|
Maybe because it's Christmas?
Maybe someone won lessthan1 on satoshidice?
|
|
|
|
I <3 SatoshiDice.   I hate you and hope you die Are you serious? People should play on clone dice / nakabot now. |
|
|
|
|
It is possible to make a login form that plugins can't capture, by the way.
|
|
|
|
You have just modified the javascript in your own browser. The javascript is the bitcoin client and if you modify the client then of course you can change it to print the password or private keys etc. It would be trivial to modify the Bitcoin-Qt source to add an alert box which prints the password in a similar fashion.
This is how the service works, client side.
Except I haven't modified. This s a security vulnerability, you never try to do crypto with JavaScript. I could have made a, say Chrome bitcoin watcher plugin. Obfuscate the code to prevent detection, and wait till people log in with blockchain. If you made a desktop client, this wouldn't have happened because of sand boxing. Anyway, I am going to work on a network based attack now. |
|
|
|
Cool! Is there any advantage to buy it from you over buying it directly? (And saving money)?
For a single coin, casascius.com charges BTC 1.50 and prohibitively high shipping cost to anywhere outside of the US. Offers like this one fill that niche. For example: 1 coin shipped to germany from casascius official page will cost you BTC 1.9 (incl. shipping) and take about 10-15 days. 1 coin shipped to germany from me will (using currently highest bid) cost you BTC 1.418 (incl. shipping) and take about 2-4 days. So it can make sense depending on circumstances. I'm mainly doing it for fun and to spread the beautiful coins and of course bitcoin itself. Ah, I see. I don't see the point of people buying single Casacius coins through but sounds like a cool christmas present  |
|
|
|
What information do you have about who abused blockchain.info to alter nethead wallet?
The ip address the wallet was last updated with. What about the 2-factor authentication issue nethead mentioned?
With the sharedKey two factor authentication can be disabled. When did somebody at blockchain.info first realize that this particular problem with the key being published was a serious issue and what did blockchain.info do to protect the user
Every version of a wallet is stored (every time it is updated). The users has been sent those backups, with instructions to import them into another client or a new blockchain wallet. That's the information he was sent by Roger Ver. So let me get this straight - any admin, including Roger Ver when he still had admin access, has access to enough information to authenticate to the blockchain.info server as that user and lock them out of their account, bypassing any auditing that might be associated with using admin tools to do the same thing. At any time - including after you'd supposedly removed his admin access - Roger Ver could've locked this person out of their blockchain.info account in order to extort them for, say, money or an apology.
There isn't really any ability lock a wallet, but yes with access to the sharedKey and some custom crafted http requests he could have achieved that affect. Nethead has an email associated with the account so he will have been automatically emailed backups. With backups the extortion would be easily circumvented by importing the wallet into Multibit or any other client. This is one of the reasons why it's always a good idea to keep your own backups. How about stop pretending that your client sided security is nothing but a joke? https://bitcointalk.org/index.php?topic=133032.0Never try to build a secure system out of client JS, unless you're the guy who made cryptocat. |
|
|
|
Didn't take me this long: https://i.imgur.com/y905u.pngYes, it passes all the "verifiers". The alert stopped script execution, but after that there is "Not modified". I used MS Paint to remove the checksum and potentially unique identifiers. Feel free to disregard / think this is fake / etc at your own risk (the attacker could have modified it to send your password to their server). I don't plan on releasing the proof of concept unless there is sufficient demand for it. I have nothing personal against blockchain.info, but I'm not going to bother finding the quote by blockchain.info saying how they take loads of (ineffective) security precautions.. Just saying your blockchain wallet isn't safe. |
|
|
|
Just a warning to people who uses certain sites that may be illegal in certain jurisdictions. Blockchain.info is a great wallet, and this isn't about the recent drama (that's over with). What this is about is about some certain use of btc. Do not use Blockchain.info wallets, as personally identifiable information is accessable to admins, which means a subpoena = you getting a illegal drug / money laundering charge.What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.
A wallet can be looked up by SMS number or email if that information has been added in [Account Settings].
Roger TODAY 05:56 PM Nethead, I own 25% of blockchain.info I also own 15% of Bitinstant.com %100 of Bitcoinstore.com %100 or Memorydealers.com I also own a % of coinlab.com, ripple.com ogrr.com and I am the largest single donor to bitcoinfoundation.org I'm Roger Ver, the post prolific Bitcoin investor the world has ever seen: http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/Stop trying to steal from me, I caught you %100. This is your final chance to do the right thing and send my money back. 18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a (4.5119 BTC) Do it now, and both our lives will be easier, and you will be a better person for it. With the very best intentions, Roger Ver -- Roger TODAY 04:36 PM Nikolaos, I looked up your address with Blockchain, and %100 for sure the funds were sent to a Bitcoin address that you control. Here is the proof of the link to your account corresponding with Bitcoin address: 1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU
[Wallet {email='**removed**'
, guid='46f2b149-45c1-309c-98e0-af31be28175f'
, shared_key='2ea287bc-abf8-71b1-8e45-276ac034b854'
, secret_phrase='**removed**'
, alias='**removed**'
, created=Sat Dec 08 17:46:45 GMT 2012
, updated=Wed Dec 19 01:43:47 GMT 2012
, created_ip='188.95.51.*'
, updated_ip='79.107.123.*'
, sms_number='+44 7583******'
, country='USD'}Email, secret phrases, IP addresses, SMS numbers can be all used by the feds to get your ass in jail. So if you're thinking of doing that, make sure to not use blockchain.info as the send anonymously function will not clear out your IP addresses / etc. |
|
|
|
I just don't see it being logical to have it going anywhere near 500k/block.
