Block hashing algorithm - Bitcoin Wiki

Dragonchain Great Reddit Scaling Bake-Off Public Proposal

Dragonchain Great Reddit Scaling Bake-Off Public Proposal

Dragonchain Public Proposal TL;DR:

Dragonchain has demonstrated twice Reddit’s entire total daily volume (votes, comments, and posts per Reddit 2019 Year in Review) in a 24-hour demo on an operational network. Every single transaction on Dragonchain is decentralized immediately through 5 levels of Dragon Net, and then secured with combined proof on Bitcoin, Ethereum, Ethereum Classic, and Binance Chain, via Interchain. At the time, in January 2020, the entire cost of the demo was approximately $25K on a single system (transaction fees locked at $0.0001/txn). With current fees (lowest fee $0.0000025/txn), this would cost as little as $625.
Watch Joe walk through the entire proposal and answer questions on YouTube.
This proposal is also available on the Dragonchain blog.

Hello Reddit and Ethereum community!

I’m Joe Roets, Founder & CEO of Dragonchain. When the team and I first heard about The Great Reddit Scaling Bake-Off we were intrigued. We believe we have the solutions Reddit seeks for its community points system and we have them at scale.
For your consideration, we have submitted our proposal below. The team at Dragonchain and I welcome and look forward to your technical questions, philosophical feedback, and fair criticism, to build a scaling solution for Reddit that will empower its users. Because our architecture is unlike other blockchain platforms out there today, we expect to receive many questions while people try to grasp our project. I will answer all questions here in this thread on Reddit, and I've answered some questions in the stream on YouTube.
We have seen good discussions so far in the competition. We hope that Reddit’s scaling solution will emerge from The Great Reddit Scaling Bake-Off and that Reddit will have great success with the implementation.

Executive summary

Dragonchain is a robust open source hybrid blockchain platform that has proven to withstand the passing of time since our inception in 2014. We have continued to evolve to harness the scalability of private nodes, yet take full advantage of the security of public decentralized networks, like Ethereum. We have a live, operational, and fully functional Interchain network integrating Bitcoin, Ethereum, Ethereum Classic, and ~700 independent Dragonchain nodes. Every transaction is secured to Ethereum, Bitcoin, and Ethereum Classic. Transactions are immediately usable on chain, and the first decentralization is seen within 20 seconds on Dragon Net. Security increases further to public networks ETH, BTC, and ETC within 10 minutes to 2 hours. Smart contracts can be written in any executable language, offering full freedom to existing developers. We invite any developer to watch the demo, play with our SDK’s, review open source code, and to help us move forward. Dragonchain specializes in scalable loyalty & rewards solutions and has built a decentralized social network on chain, with very affordable transaction costs. This experience can be combined with the insights Reddit and the Ethereum community have gained in the past couple of months to roll out the solution at a rapid pace.

Response and PoC

In The Great Reddit Scaling Bake-Off post, Reddit has asked for a series of demonstrations, requirements, and other considerations. In this section, we will attempt to answer all of these requests.

Live Demo

A live proof of concept showing hundreds of thousands of transactions
On Jan 7, 2020, Dragonchain hosted a 24-hour live demonstration during which a quarter of a billion (250 million+) transactions executed fully on an operational network. Every single transaction on Dragonchain is decentralized immediately through 5 levels of Dragon Net, and then secured with combined proof on Bitcoin, Ethereum, Ethereum Classic, and Binance Chain, via Interchain. This means that every single transaction is secured by, and traceable to these networks. An attack on this system would require a simultaneous attack on all of the Interchained networks.
24 hours in 4 minutes (YouTube):
24 hours in 4 minutes
The demonstration was of a single business system, and any user is able to scale this further, by running multiple systems simultaneously. Our goals for the event were to demonstrate a consistent capacity greater than that of Visa over an extended time period.
Tooling to reproduce our demo is available here:
https://github.com/dragonchain/spirit-bomb

Source Code

Source code (for on & off-chain components as well tooling used for the PoC). The source code does not have to be shared publicly, but if Reddit decides to use a particular solution it will need to be shared with Reddit at some point.

Scaling

How it works & scales

Architectural Scaling

Dragonchain’s architecture attacks the scalability issue from multiple angles. Dragonchain is a hybrid blockchain platform, wherein every transaction is protected on a business node to the requirements of that business or purpose. A business node may be held completely private or may be exposed or replicated to any level of exposure desired.
Every node has its own blockchain and is independently scalable. Dragonchain established Context Based Verification as its consensus model. Every transaction is immediately usable on a trust basis, and in time is provable to an increasing level of decentralized consensus. A transaction will have a level of decentralization to independently owned and deployed Dragonchain nodes (~700 nodes) within seconds, and full decentralization to BTC and ETH within minutes or hours. Level 5 nodes (Interchain nodes) function to secure all transactions to public or otherwise external chains such as Bitcoin and Ethereum. These nodes scale the system by aggregating multiple blocks into a single Interchain transaction on a cadence. This timing is configurable based upon average fees for each respective chain. For detailed information about Dragonchain’s architecture, and Context Based Verification, please refer to the Dragonchain Architecture Document.

Economic Scaling

An interesting feature of Dragonchain’s network consensus is its economics and scarcity model. Since Dragon Net nodes (L2-L4) are independent staking nodes, deployment to cloud platforms would allow any of these nodes to scale to take on a large percentage of the verification work. This is great for scalability, but not good for the economy, because there is no scarcity, and pricing would develop a downward spiral and result in fewer verification nodes. For this reason, Dragonchain uses TIME as scarcity.
TIME is calculated as the number of Dragons held, multiplied by the number of days held. TIME influences the user’s access to features within the Dragonchain ecosystem. It takes into account both the Dragon balance and length of time each Dragon is held. TIME is staked by users against every verification node and dictates how much of the transaction fees are awarded to each participating node for every block.
TIME also dictates the transaction fee itself for the business node. TIME is staked against a business node to set a deterministic transaction fee level (see transaction fee table below in Cost section). This is very interesting in a discussion about scaling because it guarantees independence for business implementation. No matter how much traffic appears on the entire network, a business is guaranteed to not see an increased transaction fee rate.

Scaled Deployment

Dragonchain uses Docker and Kubernetes to allow the use of best practices traditional system scaling. Dragonchain offers managed nodes with an easy to use web based console interface. The user may also deploy a Dragonchain node within their own datacenter or favorite cloud platform. Users have deployed Dragonchain nodes on-prem on Amazon AWS, Google Cloud, MS Azure, and other hosting platforms around the world. Any executable code, anything you can write, can be written into a smart contract. This flexibility is what allows us to say that developers with no blockchain experience can use any code language to access the benefits of blockchain. Customers have used NodeJS, Python, Java, and even BASH shell script to write smart contracts on Dragonchain.
With Docker containers, we achieve better separation of concerns, faster deployment, higher reliability, and lower response times.
We chose Kubernetes for its self-healing features, ability to run multiple services on one server, and its large and thriving development community. It is resilient, scalable, and automated. OpenFaaS allows us to package smart contracts as Docker images for easy deployment.
Contract deployment time is now bounded only by the size of the Docker image being deployed but remains fast even for reasonably large images. We also take advantage of Docker’s flexibility and its ability to support any language that can run on x86 architecture. Any image, public or private, can be run as a smart contract using Dragonchain.

Flexibility in Scaling

Dragonchain’s architecture considers interoperability and integration as key features. From inception, we had a goal to increase adoption via integration with real business use cases and traditional systems.
We envision the ability for Reddit, in the future, to be able to integrate alternate content storage platforms or other financial services along with the token.
  • LBRY - To allow users to deploy content natively to LBRY
  • MakerDAO to allow users to lend small amounts backed by their Reddit community points.
  • STORJ/SIA to allow decentralized on chain storage of portions of content. These integrations or any other are relatively easy to integrate on Dragonchain with an Interchain implementation.

Cost

Cost estimates (on-chain and off-chain) For the purpose of this proposal, we assume that all transactions are on chain (posts, replies, and votes).
On the Dragonchain network, transaction costs are deterministic/predictable. By staking TIME on the business node (as described above) Reddit can reduce transaction costs to as low as $0.0000025 per transaction.
Dragonchain Fees Table

Getting Started

How to run it
Building on Dragonchain is simple and requires no blockchain experience. Spin up a business node (L1) in our managed environment (AWS), run it in your own cloud environment, or on-prem in your own datacenter. Clear documentation will walk you through the steps of spinning up your first Dragonchain Level 1 Business node.
Getting started is easy...
  1. Download Dragonchain’s dctl
  2. Input three commands into a terminal
  3. Build an image
  4. Run it
More information can be found in our Get started documents.

Architecture
Dragonchain is an open source hybrid platform. Through Dragon Net, each chain combines the power of a public blockchain (like Ethereum) with the privacy of a private blockchain.
Dragonchain organizes its network into five separate levels. A Level 1, or business node, is a totally private blockchain only accessible through the use of public/private keypairs. All business logic, including smart contracts, can be executed on this node directly and added to the chain.
After creating a block, the Level 1 business node broadcasts a version stripped of sensitive private data to Dragon Net. Three Level 2 Validating nodes validate the transaction based on guidelines determined from the business. A Level 3 Diversity node checks that the level 2 nodes are from a diverse array of locations. A Level 4 Notary node, hosted by a KYC partner, then signs the validation record received from the Level 3 node. The transaction hash is ledgered to the Level 5 public chain to take advantage of the hash power of massive public networks.
Dragon Net can be thought of as a “blockchain of blockchains”, where every level is a complete private blockchain. Because an L1 can send to multiple nodes on a single level, proof of existence is distributed among many places in the network. Eventually, proof of existence reaches level 5 and is published on a public network.

API Documentation

APIs (on chain & off)

SDK Source

Nobody’s Perfect

Known issues or tradeoffs
  • Dragonchain is open source and even though the platform is easy enough for developers to code in any language they are comfortable with, we do not have so large a developer community as Ethereum. We would like to see the Ethereum developer community (and any other communities) become familiar with our SDK’s, our solutions, and our platform, to unlock the full potential of our Ethereum Interchain. Long ago we decided to prioritize both Bitcoin and Ethereum Interchains. We envision an ecosystem that encompasses different projects to give developers the ability to take full advantage of all the opportunities blockchain offers to create decentralized solutions not only for Reddit but for all of our current platforms and systems. We believe that together we will take the adoption of blockchain further. We currently have additional Interchain with Ethereum Classic. We look forward to Interchain with other blockchains in the future. We invite all blockchains projects who believe in decentralization and security to Interchain with Dragonchain.
  • While we only have 700 nodes compared to 8,000 Ethereum and 10,000 Bitcoin nodes. We harness those 18,000 nodes to scale to extremely high levels of security. See Dragonchain metrics.
  • Some may consider the centralization of Dragonchain’s business nodes as an issue at first glance, however, the model is by design to protect business data. We do not consider this a drawback as these nodes can make any, none, or all data public. Depending upon the implementation, every subreddit could have control of its own business node, for potential business and enterprise offerings, bringing new alternative revenue streams to Reddit.

