Show Posts
|
Pages: « 1 [2] 3 4 »
|
...Not zero, because "Samantha" is offering a perfect demonstration of what most females do with men: use clever manipulation to get money, or other things of value.
All you jaded males remind me of ladder theory proponents and anti-marriage zealots. You deserve your loneliness and the quality of women whom you encounter is a direct result of your own lack of quality as a human individual. Enjoy your increasingly frustrating and lonely lives, fools!
|
|
|
If you're reading this, you may be concerned or interested or exasperated over rumors of SHA256 weakness and in turn the implications for Bitcoin. Stop reading now and rest assured in the knowledge that Bitcoin is safe for the rest of this decade if not century with regards to SHA256.In fact, Bitcoin is probably safe beyond this century for reasons I will explain in more detail. First, let us discuss potential attacks against cryptographic digests (hash functions) in order of difficulty: 1. Collisions with less effort than expected on reduced round variants of a digest. 2. Collisions with less effort than expected on the full digest. 3. First-order preimage attacks against reduced round variants of a digest. 4. First-order preimage attacks against full digest. 5. Second-order preimage attacks against reduced round variants of a digest. 6. Second-order preimage attacks against full digest. 7. Practical attacks applied to full digest in the wild. Yes, that's right. Bitcoin is safe until all of pins 1-6 have been tackled, and even then the costs are likely to make such efforts against Bitcoin impractical. Even MD5 and SHA-1 are only vulnerable to #'s 1 and 2. Find this subject interesting? You might like "The code monkey's guide to cryptographic hashes for content-based addressing" which is relevant to Bitcoin: http://valerieaurora.org/monkey.htmlNow we can all go back to the illuminati and hacker threads. Thanks!
|
|
|
I was thinking about deleting this thread but I find the sexist comments funny. ++ Even BitcoinPorn chimed in!
|
|
|
I suspect this decision was made so as not to let their position regarding digital currency (esp. bitcoin) appear to be biased.
We shall see.
If they are about to take a bitcoin related case I will revoke my ill feelings on this matter. Until then, their decision just appears cowardly.
|
|
|
I think it's a sensible stance. Anything a lawyer can say about the legality of alternate currencies is a guess until cases start to go through the courts.
A sensible stance for a risk averse coward of an org. I guess that is EFF now... :/ EDIT: Also, why the need to exchange? Keep them and use them as currency in and of themselves when services they need can be compensated in bitcoin. Throwing them in the faucet when they were donated in good faith is just disrespectful. [Letting them "circulate in the community" is better than nothing yet still disappointing. Run a Tor node on bitcoin server, anything instead of dismissing them whole.]
|
|
|
... BTW, I'm gigi, a programmer with 30 years experience in coding financial systems, great business development skills, and was CEO of a major investment bank for 10 years...
You are clearly a poor programmer. Get over yourself.
|
|
|
Sending decimal numbers as numbers invites clients to interpret them as floats and thereby introduce rounding errors. It's not a bad idea to transfer fixed point decimal numbers as strings.
Correct. This is actually a feature borne out of wisdom dealing with lots of different languages and runtimes which may not support floating point math accurately or as expected when doing conversions to other types. gigi is the idiot. EDIT: and just to clarify, using a string type let's you, the API user, determine how to re-cast and interpret the value rather than dealing with side effects of some implementation which tries to "do the right thing" by default.
|
|
|
... I once worked at a place and we had a security officer who periodically attacked our network passwords and forced us to change those he managed to break. It was pretty annoying of him.
I heard this and thought, "Wow, that's pretty conscientious and considerate of him!" Only annoying if you use weak sauce passwords. Are you full of weak sauce and annoyed?
|
|
|
... LOL. PCI-DSS is pure marketing towards consumers. Look at some of these requirements: .... Duh.
Most of the requirements are "Duh" common sense. They also require testing, and have audit controls or compensating controls to identify issues early and mitigate them before they become a disaster. (in theory, see how Sony messed up PA-DSS compliance Sure, I hate PCI-DSS bureaucracy as much as the next person, but the fact remains too many of these vulnerabilities arise from "Duh" stupid stuff they've overlooked. MtGox isn't even trying! If you adhere to common technical standards and practices (PCI-DSS, OWASP, etc.) you're at least making an effort and protecting against the stupid stuff. Almost none of these exchangers are even doing that basic level of due diligence!
|
|
|
MTGOX BREAKING NEWS
We will do one hour with the TradeHill guys LIVE via Skype.... ... BLAH BLAH BLAH
I'm trying to figure out why you think it is acceptable to keep posting this in every thread. Did you get dropped on your head a lot as a child? Media whore'ing opportunities like this happen once a lifetim^H^H^Hmonth in bitcoin land! Gotta make every second and eyeball count!
|
|
|
... But no one knows in advance which ones are strong and which ones are weak, and work spent on one won't help with the next. Also, you don't necessarily know which accounts carry balances, and which ones don't.
All potentially revealed in about 2 days for anyone using 8 character passwords or less...
|
|
|
Here is a reduced set of the leak containing username and email. Anyone running bitcoin related sites where logins may have been re-used: Please protect your users and temporarily lock-down these accounts until a password reset has been performed!http://76.74.251.235:27582/mtgox-accounts-name-email-only.csvThese users should know better than to re-use credentials, but many are not being smart. Limit damage if possible.
|
|
|
... Unlikely unless you're sloppy.
