help?

I woke up to two messages on my phone saying that two transactions had been made from my Blockchain account.
It's so strange, esspecially as I've got 2FA on my BlockChain account, which is sent as an SMS message to my phone. I can't think of any way that someone would have been able to compromise my account, or a computer that I was using to access my Blockchain account. If anyone has any suggestions on where I can go next (Not that I'm holding up much hope of getting them back), then I'd be extremely grateful.
https://blockchain.info/tx/9b5e9f1c0402b587272f6076424e4b0e0fcfec7dea84fa3eeffc914011cf2942
https://blockchain.info/tx/7236e777cb032f8d77849265a1cb7740f1c86dc83978c238f4c2e954bf20f4d6
http://i.imgur.com/bVMQyAu.png
EDIT - My bitcoin address on BlockChain is 15944V31kxR2mPfdwCdaQNjrzaUQh4qNFp.
EDIT2 - Looks like they logged in through the Blockchain website, checking the access logs:
Today 07:19:41 viewed login page 108.62.64.30 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Today 07:19:40 viewed login page 108.62.64.30 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
But that still doesn't explain how they managed to get through the 2FA.
EDIT3 - I did receive an authentication code from Blockchain a few minutes before the transfer occurred, this code is needed to gain access to the account.
EDIT4 - Problem solved, the hacker gained access to my Dropbox, which has the backup of my wallet (stupid, I know). Then they used this to gain access to my account. Thanks for everyone's help with finding the problem.
submitted by FruitWinder to Bitcoin [link] [comments]

Graduated Seniors: Your rpi email expires on July 15. Here's a list of ways to take advantage of student freebies/discounts before it's too late.

All of these require you to signup with a .edu email address.
If you have any more comment below!
submitted by _chao_ to RPI [link] [comments]

PSA: Is your blockchain.info wallet safe? Some tips

After getting robbed of 1btc last week via my blockchain wallet I have some tips for blockchain wallet users.
Use the second password feature
This encrypts your wallet. I did not know my wallet was unencrypted. I feel like this would have saved me. Do this by going to account settings > Passwords > then second password.
Enable Two Factor Authentication
I had this enabled but because they didn't use my login to swipe my coins it didn't matter. This will keep them from gaining access though if they swipe your blockchain password and try to log in via the website. You can choose Email, text message, yubikey, google authenticator. Found on the security page under account settings.
Never Remember Two Factor Login
By Default after logging in with two factor authentication your browser will be remembered for a short period of time allowing you to login again without having to re-authenticate. Check this box if you want to disable this behaviour and require full authentication every time. Found on the security page under account settings.
Block TOR ip addresses
Enable this option to prevent ip addresses part of the TOR anonymizing network from accessing your wallet. Found on the security page under account settings.
Enable Logging Level The logging level controls what data is recorded when actions are taken using your wallet. By default the logging is turned off apart from actions taken by admins. Enabling it provides better security by providing more information on potential unauthorized access to your wallet.
Wallet backups
DON'T STORE YOUR WALLET BACKUP IN DROPBOX, GOOGLE DRIVE, OR EMAIL. A common theme in reported blockchain thefts is a backed up wallet. Keep your wallet as a paper backup or download it to a thumb drive. Whatever you do, encrypt that file. if the attacker gets your email or dropbox, then that's all he needs.
** Check your browser **
Visit https://www.check-and-secure.com/ to see if you are part of a bot net and to check for vulnerabilities
** Enable two factor authentication on your email, dropbox, crashplan, etc** You never know how they might gain entry
Check out this discussion as well http://www.reddit.com/Bitcoin/comments/1d0155/a_brief_analysis_of_the_security_of/
That's all from me. If someone has other advice or offerings, I'll update. May my loss be your gain.
submitted by CyberSol to Bitcoin [link] [comments]

Password manager wiped

Hi, I turned on TREZOR Password manager after 10 days and noticed it is in the same state like if it is activated for the first time with tabs All, Social and Bitcoin. I thought there was some problem with Dropbox, so I logged in and noticed there was new password file in folder Apps/Trezor Password Manager afterwards I noticed there is also folder Apps/TREZOR containg file created in November 2016 (I presume this is the original password file).
I reconnected the device few more times and after each cca 5 connections the device asks me to "Activate Trezor Password Manager".
It might have happened that knowing TREZOR is asking each time to confirm login to Password manager I accidentaly (not looking at the device screen) confirmed to "Activate Password Manager" which created new password file.
I have upgraded to lastest TREZOR firmware and device is using Bootloader 1.3.0.
Is there any way to tell TREZOR to use the original password file?
Thanks for any kind of help.
submitted by mareksip to TREZOR [link] [comments]

