Bitcoin Forum
November 15, 2024, 11:22:20 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: About Mt. Gox flaw from a security expert  (Read 34162 times)
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 20, 2011, 05:02:05 PM
 #61


re: 100k, aha, good. So that explains why asking 5 digit fees is small, because they (we all that use it) can pay? Ok, now you sound more like a real security expert, or a lawyer, or a politician...


So you think that poor people and rich people should be paid the same for things?


I might be an incurable socialist, but I see this as wrong.


I still see too much hate in your posts.
nelisky
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002


View Profile
June 20, 2011, 05:07:46 PM
 #62


re: 100k, aha, good. So that explains why asking 5 digit fees is small, because they (we all that use it) can pay? Ok, now you sound more like a real security expert, or a lawyer, or a politician...


So you think that poor people and rich people should be paid the same for things?


I might be an incurable socialist, but I see this as wrong.


I still see too much hate in your posts.

You see what you want to see, I read somewhere Smiley

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 20, 2011, 05:10:38 PM
 #63



You see what you want to see, I read somewhere Smiley

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

Are you american right?

Next time you fill your tax form aks to pay the same ammount as donald trump. Personal wealth doesn't matter, right? Smiley
iBTC
Newbie
*
Offline Offline

Activity: 39
Merit: 0


View Profile
June 20, 2011, 05:12:31 PM
 #64

Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.
Well i think OpenBSD is more secure..
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 20, 2011, 05:15:34 PM
 #65

Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.
Well i think OpenBSD is more secure..


Sorry, by saying FreeBSD I mean *BSD. Is just that I'm working on a big FreeBSD project and I have this name in my mind.


You are totally right by saying that OpenBSD is safer than FreeBSD
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 20, 2011, 05:18:00 PM
 #66

Quote
FreeBSD has less bugs than Linux (one fold less).
no freebsd has less discovered bugs..

Quote
FreeBSD bugs went up because there has been a MAJOR review of code, both from volunteers and paid developers. http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
and now you are talking about openbsd instead of freebsd.
either you are stupid or you dont know what you are talking about.
openbsd is maybe the most paranoid OS in the world, yes thats right.

Quote
The production machines with the best uptime are FreeBSD based.
and...? uptime != security

Quote
Still you think that Linux is safer than FreeBSD?
i have never said that. you are the one waving the freebsd flag.

i say you are a troll.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 20, 2011, 05:19:32 PM
 #67

I read so much hate in these forums. People please, chill out.
oh im not hateing, just using my mind. and it tells me that you are a stupid troll. (sorry)

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
June 20, 2011, 05:19:42 PM
 #68

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
iBTC
Newbie
*
Offline Offline

Activity: 39
Merit: 0


View Profile
June 20, 2011, 05:21:19 PM
 #69

Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.
Well i think OpenBSD is more secure..


Sorry, by saying FreeBSD I mean *BSD. Is just that I'm working on a big FreeBSD project and I have this name in my mind.


You are totally right by saying that OpenBSD is safer than FreeBSD
It's hard to configure stuff on it even for someone familiar with *nix but still it's worth it.

What are you working on btw i am a bit curious  Grin
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 20, 2011, 05:21:53 PM
 #70

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

the flaw is stated multiple time in this thread. Just read carefully.


Will you give me 5 BTC If I can link 5 post from 5 different users in THIS thread that explain which is the flaw?



Read better, hate less.
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 20, 2011, 05:21:58 PM
 #71

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.
but... but.. its funny to feed him Cheesy

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
nelisky
Legendary
*
Offline Offline

Activity: 1540
Merit: 1002


View Profile
June 20, 2011, 05:22:03 PM
 #72



You see what you want to see, I read somewhere Smiley

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

Are you american right?

Next time you fill your tax form aks to pay the same ammount as donald trump. Personal wealth doesn't matter, right? Smiley

Nope, not American at all. And yes, I would love to pay the same as donald trump for each unit of taxable income, he is much richer than I am and I pay much more per earned unit. Or was that your argument?

Ah, right, you are a troll, you make no arguments, only read hatred Smiley
finack
Member
**
Offline Offline

Activity: 126
Merit: 10


View Profile
June 20, 2011, 05:22:13 PM
 #73

You guys are pretty far off track arguing about socialism and BSD.

