Bitcoin Forum
November 06, 2024, 05:45:19 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 2013-04-12 Business Insider - I tried hacking Bitcoin and I failed  (Read 2356 times)
DeathAndTaxes (OP)
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
April 12, 2013, 06:32:44 PM
 #1

http://www.businessinsider.com/dan-kaminsky-highlights-flaws-bitcoin-2013-4

Quote
Two years ago, I tried to hack BitCoin. I failed.
This was very exciting. It is a fairly open secret that almost all systems can be hacked, somehow.  It is a less spoken of secret that such hacking has actually gone quite mainstream.  Everybody hacks … sometimes. 

Seriously though, as an engineer and as a hacker (and I promise you, these are two very different things), BitCoin surprised me.  Here was a system with the following properties:
Created an enormous global cloud of always-on, listening machines
Spoke its own fiddly little custom network protocol
Written in C++, which for all of its strengths is not usually the safest thing in the world to be reading random Internet garbage with
Directly implemented the delivery of a Pot Of Gold At The End Of The Rainbow for any hacker who could break it


By all extant metrics in security system review, this system should have failed instantaneously, at every possible layer. And, to be fair, it has failed at other layers – BitCoin thefts have occurred, in the meta-code that surrounds the core technology itself. But the core technology actually works, and has continued to work, to a degree not everyone predicted. Time to enjoy being wrong.  What the heck is going on here ...

http://www.businessinsider.com/dan-kaminsky-highlights-flaws-bitcoin-2013-4
kiko
Sr. Member
****
Offline Offline

Activity: 453
Merit: 250


View Profile
April 12, 2013, 06:45:19 PM
 #2

Wow, this was a really great read.

moar
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
April 12, 2013, 06:50:32 PM
 #3

that was good.

what, can't hack it?  what would all the Bloomberg ppl say?
TraderTimm
Legendary
*
Offline Offline

Activity: 2408
Merit: 1121



View Profile
April 12, 2013, 06:51:07 PM
 #4

I'm having trouble enjoying this - he obviously doesn't understand how difficulty governs the hashpower thrown at the network. I'm actually stunned he can't figure that out.

fortitudinem multis - catenum regit omnia
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
April 12, 2013, 06:54:34 PM
 #5

I'm having trouble enjoying this - he obviously doesn't understand how difficulty governs the hashpower thrown at the network. I'm actually stunned he can't figure that out.


he also can't seem to understand the anonymity features around stolen coins even though their movement can be tracked via the blockchain.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
April 12, 2013, 06:57:24 PM
 #6

the other thing he doesn't understand is that the "large actors" that he says could rewrite the "truth" of the blockchain merely consist of individuals who can abandon those pools at the drop of a hat. 

the system is such that it encourages and rewards telling the truth and will punish those actors who try to obscure it.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
April 12, 2013, 07:02:16 PM
 #7

the other thing he doesn't understand is that the "large actors" that he says could rewrite the "truth" of the blockchain merely consist of individuals who can abandon those pools at the drop of a hat. 

the system is such that it encourages and rewards telling the truth and will punish those actors who try to obscure it.

the quintessential example of this is Eleuthria's latest actions.

it was he who voluntarily decided to revert from 0.8 to 0.7 in reviewing the IRC discussions at the time.  Gavin and other devs did not force him to do so.  he saw that it was in the interest of the network to prevent any single individual from losing money.  he was voluntarily rewarded a few weeks later by Gavin reimbursing him for his gratuity from the Faucet.

the second example is Eleuthria voluntarily limiting the growth of BTCGuild to 40% of the network.  once again, he understands the importance of maintaining confidence amongst the individual, small players in the network.

this is what makes Bitcoin great.  you won't get that shit from Ben Bernanke.
beckspace
Hero Member
*****
Offline Offline

Activity: 931
Merit: 500


View Profile
April 12, 2013, 07:13:48 PM
Last edit: April 12, 2013, 07:25:45 PM by beckspace
 #8

I highly enjoyed reading this.

His last concerns, about the technical choice of pure hashpower instead of some other feature to boost decentralisation, can be counter-argumented analysing the cost/return of such attack.