Costs and resources

Summary of cost & resource information for both on-chain & off-chain components used in the PoC, as well as cost & resource estimates for further scaling. If your PoC is not on mainnet, make note of any mainnet caveats (such as congestion issues).
Every transaction on the PoC system had a transaction fee of $0.0001 (one-hundredth of a cent USD). At 256MM transactions, the demo cost $25,600. With current operational fees, the same demonstration would cost $640 USD.
For the demonstration, to achieve throughput to mimic a worldwide payments network, we modeled several clients in AWS and 4-5 business nodes to handle the traffic. The business nodes were tuned to handle higher throughput by adjusting memory and machine footprint on AWS. This flexibility is valuable to implementing a system such as envisioned by Reddit. Given that Reddit’s daily traffic (posts, replies, and votes) is less than half that of our demo, we would expect that the entire Reddit system could be handled on 2-5 business nodes using right-sized containers on AWS or similar environments.
Verification was accomplished on the operational Dragon Net network with over 700 independently owned verification nodes running around the world at no cost to the business other than paid transaction fees.

Requirements

Scaling

This PoC should scale to the numbers below with minimal costs (both on & off-chain). There should also be a clear path to supporting hundreds of millions of users.
Over a 5 day period, your scaling PoC should be able to handle:
*100,000 point claims (minting & distributing points) *25,000 subscriptions *75,000 one-off points burning *100,000 transfers
During Dragonchain’s 24 hour demo, the above required numbers were reached within the first few minutes.
Reddit’s total activity is 9000% more than Ethereum’s total transaction level. Even if you do not include votes, it is still 700% more than Ethereum’s current volume. Dragonchain has demonstrated that it can handle 250 million transactions a day, and it’s architecture allows for multiple systems to work at that level simultaneously. In our PoC, we demonstrate double the full capacity of Reddit, and every transaction was proven all the way to Bitcoin and Ethereum.
Reddit Scaling on Ethereum

Decentralization

Solutions should not depend on any single third-party provider. We prefer solutions that do not depend on specific entities such as Reddit or another provider, and solutions with no single point of control or failure in off-chain components but recognize there are numerous trade-offs to consider
Dragonchain’s architecture calls for a hybrid approach. Private business nodes hold the sensitive data while the validation and verification of transactions for the business are decentralized within seconds and secured to public blockchains within 10 minutes to 2 hours. Nodes could potentially be controlled by owners of individual subreddits for more organic decentralization.
  • Billing is currently centralized - there is a path to federation and decentralization of a scaled billing solution.
  • Operational multi-cloud
  • Operational on-premises capabilities
  • Operational deployment to any datacenter
  • Over 700 independent Community Verification Nodes with proof of ownership
  • Operational Interchain (Interoperable to Bitcoin, Ethereum, and Ethereum Classic, open to more)

Usability Scaling solutions should have a simple end user experience.

Users shouldn't have to maintain any extra state/proofs, regularly monitor activity, keep track of extra keys, or sign anything other than their normal transactions
Dragonchain and its customers have demonstrated extraordinary usability as a feature in many applications, where users do not need to know that the system is backed by a live blockchain. Lyceum is one of these examples, where the progress of academy courses is being tracked, and successful completion of courses is rewarded with certificates on chain. Our @Save_The_Tweet bot is popular on Twitter. When used with one of the following hashtags - #please, #blockchain, #ThankYou, or #eternalize the tweet is saved through Eternal to multiple blockchains. A proof report is available for future reference. Other examples in use are DEN, our decentralized social media platform, and our console, where users can track their node rewards, view their TIME, and operate a business node.
Examples:

Transactions complete in a reasonable amount of time (seconds or minutes, not hours or days)
All transactions are immediately usable on chain by the system. A transaction begins the path to decentralization at the conclusion of a 5-second block when it gets distributed across 5 separate community run nodes. Full decentralization occurs within 10 minutes to 2 hours depending on which interchain (Bitcoin, Ethereum, or Ethereum Classic) the transaction hits first. Within approximately 2 hours, the combined hash power of all interchained blockchains secures the transaction.

Free to use for end users (no gas fees, or fixed/minimal fees that Reddit can pay on their behalf)
With transaction pricing as low as $0.0000025 per transaction, it may be considered reasonable for Reddit to cover transaction fees for users.
All of Reddit's Transactions on Blockchain (month)
Community points can be earned by users and distributed directly to their Reddit account in batch (as per Reddit minting plan), and allow users to withdraw rewards to their Ethereum wallet whenever they wish. Withdrawal fees can be paid by either user or Reddit. This model has been operating inside the Dragonchain system since 2018, and many security and financial compliance features can be optionally added. We feel that this capability greatly enhances user experience because it is seamless to a regular user without cryptocurrency experience, yet flexible to a tech savvy user. With regard to currency or token transactions, these would occur on the Reddit network, verified to BTC and ETH. These transactions would incur the $0.0000025 transaction fee. To estimate this fee we use the monthly active Reddit users statista with a 60% adoption rate and an estimated 10 transactions per month average resulting in an approximate $720 cost across the system. Reddit could feasibly incur all associated internal network charges (mining/minting, transfer, burn) as these are very low and controllable fees.
Reddit Internal Token Transaction Fees

Reddit Ethereum Token Transaction Fees
When we consider further the Ethereum fees that might be incurred, we have a few choices for a solution.
  1. Offload all Ethereum transaction fees (user withdrawals) to interested users as they wish to withdraw tokens for external use or sale.
  2. Cover Ethereum transaction fees by aggregating them on a timed schedule. Users would request withdrawal (from Reddit or individual subreddits), and they would be transacted on the Ethereum network every hour (or some other schedule).
  3. In a combination of the above, customers could cover aggregated fees.
  4. Integrate with alternate Ethereum roll up solutions or other proposals to aggregate minting and distribution transactions onto Ethereum.

Bonus Points

Users should be able to view their balances & transactions via a blockchain explorer-style interface
From interfaces for users who have no knowledge of blockchain technology to users who are well versed in blockchain terms such as those present in a typical block explorer, a system powered by Dragonchain has flexibility on how to provide balances and transaction data to users. Transactions can be made viewable in an Eternal Proof Report, which displays raw data along with TIME staking information and traceability all the way to Bitcoin, Ethereum, and every other Interchained network. The report shows fields such as transaction ID, timestamp, block ID, multiple verifications, and Interchain proof. See example here.
Node payouts within the Dragonchain console are listed in chronological order and can be further seen in either Dragons or USD. See example here.
In our social media platform, Dragon Den, users can see, in real-time, their NRG and MTR balances. See example here.
A new influencer app powered by Dragonchain, Raiinmaker, breaks down data into a user friendly interface that shows coin portfolio, redeemed rewards, and social scores per campaign. See example here.

Exiting is fast & simple
Withdrawing funds on Dragonchain’s console requires three clicks, however, withdrawal scenarios with more enhanced security features per Reddit’s discretion are obtainable.

Interoperability Compatibility with third party apps (wallets/contracts/etc) is necessary.
Proven interoperability at scale that surpasses the required specifications. Our entire platform consists of interoperable blockchains connected to each other and traditional systems. APIs are well documented. Third party permissions are possible with a simple smart contract without the end user being aware. No need to learn any specialized proprietary language. Any code base (not subsets) is usable within a Docker container. Interoperable with any blockchain or traditional APIs. We’ve witnessed relatively complex systems built by engineers with no blockchain or cryptocurrency experience. We’ve also demonstrated the creation of smart contracts within minutes built with BASH shell and Node.js. Please see our source code and API documentation.

Scaling solutions should be extensible and allow third parties to build on top of it Open source and extensible
APIs should be well documented and stable

Documentation should be clear and complete
For full documentation, explore our docs, SDK’s, Github repo’s, architecture documents, original Disney documentation, and other links or resources provided in this proposal.

Third-party permissionless integrations should be possible & straightforward Smart contracts are Docker based, can be written in any language, use full language (not subsets), and can therefore be integrated with any system including traditional system APIs. Simple is better. Learning an uncommon or proprietary language should not be necessary.
Advanced knowledge of mathematics, cryptography, or L2 scaling should not be required. Compatibility with common utilities & toolchains is expected.
Dragonchain business nodes and smart contracts leverage Docker to allow the use of literally any language or executable code. No proprietary language is necessary. We’ve witnessed relatively complex systems built by engineers with no blockchain or cryptocurrency experience. We’ve also demonstrated the creation of smart contracts within minutes built with BASH shell and Node.js.

Bonus

Bonus Points: Show us how it works. Do you have an idea for a cool new use case for Community Points? Build it!

TIME

Community points could be awarded to Reddit users based upon TIME too, whereas the longer someone is part of a subreddit, the more community points someone naturally gained, even if not actively commenting or sharing new posts. A daily login could be required for these community points to be credited. This grants awards to readers too and incentivizes readers to create an account on Reddit if they browse the website often. This concept could also be leveraged to provide some level of reputation based upon duration and consistency of contribution to a community subreddit.

Dragon Den

Dragonchain has already built a social media platform that harnesses community involvement. Dragon Den is a decentralized community built on the Dragonchain blockchain platform. Dragon Den is Dragonchain’s answer to fake news, trolling, and censorship. It incentivizes the creation and evaluation of quality content within communities. It could be described as being a shareholder of a subreddit or Reddit in its entirety. The more your subreddit is thriving, the more rewarding it will be. Den is currently in a public beta and in active development, though the real token economy is not live yet. There are different tokens for various purposes. Two tokens are Lair Ownership Rights (LOR) and Lair Ownership Tokens (LOT). LOT is a non-fungible token for ownership of a specific Lair. LOT will only be created and converted from LOR.
Energy (NRG) and Matter (MTR) work jointly. Your MTR determines how much NRG you receive in a 24-hour period. Providing quality content, or evaluating content will earn MTR.

Security. Users have full ownership & control of their points.
All community points awarded based upon any type of activity or gift, are secured and provable to all Interchain networks (currently BTC, ETH, ETC). Users are free to spend and withdraw their points as they please, depending on the features Reddit wants to bring into production.

Balances and transactions cannot be forged, manipulated, or blocked by Reddit or anyone else
Users can withdraw their balance to their ERC20 wallet, directly through Reddit. Reddit can cover the fees on their behalf, or the user covers this with a portion of their balance.

Users should own their points and be able to get on-chain ERC20 tokens without permission from anyone else
Through our console users can withdraw their ERC20 rewards. This can be achieved on Reddit too. Here is a walkthrough of our console, though this does not show the quick withdrawal functionality, a user can withdraw at any time. https://www.youtube.com/watch?v=aNlTMxnfVHw

Points should be recoverable to on-chain ERC20 tokens even if all third-parties involved go offline
If necessary, signed transactions from the Reddit system (e.g. Reddit + Subreddit) can be sent to the Ethereum smart contract for minting.