On that same TV show last night, Adam from Mt. Gox (adam@mtgox.com I believe) stated that they were looking to hire an app and systems security guy. It sounded like they wanted a full time employee, but they're liable to be fine with a consultant considering the bind they're in and how hard it would be to lure a full time type asset in Tokyo. If you're interested and looking for work maybe you should email them and set something up. It seems like that'd be a lot more productive than posting here about IIS vs. apache vs. ngix or session cookies.
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 20, 2011, 05:25:29 PM
 #74



no freebsd has less discovered bugs..


after a major review.

Quote

and now you are talking about openbsd instead of freebsd.
either you are stupid or you dont know what you are talking about.
openbsd is maybe the most paranoid OS in the world, yes thats right.


Because FreeBSD and OpenBSD has a totally different codebase, and the bugs
increase after the review is just a coincidence.

Quote
and...? uptime != security



You = wrong

Unless you don't touch your server when an intrusion is detected.
jjiimm_64
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


View Profile
June 20, 2011, 05:34:38 PM
 #75


I am just sorry that I wont be able to get these 10 minutes back!!

1jimbitm6hAKTjKX4qurCNQubbnk2YsFw
kokojie
Legendary
*
Offline Offline

Activity: 1806
Merit: 1003



View Profile
June 20, 2011, 05:54:50 PM
 #76

It doesn't really matter what OS you use, it is important that you really "know" the OS you have chosen, I mean really "know" your sh*t about the OS.

FreeBSD/Linux can be set up poorly with tons of security holes.
Windows Server can be set up with rock solid security and nearly impossible to break.

It just depends on how well you know security, the OS and programming.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
finack
Member
**
Offline Offline

Activity: 126
Merit: 10


View Profile
June 20, 2011, 06:18:11 PM
 #77

Amusingly, more or less right after defending tradehill by saying they allowed me to use ssl for everything, they changed their site so that it now gives mixed content warnings for script elements. This means that anyone who was sniffing my network could probably just pull the session cookie off of the script requests, and even if they've correctly set it to ssl cookie, any attacker running a MITM or on your local network could insert a modified script resource that could steal your account credentials or take control of your logged in account.

I'm sure they did this for performance reasons as their site is running slow as shit right now, but it doesn't give me any faith that tradehill is conducting themselves with a better security posture than anyone else.

iCEBREAKER
Legendary
*
Offline Offline

Activity: 2156
Merit: 1072


Crypto is the separation of Power and State.


View Profile WWW
June 20, 2011, 07:46:32 PM
 #78


http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Quote
Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

Quote
BSD is designed. Linux is grown.
You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."


██████████
█████████████████
██████████████████████
█████████████████████████
████████████████████████████
████
████████████████████████
█████
███████████████████████████
█████
███████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
███████████████████████████
██████
██████████████████████████
█████
███████████████████████████
█████████████
██████████████
████████████████████████████
█████████████████████████
██████████████████████
█████████████████
██████████

Monero
"The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." 
David Chaum 1996
"Fungibility provides privacy as a side effect."  Adam Back 2014
Buy and sell XMR near you
P2P Exchange Network
Buy XMR with fiat
Is Dash a scam?
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 20, 2011, 08:27:33 PM
 #79


http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Quote
Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

Quote
BSD is designed. Linux is grown.
You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."
linux are used more on servers and desktops. true!
FreeBSD is not the only thing that runs the root nameservers, core routers, etc...
NSD is also running instead of BIND on some root servers.

btw. linux is designed and BSD is grown, take a look at the unix family tree:

linux is a strait line from 1991 to now, and *BSD history goes back 1969 from unics.
its true that *BSD is older then linux. but its grown.

btw. the quote:
Quote
Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.
is taken from freebsd website, and is therefor heavily biased. Smiley

i think you are a troll too. all your arguments are wrong.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 20, 2011, 08:34:56 PM
 #80


Quote
BSD is designed. Linux is grown.

This is such a beautiful sentence.


When developing some serial drivers for a vending machines running linux, me and my team went crazy handling all the hacks, specifications and modules the kernel had. It is just a bloated monster, on a driver I found a comment:

"We don't know why it is this way, but please dont touch it"


The server controlling the vending machines instead run on FreeBSD and its much tidier and organized kernel space has been a pleasure to work with.
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!