|
cjp (OP)
|
 |
November 21, 2012, 10:00:39 PM |
|
Recently, bitcoin.de changed its SSL certificate (twice), while the old one wasn't expired yet. Also, the certificate authority changed. bitcoin.de now seems to be some kind of alias(?) of ssl2669.cloudflare.com, and Certificate Patrol shows it like:
- GlobalSign Root CA
- GlobalSign Organization Validation CA - G2
- ssl2669.cloudflare.com
For bitcoin.de, this might have had something to do with the recent DDOS attack (but then, who would gain anything with a DDOS attack?). But now I also got a new certificate for bitinstant,com, also while the old certificate wasn't expired yet, and also pointing to ssl2669.cloudflare.com.
Can someone please explain what is going on here?
|
|
|
|
|
|
|
|
|
|
|
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
sneak
Newbie
 Offline
Activity: 28
Merit: 0
|
|
November 21, 2012, 10:02:50 PM |
|
Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.
You should sound the alarm, because if indeed that were the case, this would not be too late anyway. /sarcasm
SSL key changes are routine. If you trust the PKI, then it's fine. If you don't trust the PKI, it wasn't fine before anyway.
|
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
November 21, 2012, 10:37:39 PM |
|
Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.
You think you're joking but that's exactly what's happening lol http://exiledonline.com/isucker-big-brother-internet-culture/...CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further… |
|
|
|
|
vokain
Legendary
Offline
Activity: 1834
Merit: 1019
|
|
November 22, 2012, 01:40:56 AM |
|
Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.
You think you're joking but that's exactly what's happening lol http://exiledonline.com/isucker-big-brother-internet-culture/...CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further… damn lol |
|
|
|
|
|
mcdett
|
|
November 22, 2012, 01:52:56 AM |
|
There are known trojan's in the wild now infecting chrome on MS. Cert signature errors are a very common sign.
|
|
|
|
|
|
niko
|
|
November 22, 2012, 02:07:57 AM |
|
It seems they moved to cloudflare, possibly due to ddos or similar problems. Nothing alarming. What psy pointed out is interesting, though. Cloudflare is a US entity, and as such subject to the US PATRIOT act. Making the Web insecure pushes more people towards cloudflare, which in turn provides more opportunities for massive data surveilance by the US government. Imagine the reaction if Chinese government was trying to route as much traffic as possible through Chinese-operated infrastructure...
|
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
November 22, 2012, 02:31:09 AM |
|
Cloudflare is a US entity, and as such subject to the US PATRIOT act. Making the Web insecure pushes more people towards cloudflare, which in turn provides more opportunities for massive data surveilance by the US government. Imagine the reaction if Chinese government was trying to route as much traffic as possible through Chinese-operated infrastructure... I still don't understand why all bitcoin-related websites don't make access via a hidden service a standard feature. |
|
|
|
|
|
picobit
|
|
November 22, 2012, 12:19:27 PM |
|
I still don't understand why all bitcoin-related websites don't make access via a hidden service a standard feature.
Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow. (*) And that may be a significant fraction of all bitcointers. |
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
November 22, 2012, 12:35:35 PM |
|
I still don't understand why all bitcoin-related websites don't make access via a hidden service a standard feature.
Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow. (*) And that may be a significant fraction of all bitcointers. You don't need to have a website behind Tor in order to use Tor to access it and protect yourself as far as I understand it.. |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
Marco Polo
Newbie
Offline
Activity: 29
Merit: 0
|
|
November 22, 2012, 12:44:23 PM
Last edit: November 22, 2012, 12:59:30 PM by Marco Polo |
|
The SAN field on the certificate for bitcoin.de is pretty interesting:
Or maybe not, maybe they need to be able to read the traffic in order to be able to filter out ddos attacks..
