Grand_Voyageur
|
|
June 11, 2015, 06:23:35 PM |
|
=snip= The result was that all of those clients generated the private key corresponding to 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F and sent bitcoins to it.
And somebody who noticed a whole lot of coins accumulating at "his" address, spent them. =snip=
This "someone" really got a winning lottery ticket. 34+BTC are really some nice bucks. I suspect there are several such someones and they must basically be in a race to see who can spend first when money appears in their address. So, if all were racing to scam others...we can even say no one got scammed. Quite a mess...I could never trust a lone satoshi to Blockchain.info after such performance. They totally FUBAR their business.
|
██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
|
|
|
Cryddit (OP)
Legendary
Offline
Activity: 924
Merit: 1129
|
|
June 11, 2015, 06:39:16 PM |
|
After digging some more and understanding what actually went wrong (and discovering some of the decisions that led to the failure along the way) I've updated the article at http://dillingers.com/blog/2015/06/09/ce-random-numbers-and-response-parsing/This "Cybernetic Entomology" series of articles is about breaking down bugs and showing how they came about - and after analysis, giving some basic observations about how not to get bitten by the same bad decisions that led to those bugs.
|
|
|
|
altcoinex
|
|
June 11, 2015, 08:29:42 PM |
|
Perhaps in their need for an android developer they hired an experienced mobile developer but one who did not come from a sufficient security background nor have proper experience with cryptography or bitcoin(and perhaps absent a bit of common sense in relation). Capable of producing the application but not able to provide the necessary security considerations. I always assumed they would have their security team approving any code that's rolled out though -- and would imagine at least a few of their staff to be in the role of security analyst. I wonder how differently things ran security procedure wise when Andreas was with them.
|
╓╢╬╣╣╖ ┌║██████║∩ ]█████████ ╜██████╝` ╙╜╜╜` ╓╥@@@@@@╥╓ ╓╖@@╖, ,@║██████████╢@, ,╓@@╖╓ ╓╢██████╢. ╓╢███████████████╖ ║╢█████║╓ ║█████████ ,,╓╓,, ┌║█████████████████┐ ,,╓╓,, ]█████████ └╢██████║` ╓╢║██████╢║∩``╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙`»╢╢██████╢║╖ ║███████╜ "╜╜╜╜` ╖╢█████████╣╜ └╢██████████@ `╜╜╜╜╜ ║██████████╜ ╙╢██████████ ┌█████████╜ ╙╢█████████ └███████╨` ╜████████ ║████╨╜ `╢█████ ╙╢╣╜ └╢█╜ ,, ,, ╓@║██┐ ┌██║@╓ ╢██████ ]█████H ╢███████∩ ┌████████ ╓@@@@╓ █████████ ║████████` ╓@@@@╖ ╓╢██████║. █████████∩ ┌█████████ ,║███████╖ ██████████ └█████████ ██████████ ]█████████ `║██████╜` └╢████████ ┌███████╣╜ ╙██████╨` `╙╜╜╙` `╙╨╢████ █████╝╜` `╙╜╜` ]@╓ ╓╖H ███╢║@╓, ,╓@╢╢███` ████████╢@╖╓. ╓╖@║████████` ]███████████╢║@╓, ,╓@╢╢████████████ ╙╢█████████████╨` ╜██████████████╜ ╙╝╢███████║╜` `╜║████████╝╜` ,╓@@@╓ `²╙`` `╙²` ╓@@@╖, ║╢█████╢H ╓╢██████H █████████ █████████` ╙╢██████╜ ╙╢██████╜ └╨╩╝┘ └╨╩╝╜ | WINFLOW | . | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
| . | | . | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
| . | |
|
|
|
tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1078
I may write code in exchange for bitcoins.
|
|
June 11, 2015, 10:10:48 PM |
|
Stay away from GreenAddress too- I've been using them and when I really needed access to my funds their wallet was unavailable for hours (I had a 2-of-2 multisig setup, should've used a 2-of-3)
I don't know if there's a mobile I can recommend at the moment, maybe I'll go for a commercial wallet
If you need a mobile wallet, why not use Andreas Schildbach's Bitcoin Wallet for Android. I've been using it for years and never had a problem. You're responsible for your own private keys, no third parties. Completely open source, you can download it from fdroid instead of the play store if you want to support FOSS on android.
|
|
|
|
teddy5145
|
|
June 12, 2015, 01:05:35 AM |
|
This is ridiculous, maybe its time for us to move to another wallet Luckily i never use btc wallet on my phone, i only use my pc for opening my wallet
|
|
|
|
virtualx
|
|
June 12, 2015, 08:29:23 AM |
|
I expected they would take security more serious. If this is serious it's just unbelievable. Random numbers over either HTTP or HTTPS is not a good idea. Damn. This is ridiculous. Why did they need to call random.org ?
