You should call it something other than Bitcoin Foundation. The Hells Angels have a charter in dozens of places around the world but everyone knows where the mother charter is: http://www.hells-angels.com/?HA=charters Maybe something like Australian Bitcoin Collective. |
|
|
|
There isn't anyone left that really believes this is going to happen, right? Quoted to have a good laugh if when it's there. It will be at least several more months from now, or even several years if the folks at Dropbox are really stupid. But it's going to happen. ← Feel free to quote this too. Sure and I really believe Dropbox is going to start Audiogalaxy back up any day now. Oh, I believe in Leprechauns too. lol That wasn't predictable at all. rofl |
|
|
|
|
It's a good thing that SR is gone. I've seen a noticeable decrease in drug addicted prostitutes, pimps, pushers and general street crime since that site went up. Now that it's gone things will go back to normal. lol
|
|
|
|
|
Securing the forum requires fewer people with access not upgrading to an unknown quantity. At least using an older version means most of the vulnerabilities are known.
|
|
|
|
The attacker reportedly used SQL injection to exploit a vulnerability in the way the forum software handled escape characters in usernames If the original flaw used to exploit the forum software in 2011 was fixed and the only reason the attacker succeeded this time was because they left behind backdoors (which were removed and then replaced)? If that's the case (and the forum software has been re-installed with fresh files) then we should be secure. But personally I wouldn't be against upgrading to a newer version of SMF. Don't fool yourself into a false sense of security. SMF v2.0.2 has many vulnerabilities. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). The persistent vulnerabilities are located in the package manager, smiley sets, newsletter and edit members or groups with the vulnerable bound post parameters local path url, username, url, emails & title. Exploitation requires low user inter action & privileged application user account. Successful exploitation of the vulnerability can lead to session hijacking (admin/mod/user) or stable (persistent) manipulation of the web application context. Package Manager > Download New Packages > FTP Information Required (Listing) <dd> <input size="30" name="ftp_server" id="ftp_server" type="text"><[PERSISTENT SCRIPT CODE]' <"="" class="input_text"> <label for="ftp_port">Port: </label> <input type="text" size="3" name="ftp_port" id="ftp_port" value="21" class="input_text" /> URL: http://127.0.0.1:133...5f26c102fff9626 Smiley Sets > Add <tr class="windowbg" id="list_smiley_set_list_0"> <td style="text-align: center;"></td> <td class="windowbg">Akyhne's Set</td> <td class="windowbg">"><[PERSISTENT SCRIPT CODE]' <="" <strong=""> akyhne</strong>/...</td> Review: Newsletter > Add <input name="email_force" value="0" type="hidden"> <input name="total_emails" value="1" type="hidden"> <input name="max_id_member" value="13" type="hidden"> <input name="groups" value="0,1,2,3" type="hidden"> <input name="exclude_groups" value="0,1,2,3" type="hidden"> <input name="members" value="" type="hidden"> <input name="exclude_members" value="" type="hidden"> <input name="emails" value="" type="hidden"><[PERSISTENT SCRIPT CODE])' <"=""> </form> </div> <br class="clear" /> </div> Edit Membergroups & User/Groups Listing <h3 class="catbg">Edit Membergroup - "><[PERSISTENT SCRIPT CODE])' <"=""><[PERSISTENT SCRIPT CODE]) <" ><ifram </h3> </div> <div class="windowbg2"> <span class="topslice"><span></span></span> |
|
|
|
In my opinion the forum software cannot be considered secure until a completely fresh version of SMF has been installed. The database doesn't need to be reset but the files need to be re-installed. If every single line of code cannot be reviewed carefully then that is what needs to happen.