Trying to protect Bitcoin private keys; need advice

Gentlemen,
I'm conducting automated, online transactions with a few dozen anonymous parties. They don't know me and I don't know them. There are occasions when my web application, or I as an individual, may hold Bitcoin in a custodial capacity for said parties. It's important that I protect the private keys corresponding to a large number of Bitcoin addresses which my application creates on-the-fly as needed.
I have a software development background and have read as much as I can about protecting sensitive data but am fairly new to the latter so I'd like to present you with an overview of my private key protection strategy and then ask what you, as experts, perceive to be possible vulnerabilities in my plan.
Here's my layout and plan:
My main work computer is a MacBook Pro running El Capitan. It's typically plugged into a multi-monitor setup in my home although I'll occasionally take it on the road with me, making it somewhat vulnerable to theft. The OS's built-in FileVault disk encryption is turned on.
My web application runs on a grid of Windows 2008 servers that live at Amazon Web Services (AWS). This grid of servers, plus my laptop, constitute the entirety of my network.
One of the servers in the grid is running SQL Server and in that database is a table, and in that table is a field called 'privateKey' which contains the private key for a single Bitcoin address. The table will contain many rows since there are many addresses to deal with. The 'privateKey' field is a binary stream containing (1) an initialization vector (length=16 bytes) and (2) an encrypted representation of the private key. My program uses the initialization vector and a secret password (length=32 bytes) as inputs into a symmetric encryption algorithm (.NET/RijndaelManaged) to decrypt and use the private key.
The secret password isn't stored in a file on the server. It's stored on my laptop in a human-readable document called 'specialFolder\myPasswords.txt'' in hex format. When the server app is started, a secondary helper app prompts for the secret password which I then copy/paste into the helper app's console over a Remote Desktop connection. The helper app's console is then closed and the secret password is then only held in RAM on the server, within the process of my application.
There are also Bitcoin private keys held outside of my application in "wallets" managed manually, by me, using a third party program called Electrum. Electrum runs on my laptop and uses one file to represent each wallet. (A 'wallet' is just a collection of Bitcoin addresses and their respective private keys). I've configured Electrum to store the wallet files in 'specialFolder\myWalletFolder' on the laptop. Electrum encrypts the wallet files such that the private keys contained therein can't be used without a strong password which is entered by me as needed at runtime.
Electrum uses a mechanism wherein the public/private keypairs it generates are created in a predetermined fashion using what the documentation refers to as a 'seed.' The seed is a long series of human words. If one knows the seed, the keys can be regenerated and the wallet restored. I keep backups of the wallet seeds in a file called 'specialFolder\myElectrumSeeds.txt' on my laptop.
If you've read this far, you may have noticed that I'm keeping a lot of sensitive information in plain text within 'specialFolder' on the laptop. But this really isn't a folder at all. It's actually a volume created and maintained using a program called VeraCrypt. I only 'mount' this encrypted volume when I need to access its contents and then I immediately 'unmount' it. The laptop is never left alone when 'specialFolder' is mounted. Mounting the volume requires a password. That password is known only to me and isn't stored on the laptop.
VeraCrypt stores and accesses the 'specialFolder' volume through a single file. That file is named 'veracryptFile.' veracryptFile lives on my laptop on a Dropbox-synchronized folder. Whenever the VeraCrypt volume (and thus 'veracryptFile') is modified, the changes are immediately propegated to (1) DropBox-owned servers and (2) a server in the grid at AWS, and (3) another private server at AWS that's in a different geographical location.
In addition, a physical printout of the contents of 'specialFolder\myPasswords.txt' and 'specialFolder\myElectrumSeeds' is kept in a safe deposit box at a local bank, to which only I have the key.
The parties with whom I do business may occasionally login to my app and execute transactions which result in Bitcoin being sent to them. Password theft obviously weighs heavily on my mind.
The SQL Server discussed earlier contains a table of all of my users, and that table contains a field called 'password.' The 'password' field contains: (1) a random byte sequence (length=32 bytes) and (2) a hash of a concatenation of the user's password and the random byte sequence. My program uses the random byte sequence and the password the user supplies at login as inputs into a hashing algorithm (.NET/SHA256Managed). If the hashing algorithm's output matches the hash stored in the database, the user is considered authenticated.
A user must be authenticated prior to executing a transaction that would result in a Bitcoin disbursement. In addition, each user is required to have a BitMessage address. When the transaction is submitted online, my program creates a 10-digit random string and sends it to the user's BitMessage address. That string must be entered by the user in order to begin execution of his transaction.
This BitMessage confirmation protocol is also required if the user wants to: (1) change his password, or (2) specify a different BitMessage address in his profile.
Given the strategy outlined above, do you see any glaring vulnerabilities ? Here are the attack vectors I've considered thus far:
LAPTOP IS STOLEN: perp would have to defeat Apple's FileVault encryption (assuming laptop was powered off when stolen) plus the VeraCrypt encryption on 'SpecialFolder'. I could recover the lost files via DropBox or my AWS-hosted DropBox peers.
LAPTOP IS TARGETED BY ROGUE APPLE STORE TECH-SUPPORT EMPLOYEE WITH ADMIN ACCESS: perp would have to defeat VeraCrypt encryption on 'SpecialFolder'.
DROPBOX ACCOUNT IS HACKED: perp would have to defeat VeraCrypt encryption on 'SpecialFolder'.
AMAZON SERVER IS ATTACKED: perp would need physical access to machine and have a way to probe RAM to obtain 'secretPassword' since it's not stored on the hard drive.
USER PASSWORD(S) ARE STOLEN: perp would also need access to the user's BitMessage account in order to steal Bitcoin from the compromised user.
Are there other attack scenarios I've overlooked? For the sake of this forum post, I'd like to limit attack vectors to technical exploits, not those of the violent or gangster variety (extortion, blackmail, etc.).
Thank you for your thoughts.
Best,
Shaniqua
submitted by shaniquaJones44 to Bitcoin [link] [comments]

