However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. One the torwallet.net page it claims "Seizing or hacking this server will have no effect on TORwallet's services and gain you no bitcoins, only our wrath", but this is wrong. If the torwallet.net server is hacked, the private key of the SSL certificate is exposed, and the hacker will know the URL query strings That is not correct. Torwallet.net does not contain any private keys, and it is a separate server from the .onion site. They are not hosted on the same server. Not sure what's so hard to understand about that. |
|
|
|
I get this at the top (under Home... Help... Search... etc) of every page when anon now:
Notice: Undefined index: watched in /var/www/bitcoin/smf/Sources/Load.php(1753) : eval()'d code on line 170
You mean when not logged in? I don't see that... |
|
|
|
However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal.
Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it.
The hacker don't need the wallet private key to withdraw BTC. Only the secret codes are needed That's correct, however URL query strings are encrypted when using SSL, so they can't be sniffed. If someone tried to MITM after compromising Torwallet.net, the SSL certificate would have a different fingerprint and it would be detected as an error, since you have created a special exemption in your browser for that specific fingerprint. |
|
|
|
does the 'notify' button not work?
"notify" is for emails, which not all of us want. Instead, we use the "watchlist", so that when you click the " Watchlist" link at the top of the page, all you see are the topics you are watching. You can then respond to the most important topics first, then read the rest of the forum. |
|
|
|
|
Huh, Google must have just gotten around to updating that section of street view, it used to have a big-ass bus in the way of the picture.
|
|
|
|
rjk: nope. This 45586 part (there are many of them) and the other do not have the plastic bridge between pins 7-8, and (as you pointed out) do not appear to have the right keying which should be:
LL
RRSS
SRRR
L = Latch
R = Round
S = Square
Sorry my bad! I got mixed up between 8-pin PCIe and EPS12V. The thing is, the additional 2 pins on a PCIe 8-pin connector are unnecessary - they are just signals connected to ground and do not carry current. EPS12V goes like this: LL RSSR SRRS |
|
|
|
Actually, I think the 45586 has the wrong keying, but the 50-36-1744 looks like it might work? The PDF shows a 10-pin version, but I can't tell what the keying is on the 8-pin version. |
|
|
|
Thanks for the new features for the watchlist functionality! This is now a winner and what I am using for my go-to browsing experience. I've already removed several items that I don't want to watch.  |
|
|
|
Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net. It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Hacking of torwallet.net will expose absolutely nothing. https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor. In fact, here is the command we use. socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050 Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port. Just for example, I have the following wallet: https://www.torwallet.net/w/c85f0c2c5347caf6b302cebabed0e93c3ce023d6739b1e502128cbaa7042eddbTherefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet. A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............." However, he cannot obtain the private key by hacking torwallet.net. He can only obtain it by hacking the onion site itself. That socat tool is pretty damn cool; I've added it to my arsenal. Most .onion sites don't bother having SSL enabled because Tor provides encryption... but for external access, this is a perfect example of how to use it. |
|
|
|
|
So much fail on that site, spelling errors all over the place and built with WIX? Seriously?
|
|
|
|
It's back to auto SSL redirecting now!
Cool, seems to work. |
|
|
|
|
TL;DR, "bitcoiners" wanting non-bitcoin payment options.
Oh the irony.
|
|
|
|
|
Wonder if you could integrate with Bitinstant for ShitPal transfers? They do it as of this evening, for a 6% (!) fee.
|
|
|
|
|
Why not completely disable Dwolla, now that Bitinstant offers paypal withdraw? 6% fee sucks, but hopefully it would be instant.
|
|
|
|
|
Show Posts
