Postponed for an hour by a single limit order cleaning out the asks all the way up to 157, about two minutes before the hour. That single trade avoided a massive red candle on the hourly. (Well below the hourly averages.) Painting the tape much?  |
|
|
|
Silk Road down due to DDOS:-UPDATE (04/24/2013 0714 UTC): "The downtime of the past couple days, and especially the past 24 hours has been confirmed to be due to a deliberate attack from what appears to be an individual. There appears to be no security breach, only disruption of availability. The attack appears to be DoS in nature and is likely an exploit at the Tor network level. The site will be down or very slow until a solution can be found, which we will work tirelessly to find. Thank you for your patience." http://dkn255hz262ypmii.onion/index.php?topic=151563.0-UPDATE (04/24/2013 1647 UTC): Nothing new to report, but I just thought I'd let everyone know that I am still here and we're doing everything we can to put and end to all of this. I'm really proud to be a part of this community. You all have been showing your class through all of this. -UPDATE (04/24/2013 1222 UTC): We are starting to get a handle on how the attack is being run. It will likely take many hours to eventually overcome, but we are 100% committed to getting the site running in peak form again. It is still possible to access here and there, so we are leaving the site open for those who want to try to gain access, but it will be tough until we can effectively counter the attack.
|
|
|
|
DOM XSS exploit employed by Satoshdice: http://blog.mindedsecurity.com/2012/11/dom-xss-on-google-plus-one-button.htmlstarting from: jsh=m;/_/apps-static/_/js/gapi/.... becomes " https://apis.google.com/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0" and l[q] is the replace function : function W(){
...
531 a = v.XMLHttpRequest,
532 l = l[q](/^https?:\/\/[^\/]+\//, "/"),
533 m = new a;
534 m.open("GET", l, f)
...
}So on line 532 https://apis.google.com/ is removed and 'l' becomes: "/_/apps-static/_/js/gapi/..../cb=gapi.loaded_0" The reason why there is execution is that the response is evaluated using the following code: B=function(a,b,c){v.execScript?v.execScript(b,"JavaScript"):c?a.eval(b):
(a=a.document,c=a.createElement("script"),c.defer=i,
c.appendChild(a.createTextNode(b)...And whaddaya know, this seems to be exploited in a weirdly named file, satoshdice[ dot ]com/cb=gapi.loaded_0
Identitying the identity thief: <script>var gapi=window.gapi=window.gapi||{};(function() { Math.random();var f=function(c,b){var e=c.match(RegExp(".*(\\?|#|&)"+b+"=([^&#]+)"))||[];return decodeURIComponent(e[e.length-1]||"")},p=function(c,b){function e(a){if(!a.match(/^https?\:\/\//))return"";var b=k.createElement("a");b.href=a;b.pathname=b.search=b.hash="";return b.href.replace(/\/\??\#?$/,"")}function l(){a.parent.postMessage(a.JSON.stringify(d),m||"*");d.s=n+"/"+g+":"+n+":"+d.s;d.g=!1;b&&(d.a=b.slice(1));a.parent.postMessage("!_"+a.JSON.stringify(d),m||"*")}var a=window,k=a.document;if(a.postMessage&& a.JSON&&a.JSON.stringify&&a!=a.parent){var g=a.name,h=a.location.href,m=e(f(h,"parent")),n=f(h,"pfname"),d={s:c,f:g,r:g,t:f(h,"rpctoken"),a:b||[""],g:"ping"};k.all?a.setTimeout(l,0):l()}},q=function(c,b){p("widget-csi-tick-"+window.name,[c,null,b])},r=function(c){var b=window;return"1"===f(c||b.location.href,"useGapi")};window.gapi.inline=window.gapi.inline||{ping:p,tick:q,shouldUseGapi:r}; })(); </script></head><body class="g-rba-Dh-kQa " marginwidth="0" marginheight="0" style="zoom: 1;"><div id="root"><script type="text/javascript">window.__SSR = {c: 125.0 ,si:1,su:1,e:' brandoncowen@gmail.com',dn:'Brandon Cowen',a:'bubble',at:'AEIZW7T+bkaU4hFtHtCS7snSvYxDQMcjd7EnprcqUem11jOZf+d18o0QydlM8cuHPKCbMYMV0GzlSvWr08E5s6avbCVyVh6K81S0Tq1J924OGHBrcpkPhec\x3d',ld:[,[2,125,[] ,1,106] ] ,r:'http:\/\/satoshidice.com\/',s:'widget',annd: 2.0 ,bp: {}, id:'http:\/\/satoshidice.com\/'}; document.addEventListener && document.addEventListener('DOMContentLoaded', function () {gapi.inline.tick('wdc', new Date().getTime());}, false);</script><div id="plusone" dir="ltr" class="Bg"><span id="widget_bounds"><table cellpadding="0" cellspacing="0"><tbody><tr><td><div class="ZRa"><span id="button" class="hAa ah Bg" title="" role="button" tabindex="0" aria-label=" Click here to publicly +1 this as Brandon Cowen (brandoncowen@gmail.com)." aria-pressed="false"><div class="YIa"></div></span></div></td><td><div class="vC"><table cellpadding="0" cellspacing="0"><tbody><tr><td><div class="eX"></div></td><td><div class="U1"><div id="aggregateCount" class="V1">125</div></div></td><td><div class="fX"></div></td></tr></tbody></table> Ooops, looks like Brandon forgot something.