Fish Tacos - Top 50 FaucetBOX Faucets of the week

Fish Tacos - Top 50 FaucetBOX Faucets of the week
If you want your favourite faucet in next week's list, post a comment and it will be checked out.
Faucet Minimum Interval Rating
Bitcoin Catcher 1000 540 5-star
3bitco.in 800 1000 4-star
Gold Drop 650 240 5-star
Blue-Faucet 500 1000 5-star
BoxFaucet.net 450 1440 5-star
SatoshiMachine 350 720 4-star
satoshifaucet.space 350 720 4-star
satoshibox.club 350 720 4-star
SatoshiWorld.club 350 720 4-star
1024 Faucet 324 1024 5-star
DC Faucet 300 720 5-star
Chirpa Faucet 300 720 5-star
JavaFaucet 300 720 5-star
YeyoFaucet 250 720 5-star
DayroxFaucet 250 720 5-star
Bitcoin Rush 250 720 5-star
Predimania 250 720 4-star
FallBitcoin 200 20 5-star
Cryptoshaft 200 30 5-star
RogBits 200 30 5-star
Satoshik 200 180 5-star
Gold-bit.co.in 200 400 4-star
Bitcoins Blue 200 720 4-star
BitcoinStar 200 720 4-star
PentaFaucet 151 60 5-star
Sora Faucet 150 30 5-star
Satoshi Terminator 150 60 5-star
GOLBTC 150 300 5-star
BoxFaucet.com 150 720 4-star
FullBitcoins.com 125 5 5-star
FreeFaucetBitco.in 125 15 5-star
GiveMeFreeBitco.in 125 15 5-star
FreeBitcoins4.me 125 15 5-star
BestFaucet.Org 125 15 5-star
TopFaucet.net 125 15 5-star
FreeBitcoinFaucet 125 15 5-star
EarnFreeBitco.in 125 15 5-star
BitcoinsBitcoins 125 15 5-star
Play4Bitco.in 125 15 5-star
BitcoinFaucetPro 125 15 5-star
FreeBitcoinFaucet.Club 125 60 5-star
FreeBitcoinFaucet.Club 125 60 5-star
BTCFaucetPro 125 60 5-star
BestFaucet.Pro 125 60 5-star
BestFaucetBitco.in 125 60 5-star
TopFaucet.Online 125 120 5-star
BitcoinFaucet.Pro 125 120 5-star
BTCFaucet 125 120 5-star
Give me free bitcoins today 125 120 5-star
TopFaucet.Info 125 120 5-star
Dropbox: This list has been compiled and tested using the free Excel Faucet Optimiser
submitted by fatboy_slimfast to CanDoFundraising [link] [comments]