My understanding is that that's exactly what we did. We even moved to different hardware. Hence why it took several days for us to return. I read that we moved to different hardware, but it didn't seem like the forum was re-installed using fresh files based on what was written. Or does the code need to be reviewed to figure out that hole in the avatar system? If that's the case then I find highly surprising is that this bug seems to be undocumented. How is it that such a crucial flaw in SMF could go unnoticed so long, or was this the first time this exploit has been used to hack a website? My understanding the hack comprised of a couple vectors not just one point. This vector also had to do with a previous hack so it really wasn't SMF's software. But the first attack was facilitated by a flaw in the FMS software, which allowed the attackers to install backdoors in the first place. It sounds to me like the method used in the 2011 attack is not fully understood even now, but some people suspect the avatar system was exploited. It seems to me like the attacker is using an undocumented flaw in the SMF software. That's not true: The attacker reportedly used SQL injection to exploit a vulnerability in the way the forum software handled escape characters in usernames and eventually purchased a donor account, using it to gain access to various user accounts and change their names, including that of the administrator, Satoshi. Theymos verified that this is correct. |
|
|
|
Swing trading maybe. It would probably be best to call it "trading" generally, because there are 2 large fractions here: those who trade at all and those who don't.
Traders are looking for fast small returns. Investors are looking for large secure returns over time. It's safe to call the people looking for small rapid returns day traders. Day traders watch the market daily but may not initiate a trade unless the market is favorable and that may not be daily. |
|
|
|
It's funny how this forum only knows either day trading or holding forever.
If you don't normally trade daily, you are not a daytrader.
What if you trade every other day, are you a gay(bi) daily trader? |
|
|
|
Cloudflare was identified on our end as well.
Are you the same surebet that's a member of this exploit database site http://1337day.com that has a private section containing SMF exploits? |
|
|
|
I love that pussy. Oh, the girl's cute too.
|
|
|
|
so looks like the show is over ... what now?
It ain't over till the fat lady sells her Bitcoins. |
|
|
|
So, I wonder what Barry Silbert thinks about this news. Will it stop his SecondMarket project?
I bet they knew it was coming, and organized for a buy  Yeah, I'm sure that's exactly what happened. He wanted this right before convincing a bunch of investors to dump boatloads of cash into Bitcoin. |
|
|
|
|
So, I wonder what Barry Silbert thinks about this news. Will it stop his SecondMarket project?
|
|
|
|
Well, a guy that believes running a website for selling narcotics is a great career decision can't be the sharpest tool in the shed. lol
I think he did it as a public service. There are those of us out here that feel that the alteration of one's own consciousness is an inalienable right. Life, liberty, and the pursuit of a really great high. Shallow existence much! |
|
|
|
funny all the people in this thread bragging about their profits
i bet ya, for the same amount of people with profits in this thread there are people grinding their teeth in the shadows at these posts :p (not me, don't day trade :p)
i have no doubt that many overstate their profits on these forums as well. i mean, it's an anonymous forum...why not? be careful,.... apparently its not anonymous because Theymos (the admin and founder of this forum) gave the Feds info of SR owner suspect. Next would be IRS, you will be ding for income tax violation. I'm curious about this as well. If Theymos is forced I'm expecting him to cough up data (I'm not saying I'm happy about it), but at the very least he should publicize that he has done so IMMEDIATELY on the forums. You guys should read more. The dude posted his own gmail address. Theymos didn't have to give anyone anything. That doesnt mean he didnt cooperate with the Feds. This is true, but it would be silly to make assumptions. The dude's gmail address was his actual name. Well, a guy that believes running a website for selling narcotics is a great career decision can't be the sharpest tool in the shed. lol |
|
|
|
funny all the people in this thread bragging about their profits
i bet ya, for the same amount of people with profits in this thread there are people grinding their teeth in the shadows at these posts :p (not me, don't day trade :p)
I have had my share of losses too. I admit them as well (well, at least some of them  ). Oh yeah, me too. I've been screwed more times using Bitcoin than a street whore. That's why my first post about this was: finally I get to win. |
|
|
|
I planned on getting some work done, instead I am going to bitch about how much more money I would have made if I had logged on half an hour earlier  . That sucks dude. I'm over 8% up for the morning. It would be worth it to take the day off and just trade today. |
|
|
|
|
This is like watching bot porno.
|
|
|
|
wowow , someone did pull up a big ask wall
Barry Silbert |
|
|
|
|
This is giving me such a raging hard-on it's going to take me a week to beat off.
|
|
|
|
|
Show Posts