I like our current method.
Once all the blocks are mined, the pools can force a minimum transaction fee to be allowed by them.
I do think that 21million coins is a LOW amount, but that's why there a numbers bellow 0 (to the 8th).
500k/block would be necessary if 300,000,000 people used it. That would keep the currency at roughly parity with the dollar (which makes sense, in order to avoid the psychological "less is not more" barrier). It is also necessary to continue with block rewards, so that the currency doesn't go into a deflationary spiral (which WOULD happen - see "The Great Depression"). I also believe that, with the current Bitcoin client, transaction fees will not be high enough to maintain a sufficient number of miners to keep the network secure. Once we hit 25 BTC rewards, the number of miners will drop in half. Same thing when we reach 12.5 BTC rewards, etc. The end result is that we wouldn't have enough money being spent on mining to keep the network secure, which I'll explain in further detail. If we assume there is no growth in bitcoins from now until the reward is effectively gone (and thus no value increase), then miners will see a reward of 0.05 BTC/block or so. Which means that the network would be secured, theoretically, by 1/1,000 of the number of miners that currently secure it. We'd have 20-50 GPU's securing the entire network worth $210M. In order to maintain the same level of network security that we have today, on a "hash-per-market-cap" basis, we'd have to have 1000 times the number of transactions in each block that are currently had. That's just not going to happen unless worldwide adoption becomes a reality, so we will always have a discrepancy between the hashing power securing the network and the total value of the network. Sure, if prices reach $1,000, then we might have 2,000 to 5,000 GPU's securing the network, but that network would be worth $21B. So 2,000 to 5,000 GPU's probably isn't going to be enough at that point either. At the current transaction rate, the network will not be sustainable in the future.See the problem? It's been suggested a number of times before under Inflatacoin, Keynescoin, etc. Nobody has cared enough about the idea to actually spend the time creating the new chain. People wouldn't buy or mine it because with inflationary currencies you either use it right now or you lose your purchasing power, and since there would be nothing to buy with it then the only option is to lose.
It's not inflationary - it's stable. Well, eventually anyway. Once the number of coins generated equals, roughly, the number of coins accidentally lost, then the currency is stable. It shouldn't increase or decrease in value. Up to that point, it would be inflationary, but the hope would be that the adoption rate of the currency would keep up. Did this happen? hmm? No, we do not need a better coin. |
|
|
|
|
There's already a bitcoin pyramid out there, but what would you like to see? Structure, etc.
|
|
|
|
So..... did you pay out all of your customers claims?
Goat's been banned so I don't think he'll be replying. Why was he banned? Because theymos was on a power trip and bans people who he consistently disagree with. See Rarity too. |
|
|
|
Hey guys, just short a bitcoin from a purchase I'd like get on Silkroad.
I can repay 3 BTC about a month after my purchase [Around Jan 19, 20, 21]
Address: 1Hi9u73vKZeXiRVPa5baFvuuRo1MxyyuP1
PM me for information.
Thanks.
I can do this if you give me ID, and I'll only want 2 BTC back. |
|
|
|
|
1-10% weekly?
Likely Ponzi.
You can't get 52% yearly on any sort of long term scale.
|
|
|
|
|
SCAM SCAM SCAM
Think WITR brought back WIT?
You're wrong.
This scammer probably owned 90% of the shares to try and get people to invest. After realizing people are not going to fall for it, he "brought back" his own shares and 3 other retard investors's shares.
Ever wondered why he had to pay out in two parts? Because he doesn't have enough coins, and had to get his own payout.
|
|
|
|
So what are the next steps? How is this all going to get settled?
Yeah. I own a share on BTC-mining and would like to know when I would get my dividends... |
|
|
|
|
Cool! Is there any advantage to buy it from you over buying it directly? (And saving money)?
|
|
|
|
I <3 SatoshiDice. What have you being doing? Putting it in 0.1% odds and winning 10 times? |
|
|
|
|
Got a (v)cc that you legitimately own? I'll buy it from you for half of the value, using the latest mtgox. Min value $50 (as in value on card). Max value $150 for now.
|
|
|
|
|
Got 0.1 btc? Want $2 amazon GC? PM!
|
|
|
|
|
I just used it so you should have got 200 credits.. please send me by 0.1 btc
|
|
|
|
|
Show Posts
