Still, looks like another case where my exponential difficulty requirement for blockchain reorganization idea would come in handy. It would kill any and all offline mining attacks.
is there any reason why this wouldn't be implemented? |
|
|
|
Thanks to InfoGuy for the exploit, this exploit will cause the client to bounce the receving amount back to conformation nodes and the address of the sender which will receive increased amount but the limitations of the exploit the amount has to be between 1.00 to 0.05 to trigger the event.
A block altering method - Exploit Still Works and has been in private use
Every amount is random but always increased
1717JtMWtrAsLYkDBze5KRKa4paKtzRhK6
Exploit by InfoGuy sounds like bs to me. |
|
|
|
|
rexcoin, threads like this wont help you at all...
|
|
|
|
|
Last post on 8th of oct. Sure looks like a scam.
|
|
|
|
I wonder why rush to deploy such extremally dangereous changes
without months of torturing testing on the testnet ??
I mean BOTH proposals (16 and 17).
Gavin created a bot that makes BIP17 testing impossible on the testnet. Is this true? |
|
|
|
Why not have the person that loans you the money pay the balances to owe to others and send you the rest? Making you responsible for the whole amount and making sure your other lenders are settled with and you don't run with all of it.
+1 |
|
|
|
No "Johnsson and sons" but "Pirate and clones"
As long as it's not Lehman Brothers I'm good with that.  |
|
|
|
|
Pirate for the president!
|
|
|
|
|
The fix seems to be working, no crashes since the update.
|
|
|
|
Site down?
jup. I'm sure it'll be up in no time tho. |
|
|
|
aren't private keys encrypted, therefore even with open RPC one would still have to decrypt them before a transaction could be made?
No, RPC is there to allow control of bitcoind by other programs. Like, imagine you have a website that needs to perform payments automatically. Your web server contacts bitcoind and requests the payment. If authorized, bitcoind performs the payment. It doesn't matter if the keys are encrypted or not, as it is the bitcoin software itself that's signing and sending the transaction. It can decrypt the keys if needed. The hacker did not steal a private key. It managed to access bitcoind and control it, requesting the payment thought the RPC interface. Bitcoind treated it as a legitimate request. Normally this control interface should not be publicly accessible, but in this particular case it was. Do you see the difference? OK I get it. I assumed one would still have to input the wallet password, but it wouldn't make much sense using RPC if it couldn't do anything by itself, thus making wallet password moot. |
|
|
|
unencrypted wallet, I take it?
No, he said on OP, open RPC (well, maybe the wallet was unencrypted too, but it doesn't matter, that's not how it was stolen). Summarizing, it is as if his bitcoind node was accessible by anyone on the internet that happened to know his password, and apparently the password wasn't that strong since it was bruteforced. The attacker just requested the victim's bitcoind to send him money, and it sent. aren't private keys encrypted, therefore even with open RPC one would still have to decrypt them before a transaction could be made? In other words, an attacker would have to know rpc username/password and the wallet password? |
|
|
|
|
unencrypted wallet, I take it?
|
|
|
|
That was... quick...
pirateat40 loves his lenders. I'm watching this thread like a hawk from now on. Btw, any news on when new people might be able to join? |
|
|
|
What about a shareholder takeover of the site ? I think that is what people would be happy with . A takeover of the ubitex site? I think that would be very very fair, although without the cooperation of cuddlefish I don't see how it's going to happen, he has control of the servers and the domain name. Although this is what we could go to his parents to ask for. Is the site even up and running? nope, not anymore. |
|
|
|
No, it is not stupid. However, what is stupid is commenting on the actions of other people without bothering to read the previous posts
It's in your own best interest not to make such posts. I have no money in this, therefore nothing to lose. If Peter repays someone in this thread who does not own shares, it'll be you who will be on the losing side. |
|
|
|
|
Requesting bitcoins in this manner is stupid. You all should make sell orders on glbse, proving you own the appropriate number of shares.
|
|
|
|
OK, it works now. Just a temporary glitch it seems, sorry |
|
|
|
|
Show Posts
