Critical vulnerability in v0.6.2

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
Feb 14 00:22 [raw]

Ok guys, you heard it, please upgrade (or downgrade) ASAP. Don't contact me using the old addresses, this one is the new "support" address from 0.6.3.2. Peter Surda Bitmessage core developer

[chan] general <<Ext>>
Feb 14 10:48 [raw]

Viktor Vlad is an incredible black-hat hacker who specializes in website hacks more especially recovery of LOST funds to binary options or cryptocurrencies investments and also fixing your bad credit score. If you ever feel the need to use a service like this, it’s totally safe to contact him via Mail v.vhackservice@gmail.com. Thank you for your time.

[chan] general
Feb 14 12:37 [raw]

>it’s totally safe to contact him via gmail.com. It's never safe to send emails to or from gmail addresses. All gmail is automatically forwarded to the inbox at the NSA and GCHQ.

[chan] bitmessage
Feb 17 14:50 [raw]

Folks, I had a look at some pyBM exploit samples from the wild and I have bad news: the most common Windows exploit bootstraps the Powershell Empire agent. As a complex and highly modular weapon system, it's difficult to describe Empire in just a few words, but if I were to give it a try, it would be along the lines of "nuclear pwnage". See the website documentation and source code for details: http://www.powershellempire.com/ What this means for you: If you're not a Windows user, you can safely ignore this message. If you ran PyBM 0.6.2 on Windows anytime in the last 15 months, it's prudent to consider your data fully compromised, including files, keys, network, webcam, keylogs etc. If you had other devices backed up to your computer (iPhone etc), consider them compromised as well, and it's also possible that your machine was used as a launchpad to further attack other vulnerable machines on your network. What you need to do: The usual Windows compromise routine: unplug the machine from the Internet, reinstall on a brand new hard disk and restore your original files from backups. Transfer your coins to a new wallet, revoke/reissue your PGP/OTR/BM keys, change ALL your passwords, call your bank to put your accounts on ID theft watch. Notify your tribe to challenge anyone pretending to be you. However, if at any time during this period, you used your Windows machine for any activities prohibited by your local warlords, it's highly possible that evidence of your activities is now out there, linked to the rest of the data from your machine. You are in danger and should consider executing your contingency plan right now. I'm sorry to be the bearer of bad news, but somebody has to do it or people may get hurt. Stay safe out there.

[chan3] general
Feb 17 14:58 [raw]

Please show us pyBM exploit samples.

[chan3] general
Feb 17 14:58 [raw]