A public, third-party review attesting to the soundness of the design should be available
To our knowledge, at least two large corporations, including a top 3 accounting firm, have conducted positive reviews. These reviews have never been made public, as Dragonchain did not pay or contract for these studies to be released.

Bonus points
Public, third-party implementation review available or in progress
See above

Compatibility with HSMs & hardware wallets
For the purpose of this proposal, all tokenization would be on the Ethereum network using standard token contracts and as such, would be able to leverage all hardware wallet and Ethereum ecosystem services.

Other Considerations

Minting/distributing tokens is not performed by Reddit directly
This operation can be automated by smart contract on Ethereum. Subreddits can if desired have a role to play.

One off point burning, as well as recurring, non-interactive point burning (for subreddit memberships) should be possible and scalable
This is possible and scalable with interaction between Dragonchain Reddit system and Ethereum token contract(s).

Fully open-source solutions are strongly preferred
Dragonchain is fully open source (see section on Disney release after conclusion).

Conclusion

Whether it is today, or in the future, we would like to work together to bring secure flexibility to the highest standards. It is our hope to be considered by Ethereum, Reddit, and other integrative solutions so we may further discuss the possibilities of implementation. In our public demonstration, 256 million transactions were handled in our operational network on chain in 24 hours, for the low cost of $25K, which if run today would cost $625. Dragonchain’s interoperable foundation provides the atmosphere necessary to implement a frictionless community points system. Thank you for your consideration of our proposal. We look forward to working with the community to make something great!

Disney Releases Blockchain Platform as Open Source

The team at Disney created the Disney Private Blockchain Platform. The system was a hybrid interoperable blockchain platform for ledgering and smart contract development geared toward solving problems with blockchain adoption and usability. All objective evaluation would consider the team’s output a success. We released a list of use cases that we explored in some capacity at Disney, and our input on blockchain standardization as part of our participation in the W3C Blockchain Community Group.
https://lists.w3.org/Archives/Public/public-blockchain/2016May/0052.html

Open Source

In 2016, Roets proposed to release the platform as open source to spread the technology outside of Disney, as others within the W3C group were interested in the solutions that had been created inside of Disney.
Following a long process, step by step, the team met requirements for release. Among the requirements, the team had to:
  • Obtain VP support and approval for the release
  • Verify ownership of the software to be released
  • Verify that no proprietary content would be released
  • Convince the organization that there was a value to the open source community
  • Convince the organization that there was a value to Disney
  • Offer the plan for ongoing maintenance of the project outside of Disney
  • Itemize competing projects
  • Verify no conflict of interest
  • Preferred license
  • Change the project name to not use the name Disney, any Disney character, or any other associated IP - proposed Dragonchain - approved
  • Obtain legal approval
  • Approval from corporate, parks, and other business units
  • Approval from multiple Disney patent groups Copyright holder defined by Disney (Disney Connected and Advanced Technologies)
  • Trademark searches conducted for the selected name Dragonchain
  • Obtain IT security approval
  • Manual review of OSS components conducted
  • OWASP Dependency and Vulnerability Check Conducted
  • Obtain technical (software) approval
  • Offer management, process, and financial plans for the maintenance of the project.
  • Meet list of items to be addressed before release
  • Remove all Disney project references and scripts
  • Create a public distribution list for email communications
  • Remove Roets’ direct and internal contact information
  • Create public Slack channel and move from Disney slack channels
  • Create proper labels for issue tracking
  • Rename internal private Github repository
  • Add informative description to Github page
  • Expand README.md with more specific information
  • Add information beyond current “Blockchains are Magic”
  • Add getting started sections and info on cloning/forking the project
  • Add installation details
  • Add uninstall process
  • Add unit, functional, and integration test information
  • Detail how to contribute and get involved
  • Describe the git workflow that the project will use
  • Move to public, non-Disney git repository (Github or Bitbucket)
  • Obtain Disney Open Source Committee approval for release
On top of meeting the above criteria, as part of the process, the maintainer of the project had to receive the codebase on their own personal email and create accounts for maintenance (e.g. Github) with non-Disney accounts. Given the fact that the project spanned multiple business units, Roets was individually responsible for its ongoing maintenance. Because of this, he proposed in the open source application to create a non-profit organization to hold the IP and maintain the project. This was approved by Disney.
The Disney Open Source Committee approved the application known as OSSRELEASE-10, and the code was released on October 2, 2016. Disney decided to not issue a press release.
Original OSSRELASE-10 document

Dragonchain Foundation

The Dragonchain Foundation was created on January 17, 2017. https://den.social/l/Dragonchain/24130078352e485d96d2125082151cf0/dragonchain-and-disney/
submitted by j0j0r0 to ethereum [link] [comments]

$12M in ‘Satoshi Era’ Bitcoins Move: 21 Block Rewards from 2010 Spent After a Decade of Slumber

$12M in ‘Satoshi Era’ Bitcoins Move: 21 Block Rewards from 2010 Spent After a Decade of Slumber
On early Sunday morning around 1:38:02 a.m. (New York time), approximately 20 blocks with coinbase rewards from 2010 were spent in one block. 1,000 BTC was then consolidated into a single address before moving again. The massive movement of the decade-old ‘sleeping’ bitcoins was caught by an onchain transaction parser and the coins were spent in block 652,204.
\* Update, approximately* 9.99999943 BTC or $114k worth of the 1,050 bitcoins from 2010 were sent to the Free Software Foundation.

Miner Spends 21 Blocks from 2010 Following the Same Pattern That Happened the Day Before Black Thursday
Similar to the big move the day before March 12, the miner also transferred one last 2010 block mined at block height 652,229, to finish off the group of transactions making it a total of 21 consecutive 2010 block rewards moved.
What we know so far is quite a bit of ‘Satoshi era’ or so-called ‘sleeping’ bitcoin rewards from 2010 moved during the early morning hours on Sunday morning. The action was caught by the application Btcparser.com, as a bitcoin miner or miners decided to spend approximately 21 blocks from 2010 around 1:38 a.m. (ET).

The onchain parser Btcparser.com caught the action on Sunday morning on October 11, 2020. Btcparser’s application shows three types of parsed data obtained from the Bitcoin (BTC) blockchain. The first parser combs the BTC blockchain for activity related to 64,529 addresses stemming from 2009 through 2017.
The 2010 blocks spent in total on Sunday held 1,050 BTC or $11.9 million at current BTC exchange rates. News.Bitcoin.com was also the first to catch the spending of 21 blocks from 2010, that a miner or group of miners, transferred the day before March 12, 2020, otherwise known as ‘Black Thursday.’
The movement of ‘sleeping’ bitcoin rewards is not a regular occurrence, and especially coins that were mined ten years ago that have sat dormant ever since. The movement on October 11, 2020, is also quite odd because the person or people decided to move the exact same number of 2010 blocks as the March incident. In our report last week, it was noted that a 2010 block reward, coincidentally mined on March 11 of that year, was also transferred to end the session of movements.

While leveraging the application Btcparcer.com, our newsdesk discovered the first 20 blocks from 2010 spent in block 652,204. Another 2010 block was spent in block 652,229 making it a total of 21 decade-old coinbase rewards moved on October 11, 2020.
The exact same thing happened on Sunday morning, approximately 21 blocks, a ten-year span, and 1,050 coins were spent. The final block mined at block height 652,229 was mined on November 10, 2010.
$250,000 Worth of Bitcoin Cash Also Spent
Data also shows that in addition to the BTC moved, the bitcoin cash (BCH) coinbase rewards were also transferred on Sunday morning. Approximately 1,000 BCH from the same decade-old coinbase rewards ($251k) moved on October 11, but blockchain explorers show the corresponding bitcoinsv (BSV) tokens did not move. However, the final BTC block spent on Sunday did not see the associated bitcoin cash (BCH) spent.
The weird transfer that saw 21 blocks from 2010 transferred back in March did see the corresponding bitcoinsv (BSV) spent alongside the corresponding BCH.
The transfer on Sunday is another record for the history books, and one can only speculate if it was a single person or a group of miners. It is also not known, whether or not, the entity plans to sell these coins on the open market.
It seems more likely that the entity was the same person and could very well be the same miner that spent 2010 coins the day before the infamous Black Thursday. At the time of publication, bitcoin (BTC) is doing well price-wise, hovering at $11,300 per coin. One thing that can be said for sure is that a lot of 2010 blocks have been spent in 2020 (54 total), including the rare 2009 block that was mined only one month after Satoshi kickstarted the network.
What do you think about the 21 blocks from 2010 being transferred on Sunday morning?
Image Credits: Shutterstock, Pixabay, Wiki Commons, Btcparser.com, Bitcoin.com,
submitted by williamsouza10 to u/williamsouza10 [link] [comments]

For devs and advanced users that are still in the dark: Read this to get redpilled about why Bitcoin (SV) is the real Bitcoin

