Bitcoin Forum
December 06, 2016, 08:28:16 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: [BOUNTY 22 btc] lulzSec secure, private exchange  (Read 9644 times)
M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
June 20, 2011, 07:54:56 AM
 #21

Does BitMarket.eu (because it doesn't have money deposits) count? Smiley
1481012896
Hero Member
*
Offline Offline

Posts: 1481012896

View Profile Personal Message (Offline)

Ignore
1481012896
Reply with quote  #2

1481012896
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Ian Maxwell
Full Member
***
Offline Offline

Activity: 140



View Profile WWW
June 20, 2011, 07:56:13 AM
 #22

I'm interested in developing a secure exchange platform. Not so sure what you mean by private---is it just that there's no public record of deposits/withdrawals/trades?

I think the stored-password-hash system is ultimately not secure enough for something like this. What I'd like to build is a stored-public-key system something like that for the #bitcoin-otc web of trust. A client sending a command to the exchange server would timestamp it and sign it with his public key, and the server would verify the signature before carrying out the command. I see no theoretical barrier to implementing this in Javascript so that, to the user, it looks just like entering a password at any other site---but it sounds hard, and you'd have to figure out where to store the private key on the client's end. Building a standalone client application that calls GPG for the signing would be easier but probably less used.

Ian Maxwell
PGP key | WoT rating
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
June 20, 2011, 08:17:50 AM
 #23

Does BitMarket.eu (because it doesn't have money deposits) count? Smiley

Not sure ... are you suggesting we request lulzSec to run a 'test' on Bitmarket.eu?

What is BitMarket.eu's privacy and security policies on storing customer records, transaction records, etc?

If an attacker was to infiltrate and publish records would it lead to compromised security situation or embarassment of clients using it?

JTaBitCoinKing
Newbie
*
Offline Offline

Activity: 28


View Profile
June 20, 2011, 10:20:22 AM
 #24

Didn't Lulzsex just admit to being behind the attack at MTGox? I think they just admitted it on their twitter; Hackavism for Silk Road no doubt, but they probably won't admit that.

I wonder if they really are messing with the FBI like they say they are? Or is that just social engineering?
fellowtraveler
Sr. Member
****
Offline Offline

Activity: 440


View Profile
June 20, 2011, 05:18:20 PM
 #25

I'm interested in developing a secure exchange platform. Not so sure what you mean by private---is it just that there's no public record of deposits/withdrawals/trades?

I think the stored-password-hash system is ultimately not secure enough for something like this. What I'd like to build is a stored-public-key system something like that for the #bitcoin-otc web of trust. A client sending a command to the exchange server would timestamp it and sign it with his public key, and the server would verify the signature before carrying out the command. I see no theoretical barrier to implementing this in Javascript so that, to the user, it looks just like entering a password at any other site---but it sounds hard, and you'd have to figure out where to store the private key on the client's end. Building a standalone client application that calls GPG for the signing would be easier but probably less used.

I recommend you start with my API:

https://github.com/FellowTraveler/Open-Transactions/wiki


co-founder, Monetas
creator, Open-Transactions
RodeoX
Legendary
*
Offline Offline

Activity: 2100


The revolution will be monetized!


View Profile
June 20, 2011, 05:23:41 PM
 #26

And when L/S says it's been tested and all threats have been addressed... Your going to put your money in? After they have had a chance to check it all out?  No thanks.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 20, 2011, 05:24:42 PM
 #27

Sending btc/money to LuLz is LuLz.

That's like paying off the mafia not to attack your business.
M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
June 21, 2011, 07:24:41 AM
 #28

Does BitMarket.eu (because it doesn't have money deposits) count? Smiley

Not sure ... are you suggesting we request lulzSec to run a 'test' on Bitmarket.eu?

What is BitMarket.eu's privacy and security policies on storing customer records, transaction records, etc?

If an attacker was to infiltrate and publish records would it lead to compromised security situation or embarassment of clients using it?