Accidentally, in my Windows system I have CMD.EXE and PowerShell.exe replaced with simple programs of the same name showing "Alert: Malicious CMD execution" and "Alert: Malicious PowerShell execution" respectively. Few days ago I saw message "Malicious CMD execution" followed by "Malicious PowerShell execution". But no actual CMD/PowerShell were ever executed.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Why We should not Troll or Insult Others May 22 22:12 23
spectre May 22 19:01 5
C7B3BFC3DCAB8022488D1E6431E17B09 May 22 18:36 1
EC01895F1B97B6082F96EE99ADDC843C May 22 18:36 1
Coded messages May 22 13:06 7
UK Column News - 21st May 2018 May 22 09:19 2
Forever-proof Encryption? Unlimited Compression? May 22 07:31 2
Introducing DreamLab May 22 07:00 7
Linux ebooks (unsorted) May 22 06:27 10
Join [chan] alt.anonymous.messages ! May 22 06:02 23
VMPC and VMPC-R source code May 21 19:36 1
324C5D3C4C991E69B7E643A5ADBEFEAF May 21 14:58 1
Share May 21 11:35 1
Little White Panties May 21 10:13 1
break this too May 21 10:04 2
break this May 21 10:03 2
NSA doesn't joke, folks May 21 09:49 37
NSA - the big, mean bogie man May 21 09:24 4
quam me impii nudus conportabis May 21 09:14 2
disperdam similis invitat incenso in abscondito sociis May 21 09:12 2
yyy May 21 09:00 1
CFD823A85B2F83276EBD0A0E35466B27 May 20 19:06 1
68ED4104F3436B0060E3E85CD2622892 May 20 16:13 1
Vol. 53 No.5, November 1954 Research Paper 2547 May 20 08:47 1
How to create a "send only" bitmessage address May 20 06:34 1
62F9B07E32321937744CA454CA0A7881 May 20 00:45 1
C1D0B36D1E8F4FDAC64408A76150CC50 May 19 21:52 1
/join #bitmessage on eris.us.ircnet.net :6667 May 19 21:45 1
B35B71FB7BA16303E33B9A63B27F22C7 May 19 17:16 1
💚 Better Than Abortion on Demand: Grilled Fetus on De Man 💚 May 19 16:58 2
qqqq May 19 12:12 4
OTR interception May 19 11:56 29
(no subject) May 19 07:36 6
antivirus could be the ultimate cyberespionage spying tool May 19 07:28 2
NATO-Russia: Setting the Record Straight May 19 07:21 3
Dan Carlin's Hardcore History Podcast May 19 02:45 2
https://www.blackhat.com/docs/us-16/materials/us-16-Ermishkin-Viral-Video-Exploiting-Ssrf-In-Video-Converters.pdf May 19 01:06 4
Grand Master May 19 00:06 1
06d7e73f9e8d66df93cce053475d70da0201b0d3f3cee088cdf879bf May 18 21:36 1
FA8D62DC6E3669C4E6EC8FFA487CDC2C May 18 20:53 1
A Brief Introduction to Holocaust Revisionism May 18 20:13 4
DARKNET DIRECTORY ASSISTANCE May 18 20:04 5
anytime May 18 19:43 3
D9114DA87E23C13616FCCA05ECB24F33 May 18 19:28 1
3EBD07196301F6C66F24DC57B6217B2C May 18 14:09 1
UK Column News - 17th May 2018 May 18 11:33 5
May 18 10:18 2
200 years Karl Marx May 18 10:18 15
2018 : Der junge Karl Marx -- youtube.com/watch?v=AbM76KUm4IM -- 2 hours "Le Jeune Karl Marx" May 18 10:18 2
EFAIL?! OTR safe ? May 17 14:30 4
EFAIL?! May 17 13:54 6
bitmessage tor hidden service May 17 11:10 3
Re: NSA doesn't joke, folks May 17 10:24 7
Poland finds other body parts in coffin of president killed in 2010 crash May 17 08:20 4
New Evidence Shows Russia Played a Role in Plane Crash That Killed Poland’s Top Brass May 17 08:12 2
36B3BE21C26DB681F5449ECB764715FD May 17 07:31 1
May 17 07:00 1
Good evening, fellow Pascalians, looking for help. May 16 21:12 4
[chan] gaslighter <BM-2cWGB2RsRNwLVm8CRoskUKdMgiD1eEy4o8> May 16 20:58 1
Curious May 16 19:33 2
D7DE8B416982CE92936A439AC3A6CAE1 May 16 19:28 7
unspecified vulnerability in GPG May 16 13:36 1
To NSA fuckers running quzwelsuziwqgpt2.onion:8444 May 16 08:16 3
Python ebooks (just copy pasting from elsewhere) May 16 08:00 1
UK Column News - 15th May 2018 May 16 07:50 2
unspecified vulnerability in GPG May 16 00:29 7
This shit world May 16 00:17 15
nothing wrong with suicide these days May 16 00:17 14
Pascal on the rise May 15 18:23 4
Help solve this problem May 15 18:16 7
The ruler May 15 18:02 2
Star Wars May 15 17:46 4
The FORCE behind ALL ad spam May 15 16:46 2
I'm sorry May 15 11:37 9
Fortnite May 15 11:31 3
An Official Statement on New Claimed Vulnerabilities May 15 11:31 1
ascii goatse May 15 09:33 1
I finally found time to take a closer look at the encryption algorithm May 15 08:40 3
Latest chans? May 14 23:26 4
CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer May 14 23:26 2
A small number of exits gives you a better anonymity set May 14 23:26 2
How to Make TNT May 14 23:26 8
7B18C5AC8AB8D962FA291C94CCB0050A May 14 18:48 1
Tor Browser is not fully compatible with Windows 10 May 14 16:38 1
SPOUSE PHONE May 14 14:58 2
N.S.A. May Have Hit Internet Companies May 14 14:13 1
In need of muliplatform commandline file encryption tool May 14 11:10 64
Answer this question. May 14 10:51 6
Good jokes May 14 10:22 7
Truth about Islam May 14 08:28 1
hmm.. May 14 08:04 5
B226F79602253B5037FD5874C46D156C May 14 07:36 1
COOL May 14 06:55 5
phagg maison May 14 06:55 2
UK Column News - 9th May 2018 May 14 05:40 3
AEDC0EA4906518F90FACCB1697108202 May 13 16:56 1
C9C0239619655A566540017148A4DCB1 May 13 12:17 1
VDCM May 13 07:32 1
Mr. Know-it-all Smarty Pants May 13 07:26 2
4 May 13 06:36 1