Bitcoin Forum
March 19, 2024, 09:07:13 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 [311] 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 ... 800 »
6201  Other / Beginners & Help / Re: Can a massive drop in hashpower make bitcoin slip into a downward spiral? on: May 15, 2013, 05:46:52 AM
If an attacker has 50% of hashing power they can achieve more by simply taking all the coins as long as they can maintain the monpoly.   It is very simple to.  Just ignore all blocks created by any other miner.
6202  Bitcoin / Mining / Re: Is my Kill a Watt wrong? says pulling almost 1300W from 1200 W PSU? on: May 15, 2013, 05:15:03 AM
One way to check for a bad kill-a-watt is to plug something into it which has a defined wattage (hairdryer, lightbulb, etc).  If nothing else a multi-plug extension cord, and as many lamps w/ 120W bulbs as you can find makes a good test load. Make sure to find out the max wattage the k-a-w can handle before you melt it trying to plug in an arc welder.
6203  Bitcoin / Mining / Re: Is my Kill a Watt wrong? says pulling almost 1300W from 1200 W PSU? on: May 14, 2013, 09:40:57 PM
It certainly is possible.  PSU are rated for DC OUTPUT power.  Depending on how efficient your PSU is (most modern PSU are 80% to 90% efficient at 100% load) the AC input load will be somewhat higher.

6204  Economy / Currency exchange / Re: Bitcoins Direct - Private off exchange sales by bank wire only 0.89% over spot. on: May 14, 2013, 09:37:38 PM
Update:  Lots of coins available.

That wouldn't have anything to do with the turnover of 40,000 BTC at MtGox a bit over an hour ago, would it?  Grin

Perhaps you managed to get some cheap purchases in as the exchange rate dropped to $109.42 and then bounced right back up to $116?

Well we have had high volume regardless of the spike but yes we generally keep orders on multiple markets to soak up "panic supply" so we got even more coins than normal.
6205  Economy / Service Discussion / Re: Now that Dwolla is gone, what is the cheapest way in US to get $ in/out of MtGox on: May 14, 2013, 09:36:14 PM
Bitcoins Direct doesn't seem like a good deal at all. Especially if it costs $50 to wire money and it is more expensive than MtGox. I'm trying out CampBX and I just created an account and the site froze at the login screen for 5 minutes trying to logon. Not a good sign.

A domestic bank (US to US) wire shouldn't cost more than ~$20 although the fee does vary from bank to bank.
6206  Economy / Service Discussion / Re: Now that Dwolla is gone, what is the cheapest way in US to get $ in/out of MtGox on: May 14, 2013, 09:21:05 PM
Some banks allow sending bank wires online.  I know for a fact that Bank Of America, USAA, and PNC Bank allow online bank wires.

If you are looking for a MtGox alternative ... Bitcoins Direct.
Timeframe: same day
Cost:  0.89% + your bank's wire fees
Minimum Purchase: $1,000
https://bitcointalk.org/index.php?topic=87094.0
6207  Economy / Currency exchange / Re: Bitcoins Direct - Private off exchange sales by bank wire only 0.89% over spot. on: May 14, 2013, 09:20:56 PM
Update:  Lots of coins available.
6208  Bitcoin / Bitcoin Discussion / Re: Dwolla stopped from dealing with MtGox! on: May 14, 2013, 09:14:45 PM
If that's the case, the people who really need to be concerned about this news are the Dwolla employees and the VCs and angels who have done Dwolla funding rounds.

This.  Just wondering if anyone knows of anyone who has used Dwolla for non-Bitcoin related purchase.   Being conservative I would say at least 75%+ of their volume is Bitcoin related and in reality it is probably 95%+.
6209  Other / Beginners & Help / Re: DEFINITE MOB CONTROL OF BITCOIN PRICES on: May 14, 2013, 09:09:17 PM
Bitcoin has had plenty of periods of relative stability.  ~$10, ~$15, etc.  This is nothing new.  In stock market terms it is called consolidation.

Now if it remained at $110 +/- $10 for the next 180 days well that might be something new.

