pretty obvious TOR has a vulnerability that is being actively exploited ...
A prior comment of mine is relevant here: So I just looked into this, not thoroughly so someone please correct me where wrong, but have the following assessment. The FBI conducted a successful operation against a big person in the Tor world named Eric Eoin Marques who runs a company called Host Ultra Limited. They are trying to extradite Eric to the US to face charges. I'm guessing Eric either distributed directly, or hosted sites dealing in child pornography. Apparently he was conducting business as a Tor Hidden Service. Now, Tor Hidden Services is different than using Tor normally. Tor Hidden Services is what allows Silk Road to operate because the server itself can gain anonymity while still handling incoming client requests. What is not readily apparent (to me) is how the FBI found Eric's servers, and what was done with them. It could be that his servers were found with investigative methods outside Tor. However, there does appear to be a way to de-anonymize servers using Hidden Services revealed in the following paper at a security symposium in May 2013:Trawling for Tor Hidden Services: Detection, Measurement, DeanonymizationI only read the first couple pages but have no reason to doubt the claims. Whether or not the FBI used similar exploits for this case isn't apparent, but I'd say Silk Road looks vulnerable unless and until there is a patch or re-work of the Hidden Services protocol. |
|
|
|
|
Satoshi was/is certainly a genius (assuming he is one guy). He said he sort of did things backwards writing the whitepaper, as he coded everything up first to convince himself he could solve all problems.
He was obviously very technical as you would not only need to understand programming well, but also have a real grasp of networking. On top of that he then understood cryptography well enough to know it was strong enough to literally support a monetary system, and also understood math well enough to know the implications of a planet's population running through private keys for use was not a problem.
With all of that he then designed the block chain for decentralized accountability, proof of work for arbitration, sketched out scalability solutions then put everything into practice. For anyone that's ever been an entrepreneur or excelled in sports you know many dream but few do because the former is quite easy. Last but not least he, along with other core developers, wrote what an industry security expert called on of the most well written and secure pieces of networking software he had seen, from scratch.
So did Satohi do a lot? Yeah.
|
|
|
|
Elizabeth won. Congratulations to her, and thanks to everyone who voted! This isn't a particularly important position IMO, but the election sure was a lot of fun. I expected this to be a drama-filled popularity contest, but it was actually more like a real political race with some actual debate and campaigning. The second debate was especially interesting: it's great that we have so many intelligent and enthusiastic bitcoiners! Ben Davenport stuck out as a particularly good candidate -- I hope he runs for the next Foundation election or becomes involved in some other big Bitcoin organization. Elizabeth was the best person for this job at this time, though, and I'm happy that she won.
Agreed. We've got some stellar people pushing Bitcoin forward  |
|
|
|
Are you fucking stupid?
Pardon my french, but seriously? Syria is attacking it's own citizens with chemical weapons!
That case has not been made convincingly on an international level, at the U.N. unlike the U.S. presentation of Iraq WMD, I might add. Why was all this emotion missing for the Rwandan Genocide in 1994 where the death toll was estimated to be 500,000 to 1,000,000? Even Secretary General Kofi Annan said "The international community failed Rwanda and that must leave us always with a sense of bitter regret." For some reason the U.S. only gets unshakeable humanitarian concern and (hypocritical) moral uprightness when events take place in the oil rich Middle East  |
|
|
|
... and the analogies about gold and silver totally fall apart when you acknowledge Bitcoin's divisibility invalidates the argument.
I agree with everything you said except this bit. The divisibility of Bitcoin doesn't change how many whole bitcoins there are, and that's the key. There are four times more whole litecoins than whole bitcoins, meaning for one thing litecoins are probably in more people's hands. The number of litecoins in the world has already surpassed the number of bitcoins because they come into existence four times faster. This is why a gold/silver comparison can be apt. If making bitcoins divisible affected their exchange value then whole bitcoins wouldn't ever have a relatively stable price as they do now. Similarly to bitcoins one can divide USD and Euros almost infinitely too (e.g. see BTC-e). This doesn't change the inflation rate of those currencies. I do congratulate you however on coming around on the potential for select alt-coins, though, after arguing with me about it prior  |
|
|
|
All of her response could logically follow from the information you gave her, except for the wall penetration part... That seems an odd choice of words. Of course to us that has meaning with regard to the hashing algorithm that secures the network, or the overall block chain and proof of work scheme which has 51% attack vulnerability.
wall penetration is wording used in investments.. so just him saying investments the reply of wall penetration does sound as a natural flow of conversation. nothing at all to do with the algorithm I might see that argument for an American clairvoyant, but a native Bulgarian speaking one? |
|
|
|
|
All of her response could logically follow from the information you gave her, except for the wall penetration part... That seems an odd choice of words. Of course to us that has meaning with regard to the hashing algorithm that secures the network, or the overall block chain and proof of work scheme which has 51% attack vulnerability.
|
|
|
|
I would think Goldcoin needs to beat at least Feathercoin before claiming it can beat anything else...  Anyway, this propaganda belongs in the Alt-coin section. |
|
|
|
... Inconsistencies in block validation can result in devastating forks which would be harmful to all Bitcoin users and not just the users of the inconsistent software. This is more of a risk today than it ever was since a majority of mining is just in three hands and so many people use SPV wallets.