This post by cryptorebel is a great intro for newbies. Here is a continuation for a technical audience. I'll be making edits for readability and maybe even add more content.
The short explanation of why BSV is the real Bitcoin is that it implements the original L1 scripting language, and removes hacks like p2sh. It also removes the block size limit, and yes that leads to a small number of huge nodes. It might not be the system you wanted. Nodes are miners.
The key thing to understand about the UTXO architecture is that it is maximally "sharded" by default. Logically dependent transactions may require linear span to construct, but they can be validated in sublinear span (actually polylogarithmic expected span). Constructing dependent transactions happens out-of-band in any case.
The fact that transactions in a block are merkelized is an obvious sign that Bitcoin was designed for big blocks. But merkle trees are only half the story. UTXOs are essentially hash-addressed stateful continuation snapshots which can also be "merged" (validated) in a tree.
I won't even bother talking about how broken Lightning Network is. Of all the L2 scaling solutions that could have been used with small block sizes, it's almost unbelievable how many bad choices they've made. We should be kind to them and assume it was deliberate sabotage rather than insulting their intelligence.
Segwit is also outside the scope of this post.
However I will briefly hate on p2sh. Imagine seeing a stunted L1 script language, and deciding that the best way to implement multisigs was a soft-fork patch in the form of p2sh. If the intent was truly backwards-compatability with old clients, then by that logic all segwit and p2sh addresses are supposed to only be protected by transient rules outside of the protocol. Explain that to your custody clients.
As far as Bitcoin Cash goes, I was in the camp of "there's still time to save BCH" until not too long ago. Unfortunately the galaxy brains behind BCH have doubled down on their mistakes. Again, it is kinder to assume deliberate sabotage. (As an aside, the fact that they didn't embrace the name "bcash" when it was used to attack them shows how unprepared they are when the real psyops start to hit. Or, again, that the saboteurs controlled the entire back-and-forth.)
The one useful thing that came out of BCH is some progress on L1 apps based on covenants, but the issue is that they are not taking care to ensure every change maintains the asymptotic validation complexity of bitcoin's UTXO.
Besides that, The BCH devs missed something big. So did I.
It's possible to load the entire transaction onto the stack without adding any new opcodes. Read this post for a quick intro on how transaction meta-evaluation leads to stateful smart contract capabilities. Note that it was written before I understood how it was possible in Bitcoin, but the concept is the same. I've switching to developing a language that abstracts this behavior and compiles to bitcoin's L1. (Please don't "told you so" at me if you just blindly trusted nChain but still can't explain how it's done.)
It is true that this does not allow exactly the same class of L1 applications as Ethereum. It only allows those than can be made parallel, those that can delegate synchronization to "userspace". It forces you to be scalable, to process bottlenecks out-of-band at a per-application level.
Now, some of the more diehard supporters might say that Satoshi knew this was possible and meant for it to be this way, but honestly I don't believe that. nChain says they discovered the technique 'several years ago'. OP_PUSH_TX would have been a very simple opcode to include, and it does not change any aspect of validation in any way. The entire transaction is already in the L1 evaluation context for the purpose of checksig, it truly changes nothing.
But here's the thing: it doesn't matter if this was a happy accident. What matters is that it works. It is far more important to keep the continuity of the original protocol spec than to keep making optimizations at the protocol level. In a concatenative language like bitcoin script, optimized clients can recognize "checksig trick phrases" regardless of their location in the script, and treat them like a simple opcode. Script size is not a constraint when you allow the protocol to scale as designed. Think of it as precompiles in EVM.
Now let's address Ethereum. V. Buterin recently wrote a great piece about the concept of credible neutrality. The only way for a blockchain system to achieve credible neutrality and long-term decentralization of power is to lock down the protocol rules. The thing that caused Ethereum to succeed was the yellow paper. Ethereum has outperformed every other smart contract platform because the EVM has clear semantics with many implementations, so people can invest time and resources into applications built on it. The EVM is apolitical, the EVM spec (fixed at any particular version) is truly decentralized. Team Ethereum can plausibly maintain credibility and neutrality as long as they make progress towards the "Serenity" vision they outlined years ago. Unfortunately they have already placed themselves in a precarious position by picking and choosing which catastrophes they intervene on at the protocol level.
But those are social and political issues. The major technical issue facing the EVM is that it is inherently sequential. It does not have the key property that transactions that occur "later" in the block can be validated before the transactions they depend on are validated. Sharding will hit a wall faster than you can say "O(n/64) is O(n)". Ethereum will get a lot of mileage out of L2, but the fundamental overhead of synchronization in L1 will never go away. The best case scaling scenario for ETH is an L2 system with sublinear validation properties like UTXO. If the economic activity on that L2 system grows larger than that of the L1 chain, the system loses key security properties. Ethereum is sequential by default with parallelism enabled by L2, while Bitcoin is parallel by default with synchronization forced into L2.
Finally, what about CSW? I expect soon we will see a lot of people shouting, "it doesn't matter who Satoshi is!", and they're right. The blockchain doesn't care if CSW is Satoshi or not. It really seems like many people's mental model is "Bitcoin (BSV) scales and has smart contracts if CSW==Satoshi". Sorry, but UTXO scales either way. The checksig trick works either way.
Coin Woke.
submitted by -mr-word- to bitcoincashSV [link] [comments]

Saturn and Chainlink

“Chainlink is a fully decentralized oracle network which links smart contracts written into a blockchain with data from outside their network. Chainlink allows smart contracts to securely connect to external data sources, APIs, and payment systems, enabling the smart contracts to communicate with and gather data from sources outside the blockchain.”
https://en.m.wikipedia.org/wiki/Chainlink
Don’t ask me what any of that means, as I’m still trying to fully understand these concepts which are new to me. However, what I do know, is that Chainlink is being hyped up to be the next Bitcoin and it has some very mysterious origins. And if you haven’t noticed, Chainlink’s logos are a hexagon and a cube. Now that you have a bit of background information on these symbols (see my last post), you can appreciate the oddities surrounding this company a little more. They also recently acquired Cornell’s Town Crier project, who’s logo is uncannily similar to the astrological symbol for Saturn.
https://thumbor-forbes-com.cdn.ampproject.org/ii/w1200/s/thumbor.forbes.com/thumbo711x245/https://blogs-images.forbes.com/darrynpollock/files/2018/11/chainlink-1200x415.jpg?width=960
https://www.myastrology.net/images/saturn_180x180.jpg
I say the origins of Chainlink are mysterious because what was supposed to be a small startup, was given accolades by the World Economic Forum, not to mention they are already working with the infamous SWIFT system. SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a vast messaging network used by banks all over the world. It does not actually transfer funds, instead it is used to send and receive information such as money transfer instructions. To me this sounds like the foundations of a one world economic system.
But even more strange, is the fact that one of Chainlink’s advisors, Ari Juels, seems to belong to the cult of Demeter.
https://www.arijuels.com/whats-the-banner-about/
Demeter was the goddess of the harvest, agriculture, fertility and sacred law. Saturn was the god of these same things. Saturn was also known as the god with a thousand names and was both male and female, so it is possible that Demeter was a personification of the ringed planet. However, this doesn’t make much of a difference. It’s still weird. Those involved in the cult of Demeter and the Eleusinian Mysteries believed they would be rewarded in the afterlife. There is not much known about them, except that the mythological rebirth of Persephone was very important to them and they celebrated the eternal life force that moved through one generation to the next. They tried their best to keep all of their rites, ceremonies, and beliefs a secret.
Ari Juels also wrote a novel, Tetrakyts. This is the description of it given on Amazon:
“International computer security expert Ari Juels brings his extraordinary talents to fiction in a literary thriller that spans the centuries. Cryptographer and classicist Ambrose Jerusalem is a UC Berkeley graduate student with a beautiful girlfriend and a comfortable future, until the National Security Agency recruits him to track a strange pattern of computer break-ins. Individually, they might not mean much a State Department official discovers a peculiar series of incriminating appointments in her computer calendar dating back to 18th century France; a corrupt president of the International Monetary Fund is startled by an oracular voice from his computer charging him with crimes against divine numerology and God but together, they provide disturbing evidence that someone has broken RSA encryption, the security lynchpin protecting the world’s computer systems. Even more bizarre, a secret cult of latter-day followers of Pythagoras, the great Greek mathematician and philosopher who believed reality could be understood only through a mystical system of numbers, appears to be behind the attacks. With his deep knowledge of both cryptography and classical antiquity, Ambrose is the government’s best chance to uncover the cult. Soon Ambrose discovers he is not only the hunter but the hunted, and the game is not simply code-breaking, but a deadly plan to alter the fate of the world.”
The way they describe the voice coming from the computer is interesting to me. They describe it as ‘oracular’. Chainlink also describes itself this way. They call themselves an ‘oracle network’. An oracle is a priest or priestess who acts as a medium for prophecy to be spoken through. The gods often sought these people out during the days of antiquity. Does Ari see himself as a prophet of the new age? Does he see himself as one of the Pythagorean cultists playing God? Or does he see himself as someone simply caught in the middle unraveling some mystery?
The name of his book is a play on the word tetractys. The tetractys, or tetrad, is:
“a triangular figure consisting of ten points arranged in four rows: one, two, three, and four points in each row, which is the geometrical representation of the fourth triangular number. As a mystical symbol, it was very important to the secret worship of Pythagoreanism. There were four seasons, and the number was also associated with planetary motions and music.”
https://en.m.wikipedia.org/wiki/Tetractys
Pythagoras, like those in the cult of Demeter, believed in reincarnation. However, he also believed between each cycle was a period of 216 years, which is the number six cubed (or 6³).
This is still a work in progress. I will write more as I gather more information. I just truly believe there is something to this whole Chainlink thing and I want to figure it out. Any new information or insight would be greatly appreciated (-:
submitted by nickhintonn333 to conspiracy [link] [comments]

A few stories about Brian Krebs: The independent cybercrime journalist who exposes criminals on the internet

First, a bit of introduction before we get into the living drama that is Brian Krebs.
Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring.
In 2009, Krebs left to start his own site, KrebsOnSecurity. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him.
One of his first posts on his new site was a selection of his best work. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to.
And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.

Fly on the Wall

By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously to the point where the police actually know to give him a ring and see if there'd actually been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards.
However, one particular campaign against him caught his eye. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places.
So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum.
While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site.
By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away.
Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs". Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper into the сука behind things.
He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances.
More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses)
While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Fly ultimately was extradited. He plead guilty and was sentenced to 41 months in jail

vDOS and Mirai Break The Internet

Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity. It usually means law enforcement isn't far behind. One such business was known as vDOS. A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers.
In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama.
The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia. Anyway, we'll get back to BackConnect.
Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity was hit with a record breaking DDOS attack, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks.
This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years.
Now time for a couple quick side stories:
Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn
And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 1.3.3.7. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 1.3.3.7. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider.
Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site.
Back to the main tale!
So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki. How did this name come to light? The creator posted the source code online. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai".
As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it. By December, "Operation Tarpit" had wrought 34 arrests and over a hundred "knock and talk" interviews questioning people about their involvement.
By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf.
While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei.
Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei, as well as Mirai Nikki, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
He did, however, correct Krebs on the name of B Gata H Kei.
Epilogue
Needless to say, the Mirai botnet crew was caught, but managed to avoid jailtime thanks to their cooperation with the government. That's not to say they went unpunished. Anna-senpai was sentenced to 6 months confinement, 2500 hours of community service, and they may have to pay up to $8.6 million in restitution for their attacks on Rutgers university.