The system is built at the premisse that if you can arrange some hashpower into Bitcoin, it's massively more profitable to HELP (mining and earning coins) the network instead of attack it.

Of course, some people would love to see the world burn, but that doesn't mean that they can arrange the sufficient power to do it (both financially and/or without accomplices). Bitcoin is like the internet or electricity, it will improve the life for everyone.
globalvillage
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
April 12, 2013, 07:46:54 PM
 #9

Let me share with you here a portion of an article from GBBG Blog:

"Bitcoin Hacks
So often the media misrepresents the truth about hacking. Nearly 100% of the time, when a news release discusses a recent ‘hack’ on a product or service, they are entirely incorrect. When it comes to bitcoin, this is fully the case. Bitcoin has NEVER been hacked. Many articles have surfaced recently alarming the general public with reports of bitcoin hacks. While these articles do a good job of causing panic and short-sighted sell-offs, enabling our managers to purchase BTC at a massive discount, they are malicious lies.

Bitcoin is a protocol, like email is a protocol. It is not a company, a service, or an organization. In the four year history of Bitcoin, the protocol has functioned near flawlessly. With only a very few exceptions, such as the recent branch in the blockchain, the protocol has delivered above and beyond expectation. As a protocol, Bitcoin has never been ‘hacked’. Therefore, the fear mongering and misrepresentation of the general media is unwarranted.

The real truth is that certain individuals, through their own security flaws, have allowed their Bitcoin Wallets and the servers that manage them to be hijacked. Every single instance of ‘Bitcoin hacking’ that has been reported by the media is actually a hijacking. There is a major difference between the two. Hacking a system is the complex process of decrypting the passwords or other security measures in place to protect the system. Hijacking is the more simple process of fooling someone into handing over passwords and other details necessary to gain access to a system.

We have yet to see a true, definitive case of hacking within the Bitcoin protocol. However, because people are people, we have seen many cases of hijacking. The media chooses to report these hijacks as ‘hacks’ and uses this as a reason to distrust Bitcoin. In our opinion, they should also apply this philosophy to email. Since so many individuals have allowed their email accounts to be hijacked over the years, the entire world should discard and distrust email altogether. Their assertion that Bitcoin cannot be trusted or ‘valuable’ over time, because individuals have allowed their wallets to be hijacked is the exact same as the assertion that email cannot be trusted or ‘valuable’ over time because individuals have allowed their accounts to be hijacked. Both are extremely stupid assertions.

Bitcoin is a protocol. Email is a protocol. TCP/IP is a protocol. And, as with the early days of Email and TCP/IP, the Bitcoin protocol will have its ‘maturing’ and ‘vetting’ process. We urge our members to read carefully when idiots in the media report ‘bitcoin hacking’. A stupid fool who says Bitcoin has been hacked is just as ignorant as one asserting that Email has been hacked. If an individual does not take the proper security measures and they allow another individual to hijack their wallet, that is NOT hacking. And the fools reporting such in the media should be ignored."


Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 12, 2013, 08:10:21 PM
 #10

he also can't seem to understand the anonymity features around stolen coins even though their movement can be tracked via the blockchain.

I haven't looked closely but at a minimum there were stolen coins from bitcoinica that were distributed randomly to IRC users and others:

Bitcoinica stolen coin returns
 - http://bitcointalk.org/index.php?topic=82581.0

and there've been many various successful exchange hacks so while some might have held onto the loot, others certainly have mixed and cashed out.

List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses
 - http://bitcointalk.org/index.php?topic=83794.0


Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
April 12, 2013, 08:12:25 PM
 #11

I call it the capital C indicator.

Anyone who writes "BitCoin" is guaranteed to have at least one major misconception.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
April 12, 2013, 09:14:16 PM
 #12

I'll say it again.

The geeks fail to understand that which they hath created.
labestiol
Sr. Member
****
Offline Offline

Activity: 434
Merit: 251


View Profile
April 12, 2013, 09:30:12 PM
 #13

Really glad to read this.
Dan Kaminsky was quite vocal a few years back about bitcoin, for the reasons he explains. Having him preaching the qualities of bitcoin from a security standpoint can only give more confidence to people Smiley

1BestioLC7YBVh8Q5LfH6RYURD6MrpP8y6
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
April 12, 2013, 10:40:53 PM
 #14

While I'm glad Dan has written this, what amounts to a retraction of his previous what I would call denigration of Bitcoin, I'm also a little saddened.

