Bitcoin Forum
December 10, 2016, 04:55:31 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin Client Exploit  (Read 3445 times)
dircules
Newbie
*
Offline Offline

Activity: 4


View Profile
June 17, 2011, 05:45:05 PM
 #1


Would be an explanation for all the stolen BCs...

All these clients are nicely p2p networked, IPs available for everyone, traceable...if someone exploits the client => mass robbing!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481388931
Hero Member
*
Offline Offline

Posts: 1481388931

View Profile Personal Message (Offline)

Ignore
1481388931
Reply with quote  #2

1481388931
Report to moderator
1481388931
Hero Member
*
Offline Offline

Posts: 1481388931

View Profile Personal Message (Offline)

Ignore
1481388931
Reply with quote  #2

1481388931
Report to moderator
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 17, 2011, 05:46:32 PM
 #2

No need. Most of these clients are running on windows, which has security holes big enough to drive an M1 Abrams through.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
kw71
Newbie
*
Offline Offline

Activity: 14


View Profile
June 17, 2011, 05:47:04 PM
 #3

That's probably not the situation.

Someone could be distributing a trojaned modified client, though.

What's been going on lately is, a modified poclbm was circulated that contains a trojan.  Apparently people fell for its claims of cpu efficiency or whatever.
gigawatt
Full Member
***
Offline Offline

Activity: 168



View Profile
June 17, 2011, 06:54:56 PM
 #4

There's quite a few problems with this.
Unless a person is running a client configured to act like a server and somehow removes a username/password requirement along with allowing any IP, then sure, someone could just tell the client to send out the coins in their wallet.

Secondly, assuming that the client is configured properly and that it's a buffer overflow (or something similar) via network communication... well... the source code for the bitcoin client is publicly available and there haven't been any exploits so far.  That's not to say that there's no chance that there's a potential exploit, but for the most part, bitcoin has well defined protocol standards and uses JSON formatting to send data.

Lastly, if you're talking a local malicious action (where a user has access to a computer directly), then there's nothing bitcoin could do to stop it because that's a system wide unauthorized access.  Anything a user could do an attacker would do.


So long story short, I wouldn't sweat it.  Bitcoin uses well defined standards so unless there happens to be a massive gaping hole in open source software that nobody's managed to spot (and the exploitation of it thus far has impossibly managed to stay invisible), then there really isn't a need to worry.

BTC: 1E2egHUcLDAmcxcqZqpL18TPLx9Xj1akcV   Ψ: AWHJbwoM67Ez12SHH4pH5DnJKPoMSdvLz2   Primecoin All-In-One VPS Setup Script   Quarkcoin All-In-One VPS Setup Script   Metiscoin VPS Pool Mining Script
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
June 17, 2011, 06:58:21 PM
 #5

What's been going on lately is, a modified poclbm was circulated that contains a trojan.  Apparently people fell for its claims of cpu efficiency or whatever.

Was there a thread on this?
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
June 17, 2011, 07:04:40 PM
 #6

No need. Most of these clients are running on windows, which has security holes big enough to drive an M1 Abrams through.

Tanks can go thru lots of things easily regardless of the original size of the opening, perhaps a blimp would be a better vehicle to illustrate your point.

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 17, 2011, 07:23:45 PM
 #7

No need. Most of these clients are running on windows, which has security holes big enough to drive an M1 Abrams through.

Tanks can go thru lots of things easily regardless of the original size of the opening, perhaps a blimp would be a better vehicle to illustrate your point.

Fine point, fine point...

Very well, Consider my statement to be amended thus: ...big enough to float the Goodyear blimp through.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
okiyama
Newbie
*
Offline Offline

Activity: 5


View Profile
June 17, 2011, 07:40:29 PM
 #8

On the matter, wouldn't it be fairly easy to sneak malware onto any of the various parts of mining. The miner, the kernel, these are all exes that could be potentially tampered with.
peedee
Newbie
*
Offline Offline

Activity: 28


View Profile
June 17, 2011, 07:42:50 PM
 #9

On the matter, wouldn't it be fairly easy to sneak malware onto any of the various parts of mining. The miner, the kernel, these are all exes that could be potentially tampered with.

Definately very easy, so only download from trusted sites / users. Which are those? I don't know, just got here  Smiley
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 17, 2011, 07:49:23 PM
 #10

Best practices:
Do not mine on the same computer you run the client on.
Do not run the client on a potentially compromised system. (IMO this includes ALL windows systems)
Back up your wallet.dat securely. There are other threads about that.
ONLY use the client from Bitcoin.org. It's free, there's no reason to get it anywhere else.


I'm sure there are more, But this will be a good start.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Yatta99
Member
**
Offline Offline

Activity: 84


I need an new box...


View Profile
June 17, 2011, 07:55:39 PM
 #11

On the matter, wouldn't it be fairly easy to sneak malware onto any of the various parts of mining. The miner, the kernel, these are all exes that could be potentially tampered with.

Definately very easy, so only download from trusted sites / users. Which are those? I don't know, just got here  Smiley

If in doubt go to the 'mining software' sub-board of the 'mining' topic. In one of the stickies you will find a list of clients and their links for download. Download from those rather than from some random Google search. Lots of good info in there too on client recent changes, upcoming changes, and how to run/use. Good Luck.

Tips for new box to: 16s14wcsNo5TcdsGLttL7B1XWiCv8E4L6A
Bastet
Newbie
*
Offline Offline

Activity: 25


View Profile
June 17, 2011, 08:08:40 PM
 #12

Never mind a Bitcoin Client Exploit...

ANYTHING downloaded after the sharp rise in Bitcoin prices is a potential trojan wallet stealer.

You really like that fancy free screensaver/app/util/crack/game/whatever.  You download and install.  2 minutes later, wallet & Bitcoins gone.

I expect the amount to Bitcoin hack/trojan heists to sharply increase in the next few months.

You have been warned.  Take appropriate evasive maneuvers meow. Wink
willphase
Hero Member
*****
Offline Offline

Activity: 770


View Profile
June 17, 2011, 08:14:32 PM
 #13

Catalyst 11.6 comes out... Wallets get stolen... AMD stock goes up... Are they linked?! Tinfoil hats!

myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 17, 2011, 08:21:44 PM
 #14

You want some tinfoil hat stuff...
Gavin talks to government about Bitcoin => Mining pools and Mt Gox get DDoSed.

Coincidence?

I think not!

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
dircules
Newbie
*
Offline Offline

Activity: 4


View Profile
June 17, 2011, 08:28:37 PM
 #15


The point is that because Bitcoin is P2P based, you could identify ppl with bitcoins pretty easily + if you got a client exploit, GOTCHA, 100% vulnerability...
LokeRundt
Member
**
Offline Offline

Activity: 98



View Profile
July 31, 2011, 06:50:57 PM
 #16


The point is that because Bitcoin is P2P based, you could identify ppl with bitcoins pretty easily + if you got a client exploit, GOTCHA, 100% vulnerability...

I hereby dub you "Derpcules"

Hippy Anarchy
*shrug*
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
July 31, 2011, 07:00:12 PM
 #17


The point is that because Bitcoin is P2P based, you could identify ppl with bitcoins pretty easily + if you got a client exploit, GOTCHA, 100% vulnerability...

I hereby dub you "Derpcules"

+1

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!