Sorry, but where did you see that?
How the attack was done
I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in. (There is a flaw in stock SMF allowing you to login as someone using only their password hash. No bruteforcing is required. This was fixed on this forum when the password system was overhauled over a year ago.) The backdoors were in obscure locations, so they weren't noticed until I did a complete code audit yesterday.
After I found the backdoors, I saw that someone (presumably the attacker) independently posted about his attack method with matching details. So it seems very likely that this was the attack method.
Because the backdoors were first planted in late 2011, the database could have been secretly accessed any time since then.
It was initially suspected by many that the attack was done by exploiting a flaw in SMF which allows you to upload any file to the user avatars directory, and then using a misconfiguration in nginx to execute this file as a PHP script. However, this attack method seems impossible if PHP's security.limit_extensions is set.
https://bitcointalk.org/index.php?topic=306878.msg3290091#msg3290091 |
|
|
|
Let's order hits on all young, good looking, educated, seemingly mild mannered men. Problem solved.
My solution is to give no credence to the words of young, good looking, educated, seemingly mild mannered men. I used to be one and I know how much I lied back then just to get what I wanted. And it worked didn't it? Thats why I say he has a shot at bail. |
|
|
|
Unlikely yes. But the more I think about this the more I realize DPR has one thing going for him. He does not in any way look like a criminal mastermind. He is a young, good looking, educated, seemingly mild mannered man. Not your typical violent drug trafficker. LOL, do you know any drug traffickers in real life? Because the "typical violent drug trafficker" is a Hollywood movie cliche and rather the exception to the rule. You clearly missed the point. That is what the prosecution is going to paint him as. Nobody is going to believe it. |
|
|
|
DPR is supposed to appear in court for his bail hearing tomorrow. The prosecution is going to label him a flight risk but I think his defense has a shot at getting him bail. It will probably be a steep bail (1 mil+ maybe?) but if he is able to post it all manner of things involving his bitcoin stash could happen starting tomorrow. Large scale drug dealer, suspected of involvement in two murders for hire, and demonstrated ability to arrange for false IDs. Bail seems...unlikely. Unlikely yes. But the more I think about this the more I realize DPR has one thing going for him. He does not in any way look like a criminal mastermind. He is a young, good looking, educated, seemingly mild mannered man. Not your typical violent drug trafficker. I think a judge and jury are going to have a hard time seeing this guy running a major drug/violence ring. He may get lucky tomorrow and get bail. I personally don't agree with giving bail to anybody implicated in a murder but it happens more than you think. |
|
|
|
|
DPR is supposed to appear in court for his bail hearing tomorrow. The prosecution is going to label him a flight risk but I think his defense has a shot at getting him bail. It will probably be a steep bail (1 mil+ maybe?) but if he is able to post it all manner of things involving his bitcoin stash could happen starting tomorrow.
|
|
|
|
how much he has made is not really our business, as long as he delivers what we buy, at the prices we agree to at the time.... is all that matters!
Canary Rocks!
Agreed. Besides does it really matter what he made? You bought his items. Don't buy them if you don't want him to make money  ASICMiner has no means to distribute so somebody had to step in and fill that roll. Canary has done an excellent job distributing along with SilentSonicBoom and Eleuthria (BTCGuild) to name a few. They all had pretty much the same prices through out. If anybody is getting rich off of us its Friedcat... |
|
|
|
whats with all the 0.000055 BTC transactions?
I believe they are network transaction fees that were being collected but somebody correct me if I am wrong |
|
|
|
I think the only way the Govt is going to get its hands on his coins is to let him use some of those coins for his defense.. if not, those 5 percent of all coins will be forever lost. This is an interesting riddle. He might have saved the coins in brainwallets, in (comparably) tiny amounts. Even if they come from traceable SR sources, it is rather impossible to show that DPR has the key to them. It is possible to construct a recursive brainwallet with any number of addresses, which unfolds after knowing a single passphrase. Or use several different passphrases. Since the total amount of commissions is not known, it is always possible to save some coins for retirement. No lawyer will accept that money. LE can go after a law firm for accepting known drug money. He needs to have somebody outside of LE and his legal team with access to his wallets. Otherwise he probably can't get to it until bail is posted. But his hearing is this week. If he is able to post bail then watch the transactions and look for major dumps. As you know, brainwallets work such that an easily memorizable passphrase is processed with algorithms, and/or combined with other phrases, to yield the actual password or privkey. If DPR has anyone outside who is allowed to have any contact with him, and who knows the way how the "A-part" (memorized part) of the passphrase needs to be treated to yield the privkey, DPR can just give him whatever amount he wants. The point is to have multiple addresses with different amounts ranging from sub- BTC1 to hundreds. Even if there is no accomplice beforehand, if some of the stash is encrypted with the standard (or any describable) algorithm, it is pretty easy to tell to anyone both the passphrase and the algorithm. We can be certain that DPR coins are not in one wallet Not necessarily. DPR made personal mistakes that led to his capture. I would agree that it is unlikely he has 600k BTC on a flash drive somewhere but I would bet there is nothing elaborate to protect his personal horde of coins. Probably just a handful of encrypted wallet.dat files in separate encrypted file containers |
|
|
|
I think the only way the Govt is going to get its hands on his coins is to let him use some of those coins for his defense.. if not, those 5 percent of all coins will be forever lost. This is an interesting riddle. He might have saved the coins in brainwallets, in (comparably) tiny amounts. Even if they come from traceable SR sources, it is rather impossible to show that DPR has the key to them. It is possible to construct a recursive brainwallet with any number of addresses, which unfolds after knowing a single passphrase. Or use several different passphrases. Since the total amount of commissions is not known, it is always possible to save some coins for retirement. No lawyer will accept that money. LE can go after a law firm for accepting known drug money. He needs to have somebody outside of LE and his legal team with access to his wallets. Otherwise he probably can't get to it until bail is posted. But his hearing is this week. If he is able to post bail then watch the transactions and look for major dumps. |
|
|
|
That address has long been empty. It was part of the SR mixer/cold wallet. Yes but the point is that it was used to move funds to his personal address in the past. If you look through the transaction logs of this address you will most likely be able to find any private wallets he kept for withdraws. I'm just too lazy to do it myself. But there are records of major transactions from this address in the past (20000+ BTC) which indicates this was possibly his personal wallet at some point. Or at least used to move funds to a personal wallet |
|
|
|
|
Lets hope the owner we are all speculating about has given his private key to somebody...otherwise 600k BTC are off the market and all we can do is stare at it.
