The SurfBar.
-
Since I read this article I became also a bit paranoic. I do not use anymore any SMS 2FA, because it makes it easy for hackers to port your phone number via social engineering and then kick you out of your own email account :/ I also don't use mobile wallets, at least not for any considerable funds. There are people having several thousands in mobile wallets and it's just matter of time till those funds are gone...
Never give up security for financial incentives! In the near future hardware wallets are the only way to go...
-
Just one small comment here: @Zeus and @crowetic, I definitely get what you're both saying about the surfbar being "bad," as it introduced potential vulnerability to community members.
But I'd also like to add that things like this are what kept me motivated to progress my involvement with the chain early on. It seemed like it was sent by the gods (Zeus?) early in my journey here. The surfbar basically gave anyone with a data connection the ability to earn. The small but regular payments made it seem possible to actually be part of the Burst economy in a meaningful way, without much extra effort.
I only comment on this now because I would hate to see such ideas completely abandoned, it helps people stack some coin, at least in the beginning. And a decent amount too. An amount that would cost them a lot more money if they wanted to purchase HDDs and such. But anyway...
Hated by some, loved by many... R.I.P. Surfbar 2-9-2017
-
@ChaChing Let's plot a rehack attack... I could try to get there IP
-
@vExact yup... this SMS 2FA stuff is a big issue. What are your opinions on 2FAs such as Google Authenticator? - Mine is that this can be dangerous too if the person using it doesn't understand how to use the app, secure backup codes, etc.
-
@k.coins I think google authenticator is quite different and safer, as it doesn't have to do with your phone number (as far as I know) but rather with your google account. It also works if you are not connected to the internet, and as you know it changes every 30 seconds. Problem is if you have a piece of malware on your phone that has access to the camera and makes silents screanshots for the attacker, etc.
But again the most secure options are the ones you have a hardware device using an U2FA like this one
https://www.yubico.com/products/yubikey-hardware/yubikey4/
-
@vExact Then they will also need passphrase and 2fa and if they have malware on pc and phone rip more than just burst balance
-
Guys check out this talk of John McAfee about cybersecurity. The man is completely right. Now you know, don't ever watch porn from your mobile phones! XD
-
@vExact Ha! I just watched that the other day. I found it after watching this video -
which is pretty funny btw.When I saw him speaking on stage though, I started to think he was full of sh*t because his ramblings lacked substance. I mean, he's talking about click bait...
On another note, I've now searched the AppData folder of 4 computers I had running the surfbar and none of them had this logger. Hopefully I didn't catch the infection but is there somewhere else I should be looking?
-
@k.coins yeah, this interview I saw as well, I didn't like too much because of those annoying interviewers :/ But his prediction on BTC cap moving to altcoins is what I found very interesting.
Regarding your question I am not sure, as I never used that surfbar. However you may run one of the softwares that @Focus suggested on the other thread, like this one and check:
https://www.malwarebytes.com/antirootkit/
-
-
@socalguy If you guys really want the surfbar, I'll put it back there, but with a massive "use at you own risk" disclaimer. Lex earned thousands of Burst via the surfbar, but lost millions by being hacked. We'll provide it - but we're not responsible
-for-loss
-
%appdata%/dclogs
-
@haitch No, let's keep it removed for now. Too much risk.
-
@haitch I just checked my roaming folder, that file wasn't there thank God..WOW I could have lost everything because of those hackers.. I am so sorry for all those that lost because of it.. No please don't bring it back, many noobs will lose because of it..for 50 burst a week they better off clicking a few btc faucets.
-
@qibucks shady btc faucets could try the same with you. :/
-
@daWallet oh dear really? that sux
-
@haitch Just out of curiosity, how was it figured that it came from the surfbar?
-
Seems like a guess to me... Lex had been running it but if you look at the post where they were discussing the investigation... I still think the account that had no activity since 2014 (no surfbar back then) sticks out like a sore thumb.
-
@crutsy @lexicon @focus and others found that at some stage the surfbar ads installed a keylogger / web activity monitor. It was grabing keystrokes and copy/pastes from clipboard.
-
Keylogging started at 5th December. Lexicon's first payout from the surfbar was the 4th December. Also another user had malware probably from the surfbar sites some days earlier, too.
@lexicon can elaborate further.




