Bitcoin Forum
November 15, 2024, 02:00:26 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 »  All
  Print  
Author Topic: About Mt. Gox flaw from a security expert  (Read 34162 times)
minerX
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 22, 2011, 11:29:11 PM
 #201

now i got proof he is a stupid troll Cheesy
HE IS NO SECURITY EXPERT!
proof:
he dont even know the "man" command.
http://forums.speedguide.net/showthread.php?246598-SSH-tunnel-over-SQUID <- ...
http://www.nntpnews.info/threads/10211241-MySQLdb-SSH-Tunnel <- RTFM
http://www.embeddedrelated.com/usenet/embedded/show/125019-1.php <- here he a difficulties fuguring out what a serial port is Smiley lulz

Dude I said this like 100 page ago.  Even reviewing his bitcoin.org forum posts outside this thread it's very clear he has no idea what he is talking about.  He might have some buddy who is telling him random snippets of information to make him seem credible, but otherwise he is completely full of shit.

Troll.
jgraham
Full Member
***
Offline Offline

Activity: 140
Merit: 100


<Pretentious and poorly thought out latin phrase>


View Profile
June 22, 2011, 11:32:14 PM
 #202

now i got proof he is a stupid troll Cheesy
HE IS NO SECURITY EXPERT!
proof:
he dont even know the "man" command.
http://forums.speedguide.net/showthread.php?246598-SSH-tunnel-over-SQUID <- ...
http://www.nntpnews.info/threads/10211241-MySQLdb-SSH-Tunnel <- RTFM
http://www.embeddedrelated.com/usenet/embedded/show/125019-1.php <- here he a difficulties fuguring out what a serial port is Smiley lulz

Dude I said this like 100 page ago.  Even reviewing his bitcoin.org forum posts outside this thread it's very clear he has no idea what he is talking about.  He might have some buddy who is telling him random snippets of information to make him seem credible, but otherwise he is completely full of shit.

Troll.
Also...quoting from wikipedia and a textbook he downloaded.  I wonder if the other guy talking stats with him (equally vapidly) was his friend.

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
June 23, 2011, 12:43:51 AM
 #203

Why are you calling yourself a security expert?

Do you have some work experience or public credentials besides a neckbeard and an old laptop?

This thread is some hilarious stuff. In a nutshell, he just keeps googling things he has no idea about.
Someone should save it in case he starts deleting his posts in embarrassment

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
minerX
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 23, 2011, 02:09:00 AM
 #204

Why are you calling yourself a security expert?

Do you have some work experience or public credentials besides a neckbeard and an old laptop?

This thread is some hilarious stuff. In a nutshell, he just keeps googling things he has no idea about.
Someone should save it in case he starts deleting his posts in embarrassment

Strangely enough it started as him quoting a security expert.  It has now regressed into HIM being the security expert. 

But I seriously don't think he will delete his posts.  He is the type that thinks he is right no matter what, even if the whole forum world is against him.
jgraham
Full Member
***
Offline Offline

Activity: 140
Merit: 100


<Pretentious and poorly thought out latin phrase>


View Profile
June 23, 2011, 02:21:45 AM
 #205

Why are you calling yourself a security expert?

Do you have some work experience or public credentials besides a neckbeard and an old laptop?

This thread is some hilarious stuff. In a nutshell, he just keeps googling things he has no idea about.
Someone should save it in case he starts deleting his posts in embarrassment

Strangely enough it started as him quoting a security expert.  It has now regressed into HIM being the security expert. 

But I seriously don't think he will delete his posts.  He is the type that thinks he is right no matter what, even if the whole forum world is against him.
Really did he edit his posts or was that from another thread.

Besides he's kind of out-of-date.  Last year was the year every third person I met was a security consultant...this year they're all "Cloud Services" consultants. :-)

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
Horkabork
Full Member
***
Offline Offline

Activity: 140
Merit: 100



View Profile
June 23, 2011, 02:31:09 AM
 #206

I just found out that, according to these standards, I am now apparently a security expert! Oh man I'm totally going to put this on my resume. I even know the "ls" command in linux. One time, I actually understood and laughed at an XKCD comic that said "sudo go make me a sandwich". That's like top level security expert qualifications right there.

Me: 15gbWvpLPfbLJZBsL2u5gkBdL3BUXDbTuF
A goat: http://i52.tinypic.com/34pj4v6.jpg
iBTC
Newbie
*
Offline Offline

Activity: 39
Merit: 0


View Profile
June 23, 2011, 05:55:42 AM
 #207

Hope that helps.
It did help, thanks Grin
BBanzai
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
June 23, 2011, 06:18:33 AM
 #208

Disclaimer: I am not a programmer.  But I know how to find out about industry standards:  "the marketing director of Compaq's OpenVMS Systems Group states that there are over 400,000 systems running OpenVMS, supporting over 10 million users. Sample VMS customer sites include: numerous stock exchanges, Bank Austria, Government Securities Clearing Corporation (GSCC), International Securities Exchange, Hydro Quebec, and Northern Light. Intel's fabrication plants rely on the use of VMS in the fabrication of their Pentium 4 and Merced class chips"  
  I have, however, attempted beating up a VAX.  I won, barely, but this was 20 years ago.  They have been improving it since then.

I never had the chance to play with Itanium.


Anyhow I'm not sure that there's a real need for Itanium. It's so overpriced that many times it is out of the market.

