Bitcoin Forum
December 08, 2016, 11:55:33 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: About Mt. Gox flaw from a security expert  (Read 32093 times)
Grinder
Legendary
*
Offline Offline

Activity: 1269


View Profile
June 20, 2011, 11:37:08 AM
 #21

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.
So your cherry picking of data points is objective, but pointing out the obvious fact that you're cherry picking is subjective?

Also, I have never said anywhere that Linux is more secure than *BSD.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481198133
Hero Member
*
Offline Offline

Posts: 1481198133

View Profile Personal Message (Offline)

Ignore
1481198133
Reply with quote  #2

1481198133
Report to moderator
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 11:42:14 AM
 #22


So your cherry picking of data points is objective, but pointing out the obvious fact that you're cherry picking is subjective?

Also, I have never said anywhere that Linux is more secure than *BSD.


I'm not sure what we are discussing about.


Quoting a reliability chart is cherry picking?

Quoting a vulnerability chart is cherry picking?

Maybe my sources were biased?

Are you suggesting that there is no significant statistical difference between Linux/FreeBSD reliability/security?


My opinion is that this is just free polemic. Maybe I'm wrong.
Grinder
Legendary
*
Offline Offline

Activity: 1269


View Profile
June 20, 2011, 12:16:29 PM
 #23

Maybe my sources were biased?
Except for the sales piece made by a FreeBSD fan they probably weren't, but the way you use them is.
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 12:42:02 PM
 #24

Maybe my sources were biased?
Except for the sales piece made by a FreeBSD fan they probably weren't, but the way you use them is.

Ok. Let's rephrase my previous sentence:

Given that a Serious security flaw is a flaw that permits privilege escalation, or leakage of database.

Given that parameter Psi  = [ ( # of serious security flaws - 1 ) / ( #  of running systems )^2 ] remapped in [0, 1]

Do you agree that, with a confidence level of 0.99,  the correlation between the parameter Psi and Linux is stronger than with FreeBSD?


Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
June 20, 2011, 01:29:25 PM
 #25

Given that parameter Psi  = [ ( # of serious security flaws - 1 ) / ( #  of running systems )^2 ] remapped in [0, 1]

Do you agree that, with a confidence level of 0.99,  the correlation between the parameter Psi and Linux is stronger than with FreeBSD?

As "serious" is not defined and subjective and the number of running systems is not known/hard to estimate (Linux gets used in embedded environments too, where it will never show up in "server statistics") I can only say with 0.99 confidence level, that you are far off topic by now. Roll Eyes

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 01:52:42 PM
 #26


As "serious" is not defined and subjective

check better Smiley

Quote

and the number of running systems is not known/hard to estimate (Linux gets used in embedded environments too, where it will never show up in "server statistics")

Also BSD is implemented in EE. Anyhow since we're speaking of webservers, we have good estimators for this quantity.


Quote
I can only say with 0.99 confidence level, that you are far off topic by now. Roll Eyes


Lol (L)
Rob P.
Member
**
Offline Offline

Activity: 84



View Profile WWW
June 20, 2011, 02:04:16 PM
 #27

P.s.: If, as I suspect, that there has been an injection and possibly a root escalation on mt. gox, expect to see this problem happening soon.

To be safe, Mt. gox need a complete rewrite of their code, plus the use of a stronger infrastructure. But they wont do this, because it would cost them Millions to keep the server offline for 1 month.

Rewrite of their code?  They weren't hacked with a SQL Injection.  Someone who had access from their laptop had their laptop compromised.  They need better security measures, but they aren't from the site standpoint.

--

If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG

If you don't like what I've written, send me a Tip and I'll stop talking.
FooDSt4mP
Full Member
***
Offline Offline

Activity: 182


View Profile
June 20, 2011, 02:05:07 PM
 #28

I'm with you maud_dib... All my opinions are totally objective too Wink

Also, in my objective opinion more discovered vulnerabilities != less secure.  More eyes find more bugs.  I know you're talking freebsd, but look at openbsd.  It had a backdoor for years exactly because less people audit the code.

As we slide down the banister of life, this is just another splinter in our ass.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 20, 2011, 02:24:42 PM
 #29


http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
June 20, 2011, 02:53:07 PM
 #30


http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

+1

Everything that i wanted to say was already said here.

muad_dib, you have no idea what you are talking about. There isn't any 100% proof that BSD is either more secure or more reliable than Linux.


muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 02:55:20 PM
 #31



Rewrite of their code?  They weren't hacked with a SQL Injection.  Someone who had access from their laptop had their laptop compromised.  They need better security measures, but they aren't from the site standpoint.

that's what they say.