Next, compare the whois data: One point for using a bitcoin-registrar.  Domain name: brandoncowen.com Administrative Contact: BncApplications Cees ( bnc321123@gmail.com) +1.905434 Fax: +1.5555555555 4748 Sideway Court Toronto, S L8N 6Y2 CA Technical Contact: BncApplications Brandon Cees ( bnc321123@gmail.com) +1.905434 Fax: +1.5555555555 4748 Sideway Court Toronto, S L8N 6Y2 CA Finally, googling " bnc321123@gmail.com + bitcoin" yields ONE hit: Lookup, WHOIS express bypassthe.net - Network Tools network-tools.com/default.asp?prog=express&host=bypassthe.netGetSomeCoin.com - An introduction to the Bitcoin Internet currency system based .... CA Administrative Contact: BncApplications Cees ( bnc321123@gmail.com) ... evoorhees, please contact Namecheap, Cloudflare to get the site shut down and blacklisted ASAP. |
|
|
|
wget -r " http://satoshdice [do not visit] com" Returns some really interesting js, in addition to the standard SD assets. For example: <script style="display: none;" id="hiddenlpsubmitdiv"></script>
<script>try{for(var lastpass_iter=0; lastpass_iter < document.forms.length; lastpass_iter++)
{ var lastpass_f = document.forms[lastpass_iter]; if(typeof(lastpass_f.lpsubmitorig2)=="undefined")
{ lastpass_f.lpsubmitorig2 = lastpass_f.submit; lastpass_f.submit = function(){ var form=this; var customEvent = document.createEvent("Event");
customEvent.initEvent("lpCustomEvent", true, true); var d = document.getElementById("hiddenlpsubmitdiv");
for(var i = 0; i < document.forms.length; i++){ if(document.forms[i]==form){ d.innerText=i; } }
d.dispatchEvent(customEvent); form.lpsubmitorig2(); } } }}catch(e){}</script> (Meanwhile, the guy from Hacker News has deleted his account.) Obviously, you should not visit the site! |
|
|
|
SATOSHDICE.COM (Phishing/malware/domain name squatting?)
A link to Satoshdice [dot] com was submitted to HN today, later nuked: Is this site legitimate? https://news.ycombinator.com/item?id=5600184Warning: The linked domain is satoshdice.com, not satoshidice.com
Is this malicious? Did SatoshiDice.com get domain-squatted upon expiration?
(It's not a phishing site, since satoshidice doesn't store any account information.)
-----
FWIW, https://www.virustotal.com/en/#url --> satoshdice.com seems fine.
|
|
|
|
Nothing really has changed, except the soaring prices (it doesn't have a lot to do with me other than seeing my out-of-pocket 5,000 BTC personal compensation is valued at >$1 million at peak, that was over 80% of my entire Bitcoin savings and I didn't purchase more after the incident). Bitcoinica LP is still not liquidated with zero progress of the fund return.
And nothing of value was lost, right?
First: Are you up for a /r/bitcoin IAMA? Regarding Bitcoinica: What, if anything, would you have done differently? (Refresher: https://news.ycombinator.com/item?id=2973301) In your opinion, what happened to Bitcoinica? Are you a party in the civil litigation against Bitcoinica? What is your opinion on the (recent) death of instawallet? What is your opinion of the Bitcoin Consultancy trio? How is your registrar business doing? How is your sleep? |
|
|
|
You just gave the hacker the information he needs to clean out any remaining balance from those two sites. Same login/username too? What is bitme.com? |
|
|
|
Lag at 40 seconds. 110 starting to fortify.
Looks like the attacker started buying in at 110, catching the bottom. |
|
|
|
I see it is up now. I seen where they where doing maintenance something about more
space for the block chain.
'They" need to post in advance it doesn't look good to have your site down with zero news. Incredibly, MtGox did so just yesterday.  |
|
|
|
I'm supplementing my BTC count with my unusual luck at SatoshiDICE, and I tend to come out with 0.15BTC every hour of betting on the 73% and 50%.
 The brilliant thing about Satoshi Dice is that it creates this illusion of winning. |
|
|
|
(Opinion) Virtual currency: new frontier in booming digital economy 18/04/2013 00:00:00 by Natalie Paida Jabangwe ... Imagine a case where Zimbabwe might choose to abandon dollarisation (just as it did its own currency) for a sovereignly-virtual one, albeit decentralised and guaranteed by the country’s bountiful natural resources, just as real money today is backed by gold. If this virtual currency were to be accepted by world-wide merchants, or even locally to start with, it doesn't get more ‘Bitcoins’ than this. It doesn’t surprise me that the world is already speculating such a possibility. Or consider a situation where specific merchants might start to issue their own trustworthy virtual currencies for the purchase of commodities at virtual or physical shops. The possibilities at our disposal through innovation are plenteous, unimaginable and are a springboard of hope, especially for economies on the mend. The challenge for business and government alike is to define where technology priority and business priority align to provide relevance for diverse consumer needs. ... There is no doubt that cash is now faced with many alternatives. Nonetheless, concerns such as security, usability and relevance must be matters at the tip of solutions channelled by service providers. Otherwise, technological evolution and all of its disruptive potential may fail to garner network effect beyond localised levels. Players that are sure to win are those that simplify, define their organic and inorganic boundaries, and lead in value creation by co-constructing the market through an open ecosystem to deliver globally competitive and problem solving solutions. Natalie Paida Jabangwe holds an MBA from the Imperial College London's Business School. She recently developed NCR Corporation’s digital strategy and is an innovator of mobile wallet value proposition. http://www.newzimbabwe.com/opinion-10878-Virtual+currency+in+the+digital+economy/opinion.aspx |
|
|
|
Just a little arbitrage... nothing to see here.
Loading up? |
|
|
|
Our benevolent (?) manipulators seem to have pulled out...  Needed ammo for market order.  LOL! Perhaps...   |
|
|
|
Our benevolent (?) manipulators seem to have pulled out... |
|
|
|
110 got pulled, not bought out...  |
|
|
|
|
Show Posts
