Bitcoin Forum
November 02, 2024, 06:10:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Offering free security analysis of BTC markets or BTC-related sites  (Read 22232 times)
BouerBouer (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile WWW
June 19, 2011, 11:07:23 PM
 #1

Hey guys, I recently started looking more into the crisis over at Mt. Gox, and I was absolutely shocked to find out that all of these accounts, worth (likely) over half a million dollars combined, were hacked with a simple SQL injection.

Now, what is an SQL injection, you may ask? It is one of the most basic and well-known methods of cracking websites. It is constantly seen as one of the most high-risk attacks possible on websites, yet it seems to be over-looked time and again. I'm guessing that whoever was behind this attack has been inspired by the recent Lulzsec epidemic, as most of their recent attacks seem to use this method. If I remember correctly, they downright admitted this was the case in their recent leak of a few thousand FBI accounts.

Now, SQL injection is not the only method of attacking websites. There are, of course, others. But by Mt. Gox simply ignoring a very basic vulnerability in their site, they put their customer's at risk. And so, this happened. As a result, out of personal disgust I will be doing free security audits for any site related to BTC market trading or any site that uses BTC that would like to be audited.

If you would like me to audit the site, just post the website URL here and I will PM you any vulnerabilities I find. If you wish to be on the safe side, you can just post here that you would like me to audit the site then PM me with the URL. Again, this is entirely free, but donations are appreciated at my address: 1LmRDt5z5Ry4JarzcRow3HFa1dLYFf5kJF.

Most likely I will only point out the possible vulnerabilites, but if I have some knowledge on the vulnerability then I will suggest ways to prevent your website from coming under attack through it.
done
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 19, 2011, 11:11:58 PM
 #2

great way to contribute to the community. we need more individuals like you here.
Jered Kenna (TradeHill)
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250



View Profile WWW
June 19, 2011, 11:21:10 PM
 #3

Hey guys, I recently started looking more into the crisis over at Mt. Gox, and I was absolutely shocked to find out that all of these accounts, worth (likely) over half a million dollars combined, were hacked with a simple SQL injection.

Now, what is an SQL injection, you may ask? It is one of the most basic and well-known methods of cracking websites. It is constantly seen as one of the most high-risk attacks possible on websites, yet it seems to be over-looked time and again. I'm guessing that whoever was behind this attack has been inspired by the recent Lulzsec epidemic, as most of their recent attacks seem to use this method. If I remember correctly, they downright admitted this was the case in their recent leak of a few thousand FBI accounts.

Now, SQL injection is not the only method of attacking websites. There are, of course, others. But by Mt. Gox simply ignoring a very basic vulnerability in their site, they put their customer's at risk. And so, this happened. As a result, out of personal disgust I will be doing free security audits for any site related to BTC market trading or any site that uses BTC that would like to be audited.

If you would like me to audit the site, just post the website URL here and I will PM you any vulnerabilities I find. If you wish to be on the safe side, you can just post here that you would like me to audit the site then PM me with the URL. Again, this is entirely free, but donations are appreciated at my address: 1LmRDt5z5Ry4JarzcRow3HFa1dLYFf5kJF.

Most likely I will only point out the possible vulnerabilites, but if I have some knowledge on the vulnerability then I will suggest ways to prevent your website from coming under attack through it.

Hi, we would be interested in speaking with you. We are also creating a community funded Task Force to beef up security across the Bitcoin community. Send an email to info@tradhill.com with the title "Task Force"

Regards,
Adam


moneyandtech.com
@moneyandtech @jeredkenna
BouerBouer (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile WWW
June 19, 2011, 11:35:23 PM
 #4

Hi, we would be interested in speaking with you. We are also creating a community funded Task Force to beef up security across the Bitcoin community. Send an email to info@tradhill.com with the title "Task Force"

Regards,
Adam

Okay, well thank you very much for the offer Adam, and I will be writing you an e-mail shortly. Smiley

However, I will keep this thread open as I would also like to do some freelance vulnerability checks on my own. So does anybody have any requests for me?
BouerBouer (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile WWW
June 23, 2011, 12:19:19 AM
 #5

Hey guys, as I have not received any word about the aforementioned "Task Force", I would like to remind everyone that I would still be willing to do this. Smiley
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!