[http://www.satoshihack.com/hackit_3/]

Hello, HACKATHON #3 started!!!! http://www.satoshihack.com/hackit_3/
Test your skill! Its the third hackathon and so its designed EASY and based on HACKATHON #1 (https://bitcointalk.org/index.php?topic=998907.0) and HACKATHON #2(https://bitcointalk.org/index.php?topic=1005740.0)! THIS TIME ITS LITTLE BIT MORE DIFFICULT, BUT NOT TOO HARD.

the winner gets 0.1 BTC!

SPECIAL THANK FOR xPooky and METAL-coin community for SPONSORING THIS HACKATHON!!!

if you have any question about this Hackathon #3, ask in this thread or look back in HACKATHON #1 & #2. i can give some hints.



more infos: https://bitcointalk.org/index.php?topic=993678

[[SOLD]]

[SOLD]

Hi, i want to sell different power supplys. Free shipping in EUROPE and CH only. International shipping is extra costs NOT included in price (+30USD).
ALL below PSU with all cables and original packaging incl. shipping costs (tracking): 1.5 BTC 1.2 BTC

BE QUIET! Pure Power L8 430W (OP 63,69 EUR)
BE QUIET! Pure Power L8 730W (OP 93,90 EUR)
BE QUIET! Pure Power L8 530W (OP 75,50 EUR)
BE QUIET! Power Zone 750W ATX 2.4 (OP 120 EUR)
BeQuiet 400W Straight Power 80+ GOLD (OP 88,90 EUR)
BE QUIET! Pure Power L8 530W (OP 75,50 EUR)

i paid 517,49 EUR for all together original price and used 3 - 4 months. i have original package. i stopped the mining and so i sell all together for 1.2 BTC = 251.8 CHF = 236.9 EUR. shippingcosts and escrowcosts is INCLUDED.

Payment system is BTC. Please only with ESCROW. I ship with postage-insurance and you must sign for receiving the package.

Also possible to buy single. PM or write in thread for questions. when you buy all together i ADD ONE FREE PRESENT (miner).


#EDIT: MINER is only free present when you buy all the PSU.

[www.satoshihack.com/hackathon_2/]

Hello, our SECOND HACKME started!!!! www.satoshihack.com/hackathon_2/
Test your skill! Its the second hackathon and so its designed VERY EASY and based on HACKATHON #1 (https://bitcointalk.org/index.php?topic=998907.0)! Anybody with minimal webdevelopment knowledge can hack it!

the winner gets 0.1 BTC and 150.000 METAL immediately!

SPECIAL THANK FOR xPooky and METAL-coin community for SPONSORING THIS HACKATHON!!!

if you have any question about this Hackathon #2, ask in this thread or look back in HACKATHON #2. i will give some hints.



more infos: https://bitcointalk.org/index.php?topic=993678

[BTC-Core/wallet is not affected directly by new openSSL vulns]

#EDIT: BTC-Core/wallet is not affected directly by new openSSL vulns. But server can be attacked because of it through DoS and overload.. or also the second high serverity vuln is reclassification of FREAK attack and gives a risk so a bad certificate will be accepted by victim and then badguy can make the man-in-the-middle attack IF a NULL pointer dereference is triggered.

Referencing to https://www.openssl.org/news/secadv_20150319.txt i advice all user and service-maintainer to upgrade OpenSSL if you run online BTC-project.

Vulnerabilities: (red one is high severity)

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291) affects OpenSSL version: 1.0.2 - upgrade to 1.0.2a!

Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

Multiblock corrupted pointer (CVE-2015-0290)
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
ASN.1 structure reuse memory corruption (CVE-2015-0287)
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Base64 decode (CVE-2015-0292)
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Empty CKE with client auth and DHE (CVE-2015-1787)
Handshake with unseeded PRNG (CVE-2015-0285)
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

source: https://www.openssl.org/news/secadv_20150319.txt

please take it serious!
ca333

[www.satoshihack.com/hackme1/]

Hello, our FIRST HACKME started!!!! www.satoshihack.com/hackme1/
Test your skill! Its the first hackathon and so its designed VERY EASY! Anybody with minimal webdevelopment knowledge can hack it!

the winner gets 0.1 BTC and 500.000 QORA immediately!

if you have any question about this Hackathon #1, ask in this thread. i will give some hints.



more infos: https://bitcointalk.org/index.php?topic=993678

Hello,

i am developer of https://bitcointalk.org/index.php?topic=993678.0 , so i have the thread in section "Project Development" but want to know is it allowed to post it in the Games section (gamble board section) AGAIN?? because it fits in both boards and i think then many people will have attraction.


NOTICE: i have NO advertising on my opensouce project, and its NON-PROFIT project. its only for education of IT-security.

thank you!
ca333

["satoshihack.com", "bitcoinhack.me" & "bitcoinhackme.com"]

Hello bitcoin-community,

i announce a new project under domains "satoshihack.com", "bitcoinhack.me" & "bitcoinhackme.com". I work on this to bring more security experts into the field of BTC and also bring old users of bitcoin into the thematic of it-security. So i thought why not make a bitcoinhackme? A bitcoinhackme is like a normal HackMe site with the only difference: you win reward when you solve it first. So it have many levels and every increment of the level is a little bit harder for solving than the level before. I will make all HackMes public [OpenSource] in my https://github.com/ca333/ after some time.

What is satoshihack.com?
Satoshihack is my opensource project for BitcoinHackmes. I will run two hackme per month and each of the hackme will contain a BTC-reward for the winnner (the first person to reach last level of the hackme).

What is a "hackme"?
A hackme is a website with built in vulnerabilities. Its like a puzzle to be solved with different levels. Many factors have to be kept in mind. A hackme covers many topics in IT-security. Such as database-injections, hardcoded pws and password-hashes, bad salts, cross-site scripting, cookie-manipulation, encryption and many others. The hackme motivates the participants to "hack" the site and succeed through the different levels to reach the last level and get a place in the Hall of Fame.

How does it work?
The BitcoinHackMe will start with level 1 and you must somehow reach the next level and so on and so on until you reach the last level. When you solve the last level you get a privatekey with BTCvalue on it.


So example:
Level 1 is normal HTML site with password formular. How you come to level 2?
option 1: you look in the source and you find the password unencrypted in a simple JS function.
option 2: it s only saved in a comment in the sources
option 3: the hyperlink for level 2 is in the formular but not added to the button, so PW-form is only to irritate.

so you see, it can bring lots of fun and also people often think(use brain) and work together.
And so when the best participant reach the last level he will find the privatekey for a little reward. And also we make a HallOfFame for the winner of all the hackme's.


When is the launch?
The first BitcoinHackMe is solved   : https://bitcointalk.org/index.php?topic=998907.0 - congratulation for Injust
The second HackMe is solved : https://bitcointalk.org/index.php?topic=1005740.0 - congratulation for ndnhc

We will make it not so hard first time. So only use php, html, js and basics of encryption and hashing-algorithms.
I will also be in the IRC #satoshihack and give hints when somebody have absolutely NO idea. But last 2 level user must find all out alone.

But next hackme then will also contain SQL db, so people learn how to make sql-i and also how to find vulns in database when not proper parameter (query)filtering. In future will also extend with XSS and cookie manipulation for going in the next levels.
And when we maybe find good sponsors and supporters for this project we can maybe one day make a big hackme, with real server to hack and so with teams work on it. But for now this is my vision.

What is my motivation for this?
I think many people in bitcoin-community only see wealth or money primary as motivation but do not think that the community is the important thing here. And the community is not soo large. So i think maybe 10% of it is skilled in IT, but other only have basic idea of it and only come for the dream "bitcoinmillionaire". I think we must help all each other to learn more and more. In the end many are skilled, or the ones who have had no interest in technologies, will start maybe reading more and learning more.