Other Stories

I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
submitted by HereComesMyDingDong to internetdrama [link] [comments]

[Daily BAT Discussion] Hot Rod Ignition - April 21, 2019

April 21, 2019
Hey BAT captains! Welcome to the Daily BAT Discussion!
If you're a new publisher, feel free to post your website/channel here!
Yesterday's Market Movements: Up
Today was absolutely bonkers, with BAT exploding from a low of 7500 sats up to an insane high of 9400 sats before falling back and currently trying to stabilize at 8400 satoshis (~$0.44). The volume also multiplied about 5x over the span of a few hours while it soared, hitting about 6000 BTC of volume on Binance. Not sure what caused that crazy run, but it seems like we are definitely hitting higher lows and higher highs. Bitcoin is still pretty stable at around $5200-$5300, bouncing a bit trying to find its spot in the sun. Short to mid term, I'm a bit more neutral on Bitcoin. So as long as Bitcoin doesn't do anything wacky, BAT should be prepped to consolidate and hopefully continue its "slow" rise upward over the next few days.
Have a great Sunday, folks. Remember, tell a friend about Brave, and invest responsibly!
Brave and BAT Tutorials
Check out these basic tutorials about BAT and the Brave browser!
BAT's Official Telegram channel
Join us on the official BAT telegram! @BATProject
Current members: 11,664
Daily Discussion Rules
Remember, the permitted topics of discussion include, but are not limited to:
Oh hey, don't forget to upvote!
Disclaimer: All content on BAT Dailies are not affiliated with the official Brave or BAT team, and are solely run and provided by the BAT community unless otherwise stated. Market analysis and any (of my amateur) predictions are not financial advice!
submitted by dragespir to BATProject [link] [comments]

Saturn and Chainlink

“Chainlink is a fully decentralized oracle network which links smart contracts written into a blockchain with data from outside their network. Chainlink allows smart contracts to securely connect to external data sources, APIs, and payment systems, enabling the smart contracts to communicate with and gather data from sources outside the blockchain.”
https://en.m.wikipedia.org/wiki/Chainlink
Don’t ask me what any of that means, as I’m still trying to fully understand these concepts which are new to me. However, what I do know, is that Chainlink is being hyped up to be the next Bitcoin and it has some very mysterious origins. And if you haven’t noticed, Chainlink’s logos are a hexagon and a cube. Now that you have a bit of background information on these symbols (see my last post), you can appreciate the oddities surrounding this company a little more. They also recently acquired Cornell’s Town Crier project, who’s logo is uncannily similar to the astrological symbol for Saturn.
https://thumbor-forbes-com.cdn.ampproject.org/ii/w1200/s/thumbor.forbes.com/thumbo711x245/https://blogs-images.forbes.com/darrynpollock/files/2018/11/chainlink-1200x415.jpg?width=960
https://www.myastrology.net/images/saturn_180x180.jpg
I say the origins of Chainlink are mysterious because what was supposed to be a small startup, was given accolades by the World Economic Forum, not to mention they are already working with the infamous SWIFT system. SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a vast messaging network used by banks all over the world. It does not actually transfer funds, instead it is used to send and receive information such as money transfer instructions. To me this sounds like the foundations of a one world economic system.
But even more strange, is the fact that one of Chainlink’s advisors, Ari Juels, seems to belong to the cult of Demeter.
https://www.arijuels.com/whats-the-banner-about/
Demeter was the goddess of the harvest, agriculture, fertility and sacred law. Saturn was the god of these same things. Saturn was also known as the god with a thousand names and was both male and female, so it is possible that Demeter was a personification of the ringed planet. However, this doesn’t make much of a difference. It’s still weird. Those involved in the cult of Demeter and the Eleusinian Mysteries believed they would be rewarded in the afterlife. There is not much known about them, except that the mythological rebirth of Persephone was very important to them and they celebrated the eternal life force that moved through one generation to the next. They tried their best to keep all of their rites, ceremonies, and beliefs a secret.
Ari Juels also wrote a novel, Tetrakyts. This is the description of it given on Amazon:
“International computer security expert Ari Juels brings his extraordinary talents to fiction in a literary thriller that spans the centuries. Cryptographer and classicist Ambrose Jerusalem is a UC Berkeley graduate student with a beautiful girlfriend and a comfortable future, until the National Security Agency recruits him to track a strange pattern of computer break-ins. Individually, they might not mean much a State Department official discovers a peculiar series of incriminating appointments in her computer calendar dating back to 18th century France; a corrupt president of the International Monetary Fund is startled by an oracular voice from his computer charging him with crimes against divine numerology and God but together, they provide disturbing evidence that someone has broken RSA encryption, the security lynchpin protecting the world’s computer systems. Even more bizarre, a secret cult of latter-day followers of Pythagoras, the great Greek mathematician and philosopher who believed reality could be understood only through a mystical system of numbers, appears to be behind the attacks. With his deep knowledge of both cryptography and classical antiquity, Ambrose is the government’s best chance to uncover the cult. Soon Ambrose discovers he is not only the hunter but the hunted, and the game is not simply code-breaking, but a deadly plan to alter the fate of the world.”
The way they describe the voice coming from the computer is interesting to me. They describe it as ‘oracular’. Chainlink also describes itself this way. They call themselves an ‘oracle network’. An oracle is a priest or priestess who acts as a medium for prophecy to be spoken through. The gods often sought these people out during the days of antiquity. Does Ari see himself as a prophet of the new age? Does he see himself as one of the Pythagorean cultists playing God? Or does he see himself as someone simply caught in the middle unraveling some mystery?
The name of his book is a play on the word tetractys. The tetractys, or tetrad, is:
“a triangular figure consisting of ten points arranged in four rows: one, two, three, and four points in each row, which is the geometrical representation of the fourth triangular number. As a mystical symbol, it was very important to the secret worship of Pythagoreanism. There were four seasons, and the number was also associated with planetary motions and music.”
https://en.m.wikipedia.org/wiki/Tetractys
Pythagoras, like those in the cult of Demeter, believed in reincarnation. However, he also believed between each cycle was a period of 216 years, which is the number six cubed (or 6³).
This is still a work in progress. I will write more as I gather more information. I just truly believe there is something to this whole Chainlink thing and I want to figure it out. Any new information or insight would be greatly appreciated (-:
submitted by nickhintonn333 to PastSaturnsRings [link] [comments]

How Bitcoin (BTC) Can Prepare for a Severe Geomagnetic Storm

How Bitcoin (BTC) Can Prepare for a Severe Geomagnetic Storm

https://preview.redd.it/kn9csywepzb21.png?width=690&format=png&auto=webp&s=550d1e5b0f2f1171b055016966d4a0df2a8a4833
https://cryptoiq.co/how-bitcoin-btc-can-prepare-for-a-severe-geomagnetic-storm/
Since the creation of Bitcoin (BTC) in 2009, there have been no severe geomagnetic storms. However, Bitcoin (BTC) users are highly dependent on internet and electricity, and it is inevitable that one day, a severe geomagnetic storm will disrupt Bitcoin (BTC) users across the globe.
A geomagnetic storm starts at the surface of the sun, where massive helical loops of magnetic energy extend outwards into space. These helical magnetic fields often break down in a phenomenon known as magnetic reconnection, and this projects a tremendous amount of radiation and charged particles into space. This is called a solar flare and coronal mass ejection.
When solar flares hit the Earth, they cause rapid fluctuations in Earth’s magnetic field. A fluctuating magnetic field induces electrical currents in conductors. The world’s internet is connected with cables that span the entire ocean, and these cables are highly susceptible to induced electric currents from a geomagnetic storm. Further, electrical power lines extend across great distances on land, and during a severe geomagnetic storm, the current would become so great that transformers would explode and power substations could catch fire.
In March 1989 a severe geomagnetic storm caused Quebec’s power grid to go down within seconds, and another storm in August 1989 halted trading on the Toronto Stock Exchange. However, these events do not compare to the Carrington Event of 1859, the largest geomagnetic storm in recorded human history. Telegraphs system across the world were overloaded with induced electrical current, causing pylons to spark and operators to get shocked. After electricity was cut from the grid numerous telegraph operators were still able to send messages since the geomagnetic storm was generating electricity in the lines. Aurora Borealis, an atmospheric phenomena typically only observed in polar regions, was observed as far south as Cuba and Hawaii.
If the Carrington Event were to occur today, it would shut down electrical and communication grids for days, months, even years, and ultimately, damage could be trillions of dollars. In 2012, a Carrington-sized solar flare happened, but it missed Earth.
The Bitcoin network has just over 10,000 full nodes as of this writing, mostly centered in the United States, Europe, China, and Japan. Unfortunately these nodes are far enough from the equator that they would be highly susceptible to a severe geomagnetic storm and would likely go offline.
Maintaining Bitcoin nodes in the tropics, especially right around the equator, will be crucial to the survival of the Bitcoin network during a severe geomagnetic storm. Even in the worst geomagnetic storm, the equatorial region will be shielded by Earth’s magnetic field, and nations right on the equator may experience little disruption to their electricity and internet.
At this time, there are only about 50 Bitcoin nodes in the equatorial region, mostly in Malaysia, Venezuela, and Colombia. In order for the Bitcoin network to be robust in the event of the most catastrophic geomagnetic storm, global efforts should be made to increase the number of Bitcoin nodes and mining farms along the equator.
Bitcoin users at higher latitudes, like the United States, can take steps to prepare for a geomagnetic storm. All Bitcoin and cryptocurrency should be held in personal wallets where the private key is exclusively controlled by the user, since even reputable wallet services could have their servers fried during a severe geomagnetic storm.
Also, having a personal source of renewable electricity like wind, solar, or hydroelectric could ensure that Bitcoin users keep their electricity running even when the whole grid collapses.
Bitcoin users and miners should disconnect their computers and rigs from electricity before the geomagnetic storm hits. For the most severe geomagnetic storms — ones like the Carrington Event — there is less than one day of warning. Bitcoin users can monitor the Space Weather Prediction Center (SWPC) to avoid being caught off-guard. Computers and mining rigs connected to electricity during a geomagnetic storm could get fried by the induced electrical current.
Maintaining an internet connection is the hardest thing to prepare for. Not even satellite internet is a good option, nor the Blockstream satellites which broadcast the Bitcoin blockchain from space, since satellites can easily get fried by radiation during a severe geomagnetic storm. The best thing Bitcoin users could do is make sure they control their private keys, have a personal renewable electricity source, protect their computer from the storm, and wait for electricity to come back up.
submitted by turtlecane to Bitcoin [link] [comments]

Ultimate beginners guide to sellers!