I agree. However, I'll note this highlights what I've said before about economic dependence solely on Bitcoin being risky. The last sentence above doesn't currently pertain to Litecoin, for example. |
|
|
|
Those web sites allow you to make a payment link for sales of digital downloads in Bitcoins only. They are given a digital download in exchange for Bitcoins. The web site collects a small fee from the sale. Hopefully that makes sense
I believe that qualifies as an exception to being a money transmitter similar to BitPay, in particular under exemption (F). This BitPay blog post may help you: http://blog.bitpay.com/2013/03/how-fincen-guidelines-affect-bitpay.html |
|
|
|
|
I didn't really look at what those sites do, but the thing to consider is whether or not a site accepts and transfers currency from one user to another. It doesn't matter if that is virtual currency or USD or anything that could substitute for currency. It also doesn't matter if it's all virtual currency with no USD involved. That all counts as money transmission under the guidance issued by FinCEN.
One exception is if the site provides payment settlement. For example, BitPay allows users to send them virtual currency, like Bitcoin, which they then give to a merchant in the form of USD or bitcoins. This doesn't count as being a money transmitter because something is being sold, for which BitPay is simply facilitating payment settlement. Now if BitPay were to allow users to send bitcoins to merchants without anything being sold then BitPay would need to register as a money transmitter. That's my understanding.
I'm not a lawyer, but I've been following this regulation subject since the FinCEN guidance was released in March. I don't think I'm too far off.
|
|
|
|
SHA-2 is an open algorithm and it uses as its constants the sequential prime cube roots as a form of "nothing up my sleeve numbers". For someone to find a weakness or backdoor in SHA would be the equivalent of the nobel prize in cryptography. Everyone who is anyone in the cryptography community has looked at SHA-2. Not just everyone with a higher degree in mathematics, computer science, or cryptography in the last 20 years but foreign intelligence agencies and major financial institutions. Nobody has found a flaw, not even an theoretical one (a faster than brute force solution which requires so much energy/time as to be have no real world value).
To believe the the NSA has broken SHA-2 would be to believe that the NSA found something the entire rest of the world combined hasn't found for twenty years. Also NIST still considers SHA-2 secure and prohibits the use of any other hashing algorithm (to include SHA-3 so far) in classified networks. So that would mean the NSA is keeping a flaw/exploit from NIST compromising US national security.
Anything is possible but occam's razor and all that.
|
|
|
|
Just as I suspected. The NSA pretends to be "helpful" while biasing systems to their favor (when possible). I imagine their contributions to the Android OS are similarly motivated. The NSA Has Inserted Its Code Into Android OS, Or Three Quarters Of All SmartphonesThrough its open-source Android project, Google has agreed to incorporate code, first developed by the agency in 2011, into future versions of its mobile operating system, which according to market researcher IDC runs on three-quarters of the smartphones shipped globally in the first quarter. NSA officials say their code, known as Security Enhancements for Android, isolates apps to prevent hackers and marketers from gaining access to personal or corporate data stored on a device. Eventually all new phones, tablets, televisions, cars, and other devices that rely on Android will include NSA code,
|
|
|
|
Considering how many Windows kernel hackers(good ones) there are, surely they would've noticed any backdoors by now!? Or running Windows in a VM and listening for strange outgoing connections?
Not really. Most people don't imagine they are being surveilled or have reason to be suspicious of their own equipment. Consider the article I linked above about the NSA keys being found in Windows: Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.
...
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.
A third key?!
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders.
It might be risky for the NSA to use some of its most invasive techniques, but not so much if nobody is expecting it. I think a lot of what the NSA was doing was based on a premise of an unaware/ignorant populace for targeting. I think they over estimated their ability to be perfectly discreet, though. They didn't expect one of Microsoft's developers to forget to strip the debugging label "NSAKEY"; they didn't expect Edward Snowden to leak documents. This doesn't surprise me. Governments are often inefficient/incompetent, and more so the bigger they are. What Snowden has done is put everyone on guard, and as both he and Schneier point out in the article there are ways to defend effectively against this sort of thing. You just have to know to do it and how to do it. |
|
|
|
The probability they can compromise closed-source machines, like ones running Windows with backdoors or even OS X, is too great. While there are closed source portions of OS X, the core is open-source Darwin. Yes, a better word for me to use there would be proprietary, which is what I'm most concerned as the the NSA can easily (apparently) intimidate companies to include backdoors. I hope that that evolves out of our recent more broadly appreciated understanding of the shape of things.