What is the goal of BitcoinHackMe??
I want people here to simply start learn IT-security and basic technologies behind it. SO i think this is the future for all of us. Soon the school must also teach children binary calculations and IT-knowledge in very young age because its soo important.
My goal for BitcoinHackMe.com is so people who have not much knowledge of IT and hacking make first step and start looking into this topic, so with fun and a motivation (last level BTC-reward and HallOfFame) i think its a good start.


Support me:
When you have idea from IT security or you think something funny/nice to add in the HackMe, please send me PM or post in this thread.
We will make 1 HackMe every 14 days. For now i am paying this all from my own saving. So i am happy when anybody can also donate a little bit only for the HackMe-reward  for the winners.

Thank you!
ca333

[limit]

Hi,

thought maybe someone can use the script below. I just wrote it to check couple of my public keys for reused R-signing values which allow generating of the private key of affected PKs. The script is very lightweight and uses urllib2 for loading the data from blockchain.info. So no local btc-node is needed. The script only works for keys with up to 50 tx. If your key got more than 50 tx you have to add some lines (add loop and use optional API-parameters limit and offset to parse through all transactions [50+]). Also the script contains a lot of debug-output which you can just comment or remove.
This is OpenSource and BETA software - USE AT OWN RISK - released under GNU Public License.

Code:

#!/usr/bin/python


#################################################################################
#                                                                               #
#.______               _______.  ______     ___      .__   __.                  #
#|   _  \             /       | /      |   /   \     |  \ |  |                  # 
#|  |_)  |    ______ |   (----`|  ,----'  /  ^  \    |   \|  |                  #
#|      /    |______| \   \    |  |      /  /_\  \   |  . `  |                  #
#|  |\  \----.    .----)   |   |  `----./  _____  \  |  |\   |                  #
#| _| `._____|    |_______/     \______/__/     \__\ |__| \__|  v0.1.2          #
#                                                                               #
#GNU PL - 2015 - ca333                                                          # 
#                                                                               #         
#USE AT OWN RISK!                                                               #
#################################################################################

import json
import urllib2
import time
import sys

#for some reason blockchain.info api-chain is 59711 blocks short..
blockstart = 170399
blockstart += 59711
blockcount = urllib2.urlopen("https://blockchain.info/de/q/getblockcount").read()

print "WELCOME TO R-scan v0.1.2!"

print "ADDRESS-R-SCAN: "
addr = raw_input("type address:  ")
urladdr = "https://blockchain.info/de/rawaddr/" + str(addr)
#control api-url
print urladdr 
addrdata = json.load(urllib2.urlopen(urladdr))
print "Data for pubkey: " + str(addr)
print "number of txs: " + str(addrdata['n_tx'])
#tx-details:
y = 0
inputs = []
while y < addrdata['n_tx']:	
	print "#################################################################################"
	print "TX nr :" + str(y+1)
	print "hash: " + str(addrdata['txs'][y]['hash'])
	print "number of inputs: " + str(addrdata['txs'][y]['vin_sz'])
	#only if 
	#if addrdata['txs'][y]['vin_sz'] > 1:
	zy = 0
	while zy < addrdata['txs'][y]['vin_sz']:
		print "Input-ScriptNR " + str(zy+1) + " :" + str(addrdata['txs'][y]['inputs'][zy]['script'])
		inputs.append(addrdata['txs'][y]['inputs'][zy]['script'])
		zy += 1
	
	y += 1
	
print "compare: "

xi = 0
zi = 1
lenx = len(inputs)
alert = 0

#compare the sig values in each input script
while xi < lenx-1:
	x = 0
	while x < lenx-zi: 
		if inputs[xi][10:74] == inputs[x+zi][10:74]:
			print "In Input NR: " + str(xi) + "[global increment] " + str(inputs[xi])
			print('\a')
                        print "Resued R-Value: "
			print inputs[x+zi][10:74]
                        alert += 1

		x += 1
		
	zi += 1
	xi += 1

#check duplicates
#alert when everything ok

if alert < 1:
	print "Good pubKey. No problems."


sys.exit()

if you have question ask me.
thank you.