Regularly updating FAQ
Wassup, lots of posts recently of people tryna get in the rep sneaker game. So I decided to help you guys out.
Firstoff, the basics.
What is a seller?
A seller is a person/website/team that gets replica sneakers straight from the factory. There are some cases where the factory is also the seller.
What are these factories?
PK, H12, C4, SS - Some of the well known factories. These factories make replica sneakers, although it is generally agreed that the best way to buy these reps are thru sellers.
Who are these sellers?
A couple of them I can name. Right now, i can name a few trusted sellers on the top of my head. Niceyes, soleshop, namekiki are a few i can name.
The Process
Here is where people are confused, and I don't blame you, sending money to Putian China is scary, and none of us are well accustomed of doing these kind of business. So here is the process
  1. You contact the seller you want to buy from, usually through skype, wechat or whatsapp. I will include a list of contact numbers below.
  2. You then state what pair you want to the seller, the seller will usually check stock, and if there is, he/she will inform you.
  3. You Pay. This is the scary part, you're going to entrust a large amount of money to someone in China. fear not, its normal. Go with the trusted sellers, and just pay. Yes there is risk, but that's a risk we all take to get that 1:1 grails. Some sellers accept WU, Moneygram, CC, or PayPal. Again, a list will be posted below.
  4. Once the seller confirms the money has been received, in a span of 1-3 days, the seller will send you "Quality Check" pictures. These pictures are for you to approve or reject the pair. PSA, DO NOT NITPICK, there is no perfect pair, only reject if there are blatant or obvious flaws.
  5. Once you approve, the seller will proceed to ship the pair to you. Sellers usually ship through DHL or EMS. A couple of others too, but i can't list them all. Just ask. Prior to this step, you can ask for specifications to the seller, e.g. what amount to declare @ customs etc etc.
  6. You'll receive a tracking number, track the shipping process online to see where your shoe is.
  7. Wait and pray. If everything goes smoothly, your pair will be at your doorstep and that 1:1 shoe is all yours baby. Congratulations.
BUT WAIT
I have more questions!!
Here is the FAQ.
Q. What is GL and RL?
A. GL is greenlight, to approve the pair, RL is redlight, to reject it. Used in step 4.
Q. Why can't i nitpick? I'm not comfortable with this flaw
A. Son, first of all, you are buying replicas, not retails. There will be flaws, some horrible, some not so obvious. If you want to RL, it is ultimately your choice still, then by all means RL. However, the next pair you get still has a chance for it's stripe to be .07cm off. Your choice my man. What i just wanna say is that, you aren't gonna be called out. I promise u
Q. It's taking so long for the QC pics/Shipping/RL
A. Wait it out. Again, you are buying reps. Reps go through many channels to get delivered to you. Sometimes QC pics take a while due to stock availability or if the seller is waiting on the shoe to be delivered to their warehouse from the main suppliefactory. Sometimes shipments get delayed either domestically or internationally due to certain events. Domesitcally there is a chance of raids/seizures, in which sellers have to hold still to avoid getting affected. Sellers also quite often use DHL's Hong Kong hub to ship packages, so if you're using DHL usually your shoes goes to Hong Kong first before getting to you. Most sellers also use a shipping agent, so before your shoes move to the courier (DHL, EMS, ePacket, etc) they go to a shipping agent first.
Q. What if my shipment gets seized!?!?
A. Some sellers guarantee to reship, some don't. This is out of their goodwill. Technically, the risk of seizure is ours to take, so be thankful if they agree to ship another pair. (Amy/Niceyes reships)
Q What is the best version of yeezy's to buy?
A Generally, PK is a good baseline. Davids, H12 and SS are all good too.
Q How much are these shoes? I only have >$100 budget
A Top tier reps are usually $120-$160. If you can't buy em, you can try boostmaster Lin through superbuy, who usually sells med-low tier reps. That's another subject though.
Q Where can i get the best v2's???
A PK. KO, SS and Davids are also pretty good. But yeah, its hard to go wrong with PK.
Q Credit Card not working on X's site??
A Call your bank, CC company, they probably blocked the order. If not, consider alternatives, such as privacy.com or other burner cards.
Q Best colorway of Yeezy's to buy if i dont wanna get called out?
A Breds and creams are generally the easiest shoes to rep, since there are not much patterns and complex designs. Some even buy budget tier creams that go for 30-80 USD, and still are hard to callout.
Q What size should I get?
A Generally, it is god to get .5 size up in PK batches. However, PK is inconsistent in sizing, so i suggest you measure your foot, and have your seller measure the insole. Other batches, im not sure, maybe someone can help me out.
Q I have read something about free fake receipts/boost insoles, how do i get them?
A Ask your seller, sometimes insoles are free, sometimes they aint. Fake receipts are generally frowned upon here, but if you want to go for that extra flex, then just ask your seller, they usually have it for Yeezys.
Q How much should my shoes be declared?
A Depends, in the Philippines, its generally accepted to declare shoes less then $100 so customs wont have fun with it. Im not sure with other countries, consult your seller and whatever your seller advises should be good. Generally by default most sellers declare at $10-20 USD. If your country's customs is known to ask for proof of invoice/purchase, it is generally advisable to declare the value of the shoes at $30-40 USD as to have a more "believable" price, which may also actually prevent customs from asking for further documentation.
edit: MORE FAQS
Q Help, im size 13++, cant find reps my size!!
A Reps are generally not made in large sizes due to a smaller market, however some pairs are still made, generally, try to ask your seller if they can get you a pair. Michael, and Lin are a few who, according to what ive heard, supply these sizes
Q Isn't my money at the mercy of the sellers the minute i send it to them?
A That's true, technically, they can just run away with your cash and there's nothing you can do about it. However, these sellers who are trusted are honestly just running a business, and running with your cash would be feasible, yes, but that would entail less customers from the reddit market, which they wouldn't want. I've read some stories however, that the reddit market is just a fraction of their customer clientele, take that as you will
Q Is it safe to use credit cards on these sites?
A Generally, it's safe to use cards on the sites of trusted sellers. However, i must advise you that in the end, you're sending money to Chinese people in Putian, China. There will always be risks, and you have to be sure whether or not to take it. If you must use your card, use privacy.com or other substitutes for those not in the US. Virtual Cards also are recommended.
List of sellers and contact information, copy pasted from repguides wiki
http://imgur.com/a/ED7Ez
took out some defunct sellers, and most taobao agents.
Seller Website Payment methods
David http://www.sneakerahead.ru/ CC, Western Union, Moneygram
PK http://perfectkicks.me/ CC, Western Union, Moneygram
Mango http://mangosneaker.v.yupoo.com/ Moneygram, Western Union, PayPal, Taobao agent
Lin http://xienian.v.yupoo.com/ Western Union, Taobao agent that supports Yupoo
Muks http://fengxingtianxiam.v.yupoo.com/ / http://muks-store.com/ CC, Western Union, Moneygram, Bank Transfer
UrbanTees http://marthalin1.v.yupoo.com/ / http://www.urbantees.ru/shop/ CC, Bitcoin
H12 (YeezyMaker) http://www.kickwho.com/ CC, Western Union, Moneygram
Boost Master Lin http://lin10086.v.yupoo.com/ Taobao agent
Will http://www.willskicks.ru/ CC, Western Union, Moneygram
Amy http://niceyes.net / /niceyes CC, Western Union, Moneygram
Kiki http://www.namekiki.net/ /Namekiki WU, Moneygram, CC
Lily http://www.easonyes.net /EasonyesSneakers WU, Moneygram
Vicky http://www.staysucc.net https://www.reddit.com/staysucc/ WU, Moneygram, CC
Seller Website Subreddit/Contact
Weng wengkk350 /wengkksneakers
Bruce - Whatsapp +86 18909162046
Eric Soleshop.me /ericsneakers
Chan - /chanzhfsneakers
Michael - /MichaelSneakers
more resources:
general info: /repguides <-- check their wiki for the complete list of sellers and their contact information.
Peace out.
P.S. sorry if the contact info of the sellers are images, they get filtered out if i put them in the post itself. If you want clickable links, please go check the resources posted above.
shout out to ivsguy for helping me out on this FAQ a ton! real helpful guy
submitted by BrowsesATon to Repsneakers [link] [comments]

Malware analysis of Sepsis ransomware

About me and topic

Hello! I am a beginner level malware analyst/reverse-engineer, senior software developer, certified forensic investigator. The reason for the appearance of this report is the lack of such an analysis of the ransomware called Sepsis at that time on the Internet. The main purpose of my research was not only find out what malware does but also HOW it commits malicious actions.

This is my ever first post in english. English is not my native language so I hope you understand me right.

Required skills


To understand this topic you should be familiar with assembly language and malware analysis tools. In general, I explain each step in detail so don't worry if you don't have much knowledge about reverse-engineering and malware analysis.

Introduction


Malware was first discovered on May 14, 2018 by MalwareHunterTeam. I downloaded the sample from Virusshare (also you can do it here, do it at your own risk!). Sample has the following hash values:

SHA1 518d5a0a8025147b9e29821bccdaf3b42c0d01db 

SHA256 3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a 

The analysis was carried out on Virtualbox with Windows 7 Ultimate SP1 64-bit. The type of malware is a ransomware. Damage by executing can be seen on the screenshot.

https://preview.redd.it/6z9sc1gw50u21.png?width=582&format=png&auto=webp&s=a2b722e337df35ce29dc0db0a87bdabddb6be0d0

All files are encrypted and [[[email protected]](mailto:[email protected])].SEPSIS have been added to their names. Windows VM crashed.

Static analysis

First of all, open the file in PPEE with FileInfo plugin.

https://preview.redd.it/4h7obuhf10u21.png?width=669&format=png&auto=webp&s=1c91195e16a969de90c04074036601198939468f

As we see, 51 out of 68 antiviruses define a file as malicious. Let's move on to suspicious strings.

https://preview.redd.it/kdmcixs020u21.png?width=782&format=png&auto=webp&s=03697874e44b59994bfe472758d60c84531afc5a

Look at the line -KEY- ... - END PUBLIC KEY- this is the public key that most likely encrypts data.

The line looks like an argument to cmd.exe:
admin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
admin.exe delete shadows /all /quiet - deletes all backups of the system to prevent the recovery of damaged files.
bcdedit.exe /set {default} recoveryenabled no - disables recovery mode.
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures - disables the appearance of the Windows Error Recovery screen.

Open the URL strings.

https://preview.redd.it/luqmi31520u21.png?width=962&format=png&auto=webp&s=2d9683a93390c5bea6ee34efe1921c2157d5c7e4

By line
http://www.coindesk.com/information/how-can-i-buy-bitcoins/'>http://www.coindesk.com/information/how-can-i-buy-bitcoins/
it can be understood that the user will be asked to bitcoins and give a link to how to do it. Open the Registry strings.

https://preview.redd.it/x9e250da20u21.png?width=592&format=png&auto=webp&s=35e20c9d23d5e1e9d28f79b872f36b27c8027675

Pay attention to Software\Classes\mscfile\shell\open\command. The registry branch Software\Classes contains information about which programs are responsible for handling certain file types. That is, the malware most likely adds some commands that will be executed every time you open the .msc file. It is possible that malware affects the operation of the Winlogon process, which is responsible for logging in/out of the system.

PE headers are normal.

No more interesting PPEE shows. You should not hope to receive complete information using PPEE or other utilities, but for obtaining initial information and information about what a file is, this may be enough. Strings can be added specifically to confuse or recover dynamically or to be encrypted. Strings in the file can also be viewed using the famous strings program, but its more powerful counterpart is FLOSS from FireEye. It can show even obfuscated strings in a binary.

We launch it with a command with writing to a file since it has a very large output.
floss sepsis.bin > c:\floss_output.txt 

Open and browse the resulting file. We can see html file with such content.
 