To get increased randomness. Right, but that is patentenly ridiculous (imo). If you have a device with a radio, a gyroscope, a wifi-antenna, a java-random-number generator (that was recently hardened for use with crypto) and then you decide to make a call to a website to get a random number, that seems nuts. True. They could just do like Bither do. What's even more nuts is that they weren't getting back a random number but an error page and somehow they weren't even looking at that. It's pretty shocking.
The worst thing they were not using HTTP to make the webservice call to random.org. On Jan 4, random.org started enforcing HTTPS and returning a 301 Permanently Moved error for HTTP. So from that day onwards, the entropy has actually been the error message which turned into bytes instead of the expected 256-bit number. Using that seed, SecureRandom generated private key for 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F. When will they learn? This is a beginner progamming bug. They shouldn't have made it especially when money is at stake. Do you not think it was one of the programmers who put it there on purpose?
|
...loteo...
DIGITAL ERA LOTTERY | ║ ║ ║ | | r | ▄▄███████████▄▄ ▄███████████████████▄ ▄███████████████████████▄ ▄██████████████████████████▄ ▄██ ███████▌ ▐██████████████▄ ▐██▌ ▐█▀ ▀█ ▐█▀ ▀██▀ ▀██▌ ▐██ █▌ █▌ ██ ██▌ ██▌ █▌ █▌ ██▌ ▐█▌ ▐█ ▐█ ▐█▌ ▐██ ▄▄▄██ ▐█ ▐██▌ ▐█ ██▄ ▄██ █▄ ██▄ ▄███▌ ▀████████████████████████████▀ ▀██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀▀███████████▀▀
| r | | ║ ║ ║ | RPLAY NOWR
BE A MOON VISITOR! |
[/center]
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1082
Legendary Escrow Service - Tip Jar in Profile
|
|
June 12, 2015, 02:04:18 PM |
|
Ok, thats a real hefty story. Blockchain.info's wallets are seen as very secure since they exist since such a long time but this amount of amateurism is unbelieveable. Random number over http from a third party and then the message is not even parsed in any way. Thats simply only unbelieveable. Never ever will i think about using a wallet from them. This things shows way too big problems. Ok, one might think it could have been a third party coder. But even then, they are responsible, they handle the money from others and they showed a real high level of stupidity.
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
June 12, 2015, 02:32:52 PM |
|
Ok, thats a real hefty story. Blockchain.info's wallets are seen as very secure since they exist since such a long time but this amount of amateurism is unbelieveable. Random number over http from a third party and then the message is not even parsed in any way. Thats simply only unbelieveable. Never ever will i think about using a wallet from them. This things shows way too big problems. Ok, one might think it could have been a third party coder. But even then, they are responsible, they handle the money from others and they showed a real high level of stupidity. Blockchain.info has a good amount of security breaches since it started. Most of them are due to the developer's negligence and not ensuring the methods used are foolproof. If a person judges the trust based on the age of the product, it would be totally wrong. Even though it is opensourced, the track record should show their efforts put in to secure the customer's funds. If they used random.org as a process for generating their RNG, they could ask the site to give them updates on the changes made or at least, monitor and debug their software regularly. [Bug existed for more than 5 months]
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3962
Merit: 2207
Verified awesomeness ✔
|
|
June 12, 2015, 02:51:47 PM |
|
They should fire their android developer(s) and anyone that was in anyway involved with it. Jesus Christ, this is one serious and ridiculous fuck up.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1082
Legendary Escrow Service - Tip Jar in Profile
|
|
June 12, 2015, 07:04:36 PM |
|
Blockchain.info has a good amount of security breaches since it started. Most of them are due to the developer's negligence and not ensuring the methods used are foolproof. If a person judges the trust based on the age of the product, it would be totally wrong. Even though it is opensourced, the track record should show their efforts put in to secure the customer's funds.
If they used random.org as a process for generating their RNG, they could ask the site to give them updates on the changes made or at least, monitor and debug their software regularly. [Bug existed for more than 5 months]
I didnt suggest blockchain.info to anyone though that wallet was the wallet that was suggested when someone asked for a online wallet. Its not a wonder when all online wallets left and right got "hacked" and otherwise vanish. I remember things like ultrasecure wallets, best security and all and... hacked. So people tend to suggest blockchain.info because they still were there and they thought they would have fixed problems over time. I mean lets say you want to bring bitcoins near to someone. You cant make him download something if you arent there, its easier to give him the login to a wallet and thats it. Giving bitcoins to a noob would mean risks anyway. No backup, no antivirus and so on. Too bad. I didnt know that its SOO bad.