6210  Other / Beginners & Help / Re: USB Powered Miner >300MH/s on: May 14, 2013, 07:05:14 PM
$220 USD is a bit much for 300Mh/s, when a 7950 is 280$+ and will easily double that.

and use 100x as much power (and thus 100x higher electrical bill).
6211  Other / Beginners & Help / Re: Award of coins, same block twice ? on: May 14, 2013, 05:53:53 PM
Danny, thanks for the great answer on the award of the coins  !!  all clearer after that ; and I can see how being well connected in the P2P network would be beneficial.

can't help but wonder now !  Smiley  if Miner_a in your example has effectively received the new coins as a special transaction in their newly solved block (in a fork that will surely become orphaned) could they not attempt to spend those coins immediately before they effectively become invalidated !!

No the network prevents this by making newly coined mined non-transferable for 100/120 blocks* (~1 day).  If a miner's chain eventually becomes orphaned only the miner loses.

* 100 is enforced at the protocol.  A new tx with inputs from the coinbase tx of block X is considered invalid for relay or inclusion in a block until block X +100.  The reference client prevents the creation of said transactions until the block is 120 blocks deep in the chain.
6212  Bitcoin / Bitcoin Discussion / Re: WARNING! Bitcoin will soon block small transaction outputs on: May 14, 2013, 04:32:47 PM
BRING ON THE FORKS!

ITS PAST DUE WE FIX BITCOIN!

E-Mail BitHits.info@gmail.com if you are interested in doing this.

I'll be starting a website in the near future dedicated to fixing BitCoin before self-righteous fucks destroy it with what 'they think' is best for BitCoin.

Why do you hate freedom?

Miners now (post 0.8.2) will have the CHOICE (but not requirement) to restrict uneconomical transactions to improve the efficiency of the network.

What about choice do you find so scary?
6213  Economy / Trading Discussion / Re: How to SAFELY sell Bitcoins on eBay on: May 14, 2013, 02:09:55 AM
How long do chargebacks typically have to occur? It is a 30 day timeframe is it not? I'll attempt to try this, not too worried about losing a small amount of BTC. Will report back here once everything is done.

120 days from the statement after the unauthorized transaction occurs.
6214  Other / Off-topic / Re: Amazon coin / Bitcoin parody on: May 13, 2013, 11:39:24 PM
If AZC will grow then we will have next Linden dollar.

EDIT: new way, how to convert fiat into BTC

Nope.  At least Linden dollars is a true virtual currency.  A centrally controlled and issued one but a true currency.

1) AMZ Coins are simply another way of saying $0.01 worth of not tradeable, non-convertable, non-cancellable gift card money.
Nothing more.

2) No form of trading is possible.  No converting back to USD, no trading between user accounts.  Nothing.
6215  Bitcoin / Mining / Re: Why does everyone think Solo Mining is a waste of time? on: May 13, 2013, 07:27:32 PM
This is a little troubling since what is "very low" hash rate is in state of flux at the moment and soon "very low" could be measured in Ghs.

Well low is relative to p2pool total hashing power.  IIRC (been a while since I did any mining) p2pool "share chain" is ~5000 shares long and with dynamic difficulty that means you would want to have at least 1/5000th of total hashing power of the pool.  That would still be a little low because due to volatility 50% of the time you would have no shares in the chain when a block was found (sometimes you would have 2+ but that doesn't reduce volatility).  With more like 1/1000th of pool hashing power most of the time (~90% of blocks) you will have at least one share in the chain.  If p2pool reached 1 terrahash then like MH/s scale miners wouldn't be very viable.  10TH/s would probably kill off most GPU miners too.

Note if p2pool uses a longer or shorter share chain now you should adjust those numbers.
6216  Other / Beginners & Help / Re: Is miningunited.com a SCAM, turning .1 bitcoins into .137 for almost free? on: May 13, 2013, 07:21:51 PM
To those just now realizing it is a scam ... I mean really.  37% interest for a week?  Really?  Pirate only gave 7% and that was a massive masssive warning sign.

37% weekly interest is 1,286,676,865% annually.  Anyone know a miner which makes 1 billion % profit per year.  i.e. guy a $200 GPU, spend $100 in electricity and get $3,860,030,594 in annual mining rewards.  That is the kind of gross profits they would need ... just to break even and pay all of it out as interest.
6217  Other / Beginners & Help / Re: Is miningunited.com a SCAM, turning .1 bitcoins into .137 for almost free? on: May 13, 2013, 07:19:23 PM
Last I checked bitcoin is still a VIRTUAL-currency am I right?  How do you get in legal trouble trading things that aren't even real money?  If that's ignorant then please enlighten this newbie Smiley
You may have paid real money for bitcoins but that doesn't magically make bitcoin become real money all of a sudden.
And no I'm not trying to be sarcastic...I'm asking an honest question.