Compromising security always leads to embarassment of the site that get's compromised.
We don't store any details on our members beside of their logins, emails and hashed passwords. The database is only readable by one user, which has very long and secure password. Database admin interface is not viewable from outside. We use a non-default SSH port. We make offsite backups of both our wallets and the db. I'm not sure what else you expect? We'll happily adapt to more security measures that we could not thought of.
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463


View Profile
July 20, 2011, 01:19:11 AM
 #29

What you're asking for is basically impossible to do while simultaneously following anti money laundering and anti terrorism laws and eliminating counter party risk.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
July 20, 2011, 02:43:47 AM
 #30

Lulz Security® is not an entity you request, hackers are not people you want to associate yourself with.

TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
July 20, 2011, 04:13:07 AM
 #31

@bitcoin_bug

I've thought about how to implement this, but it all comes down to how you redeem bitcoins to < insert currency of choice > on the edges. Here's a sample idea that I was trying to work with:



However, as it says - there are plenty of things to be worked out. Storing trades via blockchain is all well and good, but it wouldn't be particularly fast. Not sure what the best implementation would be at this point.

fortitudinem multis - catenum regit omnia
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
July 20, 2011, 04:47:39 AM
 #32

@bitcoin_bug

I've thought about how to implement this, but it all comes down to how you redeem bitcoins to < insert currency of choice > on the edges. Here's a sample idea that I was trying to work with:

http://farm6.static.flickr.com/5061/5898790520_fda447e331_b.jpg

However, as it says - there are plenty of things to be worked out. Storing trades via blockchain is all well and good, but it wouldn't be particularly fast. Not sure what the best implementation would be at this point.

How do you make sure that the people actually have the USD they are trading for BC.

TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
July 20, 2011, 05:37:22 AM
 #33


How do you make sure that the people actually have the USD they are trading for BC.

Exactly. The edges are where it falls apart. Not sure how to address this.

fortitudinem multis - catenum regit omnia
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
July 20, 2011, 05:39:23 AM
 #34


Exactly. The edges are where it falls apart. Not sure how to address this.

The issue is addressed via centralization, or simply trading in person in your area, or via mail.

I just don't see your idea working.

imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
July 20, 2011, 05:47:49 AM
 #35


How do you make sure that the people actually have the USD they are trading for BC.

Exactly. The edges are where it falls apart. Not sure how to address this.

You could have a decentralized 'reputation' for each address that's used for trading, maybe.
Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
July 20, 2011, 05:57:02 AM
 #36

wow what a fucked up thread

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 20, 2011, 06:09:13 AM
 #37

LulzSec is nothing more than a bunch of dumb teenagers using entry-level penetration testing tools.
That's simply not true. From what I understand it's basically a free-for-all, so there's bound to be a lot of dumb teenagers, but also smarter (and sometimes older) hacktivists. They all use the name "anonymous" (or lulzsec) so you'd never know. It's a pretty interesting strategy as it allows them to hide in the crowd.

Then again, a lot of "professional" penetration testers also simply fire up their exploit scanner and then charge you big $$$ per hour. So I don't see the problem in letting a hacker group doing it for free Smiley

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
July 20, 2011, 06:15:23 AM
 #38


Exactly. The edges are where it falls apart. Not sure how to address this.

The issue is addressed via centralization, or simply trading in person in your area, or via mail.

I just don't see your idea working.

Yeah, I know. The whole trading transaction thing is all well and good - but I don't know how to handle the edges where a level of trust is required.

Just threw it out there in case someone has a 'satoshi' and figures it out.

fortitudinem multis - catenum regit omnia
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
July 20, 2011, 06:53:35 AM
 #39

LulzSec is nothing more than a bunch of dumb teenagers using entry-level penetration testing tools.
That's simply not true. From what I understand it's basically a free-for-all, so there's bound to be a lot of dumb teenagers, but also smarter (and sometimes older) hacktivists. They all use the name "anonymous" (or lulzsec) so you'd never know. It's a pretty interesting strategy as it allows them to hide in the crowd.

Then again, a lot of "professional" penetration testers also simply fire up their exploit scanner and then charge you big $$$ per hour. So I don't see the problem in letting a hacker group doing it for free Smiley


Lulz Security® is not part of anonymous, just like wikileaks is not part of anonymous. they are all separate entities, although they may have similar goals and ways of working. and anyone who thinks they are simply just some script kiddies, you would have to be wrong in a lot of cases, sure a lot of script kiddy anons exist, but a lot of them are also very good, like the sony hack(s).

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!