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

This is an automatic summary, original reduced by 66%.
Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace.
The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords.
Here's the Full List of Accounts and their Prices: 100,000 Yahoo accounts acquired from 2012 Last.FM data breach, for 0.0084 Bitcoins.
Adobe breach from October 2013 exposed over 153 million accounts containing internal IDs, usernames, emails, encrypted passwords and a password hint in plain text.
MySpace data breach from 2008 exposed 360 million user accounts, containing usernames, emails and their decrypted passwords, which were leaked on the dark web in 2016.
Millions of Gmail accounts, in which usernames, emails, and plaintext passwords were exposed, were stolen in multiple data breaches in Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and Xbox360 ISO, happened between 2008 and 2016.
Summary Source | FAQ | Theory | Feedback | Top five keywords: account#1 data#2 password#3 breach#4 email#5
Post found in /worldnews.
NOTICE: This thread is for discussing the submission topic. Please do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

Hacker selling over 1 million decrypted Gmail and Yahoo passwords on dark web.

This is an automatic summary, original reduced by 66%.
Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace.
The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords.
Here's the Full List of Accounts and their Prices: 100,000 Yahoo accounts acquired from 2012 Last.FM data breach, for 0.0084 Bitcoins.
Adobe breach from October 2013 exposed over 153 million accounts containing internal IDs, usernames, emails, encrypted passwords and a password hint in plain text.
MySpace data breach from 2008 exposed 360 million user accounts, containing usernames, emails and their decrypted passwords, which were leaked on the dark web in 2016.
Millions of Gmail accounts, in which usernames, emails, and plaintext passwords were exposed, were stolen in multiple data breaches in Bitcoin Security Forum, Tumblr, Last.fm, 000webhost, Adobe, Dropbox, Flash Flash Revolution, LookBook and Xbox360 ISO, happened between 2008 and 2016.
Summary Source | FAQ | Theory | Feedback | Top five keywords: account#1 data#2 password#3 breach#4 email#5
Post found in /news.
NOTICE: This thread is for discussing the submission topic. Please do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

How to build a Vault for your Bitcoins

What: An Encrypted Arch Linux Virtual Machine to store your wallet.
Why: This adds a few extra layers of protection to your wallet. If your wallet were a treasure chest this method would be like building a Castle around it.
Instead of storing your wallet on your Operating System or on a website build a virtual computer using VMWare or Virtual Box. Doing this enables us to do some fun things - like encrypting the hard disk. That encryption and an extra login are two additional barriers an attacker would need to overcome.
Plus, a copy will fit on a USB drive. Make one and stick that USB drive in a fireproof safe in your closet.
Q: But what if someone just steals a copy of the VM from my computer?
A: In my instructions we are using a 20G harddisk encrypted with a 512 bit AES Cipher. That's the same standard used by the U.S. Government. I can't count high enough on my fingers, but if they have the processing powetime to do that they would probably make more mining.
Q: How is this any different than running Bitcoin normally?
A: A Virtual Machine is a computer within a computer. If you've heard of "The Cloud" that's virtualization. The companies that build that software offer non-commercial version for free. So you're be running a computer within a computer. Additionally, you can leave the VM powered off while using your computer like normal.
Q: Why is this a vault?
A: Like in the above metaphor, if you have a large number of bitcoins you don't plan on spending any time soon this is a perfect way of storing them long term - or if you just want a dropbox you can deposit in to without worrying. For example, I have multiple wallets. My vault is where I store a large bulk of my coins since I won't be using them anytime soon. I carry a small balance in a separate wallet for spending/accepting payments. Then I can always make drops from my small wallet to the large one, without ever turning on my vault VM or changing how I operate my computer.
Please please send questions and feedback my way. The best thing about this is polishing it up with the communities support.
Shameless Donation Request:
13pB2wSNPJpkKPR7TNki2ksLtv14V4NF5E
Links:
http://www.youtube.com/watch?v=wcuiyFmjVdA&feature=youtu.be
http://www.youtube.com/watch?v=Wv3xw_hlBIk&feature=youtu.be
http://www.youtube.com/watch?v=_B67lp6vvQ0&feature=youtu.be
http://www.youtube.com/watch?v=KOXXBClAa6I&feature=youtu.be
TL;DR: Watch my videos, build a castle around an uber protected bitcoin wallet.
submitted by MeanOfPhidias to Bitcoin [link] [comments]