Anyhow also taking this as true, I think it has been evident that bitcoin greatly outgrown the original expectations, and thus we need stronger security policy.



One example: Do you think that by compromising any of the laptop of any or all of the admins of the Visa Network, could you access any valuable information?
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 02:57:00 PM
 #32


freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

so windows has top-notch security?

Smiley
JJG
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 03:25:44 PM
 #33

If you own an exchange and would like to be safer, for a small fee (in the 5 figures)...

for a small fee, and the promise of not being persecuted...

The problem with this community is it's full of people trying to make money.

And the problem with most 'security experts' is that they think they walk on water.  Wink

Even worse when they're in it for the money (5 figures of it, a 'small fee' for his great services). This guy has every incentive to showboat and attempt to show that he's a security expert, and nothing to lose. muad_dib, would you care to give us some background or show some of your previous work?
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 20, 2011, 03:31:04 PM
 #34


freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

so windows has top-notch security?

Smiley
LOL
No. they are afraid if they open source the code, they will have 100 exploits/day.
Windows is not opensource.
you can compare linux and *bsd, and you can compare windows and mac. but not linux with windows.

windows also uses a lot of security though obscurity, which means it sucks.
(sorry all you windows fanbois, its not to start a flamewar)

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Capitan
Member
**
Offline Offline

Activity: 112


View Profile
June 20, 2011, 03:45:26 PM
 #35

@muad_dib

At first you post seemed wise, but

1) Use the right software. IIS is a big no-no Smiley Also Linux should frowned upon. Unix is the way to go.

I stopped reading right here.

I don't know who you are, but you know nothing about security.

I will not start a flamewar here, I just want to make you a quick question:

Here's a list of the most reliable hosting solutions.


The first 3 spots, are linux or unix?

That list proves nothing about the security of any OS over any other OS. There is no mention of how big of a factor the OS/platform's security plays into the ranking. From what I read on that page, a lot of other things can play into the ranking, including the level of managed service (e.g., the competence and response time of the sysadmins of those hosting services), the network quality, speed of their servers, etc.

So that link proves nothing about Linus being better than windows, or Unix being more secure than Linux.
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 03:55:01 PM
 #36



Even worse when they're in it for the money (5 figures of it, a 'small fee' for his great services). This guy has every incentive to showboat and attempt to show that he's a security expert, and nothing to lose. muad_dib, would you care to give us some background or show some of your previous work?

Really I'm in for the money? I could make much more by moving the bitcoins in the accounts I spoofed.
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 04:01:42 PM
 #37


LOL
No. they are afraid if they open source the code, they will have 100 exploits/day.
Windows is not opensource.
you can compare linux and *bsd, and you can compare windows and mac. but not linux with windows.

windows also uses a lot of security though obscurity, which means it sucks.
(sorry all you windows fanbois, its not to start a flamewar)


so you can compare open source code and say that more bugs are better, while you cant compare open source and closed source?

I'm not sure I follow you.
JJG
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 04:03:35 PM
 #38



Even worse when they're in it for the money (5 figures of it, a 'small fee' for his great services). This guy has every incentive to showboat and attempt to show that he's a security expert, and nothing to lose. muad_dib, would you care to give us some background or show some of your previous work?

Really I'm in for the money? I could make much more by moving the bitcoins in the accounts I spoofed.

Bravo! Now that you're not in it for the money, I assume you'll be helping Bit_Happy patch whatever security vulnerability you found that exposed his apache config for free?

That's very noble of you. Thanks!
muad_dib
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 04:06:05 PM
 #39



Bravo! Now that you're not in it for the money, I assume you'll be helping Bit_Happy patch whatever security vulnerability you found that exposed his apache config for free?

That's very noble of you. Thanks!

1) Maybe I dont want to help other exchange for free?

2) Maybe I like the bitcoin project, so maybe I would like to see as little bitcoin frauds as possible?


Tell me. If you were able to steal all the bitocoin from mtgox, what would you do? (I'm not saying I can)
finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 04:06:48 PM
 #40

You don't sound like an expert to me. How about "About Mt. Gox flaw from a guy who's picked up some stuff about security browsing the net"

Don't get me wrong, we're all very impressed you can lift cookies over wifi.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!