Welcome to Sepsis Ransomware!
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
Write this ID in the title of your message 16E734E0
In case of no answer in 24 hours write us to theese e-mails:[email protected]
The price depends on how fast you write to us. You have to pay for decryption in Bitcoins. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
    Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
Attention!
  • Do not rename encrypted files.
  • Do not try to decrypt your data using third party software, it may cause permanent data loss.
  • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

It looks like a message that will be shown to the victim after encrypting the files. We also see the line SeDebugPrivilege, which means that malware may connects to other processes. The line eventvwr.exe, in resulting output - signals a possible attempt to raise privileges. We also see names similar to the list of folders:

Windows MSOCache Perflogs DVD Maker Internet Explorer Reference Assemblies Windows Defender Windows Mail Windows Media Player Windows NT Windows Sidebar Startup Temp Program Files Program Files (x86) 

They probably used as a blacklist when encrypting. Open the file in PEiD to find out if packers have been used.

https://preview.redd.it/l9lavow530u21.png?width=422&format=png&auto=webp&s=e83957b8d6cadb6461d57c6fd3dc1ff5ec60370a

DIE shows us that the program is written in C/C++, this will allow us to decompile it well with HexRays in IDA.

https://preview.redd.it/ngwwnr0930u21.png?width=596&format=png&auto=webp&s=36fcfe974f800ade5d6d2b3c2ab46220f83ee85b

You can guess what malware does without starting it by examining the imported libraries and their functions. This may not always help, as the file can be packed, but in our case we are lucky.

https://preview.redd.it/pmby3j0b30u21.png?width=741&format=png&auto=webp&s=746fa51c50093e0b72e6fb0c6496e85e327d3700

crypt32.dll for encryption, advapi32.dll working with the registry.

Dynamic analysis

The logic of the work of Sepsis in pseudocode

1 if (elevated) 2 copy_to(C:\Windows\svchost.exe) 3 add_to_autorun() 4 exec(C:\Windows\svchost.exe) 5 sleep() 6 else 7 copy_to(%TEMP%\svchost.exe) 8 add_to_autorun() 9 if (!elevated) 10 run_as_elevated() 11 sleep() 12 if (run_first) 13 run_first = FALSE 14 else 15 exit() 16 encrypt_all_data() 17 if (elevated) 18 wipe_backups() 19 set_process_critical() 20 rename_all_files() 21 show_user_manual() 22 exit() 

As we can see, the malware checks whether it is launched with elevated privileges - lines 1, 9, 17. Checking with TokenInformation, after calling GetTokenInformation, with the TokenElevation parameter.

https://preview.redd.it/lhy7tbwv30u21.png?width=602&format=png&auto=webp&s=ec40bef338534b27baf2859ef9e0ea0ede15056f

The first launch on the victim's computer is assumed without elevated privileges so the malware copies itself to a temporary folder (line 7), under the name svchost.exe

https://preview.redd.it/1zclhzry30u21.png?width=493&format=png&auto=webp&s=d7ade4d559ff56847aef85336baab6b09679a579

https://preview.redd.it/vardmezz30u21.png?width=977&format=png&auto=webp&s=52428ed15fc23b13b218f7920c1486283f8432f9

and adds itself to autorun (line 8) by adding %TEMP%\svchost.exe to the HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell.

https://preview.redd.it/qrlydo8240u21.png?width=981&format=png&auto=webp&s=3882cac1c5cf705230a1a8182420f27ec55f8e04

Winlogon is the process responsible for the session of the OS user (provide logging in and logging out of the system). When booting the OS, Winlogon starts what is written in the Shell key, that's why the malware is launched.

In line 9, again there is a check for the presence of elevated rights and if it's not true, then the malware makes privilege escalation (line 10). How does malware do it? This is done by adding itself to the registry branch HKCU\\Software\\Classes\\mscfile\\shell\\open\\command. All that is written to this registry branch will be launched when opening files of type .msc. Next, malware runs eventvwr.exe - a Windows system utility that runs the Microsoft Management Console (mmc.exe), which immediately loads the .msc file. The magic is that eventvwr.exe is compiled with autoElevated = True in the manifest, which allows it to run with elevated rights bypassing UAC and not showing the user a window requiring consent to run. Thus, Sepsis launches itself SECOND time.

In line 11, the malware falls asleep and the second instance comes into play. The first instance, after hibernation and checking in line 12, stops in line 15. The check for restart occurs by creating a mutex with the unique name HJG>
https://preview.redd.it/uql9fbv640u21.png?width=1064&format=png&auto=webp&s=c5a30221d139ed729cf4b846c7ab0612eac7e628

Now, we will analyze the work of malware after restart. As we see, the first launch was necessary to add to autorun and launch itself with elevated rights. After running in elevated rights, the malware brazenly copies itself to C:\Windows\svchost.exe, without generating any pop-up windows.

https://preview.redd.it/d59mb45a40u21.png?width=654&format=png&auto=webp&s=0930a95148b8f42b025cab9f8cab2edf2c191c1e

As we can see, after running CopyFile, the file C:\Windows\svchost.exe has the same hash as the original file.

https://preview.redd.it/im4v94tc40u21.png?width=677&format=png&auto=webp&s=002a7d6596beb4430be7b519e886da10d97b1032

Line 16 encrypts all files, except files in folders:
Windows MSOCache Perflogs DVD Maker Internet Explorer Reference Assemblies Windows Defender Windows Mail Windows Media Player Windows NT Windows Sidebar Startup Temp Program Files Program Files (x86) 
The public keys (that we saw in previous static analysis) was imported

https://preview.redd.it/wfhjxyqj40u21.png?width=493&format=png&auto=webp&s=aada6cc887448383ac50708a95efe5e6c936b6c6

Files are encrypted using the CryptEncrypt function.

https://preview.redd.it/d3hj9adp40u21.png?width=400&format=png&auto=webp&s=143d11973c33493c4322152f6406af95ec250842

Line 18 deletes all existing backups, using the command we saw earlier - /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures. This is done so that the user cannot recover the encrypted files.

Line 19, by calling the RtlSetProcessIsCritical undocumented function, the main process of Sepsis become system process. When the malware completes its work it completes its process and since it is system process OS crashes and reboots.

Line 20, for each existing disk in the system, an additional thread is created that renames all files in each folder with the exception of the list above.

Line 21, a file with html content (that we saw earlier) is created and displayed to the user.

System Restore

Delete infected files %TEMP%\svchost.exe, C:\Windows\svchost.exe
A unique pattern of malware sample is the name of the mutex - HJG>

Conclusion

I hope that you enjoy this report and I wait for feedback. If you want me to make similiar report please let me know!
submitted by Thatskriptkid to MalwareAnalysis [link] [comments]

MeWe: A trip report

Among the more frequently mentioned G+ alternatives at the Google+ Mass Migration community, and others, is MeWe with over 250 mentions. The site bills itself as "The Next-Gen Social Network" and the "anti-Facebook": "No Ads, No Political Bias, No Spyware. NO BS. It is headed by professed Libertarian CEO Mark Weinstein.
As the site reveals no public user-generated content to non-members, it's necessary to create an account in order to get a full impression. I thought I'd provide an overview based on recent explorations.
This report leads of with background on the company, though readers may find the report and analysis of specific groups on the site of interest.

Leadership

Founder & CEO Mark Weinstein.
Co-Founder & Chief Scientist, Jonathan Wolfe (no longer with company).
Weinstein previously founded SuperFamily and SuperFriends, "at the turn of the millennium". Weinstein's MeWe biography lists articles published by The Mirror (UK), Huffington Post, USA Today, InfoSecurity Magazine, Dark Reading, and the Nation. His media appearances include MarketWatch, PBS, Fox News, and CNN. He's also the author of several personal-success books.
His Crunchbase bio is a repeat of the MeWe content.

Advisory Board

Ownership & Investment

MeWe is the dba of Sgrouples, a private for-profit early-stage venture company based in Los Angeles, though with a Mountain View HQ and mailing address, 11-50 employees, with $10m in funding over five rounds, and a $20m valuation as of 2016.
Sgrouples, Inc., dba MeWe Trust & Safety - Legal Policy c/o Fenwick West 801 California Street Mountain View, CA 94041
Crunchbase Profile.
Founded: 2012 (source)
Secured $1.2M in seed funding in 2014.
2016 valuation: $20m (source]
Backers:
Despite the business address, the company claims to be based in Los Angeles County, California and is described by the Los Angeles Business Journal as a Culver City, CA, company.

Business

Policy

In an August 6, 2018 Twitter post, Weinstein promotes MeWe writing:
Do you have friends still on Facebook? Share this link with them about Facebook wanting their banking information - tell them to move to MeWe now! No Ads. No Spyware. No Political Agenda. No Bias Algorithms. No Shadow Banning. No Facial Recognition.
MeWe provide several policy-related links on the site:
Highlights of these follow.

Privacy

The privacy policy addresses:

Terms of Service

The ToS addresses:
Effective: November 6, 2018.

FAQ

The FAQ addresses:

Values

This emphasises that people are social cratures and private people by right. The service offers the power of self expression under an umbrella of safety. It notes that our innermost thoughts require privacy.
Under "We aspire...":
MeWe is here to empower and enrich your world. We challenge the status quo by making privacy, respect, and safety the foundations of an innovatively designed, easy-to-use social experience.
Totalling 182 words.

Privacy Bill of Rights

A ten-item statement of principles (possibly inspired by another document, it might appear):
  1. You own your personal information & content. It is explicitly not ours.
  2. You will never receive a targeted advertisement or 3rd party content based on what you do or say online. We think that's creepy.
  3. You see every post in timeline order from your friends, family & groups. We do not manipulate, filter, or change the order of your content or what you see.
  4. Permissions & privacy are your rights. You control them.
  5. You control who can access your content.
  6. You control what, if anything, others can see in member searches.
  7. Your privacy means we do not share your personal information with anyone.
  8. Your emojis are for you and your friends. We do not monitor or mine your data.
  9. Your face is your business. We do not use facial recognition technology.
  10. You have the right to delete your account and take your content with you at any time.

Press

There are a few mentions of MeWe in the press, some listed on the company's website, others via web search.

Self-reported articles

The following articles are linked directly from MeWe's Press page:
The page also lists a "Privacy Revolution Required Reading" list of 20 articles all addressing Facebook privacy gaffes in the mainstream press (Wired, TechCrunch, Fortune, Gizmodo, The Guardian, etc.).
There are further self-reported mentions in several of the company's PR releases over the years.

Other mentions

A DuckDuckGo search produces several other press mentions, including:

Technology

This section is a basic rundown of the user-visible site technology.

Mobile Web

The site is not natively accessible from a mobile Web browser as it is overlayed with a promotion for the mobile application instead. Selecting "Desktop View" in most mobile browsers should allow browser-based access.

Mobile App

There are both Android and iOS apps for MeWe. I've used neither of these, though the App store entries note:
Crunchbase cites 209,220 mobile downloads over the past 30 days (via Apptopia), an 80.78% monthly growth rate, from Google Play.