Some (or a lot) of ease of life suggestions

Hello! I am back again and after experimenting and tinkering with various different bitcoin wallets, I feel like GreenAddress has the most potential and I want to help, so here goes:
1) A fingerprint-free mode: This is something that electrum and carbonwallet does best for someone who's paranoid. What it does is that you don't have an "account" on the server, but rather your wallet are generated on the spot through your mnemonic, and in GreenWallet case, its your mnemonic + server BIP32 public key.
-> Pros: - In case the server gets hacked, the user's private information isn't exposed (especially if they linked their social media account).
-> Cons: - Lack of 2FA since 2FA is tied to an account. This can be circumvented by having the user input what they want to set as their 2FA whether it be email, SMS, or Google Authenticator, then whatever they put in becomes part of the mnemonic seed (kind of like the encrypted seed) during account setup, so in order to login and access the account they'd have to decrypt it with their 2FA first.
2) ..nLockTime, something that should be a useful safety net becomes something really cumbersome for an average bitcoin user by having to download and update their nLockTime.zip every time a transaction occurs, and it becomes a nightmare for bitcoin miners who receives periodic rewards everyday. I know you can ignore this feature but it clogs up your mail box and if you disable it, you can't recover funds if the server get hit with an asteroid.
Which brings me to the only reasonable solution: 2of3 multisig, ..dun dun DUNNNNNN! But rather than asking the user to save some long xpriv616Aw.... key, they can simply save an encrypted mnemonic version of it, then they could write it out on paper or remember it. And the best part is, the recovery process can be done through the same UI by simply prompting for the backup seed if they can't reach the server.
P.S. I know you already mentioned this feature is being worked on as part of subwallet but it couldn't come any sooner!
3) Longer PINs (say 4-12), can't see why not.
4) Sending to multiple addresses at once. (You can't even bypass this currently because the server forces you to wait for previous transaction to get confirmed before sending another).
5) Online storage integration like Google Drive and Dropbox. Instead of having GreenAddress sign our transaction, we could optionally encrypt and store it on a secure google drive and use it's API to sign transactions for full independence from GreenAddress, still be secured as an attacker would have to compromise both your computer and Google themselves. Just a thought.
P.S. I'll be back with more suggestions muwahahaha!
submitted by ZionHikari to greenaddress [link] [comments]

Getting a hacked WIN7 system back online safely and preferably imaging HDD first?

OK, here's the issue:
My Windows 7 64bit Ultimate was hacked (I believe using TeamViewer, likely related to a HeartBleed hack) and ever since I realised the extent of the hacking, I immediately disconnected the internet, turned it off and have not turned it back on for 2 months.
Issues experienced included:
Can someone help me do the following:
FYI:
submitted by AussieCryptoCurrency to techsupport [link] [comments]