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
Fabrizio89
|
|
June 12, 2015, 07:09:11 PM |
|
Those are some pretty big fuck ups, I won't trust blockchain.info anymore not even for just transfering something really temporarely.
|
|
|
|
altcoinex
|
|
June 12, 2015, 08:06:10 PM |
|
They should fire their android developer(s) and anyone that was in anyway involved with it. Jesus Christ, this is one serious and ridiculous fuck up.
It may be no co-incidence they have Mobile Developer openings in their Job listings page at the moment. ;]
|
╓╢╬╣╣╖ ┌║██████║∩ ]█████████ ╜██████╝` ╙╜╜╜` ╓╥@@@@@@╥╓ ╓╖@@╖, ,@║██████████╢@, ,╓@@╖╓ ╓╢██████╢. ╓╢███████████████╖ ║╢█████║╓ ║█████████ ,,╓╓,, ┌║█████████████████┐ ,,╓╓,, ]█████████ └╢██████║` ╓╢║██████╢║∩``╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙`»╢╢██████╢║╖ ║███████╜ "╜╜╜╜` ╖╢█████████╣╜ └╢██████████@ `╜╜╜╜╜ ║██████████╜ ╙╢██████████ ┌█████████╜ ╙╢█████████ └███████╨` ╜████████ ║████╨╜ `╢█████ ╙╢╣╜ └╢█╜ ,, ,, ╓@║██┐ ┌██║@╓ ╢██████ ]█████H ╢███████∩ ┌████████ ╓@@@@╓ █████████ ║████████` ╓@@@@╖ ╓╢██████║. █████████∩ ┌█████████ ,║███████╖ ██████████ └█████████ ██████████ ]█████████ `║██████╜` └╢████████ ┌███████╣╜ ╙██████╨` `╙╜╜╙` `╙╨╢████ █████╝╜` `╙╜╜` ]@╓ ╓╖H ███╢║@╓, ,╓@╢╢███` ████████╢@╖╓. ╓╖@║████████` ]███████████╢║@╓, ,╓@╢╢████████████ ╙╢█████████████╨` ╜██████████████╜ ╙╝╢███████║╜` `╜║████████╝╜` ,╓@@@╓ `²╙`` `╙²` ╓@@@╖, ║╢█████╢H ╓╢██████H █████████ █████████` ╙╢██████╜ ╙╢██████╜ └╨╩╝┘ └╨╩╝╜ | WINFLOW | . | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
| . | | . | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
| . | |
|
|
|
altcoinex
|
|
June 12, 2015, 08:06:55 PM |
|
Those are some pretty big fuck ups, I won't trust blockchain.info anymore not even for just transfering something really temporarely.
Every since Andreas left I considered them to no longer be secure... Not that they didn't have an incident or two while he was present.
|
╓╢╬╣╣╖ ┌║██████║∩ ]█████████ ╜██████╝` ╙╜╜╜` ╓╥@@@@@@╥╓ ╓╖@@╖, ,@║██████████╢@, ,╓@@╖╓ ╓╢██████╢. ╓╢███████████████╖ ║╢█████║╓ ║█████████ ,,╓╓,, ┌║█████████████████┐ ,,╓╓,, ]█████████ └╢██████║` ╓╢║██████╢║∩``╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙`»╢╢██████╢║╖ ║███████╜ "╜╜╜╜` ╖╢█████████╣╜ └╢██████████@ `╜╜╜╜╜ ║██████████╜ ╙╢██████████ ┌█████████╜ ╙╢█████████ └███████╨` ╜████████ ║████╨╜ `╢█████ ╙╢╣╜ └╢█╜ ,, ,, ╓@║██┐ ┌██║@╓ ╢██████ ]█████H ╢███████∩ ┌████████ ╓@@@@╓ █████████ ║████████` ╓@@@@╖ ╓╢██████║. █████████∩ ┌█████████ ,║███████╖ ██████████ └█████████ ██████████ ]█████████ `║██████╜` └╢████████ ┌███████╣╜ ╙██████╨` `╙╜╜╙` `╙╨╢████ █████╝╜` `╙╜╜` ]@╓ ╓╖H ███╢║@╓, ,╓@╢╢███` ████████╢@╖╓. ╓╖@║████████` ]███████████╢║@╓, ,╓@╢╢████████████ ╙╢█████████████╨` ╜██████████████╜ ╙╝╢███████║╜` `╜║████████╝╜` ,╓@@@╓ `²╙`` `╙²` ╓@@@╖, ║╢█████╢H ╓╢██████H █████████ █████████` ╙╢██████╜ ╙╢██████╜ └╨╩╝┘ └╨╩╝╜ | WINFLOW | . | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
| . | | . | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
| . | |
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3962
Merit: 2207
Verified awesomeness ✔
|
|
June 12, 2015, 08:08:49 PM |
|
It may be no co-incidence they have Mobile Developer openings in their Job listings page at the moment. ;] I just checked and you they are indeed hiring a Mobile Developer. I would apply, but I only know Android, so I don't have the required qualifications.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
Cryddit (OP)
Legendary
Offline
Activity: 924
Merit: 1129
|
|
June 12, 2015, 10:04:54 PM |
|
One way of looking at this is that these fuckups are going to be made - and hopefully learned from - by people along the way.