DNS Name=ssl2669.cloudflare.com
DNS Name=*.ukashvip.com
DNS Name=ukashvip.com
DNS Name=bookmakers.com.au
DNS Name=*.calendars.com
DNS Name=calendars.com
DNS Name=subeta.net
DNS Name=*.subeta.net
DNS Name=*.goldenarium.com
DNS Name=*.hellocq.com
DNS Name=*.bookmakers.com.au
DNS Name=*.pcbooster.com
DNS Name=*.hosthack.com
DNS Name=hosthack.com
DNS Name=*.aitec.ee
DNS Name=greenpolkadotbox.com
DNS Name=pcbooster.com
DNS Name=goldenarium.com
DNS Name=testwanda.com
DNS Name=bitinstant.com
DNS Name=*.testwanda.com
DNS Name=bitcoin.de
DNS Name=*.bitcoin.de
DNS Name=president.gov.ph
DNS Name=*.greenpolkadotbox.com
DNS Name=aitec.ee
DNS Name=*.president.gov.ph
DNS Name=*.bitinstant.com
DNS Name=hellocq.com
DNS Name=*.tangostress.info
DNS Name=tangostress.info
|
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
November 22, 2012, 02:11:38 PM |
|
Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow.
(*) And that may be a significant fraction of all bitcointers. Then people who don't want it wouldn't need to use the hidden service, but those who don't trust cloudflare would have an alternative. You don't need to have a website behind Tor in order to use Tor to access it and protect yourself as far as I understand it.. All other things being equal a hidden service is safer, and sometimes faster, than using Tor to browse a regular web site. Traffic between your computer and a hidden service doesn't leave the internal Tor network so you aren't exposed to potentially malicious and/or congested exit nodes and (most importantly) it's impossible for an intermediate node to perform a MITM attack. |
|
|
|
|
|
BkkCoins
|
|
November 22, 2012, 03:22:49 PM |
|
Because those of us not doing anything illegal and not being overly paranoid(*) think that using TOR is inconvenient and slow.
(*) And that may be a significant fraction of all bitcointers. Then people who don't want it wouldn't need to use the hidden service, but those who don't trust cloudflare would have an alternative. You don't need to have a website behind Tor in order to use Tor to access it and protect yourself as far as I understand it.. All other things being equal a hidden service is safer, and sometimes faster, than using Tor to browse a regular web site. Traffic between your computer and a hidden service doesn't leave the internal Tor network so you aren't exposed to potentially malicious and/or congested exit nodes and (most importantly) it's impossible for an intermediate node to perform a MITM attack. They probably don't know how easy it is to set up. eg. Install Tor (apt-get install tor), add a web server cfg to listen on some localhost port and edit the line in the torrc file to associate the hidden service dir with local port. Restart Tor. But also, if they're using cloudflare to spread load (and I don't know if that's the reason) then I guess handling some small portion of traffic via the local Tor proxy may be seen as hindering that. |
|
|
|
J-Norm
Newbie
Offline
Activity: 56
Merit: 0
|
|
November 22, 2012, 10:07:39 PM |
|
apt-get install tor
apt-get install ettercap
Ettercap is a program that allows you to perform a man in the middle attack. It can do so by redirecting traffic or if you already are the gateway(such as with tor) then it can perform the attack wouthout needing to reroute. It is capable of generating an ssl certificate on the fly and attempt to get you to connect to them. This will cause a browser warning that something is fishy, many ignore it. I would not be suprised if someone was running a tor node just to attempt to steal wallet passwords. |
|
|
|
|
|
Insu Dra
|
|
November 22, 2012, 11:20:30 PM
Last edit: November 23, 2012, 03:10:28 PM by Insu Dra |
|
Obviously you are being MITM attacked by the government for participating in a subversive p2p network currency.
You think you're joking but that's exactly what's happening lol http://exiledonline.com/isucker-big-brother-internet-culture/...CloudFlare’s CEO Matthew Prince made a weird, glib admission that he decided to start the company only after the Department of Homeland Security gave him a call in 2007 and suggested he take the technology behind Project Honey Pot one step further… +1 CloudFlare the ultimate man in the middle attack and people don't even seem to care ... Edit: This reminded me of following article written in 2009, it seems like all the concerns they had where valid and have or are becoming the main issue with freedom on the internet. They are concerned that control could be shifting from the edges of the Internet toward the service providers at the center, which would allow the providers to have “gatekeeper” capacity and would contradict the Internet's “end-to-end” principle http://www.sciencemag.org/content/325/5939/396.short |
"drugs, guns, and gambling for anyone and everyone!"
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
November 23, 2012, 12:51:54 PM |
|
Running a hidden service doesn't stop DoS attacks. If anything it makes them harder to stop because you can't block connections on Tor anywhere near as easily as with regular web sites (no IP address blocking).
|
|
|
|
|
|