Fish Tacos - Top 50 FaucetBOX Faucets of the week

Fish Tacos - Top 50 FaucetBOX Faucets of the week
If you want your favourite faucet in next week's list, post a comment and it will be checked out.
Faucet Minimum Interval Rating
Bitcoin Catcher 1000 480 4-star
3bitco.in 800 1000 4-star
BoxFaucet.net 550 1440 5-star
Blue-Faucet 500 1000 4-star
1024 Faucet 324 1024 5-star
BitcoinAmerica 301 1440 5-star
Chevaux 300 720 5-star
JavaFaucet 300 720 5-star
FaucetBTC.top 300 720 4-star
DC Faucet 300 720 4-star
4bitco.in 300 1000 4-star
NewsBtcoins 300 1440 4-star
Faucet Click 250 360 4-star
Predimania 250 720 4-star
DayroxFaucet 250 720 4-star
YeyoFaucet 250 720 4-star
Satoshik 200 180 5-star
Sora Faucet 200 30 4-star
GOLBTC 200 300 4-star
Bitcoins Blue 198 420 5-star
The Pirate Pay 160 60 4-star
9x Faucet 153 60 4-star
Whatsapp Faucet 153 60 4-star
PentaFaucet 151 90 4-star
BIGCOIN 150 30 5-star
FullBitcoins 125 5 5-star
FreeBitcoins4.me 125 15 5-star
BitcoinFaucetPro 125 15 5-star
Play4Bitco.in 125 15 5-star
BitcoinsBitcoins 125 15 5-star
TopFaucet.net 125 15 5-star
GiveMeFreeBitco.in 125 15 5-star
FreeFaucetBitco.in 125 15 5-star
FreeBitcoinFaucet 125 15 5-star
BestFaucet.Org 125 15 5-star
EarnFreeBitco.in 125 15 5-star
PeakFaucet 125 30 5-star
BTCFaucetPro 125 60 5-star
BestFaucetBitco.in 125 60 5-star
FreeBitcoinFaucet.Club 125 60 5-star
BestFaucet.Pro 125 60 5-star
BitcoinFaucet.Pro 125 120 5-star
BTCFaucet 125 120 5-star
Give me free bitcoins today 125 120 5-star
TopFaucet.Info 125 120 5-star
TopFaucet.Online 125 120 5-star
Acqua 125 30 4-star
ClickBitcoin 124 800 4-star
SatoshiWorld.club 120 60 4-star
Coin Tank 120 120 4-star
Dropbox: This list has been compiled and tested using the free Excel Faucet Optimiser (x-post /CanDoFundraising)
submitted by fatboy_slimfast to CryptoFaucets [link] [comments]

Dropbox  Einführung & Tipps zur Cloudlösung - YouTube Bitcoin Mining in Minecraft! Joe Rogan Experience #1460 - Donnell Rawlings - YouTube DROPBOX SELECTIVE SYNC - YouTube YouTube

Create a Dropbox account. First name. Last name. Email. Password. Good passwords are hard to guess. Use uncommon words or inside jokes, non-standard uPPercasing, creative spelllling, and non-obvious numbers and symbols. Caps lock is currently on. Starting your node automatically each time you login to your computer makes it easy for you to contribute to the network. The easiest way to do this is to tell Bitcoin Core GUI to start at login. While running Bitcoin Core GUI, open the Bitcoin Core menu and choose Preferences. On the Main tab, click Start Bitcoin on system login. Click the Ok ... Digital money that’s instant, private, and free from bank fees. Download our official wallet app and start using Bitcoin today. Read news, start mining, and buy BTC or BCH. Login Register Bitcoin To Currency Calculator Coin Dropbox Inc. is an international investment company specializing in delivering the best investment services and trading strategies for online investors Analyst Who Called XRP’s Retracement to $0.16 Is Bullish. On March 26th, the price of XRP suddenly shot up out of nowhere, rallying by more than 10% within a few hours’ time out of nowhere, leaving Three Arrows Capital’s CEO, Su Zhu, to remark: “XRP looks like it wants to retrace months of underperformance in a few days now.”

[index] [5837] [6806] [14314] [19101] [572] [28182] [7668] [30154] [18188] [18964]

Dropbox Einführung & Tipps zur Cloudlösung - YouTube

The easiest way to run Bitcoin and Lightning. Category ... Dropbox backup, Influx, Grafana, etc. - Duration: 18:19. Andreas Spiess ... How To Design Login And Register Form In Java Netbeans ... Mit Dropbox kannst du deine Dateien in einer Cloud speichern, verwalten und teilen. Die Software biete weitere hilfreiche Tools, über die du in diesem Video ... How Long Can I Live In Someone's Base Before They Notice? Minecraft Home Invasion E1 - Duration: 12:16. LoverFella Recommended for you If you ever find yourself wanting to only sync a handful or just some of your DropBox files to your laptop, DropBox's Selective Sync feature allows you to do... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

#