Last time I checked gold or cars aren't money.  Obviously it isn't against the law for someone to take your car or break into your house and steal your gold right?
6218  Other / Beginners & Help / Re: mt gox account stolen, I lost all my money on: May 13, 2013, 07:04:05 PM
Stop believing the myth that TFA is uncrackable.
It does improve security, sure, but it is no way the holy grail.
There have been precedents where malware could steal funds despite TFA.

http://www.wired.com/insights/2013/04/five-myths-of-two-factor-authentication-and-the-reality/


Please provide some examples, your linked article did nothing of the sort. 

Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time.

Quote
Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details.
 

Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger.  In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA).  A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in.  In either case the only IP would be the users.  Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security.

My claim was not that extraordinary... It's not like I'm saying
I was abducted by a UFO or something Smiley

Anyway, here's one rather famous example:

http://arstechnica.com/security/2012/12/sophisticated-botnet-steals-more-than-47m-by-infecting-pcs-and-phones/

I agree with the rest of your comments.



Nice example.  This is one reason why I favor dedicated offline tokens.  PayPal (of all people) uses a nice one which is the size of a credit card so you can easily store it in your wallet.

The extraordinary claim was more direct at the OP claim.  Some  details would be nice.  Past examples of people reporting their 2FA on MtGox was compromised turned out to be untrue (in one example user never activated it due to user error).
6219  Other / Meta / Re: Enhancing the security of this forum by integrating two factor authentication. on: May 13, 2013, 06:53:52 PM
Yes, please add 2FA! But how would OpenID be connected to that? I'm usually just annoyed by sites that want to rely on OpenID or Google accounts and not have their own account credentials. Separate credentials + 2FA for each site is much better and simpler IMO.

If we used OpenID as a 2FA method, it would be separate from Google Authenticator.

What's the problem with using Google Authenticator? It has nothing to do with Google accounts, and is very easy to implement. I even added it to my own ssh server.

Yeah there seems to be some confusion on how these various components fit together.

The TOTP standard: RFC6238
RFC6238 is an open standards which allows a remote user (forum user) and a website (bitcoin talk forum) to generate the same code at the same time.  It is a time based token.  The inputs for the algorithm are a shared secret and the current time.  Note this requirement the public website AND the user to run the same algorithm but they don't need to even be created by the same codebase as long as they properly implement RFC6238.   site implementation AND a remote implementation.  This is how both entities can "know" the same code at the same time without any communication.  The site (any site) just needs an implementation of RFC6238.

https://tools.ietf.org/html/rfc6238

The site needs to run code which will allow it to assign a shared secret to each user (often in form of QR code) and maintain those shared secrets in the login tables of the database.  When user later provides a TOTP the site will take the shared secret & current time to generate a code and see if it matches what users provides.

Google does provide source code for this but a site doesn't need to run google code any public server implementation of RFC6238 will work with any client implementation.  That is the whole point of an open standard.

http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm#Public_Server_Implementations

So as an example a website could use OATH Toolkit (public server implementation of RFC6238) and a user who has Google Authenticator (client implementation of RFC6238) could generate the proper code.  I guess the best analogy would be web server and web browser.  They both implement the http protocol.  You don't need to use a google chrome webserver in order for users running google chrome browser to see your website.

http://www.nongnu.org/oath-toolkit/




OpenID
OpenID isn't 2FA.  It is simply authentication.  It allows you to use a site you ALREADY HAVE to register on new sites in a secure manner (site owners can't link identities together).  Note it isn't 2FA it is just a replacement for normal login.  Now if your OpenID login HAS 2FA (i.e. you use gmail = an open ID provider and your gmail account has 2FA) then it can be more secure but if your OpenID account has your email address as the username and password is "password" it isn't going to be any more secure.

http://openid.net/get-an-openid/







6220  Other / Beginners & Help / Re: mt gox account stolen, I lost all my money on: May 13, 2013, 06:28:42 PM
Stop believing the myth that TFA is uncrackable.
It does improve security, sure, but it is no way the holy grail.
There have been precedents where malware could steal funds despite TFA.

http://www.wired.com/insights/2013/04/five-myths-of-two-factor-authentication-and-the-reality/


Please provide some examples, your linked article did nothing of the sort.  

Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time.

Quote
Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details.
 

Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger.  In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA).  A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in.  In either case the only IP would be the users.  Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security.
Pages: « 1 ... 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 [311] 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 ... 800 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!