Yep. I feel that's Snowden's biggest accomplishment. I don't think anybody has really been surprised about what type surveillance is possible; it's more that we now have factual evidence of the extent to which things are done that's making people take notice and say wow. |
|
|
|
Here's the relevant quote:
"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
That seems like a pretty serious allegation to me.. anything to it folks?
No, I believe what he means is the the latter options are more vulnerable to improper use. For example, people often use weak private keys, thinking they are safe. There is a thread even now about someone using a dictionary attack to find accounts with funds in them. Similarly, about the NSA using influence they've done the same thing with security recommendations for the open-source Android OS. That doesn't mean Android is directly vulnerable to them, because it's still open-source and can be scrutinized widely. This only means they may attempt to slip something in while still having plausible denial of intent. i found it amazing that someone like him would still be using Windows.
I don't. A security/software expert is the only type of user I would recommend use Windows. I've used Windows for different things myself many years. I've never ran anti-virus software and have never had a virus. Has Snowden commented on whether certain operating systems are more vulnerable to the NSA than others?
Also, does Snowden use Linux? If so, what distro?
I don't know if Snowden commented, but I can. Schneier has also hinted in the article. When it comes to any software, including operating systems, your best bet will usually be open-source, the more open the better. After reading that article I'd say as Bitcoin becomes more popular, and cryptography becomes more mainstream in general, it will become imperative users switch to Linux. Either that or the NSA needs to be severely scaled back or abolished. The probability they can compromise closed-source machines, like ones running Windows with backdoors or even OS X, is too great. |
|
|
|
If the dev team was compromised, then Bitcoin-QT would change, but Electrum, Blockchain.info, the wallets on exchanges, all the mobile phone wallets, and all the mining pools, will continue working as usual, and will likely reject Bitcoin-QT transactions and blocks, which would instantly throw really huge red flags that something is up. So, anyone using anything other than QT will be fine, and anyone using QT will just have to either downgrade to an older version, or export their private keys to a non-compromised wallet.
Incorrect. The dev team can't make any changes to all the Bitcoin-Qt versions already distributed and running on various computers. If you don't want to agree to any changes, simply do not upgrade. |
|
|
|
Suppose someone accidentally the whole dev team? Or suppose it is infiltrated? Or suppose they are bought off?
How should we as a community react? Probably fork right, but what fork? It is easy to imagine a dozen forks springing up before things stabilize. In a worst case they could be so weak, the original, comprised chain becomes the favored one, simply because it is easier to stick with the status quo.
Maybe we could benefit from a chain of command or something?
While the dev-team is brilliant they don't equal Bitcoin. The community doesn't always go for what the dev-team suggests. In fact sometimes there are differences of opinion within the dev-team. Also, the dev-team isn't set in stone. Members of the core dev-team can change. This is a strength of Bitcoin being decentralized. There is no single point of failure. Since the entire community benefits from Bitcoin being successful, everyone naturally desires to do what it takes to make that happen. This usually means as long as things are working there is no reason to change or accept any changes. Only changes which can win a large majority of support, what Gavin often calls a supermajority, will usually have any chance at being implemented. |
|
|
|
Consider the financial collapse of the Roman Empire. Lenders were able to charge interest on loans that were made to other parties. While this seems like a good situation for the lenders, with a finite amount of physical currency i.e. gold, the lenders eventually possessed all the gold, and the debtors were left with no possible means of repayment. For centuries afterward, usury was a crime which was punished very harshly because of this.
Not exactly. The lenders couldn't possess all the gold. There was (and still is) plenty of gold which can be mined naturally. Also, the lenders would need to put some of their gold back into circulation for things they wanted otherwise it wouldn't make sense to have it. Interest can reflect the market price for the immediacy of money. Interest is not inherently evil. However, I would say interest rates above a certain level can be immoral. Fast forward to today. We've been off the gold standard for quite some time. While this may have resulted in a temporary economical surplus, it of course would not last. With nothing to regulate the increase of money, banks have been able to lend vast amounts of money with interest created out of thin air. More money in circulation means less purchasing power, means higher prices. Because of this, more and more loans with interest have to be created to stave off the eventual catastrophic deflation and economic collapse such as the great depression.
Correct. |
|
|
|
|
Since Bitcoin is global it wouldn't stop Bitcoin overall. It would piss off everyone that suffered such action, especially miners, and market forces would pressure Bitcoin-accepting ISPs to pop up. That is unless it's made illegal of course. Then users would need to use it discreetly over Tor.
However, sending and receiving coins can be done with online wallets (in other countries) like Blockchain.info which use HTTP so blocking Bitcoin protocol traffic means nothing there.
|
|
|
|
|
Show Posts
