Bitcoin Forum
June 21, 2024, 12:35:06 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Bitcoin / Project Development / Re: The bitcoin leeching software on: April 08, 2014, 12:44:06 PM
This was so uneducated that it was a bit painful to read.
2  Economy / Trading Discussion / Re: Real BT Faucet? How to test local wallet? on: April 08, 2014, 02:01:57 AM
You should look into the Test Network, I'm pretty sure there's a few faucets that will give out coins there... It should be suitable to do any kind of testing, as the behavior is identical to the real network (as I understand it), except that the coins do not have any value.

3  Economy / Services / Re: I will pay you .001BTC for using my referral link... ** ON HOLD ** on: April 08, 2014, 12:26:08 AM
For anyone wondering... yes, money was sent Smiley. He's legit, and I'm now 1 mbtc richer.

4  Economy / Trading Discussion / Re: Blockchain as stock pumping platform on: April 07, 2014, 11:14:46 PM
Yes, it does. gambling is a sin forbidden by Our Lord Jesus Christ.
I fucking lost it right here.
5  Bitcoin / Development & Technical Discussion / Re: [BOUNTY] Help test next major release of Armory! [0.01 BTC per bug!] on: April 07, 2014, 07:13:49 PM
Hi,

Is source code available for this release? I found a few binaries/packages , but there doesn't seem to be anything on GitHub matching this release number.

Thanks!
6  Bitcoin / Development & Technical Discussion / Re: [SECURITY] DoS Vulnerability on: April 06, 2014, 09:23:21 PM
Good to see that this has been tested before, and doesn't seem to pose any significant risk.

There was some talk about this in another thread as well:
https://bitcointalk.org/index.php?topic=559365.0

This method really depends quite a bit on how each AV scans files.
7  Bitcoin / Bitcoin Discussion / Re: Bitcoin Virus? on: April 06, 2014, 09:12:02 PM
Is this info legit?

If so, sounds like fun.

I quit running antivirus years ago because of issues like exactly this. It causes more problems then it solves.

I run my web browsers either sandboxed or in a virtual machine. Run any suspicious software (like keygens) sandboxed or in a VM, and only download software that I'm relatively sure is safe.

I haven't tested it, because I don't run antivirus software (On Linux at the moment, usually running some flavor of Unix), and I don't feel like spinning up a VM.

Lots of AntiVirus's basically scan for known byte-patterns of malware, at least when doing a basic static scan. Smarter ones might check where the "signature" resides to try to determine if its actually malicious, others will flag it regardless of the signature position.

So, at least theoretically, it should work against a few AV's.

Hmm. how are messages attached to a transaction in the blockchain? And how are they stored?

And where would I get a list of known virus signatures?
From the PasteBin post:
Quote
You can inject an arbitrary raw 20 byte binary string into the database files (forever) because of that by setting the target address of a transaction to a wanted value (more or less). A bitcoin address (the intended receiver of any amount of coins) consists of 25 bytes. The first one equals 1 by default and is uninteresting. The following 20 bytes identifies the intended receiver and can be set to exactly anything. The following 25 bytes is just a hash of the former 21 bytes. A bitcoin transaktion contains such an address and is stored on each and every bitcoin-client forever. If you delete the database from one bitcoin-client (or has a fresh install), your client will synchronize with the rest of the network.


You're essentially creating a transaction with a fake recipient address which matches some virus signature. I'm not too sure where to get virus signatures that in use by AV products. I doubt they're publicly available (other than the EICAR test string (which Im not sure will fit here anyway) ). You'd probably have to do some reverse engineering to actually get them.

EDIT:I should mention that I have no idea whether such a transaction will actually get propagated and stored in the blockchain (invalid address), or if would simply be dropped/ignored, someone with more experience with the raw protocol would have to chime in. If you brute-forced an address that was a valid virus-signature and sent some bitcoin to that, then it should work regardless.
8  Bitcoin / Bitcoin Discussion / Re: Bitcoin Virus? on: April 06, 2014, 06:46:55 PM
Is this info legit?

If so, sounds like fun.

I quit running antivirus years ago because of issues like exactly this. It causes more problems then it solves.

I run my web browsers either sandboxed or in a virtual machine. Run any suspicious software (like keygens) sandboxed or in a VM, and only download software that I'm relatively sure is safe.

I haven't tested it, because I don't run antivirus software (On Linux at the moment, usually running some flavor of Unix), and I don't feel like spinning up a VM.

Lots of AntiVirus's basically scan for known byte-patterns of malware, at least when doing a basic static scan. Smarter ones might check where the "signature" resides to try to determine if its actually malicious, others will flag it regardless of the signature position.

So, at least theoretically, it should work against a few AV's.
9  Economy / Economics / Re: Why did bitcoin value fall? on: April 06, 2014, 05:04:29 PM
A fall from $1100 was pretty much guaranteed considering the insane speed at which the price rose to get there. There's tons of discussion about why the price fell to where it is now, but the main factors that are often cited are the MtGox fiasco, as well as all the uncertainty coming from China.

It's really impossible to tie down exactly why a price fell. Some people probably lost confidence and tried to cash out into USD, enough people do this with a high enough amount of coins, and the prices sinks. What motivated all of them isn't really possible to determine.
10  Bitcoin / Bitcoin Discussion / Re: Bitcoin Virus? on: April 06, 2014, 04:10:14 PM
There was a pastebin fairly recently that suggested exploiting the fact you can attach short amounts of data to the blockchain by spamming the network with transactions that contain signatures for random viruses. Thus being flagged by tons of AV software, and potentially causing a loss of coins.
http://pastebin.com/ct2WHUK5

The good news is that you can't really create a virus via the blockchain. Messages are limited in size (20 bytes? I think), and there's really no room to create an exploit since the format is so well-defined.

11  Economy / Services / Re: I will pay you .001BTC for using my referral link... on: April 06, 2014, 01:53:06 AM
Sent a PM Smiley

Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!