About Mt. Gox flaw from a security expert

[muad_dib]

re: 100k, aha, good. So that explains why asking 5 digit fees is small, because they (we all that use it) can pay? Ok, now you sound more like a real security expert, or a lawyer, or a politician...

So you think that poor people and rich people should be paid the same for things?


I might be an incurable socialist, but I see this as wrong.


I still see too much hate in your posts.

[nelisky]

re: 100k, aha, good. So that explains why asking 5 digit fees is small, because they (we all that use it) can pay? Ok, now you sound more like a real security expert, or a lawyer, or a politician...

So you think that poor people and rich people should be paid the same for things?


I might be an incurable socialist, but I see this as wrong.


I still see too much hate in your posts.

You see what you want to see, I read somewhere

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

[muad_dib]

You see what you want to see, I read somewhere

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

Are you american right?

Next time you fill your tax form aks to pay the same ammount as donald trump. Personal wealth doesn't matter, right?

[iBTC]

Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.

Well i think OpenBSD is more secure..

[muad_dib]

Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.

Well i think OpenBSD is more secure..

Sorry, by saying FreeBSD I mean *BSD. Is just that I'm working on a big FreeBSD project and I have this name in my mind.


You are totally right by saying that OpenBSD is safer than FreeBSD

[kokjo]

FreeBSD has less bugs than Linux (one fold less).

no freebsd has less discovered bugs..

FreeBSD bugs went up because there has been a MAJOR review of code, both from volunteers and paid developers. http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

and now you are talking about openbsd instead of freebsd.
either you are stupid or you dont know what you are talking about.
openbsd is maybe the most paranoid OS in the world, yes thats right.

The production machines with the best uptime are FreeBSD based.

and...? uptime != security

Still you think that Linux is safer than FreeBSD?

i have never said that. you are the one waving the freebsd flag.

i say you are a troll.

[kokjo]

I read so much hate in these forums. People please, chill out.

oh im not hateing, just using my mind. and it tells me that you are a stupid troll. (sorry)

[Sukrim]

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

[iBTC]

Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.

Well i think OpenBSD is more secure..

Sorry, by saying FreeBSD I mean *BSD. Is just that I'm working on a big FreeBSD project and I have this name in my mind.


You are totally right by saying that OpenBSD is safer than FreeBSD

It's hard to configure stuff on it even for someone familiar with *nix but still it's worth it.

What are you working on btw i am a bit curious  

[muad_dib]

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

the flaw is stated multiple time in this thread. Just read carefully.


Will you give me 5 BTC If I can link 5 post from 5 different users in THIS thread that explain which is the flaw?



Read better, hate less.

[kokjo]

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

but... but.. its funny to feed him

[nelisky]

You see what you want to see, I read somewhere

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

Are you american right?

Next time you fill your tax form aks to pay the same ammount as donald trump. Personal wealth doesn't matter, right?

Nope, not American at all. And yes, I would love to pay the same as donald trump for each unit of taxable income, he is much richer than I am and I pay much more per earned unit. Or was that your argument?

Ah, right, you are a troll, you make no arguments, only read hatred

[finack]

You guys are pretty far off track arguing about socialism and BSD.

On that same TV show last night, Adam from Mt. Gox (adam@mtgox.com I believe) stated that they were looking to hire an app and systems security guy. It sounded like they wanted a full time employee, but they're liable to be fine with a consultant considering the bind they're in and how hard it would be to lure a full time type asset in Tokyo. If you're interested and looking for work maybe you should email them and set something up. It seems like that'd be a lot more productive than posting here about IIS vs. apache vs. ngix or session cookies.

[muad_dib]

no freebsd has less discovered bugs..

after a major review.

and now you are talking about openbsd instead of freebsd.
either you are stupid or you dont know what you are talking about.
openbsd is maybe the most paranoid OS in the world, yes thats right.

Because FreeBSD and OpenBSD has a totally different codebase, and the bugs
increase after the review is just a coincidence.

and...? uptime != security

You = wrong

Unless you don't touch your server when an intrusion is detected.

[jjiimm_64]

I am just sorry that I wont be able to get these 10 minutes back!!

[kokojie]

It doesn't really matter what OS you use, it is important that you really "know" the OS you have chosen, I mean really "know" your sh*t about the OS.

FreeBSD/Linux can be set up poorly with tons of security holes.
Windows Server can be set up with rock solid security and nearly impossible to break.

It just depends on how well you know security, the OS and programming.

[finack]

Amusingly, more or less right after defending tradehill by saying they allowed me to use ssl for everything, they changed their site so that it now gives mixed content warnings for script elements. This means that anyone who was sniffing my network could probably just pull the session cookie off of the script requests, and even if they've correctly set it to ssl cookie, any attacker running a MITM or on your local network could insert a modified script resource that could steal your account credentials or take control of your logged in account.

I'm sure they did this for performance reasons as their site is running slow as shit right now, but it doesn't give me any faith that tradehill is conducting themselves with a better security posture than anyone else.

[iCEBREAKER]

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)

freebsd is also less used so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

BSD is designed. Linux is grown.

You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."

[kokjo]

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)

freebsd is also less used so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

BSD is designed. Linux is grown.

You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."

linux are used more on servers and desktops. true!
FreeBSD is not the only thing that runs the root nameservers, core routers, etc...
NSD is also running instead of BIND on some root servers.

btw. linux is designed and BSD is grown, take a look at the unix family tree:

linux is a strait line from 1991 to now, and *BSD history goes back 1969 from unics.
its true that *BSD is older then linux. but its grown.

btw. the quote:

Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

is taken from freebsd website, and is therefor heavily biased.

i think you are a troll too. all your arguments are wrong.

[muad_dib]

BSD is designed. Linux is grown.

This is such a beautiful sentence.


When developing some serial drivers for a vending machines running linux, me and my team went crazy handling all the hacks, specifications and modules the kernel had. It is just a bloated monster, on a driver I found a comment:

"We don't know why it is this way, but please dont touch it"


The server controlling the vending machines instead run on FreeBSD and its much tidier and organized kernel space has been a pleasure to work with.