Desktop Web

Either selecting "View Desktop" or navigating with a Desktop browser to https://www.mewe.com your are presented with a registration screen, with the "About", "Privacy Bill of Rights", "MeWe Challenge", and a language selector across the top of the page. Information requested are first and last name, phone or email, and a password. Pseudonymous identities are permitted, though this isn't noted on the login screen. Returning members can use the "Member Log In" button.
The uMatrix Firefox extension reveals no third-party content: all page elements are served from mewe.com, img.mewe.com, cdn.mewe.com, or ws.mewe.com. (In subsequent browsing, you may find third-party plugins from, for example, YouTube, for videos, or Giphy, for animated GIFs.)
The web front-end is nginx. The site uses SSL v3, issued by DigiCert Inc. to Sgrouples, Inc.

Onboarding

The onboarding experience is stark. There is no default content presented. A set of unidentified icons spans the top of the screen, these turn out to be Home, Chats, Groups, Pages, and Events. New users have to, somehow, find groups or people to connect with, and there's little guidance as to how to do this.

Interface

Generally there is a three panel view, with left- and right-hand sidebars of largely navigational or status information, and a central panel with main content. There are also pop-up elements for chats, an omnipresent feature of the site.
Controls display labels on some devices and/or resolutions. Controls do not provide tooltips for navigational aid.

Features

Among the touted features of MeWe are:

Community

A key aspect of any social network is its community. Some of the available or ascertained information on this follows.

Size

Weinstein claims a "million+ following inside MeWe.com" on Twitter.
The largest visible groups appear to have a maximum of around 15,000 members , for "Awesome gifs". "Clean Comedy" rates 13,350, and the largest open political groups, 11,000+ members.
This compares to Google+ which has a staggering, though Android-registrations-inflated 3.3 billion profiles, and 7.9 million communities, though the largest of these come in at under 10 million members. It's likely that MeWe's membership is on the whole more more active than Google+'s, where generally-visible posting activity was limited to just over 9% of all profiles, and the active user base was well under 1% of the total nominal population.

Active Users

MeWe do not publish active users (e.g., MUA / monthly active users) statistics.

Groups

MeWe is principally a group-oriented discussion site -- interactions take place either between individuals or within group contexts. Virtually all discovery is group-oriented. The selection and dynamics of groups on the site will likely strongly affect user experience, so exploring the available groups and their characteristics is of interest.
"MeWe has over 60,000 open groups" according to its FAQ.
The Open groups -- visible to any registered MeWe user, though not to the general public Web -- are browsable, though sections and topics must be expanded to view the contents: an overview isn't immediately accessible. We provide a taste here.
A selection of ten featured topics spans the top of the browser. As I view these, they are:
Specific groups may appear in multiple categories.
The top Groups within these topics have, variously, 15,482, 7,738, 15,482 (dupe), 7,745, 8,223, 8,220, 1,713, 9,527, 2,716, and 1,516 members. Listings scroll at length -- the Music topic has 234 Groups, ranging in size from 5 to 5,738 members, with a median of 59, mean of 311.4, and a 90%ile of 743.5.
Below this is a grid of topics, 122 in all, ranging from Activism to Wellness, and including among them. A selected sample of these topics, with top groups listed members in (parens), follows:
To be clear: whilst I've not included every topic, I've sampled a majority of them above, and listed not an arbitrary selection, but the top few Groups under each topic.

Google+ Groups

The Google Plus expats group seems the most active of these by far.

Political Groups

It's curious that MeWe make a specific point in their FAQ that:
At MeWe we have absolutely no political agenda and we have a very straightforward Terms of Service. MeWe is for all law-abiding people everywhere in the world, regardless of political, ethnic, religious, sexual, and other preferences.
There are 403 political groups on MeWe. I won't list them all here, but the first 100 or so give a pretty clear idea of flavour. Again, membership is in (parentheses). Note that half the total political Groups memberships are in the first 21 groups listed here, the first 6 are 25% of the total.
  1. Donald J. Trump 2016 - Present (11486)
  2. The Conservative's Hangout (8345)
  3. Qanon Follow The White Rabbit (5600)
  4. Drain The Swamp (4978)
  5. Libertarians (4528)
  6. United We Stand Trump2020 (4216)
  7. The Right To Self Defense (3757)
  8. Alternative Media (3711)
  9. Hardcore Conservative Patriots for Trump (3192)
  10. Bastket Of Deplorables4Trump! (3032)
  11. Return of the Republic (2509)
  12. Infowars Chat Room Unofficial (2159)
  13. Donald Trump Our President 2017-2025 (2033)
  14. Berners for Progress (1963)
  15. Sean Hannity Fans (1901)
  16. The American Conservative (1839)
  17. I Am The NRA (1704)
  18. Tucker Carlson Fox News (1645)
  19. We Love Donald Trump (1611)
  20. MAGA - Make America Great Again (1512)
  21. Q (1396)
  22. ClashDaily.com (1384)
  23. news from the front (1337)
  24. Basket of Deplorables (1317)
  25. Payton's Park Bench (1283)
  26. Convention of States (1282)
  27. Britons For Brexit (1186)
  28. MoJo 5.0 Radio (1180)
  29. MeWe Free Press (1119)
  30. The Constitutionally Elite (1110)
  31. Libertarian (1097)
  32. WOMEN FOR PRESIDENT TRUMP (1032)
  33. AMERICANS AGAINST ISIS and OTHER ENEMIES (943)
  34. #WalkAway Campaign (894)
  35. ALEX JONES (877)
  36. The Lion Is Awake ! (854)
  37. We Support Donald Trump! (810)
  38. The Stratosphere Lounge (789)
  39. TRUMP-USA-HANDS OFF OUR PRESIDENT (767)
  40. Official Tea Party USA (749)
  41. Mojo50 Jackholes (739)
  42. Yes Scotland (697)
  43. "WE THE DEPLORABLE" - MOVE ON SNOWFLAKE! (688)
  44. Judge Jeanine Pirro Fans (671)
  45. Anarcho-Capitalism (658)
  46. Ted Cruz for President (650)
  47. No Lapdog Media (647)
  48. Q Chatter (647)
  49. Daily Brexit (636)
  50. Tucker Carlson Fox News (601)
  51. The Trumps Storm Group (600)
  52. QAnon-Patriots WWG1WGA (598)
  53. 100% American (569)
  54. Ladies For Donald Trump (566)
  55. Deep State (560)
  56. In the Name of Liberty (557)
  57. Material Planet (555)
  58. WikiUnderground (555)
  59. Trump NRA Free Speech Patriots on MeWe Gab.ai etc (546)
  60. Magna Carta Group (520)
  61. Constitutional Conservatives (506)
  62. Question Everything (503)
  63. Conspiracy Research (500)
  64. Bill O'Reilly Fans (481)
  65. Conservative Misfit's (479)
  66. Canadian politics (478)
  67. Anarchism (464)
  68. HARDCORE DEPLORABLES (454)
  69. Deplorable (450)
  70. Tampa Bay Trump Club (445)
  71. UK Politics (430)
  72. Bongino Fan Page (429)
  73. Radical Conservatives (429)
  74. RESIST THE RESISTANCE (419)
  75. The Deplorables (409)
  76. America's Freedom Fighters (401)
  77. Politically Incorrect & Proud (399)
  78. CONSERVATIVES FOR AMERICA ! (385)
  79. Political satire (383)
  80. RISE OF THE RIGHT (371)
  81. UK Sovereignty,Independence,Democracy -Everlasting (366)
  82. The Patriots Voting Coalition (359)
  83. End The Insanity (349)
  84. Coming American Civil War! (345)
  85. Constitutional Conservatives (343)
  86. United Nations Watch (342)
  87. A Revival Of The Critical Thinking Union (337)
  88. The New Libertarian (335)
  89. Libertarian Party (official ) (333)
  90. DDS United (Duterte Die-hard Supporters) (332)
  91. American Conservative Veterans (331)
  92. Anarchism/Agorism/Voluntaryism (328)
  93. America Needs Donald Trump (326)
  94. The UKIP Debating Society (321)
  95. Coalition For Trump (310)
  96. Egalitarianism (306)
  97. FRIENDS THAT LIKE JILL STEIN AND THE GREEN PARTY (292)
  98. 2nd Amendment (287)
  99. Never Forget #SethRich (286)
  100. Green Party Supporters 2020 (283)
It seems there is relatively little representation from the left wing, or even the centre, of the political spectrum. A case-insensitive match for "liberal" turns up:
Mainstream political parties are little represented, though again, the balance seems skewed searching on "(democrat|republic|gop)":
The terms "left" and "right" provide a few matches, not all strictly political-axis aligned:
Socialism and Communism also warrant a few mentions:
And there are some references to green, laboulabor parties:

Conclusion

Whilst there may not be a political agenda, there does appear to be at least a slight political bias to the site. And a distinctive skew on many other topical subjects.
Those seeking new homes online may wish to take this into account.

Updates

submitted by dredmorbius to plexodus [link] [comments]

Meine Bitcoin-Prognose für 2019 C-SPAN Is Boring And Here's Why C-SPAN 40th Anniversary - YouTube C-SPAN Live Stream - YouTube C-Span Digital Currency Bitcoin Congress Live 18/11/13

Bitcoin uses: SHA256(SHA256(Block_Header)) but you have to be careful about byte-order. For example, this python code will calculate the hash of the block with the smallest hash as of June 2011, Block 125552. The header is built from the six fields described above, concatenated together as little-endian values in hex notation: >>> import hashlib >>> header_hex = ("01000000 ... Bitcoin disadvantages: Severe price volatility: The value of a bitcoin is determined by supply and demand, and as a result, can fluctuate rapidly. The value was as high as $1,100 in December 2013, then hit a low of $177 in January 2015. This extreme fluctuation is more characteristic of a commodity than a currency. Not legal tender: Debtors are not required to accept it, and without any formal ... A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above. To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location. Bitkom ist der Digitalverband Deutschlands. 1999 gegründet, vertreten wir heute mehr als 2.700 Unternehmen der digitalen Wirtschaft, unter ihnen gut 1.000 Mittelständler, über 500 Startups und nahezu alle Global Player. Grøstl is a cryptographic hash function submitted to the NIST hash function competition by Praveen Gauravaram, Lars Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen.Grøstl was chosen as one of the five finalists of the competition. It uses the same S-box as AES in a custom construction. The authors claim speeds of up to 21.4 cycles ...

[index] [15680] [34973] [49862] [20866] [42465] [11446] [43748] [32953] [48969] [25986]

Meine Bitcoin-Prognose für 2019

Was für ein Wahnsinn: Kryptowährungen bringen Renditen, von den sich vor ein paar Jahren träumen ließ. Kann die Bitcoin-Rally immer weiter gehen? Fondsmanage... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. Watch Bitcoin Mentioned on Stephen Colbert's LATE NIGHT, CNBC, and C-SPAN. Like. Comment. Subscribe. Follow us on Twitter (WATCH FULL STEPHEN CLIP): https://... C-SPAN programs three public affairs television networks covering Capitol Hill, the White House and national politics. C-SPAN is a private, non-profit public... C-Span Digital Currency Bitcoin Congress Live 18/11/13 We accept no rights to this recording. This is for public knowledge solely.

#