To prove the point, 10 bitcoin for each pass for any of these unsalted MD5s:
824cfad07c88261afb4dd3285627887a 73550477b12849b2a4dcd3b0db187415 3e567bcbb2aa5c28c47012b857bf6e48 3709fb6b0e1c0b26ff22a19ae92fd080 9133c451dd761d29943dcc653252e2fa ff111d6144367b4abd99aa4321b0a618 8602188ef5a05a13afc59c51b395426c da842aa7c84236d17a04098fa1273f2d ...
Well they aren't in any rainbow tables, so they must be pretty long. Judging by the high reward on this, he probably used 15-20 characters. Enough that you might as well keep your computers mining bitcoins, it could be months even for a very powerful group of computers. 16 character alphanumeric. MD5 can be weak as snot, unsalted, and exposed via SQLi and I don't care. Don't be sloppy with password management! All of you re-using passwords between sites, re-using usernames and passwords between pools or miner accounts, re-using same email addresses across forums and exchange accounts, ALL OF YOU ARE ASKING TO GET PWNED! What will it take for this message to sink in? cracking the MtGox hashes shows the majority of you are still being lazy...
|
|
|
An exchange as strong as the bitcoin network needs to be developed... These exchanges are dealing with big sums. In typical industry such systems are at least engineered to PCI-DSS standards with the software itself passing PA-DSS audit and requirements. How many exchangers audit their systems? (appear to be none) How many exchangers have per-account controls on funds? (A few now, it seems) How many exchangers use hardware security modules to protect records? (appear to be none) How many exchangers use a red-team or pen-test specialists to look for holes? (appear to be none) This is pretty lame and these exchangers are fairly untrustworthy! (by nature of their vulnerability regardless of intent.)
|
|
|
A series of studies, "Peacocks, Porsches and Thorstein Veblen: Conspicuous Consumption as a Sexual Signaling System," was published recently in the Journal of Personality and Social Psychology. A peacock's tail is beautiful: magnificent plumage, iridescent colors. Alas, it is also wasteful. It takes a tremendous amount of energy to develop. Sound like bitcoins? Sexual signalling really works -- just not necessarily as intended when a man buys the biggest TV or the flashiest car or has the fattest bitcoin wallet.dat. Women, they found, respond to men who spend lavishly. In one of the studies, women viewed two biographies for a man -- each 32, with a master's degree, a good job and interests in bicycling, movies and music. The only difference -- one drove a Porsche ($58,000) and the other a Honda Civic ($15,655).
The women preferred the man with the Porsche as a date -- but not for marriage. They inferred from his flashy spending that he was interested in sex without commitment, the study concluded.
Through surveys of men under 30, the most sexually active age group, the researchers also concluded that about one-third are consistent peacocks. Another third switch back and forth depending on the situation. But they tend to be problem boyfriends.
Once a peacock always a peacock, he added -- since that same group tends to be the problem husbands.
"They are the guys who cheat on their wives," Griskevicius said. The moral of this story: Don't marry a guy who has bitcoins! Ref: http://www.startribune.com/lifestyle/relationship/123994144.html
|
|
|
The reason this forum is so slow is because it is getting DDoSed.
Any idea who is behind it? It is the Russians! Or LulzSec! Or Anonymous! Or the CIA! Or China! Or the FED! (I think that covers all the standard speculative sources...) Don't believe anything you read on these forums about attacks and hackers. Almost all of it is noise and nonsense!
|
|
|
... I think it may have been a brute-force attack.
Unlikely unless you're sloppy. To prove the point, 10 bitcoin for each pass for any of these unsalted MD5s: 824cfad07c88261afb4dd3285627887a 73550477b12849b2a4dcd3b0db187415 3e567bcbb2aa5c28c47012b857bf6e48 3709fb6b0e1c0b26ff22a19ae92fd080 9133c451dd761d29943dcc653252e2fa ff111d6144367b4abd99aa4321b0a618 8602188ef5a05a13afc59c51b395426c da842aa7c84236d17a04098fa1273f2d Have fun! ;P EDIT: alphanumeric only. I'll pay legitimate finds or my name is mud!
|
|
|
... Reminds me of how closely spaced the discoveries of the atomic bomb and LSD were.
LSD and Berkeley UNIX too.
|
|
|
The malicious .SCR trojan private messaged to members of this forum is identified as Induc.A on all the popular A/V products. It looks for wallet.dat to send via mail relay to hotmail drop as previously discussed. Looks like more and more bitcoin malware is popping up... everyone is running up-to-date anti-virus, right?
|
|
|
...I got accepted to speak at DEFCON 19 about bitcoin.... I'm open for input, giving a 20 minute talk.
Do you have a set of subjects to cover? Did you find something in bitcoin design or implementation or existing network worth discussing at DEF CON? Do you know what Dan Kaminsky has planned in his "BitCoin: Network Manipulation for Fun And (Literal) Profit" presentation? Fill in some blanks and I'll give you input/feedback Check out: https://www.defcon.org/html/defcon-19/dc-19-speakers.htmlAnyone going to be running a cash / kit / coin exchange at DC19?
|
|
|
|