It is like when watching a great champion get beaten in his twilight years ....

doobadoo
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 12, 2013, 10:45:21 PM
 #15

I'm having trouble enjoying this - he obviously doesn't understand how difficulty governs the hashpower thrown at the network. I'm actually stunned he can't figure that out.


Nah man, there is so much more to securing the network.  The hash produces a proof of work, not much moar.  There's the need to secure the sig scripts so that tx's can't be altered.  There's the need to prevent DDoSing the network overall with packet floods, all kinds of quirks to the protocol.  So many possible attack vectors that satoshi practically covers them all in the 0.1 release.

Some day he will get a nobel prize in economics for this invention.

"It is, quite honestly, the biggest challenge to central banking since Andrew Jackson." -evoorhees
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
April 12, 2013, 10:55:46 PM
 #16

I'm having trouble enjoying this - he obviously doesn't understand how difficulty governs the hashpower thrown at the network. I'm actually stunned he can't figure that out.


Nah man, there is so much more to securing the network.  The hash produces a proof of work, not much moar.  There's the need to secure the sig scripts so that tx's can't be altered.  There's the need to prevent DDoSing the network overall with packet floods, all kinds of quirks to the protocol.  So many possible attack vectors that satoshi practically covers them all in the 0.1 release.

Some day he will get a nobel prize in economics for this invention.

.... a Nobelesque prize to recognise society-changing coding/engineering feats ... like TCP/IP, WWW (http) , linux, etc ... particularly open source, i.e. non-commercial contributions?

David M
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
April 12, 2013, 11:03:21 PM
 #17

It is like when watching a great champion get beaten in his twilight years ....

While I like the empathy, I would have thought the important lesson is that after getting knocked down, he had the fortitude to get back up.
flix
Legendary
*
Offline Offline

Activity: 1227
Merit: 1000



View Profile
April 12, 2013, 11:56:52 PM
 #18


Nah man, there is so much more to securing the network.  The hash produces a proof of work, not much more.  There's the need to secure the sig scripts so that tx's can't be altered.  There's the need to prevent DDoSing the network overall with packet floods, all kinds of quirks to the protocol.  So many possible attack vectors that satoshi practically covers them all in the 0.1 release.

Some day he will get a nobel prize in economics for this invention.

I can't imagine him being a single person. If he/she is, must be the Newton of our age.
n8rwJeTt8TrrLKPa55eU
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
April 13, 2013, 12:13:33 AM
 #19

I call it the capital C indicator.

Anyone who writes "BitCoin" is guaranteed to have at least one major misconception.

Empirically true, similar to usage of the "the" prefix.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
April 13, 2013, 01:42:47 AM
 #20

the other thing he doesn't understand is that the "large actors" that he says could rewrite the "truth" of the blockchain merely consist of individuals who can abandon those pools at the drop of a hat. 

the system is such that it encourages and rewards telling the truth and will punish those actors who try to obscure it.

the quintessential example of this is Eleuthria's latest actions.

it was he who voluntarily decided to revert from 0.8 to 0.7 in reviewing the IRC discussions at the time.  Gavin and other devs did not force him to do so.  he saw that it was in the interest of the network to prevent any single individual from losing money.  he was voluntarily rewarded a few weeks later by Gavin reimbursing him for his gratuity from the Faucet.

the second example is Eleuthria voluntarily limiting the growth of BTCGuild to 40% of the network.  once again, he understands the importance of maintaining confidence amongst the individual, small players in the network.

this is what makes Bitcoin great.  you won't get that shit from Ben Bernanke.

It's the opposite of big government supporters' logic, which is "If we don't tax and regulate the rich guys like hell nothing  can stop them from keeping all their wealth to themselves and abuse their influence and power! They don't care about the poors, and will only try to exploit the whole society as much as possible!"

Why not give the free market a chance?

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!