With $27 million of money from vulture capitalists, bc.i will likely survive more "opportunities to learn" than most companies can afford.
They may achieve security before their money runs out. Which, I guess, would put them ahead of the short-lived competition we've seen so far.
As part of my 'Cybernetic Entomology' posts I researched how and why this bug actually happened.
They derived a class with a 'SetSeed' method that _mixed_ input with the RNG state from a native class with a 'SetSeed' method that _replaced_ the RNG state with input. But on low-memory Android devices that class didn't get registered. Instead of failing because an important component did not load, they called the 'SetSeed' method of its parent class.
So, the procedure for initializing the RNG --->
whatever its current state is, use SetSeed() to mix it with bits from /dev/urandom (good) make it "Better" by using SetSeed() to mix with bits from random.org (stupid but probably harmless)
But when you wind up calling the parent class's SetSeed method, instead, this turns into ---->
Replace current state using 'SetSeed' with bits from /dev/urandom (suboptimal but acceptable, except for what they do next) make it "Better" by replacing that (acceptable) state using 'SetSeed' with bits from random.org (WRONG!)
|
|
|
|
dogie
Legendary
Offline
Activity: 1666
Merit: 1183
dogiecoin.com
|
|
June 12, 2015, 10:22:47 PM |
|
Almost every excel formula I code contains, the following and that's for mundane stuff. You would have thought their due diligence would have increased for code transmitting $Ms a year.
=iferror(*code*,"YO DUDE YOU FUCKED UP, GO BACK")
|
|
|
|
TierNolan
Legendary
Offline
Activity: 1232
Merit: 1084
|
|
June 13, 2015, 12:18:26 AM |
|
They derived a class with a 'SetSeed' method that _mixed_ input with the RNG state from a native class with a 'SetSeed' method that _replaced_ the RNG state with input.
If the first thing you do with a SecureRandom object is call setSeed(...), then it is assumed you are providing a proper seed. This means that it skips the automatic self seeding as unnecessary. From the docs. If a call to setSeed had not occurred previously, the first call to this method [.nextBytes(...)] forces this SecureRandom object to seed itself. This self-seeding will not occur if setSeed was previously called.
The recommended way to create a SecureRandom object is to call .nextBytes(new byte[1]) right after creating the object. This will force it to self seed (from OS randomness), since it hasn't been seeded yet.
|
1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
|
|
|
subSTRATA
Legendary
Offline
Activity: 1288
Merit: 1043
:^)
|
|
June 13, 2015, 03:04:39 AM |
|
i remember reading about this issue somewhere, the numbers used were pseudorandom, and lots of people were complaining about it as a result, takes a whole different level of poor planning and testing to achieve something as faulty as that.
|
theres nothing here. message me if you want to put something here.
|
|
|
tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1078
I may write code in exchange for bitcoins.
|
|
June 13, 2015, 09:24:05 PM |
|
I just know about this story, luckily i only use their android app to check my balance I think i should remove this stupid application from my phone
Blockchain.info should remove / update their app very soon
Has it not been updated since this has been reported (basically everwhere!)? That's almost more shocking than the original fuckup itself!
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
June 14, 2015, 07:33:40 AM |
|
I just know about this story, luckily i only use their android app to check my balance I think i should remove this stupid application from my phone
Blockchain.info should remove / update their app very soon
Has it not been updated since this has been reported (basically everwhere!)? That's almost more shocking than the original fuckup itself! The app is updated. https://play.google.com/store/apps/details?id=piuk.blockchain.android&hl=en. Updated May 28, 2015 I tried it out myself too. It now generates a different address everytime if you are using the latest version.
|
|
|
|
|