So is there actually no one on these forums that can and is willing to explain in great detail how to go about one of these attacks?
Even if his intentions were not sincere, security through obscurity is a terrible terrible practice. Despicable.
without having access to the source for mybitcoin it's impossible to know what mistakes they made. They've admitted only that they were not waiting for the required number of confirmations before crediting account balance. There are also rumours that they were not even waiting for the transactions to appear in a block at all and merely marking them confirmed when they saw a new block, but I can't honestly believe anyone would code anything that bad. If you don't like 'security through obscurity' - I recommend you start using one of the open sources exchanges based on intersango e.g. https://intersango.us/ rather than mtgox... Will My point was simply that it seemed no one wanted to give the guy a straight answer. And I have an account on intersango.us actually. My understanding of the Mt.Gox hack is that it was indeed a fake bitcoin hack also, but done in a different way. Although to be entirely honest, I'm not sure how exactly; Mt.Gox didn't really give us a straight answer (they changed their story a few times if I remember correctly).
|
|
|
So is there actually no one on these forums that can and is willing to explain in great detail how to go about one of these attacks?
Even if his intentions were not sincere, security through obscurity is a terrible terrible practice. Despicable.
macintosh264: For every confirmation it gets that much harder for an attacker to (temporarily) create fake bitcoins. 1 Confirmation means that the transaction is in 1 block in the block chain, 2 confirmations means it is in 2 blocks, 3 means 3, etc. In a nutshell what happened with MyBitCoin is that an attacker was able to mine a invalid block, then before the block was thrown out for being invalid mine another invalid block. In these invalid blocks it showed him depositing bitcoins to MyBitCoin. Because MyBitCoin only waited for 1 confirmation, it assumed that these were valid transactions and allowed him to withdraw the bitcoins. The withdrawn bitcoins were included in the actual real block-chain and therefore remained valid even after the deposits from the fake blocks were thrown out.
If you wait for 1 confirmation an attacker has to mine 2 fake blocks in a row to trick you. If you wait for 2 confirmations, they have to mine 3. If you wait for 3 confirmations, they have to mine 4. Etc.
Every confirmation you wait for makes it exponentially more unlikely that you are being tricked. Remember that a block is mined about once every 10 minutes, so it would take a great deal of computing power (and luck) to successfully stay ahead of the network for a significant amount of time to pull one of these attacks off.
With that in mind, 4 confirmations should be plenty. 3 would probably be plenty even.
|
|
|
With apt you can add your own repos. Perhaps rather than trying to get into the official debian repo, we could just make our own repo for Bitcoin like Tor has done ( http://mirror.noreply.org/pub/tor/). Anyhow, I think that libbitcoin is a great idea, but not exactly a project for someone new to C++.
|
|
|
We don't.
Also I agree with the GLBSE idea. I think this would be a great way to pool money for it.
|
|
|
Mining in Terraria was taken care of.
|
|
|
Yes.
I was hoping to help out with whatever they needed done. I hate seeing people scammed.
|
|
|
That's too bad...
I was really hoping someone would try to do something. I was on your side.
|
|
|
Just did a tracert on his server. Here is what I found. His hosting provider is a company in the Netherlands by the name of Leaseweb B.V. One of there websites http://www.leaseweb.net/ is currently down. According to a quick nslookup on the domain, they have no A records. So they probably just use this to make subdomains off of, which kinda makes that particular site being down rather irrelevant. Moving on though, Leaseweb's actual website http://www.leaseweb.com/en is still up and provides a phone number that one can call them at (actually it provides 3). If anyone would like to make that call. Leaseweb also seems to have a history of shutting websites down ( http://torrentfreak.com/leaseweb-forced-to-shut-down-more-bittorrent-sites-071116/), so in the end it could just be something as simple as them taking down MyBitcoin because some lawyer told them too. Anyhow, hope this helps everyone out. I don't think it was mentioned that Leaseweb was MyBitcoin's ISP here. Although someone did mention it here I found: http://www.webhostingtalk.com/showthread.php?t=1070151
|
|
|
Is that a paid copy of TF2 or a free copy?
|
|
|
On behalf of my best friend, I am selling stuffed animal bunnies. All of her bunnies are hand made and should be fairly durable (i.e. they can be well loved, but they are not indestructible). They make wonderful gifts. We can ship anywhere in the U.S. (sorry international shipping isn't avaliable). Custom bunnies are available upon request (please PM me for details). --------------------------------------------------------- Dark blue plush bunny -- silver eyesThis bunny is made from very soft, shiny, dark blue faux fur with off-white satin-lined ears and silver safety eyes. It's arms and legs are articulated so it can sit down or give hugs. It's about 14" tall when standing and has 13" long ears. Cost: 1.70BTC (shipping included)
|
|
|
I have to say that this topic is FUD at it's finest. Am I right boys?
Some people....
I guess he was hoping that some news site would catch wind of this topic before we completely borked it.
|
|
|
Do you guys play Terraria?
I have some mining I need done. That is repetitive and simple.
(I understand that I could cheat and just give my character in the game a bunch of stuff, but where is the fun in that right?)
|
|
|
BitcoinJ is maintained by an employee of Google as 20% project. Although, I'm sure he wouldn't mind the donations... I don't really think he needs them.
|
|
|
Not to be too entirely off topic...
But I just finished downloading and testing this app with a few testnet coins. Really wonderful interface. I'm sure the details of the implementation have some work that needs done (at least that is the impression I get here), but as far as interfaces go, I think this app does a wonderful job of making Bitcoin easy to use on the Android.
|
|
|
This is beautiful. Once you have this tested on Windows (and have tested it throughly) you should submit a pull request for this. I think that the mainstream client really ought to use QT (plus your GUI is so much nicer looking).
|
|
|
Nice idea, but where can i download this A^W-Programm ? ;-)
You can't. This was all just in theory. Someone would need to implement it and as JoelKatz pointed out, it could probably be done better too.
|
|
|
There are a number of places that will sell you a VPS or Dedicated server for bitcoin. You can find a nice list on the Bitcoin Wiki. https://en.bitcoin.it/wiki/Trade
|
|
|
4. this is not a core function of money and therefore should only be implemented in a 3rd party fashion and not implemented in the bitcoin it self.
this. +1 You could go as far as to make an alternative client that implements this somehow, but it is not something that should be in the original client and certainly not something to be stored in the block chain (which I know you didn't say, but I have a feeling you were thinking it).
|
|
|
You can't. Setting up bitcoind requires shell access.
|
|
|
|