|
|
|
|
If you have something you can offer the community the client is FREE
Please read before posting
This is simply a controlled release..FOR WORKERS!
No matter your talents..
I would think mining (aka "working") is helping the community...you are asking new miners to trust that the controlled release for donators does not entitle them to anything beyond what you have said here. And there is no way to know except to take your word for it. EDIT: Or from the other side if you are one of the first donators there is no guarantee you get anything that a non donator doesn't |
|
|
|
Kind of creepy looking at a transaction that may have been for a murder-for-hire |
|
|
|
You cant be serious it is neutral news Longterm neutral. There's a lot of baseless panic selling, but silk road didn't really have that huge of an effect on the value of bitcoin. People are blowing things out of proportion. Agreed people are making it feel too much like doomsday. Had this happened last year the effect probably would have been much higher but Bitcoin has progressed massively in the past year or so. The bitcoin network is no longer dominated by SR transactions like it used to be. That being said, 600k BTC passed through SR. There are less than 12 million BTC in existence today (Even less so back when SR was at its peak) so you can see how much SR meant to the community |
|
|
|
Hey we can't allow people to kill each other.
That's were I draw the line.
You kill someone you go to jail/go to the chair.
Simple as that.
One could make the argument that objectively the system that SR had in place likely prevented more murders than it caused. But yes he is, if proven in a fair trial (however likely that may be) beyond a shadow of a doubt, a murder and does not deserve freedom. lives are not numbers. If you kill one person you're as bad as the person who kills a thousand. I beg to differ. I am in no way saying its ok to murder anybody...but you can't seriously consider somebody who commits one murder out of self preservation equal to a person who kills a thousand |
|
|
|
Its not the collapse of bitcoin like some people are making it out to be but its obviously not neutral. The sharp market sell off should be enough to tell you its more negative than positive. I imagine what will happen is that SR replacements will pop up but will begin to only accept alt coins in order to stay off the government's radar. Some users of bitcoin will take their business to whatever coin becomes the new black market coin, which will amount to a BTC sell off. |
|
|
|
i'm waiting for conspiracy stories how bitcoin is a CIA creation and silk road the honey trap to get "all" dealers and others who competed with the "sanctioned" drug dealers. those will be fun to read.
Actually most of the Honey trap theories are about Atlantis. Which for those of you who don't know was the major competitor of SR and mysteriously shut down a few days before all of this occurred... |
|
|
|
http://www.slate.com/blogs/future_tense/2013/10/02/silk_road_s_dread_pirate_ross_ulbricht_asked_stack_overflow_question_under.htmlRoss William Ulbricht, indicted for allegedly running the online contraband marketplace Silk Road, wasn't above asking for a little programming help when he needed it. Even the finest programmers could use a little help from their friends on Stack Overflow now and then. The site, which invites users to ask and answer one another’s questions about specific coding problems, has become a global hub for software engineers, catering to pros and amateurs alike. Silk Road mastermind “Dread Pirate Roberts,” it seems, was no exception. According to the criminal complaint against Ross William Ulbricht, the man who allegedly ran the vast online drug marketplace from his San Francisco apartment, he ventured humbly onto the site in March 2012 to ask a couple of friendly questions. The first one, it seems, was relatively innocuous, if a bit unorthodox. But a second query struck FBI investigators as rather incriminating, in retrospect: “How can I connect to a Tor ****** service using curl in php?”, the user asked. Silk Road is, of course, a Tor ****** service—perhaps the world’s most famous one at that. But here’s the facepalm-worthy part: According to the criminal complaint, Ulbricht posted the question using his own real name. Less than one minute later, he changed his username to “frosty.” And then, one assumes, banged his head against a hard wall several times. According to the complaint, the Stack Overflow post served as key evidence for authorities trying to link Ulbricht to Silk Road. From the complaint: Based on forensic analysis of the Silk Road Web Server, I know that the computer code ... includes a customized PHP strip based on 'curl' that is functionally very similar to the computer code described in Ulbricht's posting on Stack Overflow, and includes several lines of code that are identical to lines of code quoted in the posting. Oh, and the encryption key on the Silk Road server ended with the substring "frosty@frosty." Whoops. Frosty’s account lives on at Stack Overflow, where you can inspect his code and pass judgment on his chops if you’re so inclined. And while this won’t appear anywhere in the criminal charges against Ulbricht, the court of computer-programmer opinion may duly note that he asked two questions on the site, but didn’t take the trouble to answer anyone else’s.  This. |
|
|
|
|
Show Posts