Take this as an example: Do you really think that a closed source OS, deployed just on 400.000 machines, is going to be safer or more reliable that an open source OS on x86, at same level of cost?
I am slow to respond, but I'm beating the same drum.  What equipment are your enemies using?  Which O.S.? Can you fight them as efficiently with your Linux Ninja stars and spears and your virtual drums?.  Not recognizing that you, yourself, personally, are at war is the damndest downside to considering oneself an expert.  I'm not saying that you cannot win, just drawing attention to what I see as a basic problem.
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 08:34:05 AM
 #209


But I seriously don't think he will delete his posts.  He is the type that thinks he is right no matter what, even if the whole forum world is against him.

Well if the objectors say that they can read 10 millions lines of code, well, is a good thing not to change your opinion on their statements.

Changing opinion following what most people think, means you are a sheep.
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 08:39:32 AM
 #210

I just found out that, according to these standards, I am now apparently a security expert! Oh man I'm totally going to put this on my resume. I even know the "ls" command in linux. One time, I actually understood and laughed at an XKCD comic that said "sudo go make me a sandwich". That's like top level security expert qualifications right there.

No first you need to buy a paper and call yourself an engineer.


So much hate in these posts.... I bet most of the people here are unemployed and unemployable....
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
June 23, 2011, 08:44:35 AM
 #211

So much hate in these posts.... I bet most of the people here are unemployed and unemployable....

What is your work experience in the security field?
What academical qualifications do you have besides googling concepts?

Who can vouch for your skills or known projects in any white or blackhat forum?
Do you know anything at all about programming a secure site or platform?

If you can't answer any of these questions then you're just another video game playing kid
in his mom's basement who was overwhelmed by 2 books on programming & tries to be something he's not.

It might work on your senile parents but you are in the real world now.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 08:45:39 AM
 #212



Do you have some work experience or public credentials besides a neckbeard and an old laptop?


Some people in this thread thinks that SElinux is a flexible linux distribution.

If this is the standard for this thread, then I'm a top notch hacker.
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 09:13:54 AM
 #213


What is your work experience in the security field?

I work with vending machines and payments solutions (POS, ATMs, ....)


Quote
What academical qualifications do you have besides googling concepts?

I have a master in applied mathematics. My area of strength are numerical statistic, cryptography and game theory.

Quote
Who can vouch for your skills or known projects in any white or blackhat forum?

I thought that we were having a discussion, thus arguments and sources are what matters.

In fact, if you recall my statistical indicator PSI, it is taken from the PCI DSS literature.

I quoted it because some people said they were confident with PCI DSS, still they didnt recognized this, thus showing how fake they are.

Quote
Do you know anything at all about programming a secure site or platform?

I'm not a web developer, I frown upon PHP and some other web technologies.

I know Matlab, Java, PETSC, Python, C (in order of confidence) but I'm not a CS.

I'm the guy who build a statistical model, so that you can study the behavior of your complex system (a market, a cryptography algorithm, a network, ...).

marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
June 23, 2011, 09:25:37 AM
 #214


What is your work experience in the security field?

I work with vending machines and payments solutions (POS, ATMs, ....)


Quote
What academical qualifications do you have besides googling concepts?

I have a master in applied mathematics. My area of strength are numerical statistic, cryptography and game theory.

Quote
Who can vouch for your skills or known projects in any white or blackhat forum?

I thought that we were having a discussion, thus arguments and sources are what matters.

In fact, if you recall my statistical indicator PSI, it is taken from the PCI DSS literature.

I quoted it because some people said they were confident with PCI DSS, still they didnt recognized this, thus showing how fake they are.

Quote
Do you know anything at all about programming a secure site or platform?

I'm not a web developer, I frown upon PHP and some other web technologies.

I know Matlab, Java, PETSC, Python, C (in order of confidence) but I'm not a CS.

I'm the guy who build a statistical model, so that you can study the behavior of your complex system (a market, a cryptography algorithm, a network, ...).



So have you built bitcoind on BSD yet ... be interested to know your thoughts on the statistical probability of it getting hacked ...

send through the makefile when you have done it so we know you are not just bullshitting everyone.

muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 09:33:44 AM
 #215



So have you built bitcoind on BSD yet ... be interested to know your thoughts on the statistical probability of it getting hacked ...

send through the makefile when you have done it so we know you are not just bullshitting everyone.

1) People need to read more carefully my posts and hate less

2) I never said you need BSD for bitcoind. You need BSD to expose your services.

3) I never said I have any software ready yet.

4) I am here just to point two facts:

a) Recently someone entered MtGox, and MtGox thinks he is not responsabile for password leakage

b) MtGox use very weak measures to prevent password leakage

marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
June 23, 2011, 09:48:12 AM
 #216



So have you built bitcoind on BSD yet ... be interested to know your thoughts on the statistical probability of it getting hacked ...

send through the makefile when you have done it so we know you are not just bullshitting everyone.

1) People need to read more carefully my posts and hate less

2) I never said you need BSD for bitcoind. You need BSD to expose your services.

3) I never said I have any software ready yet.

4) I am here just to point two facts:

a) Recently someone entered MtGox, and MtGox thinks he is not responsabile for password leakage

b) MtGox use very weak measures to prevent password leakage



I'm not trying to hate but you're making it pretty easy .... before claiming expertise maybe you should try building bitcoind on a system, any system will do, run some tests, get some data .....
i mean really how are we meant to take your expert opinion on anything bitcoin related if you don't know jack about bitcoind??

that would be just wrong. Roll your sleeves up, do a little learning and doing and then come and spout off as much as you please ...

Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 23, 2011, 10:05:08 AM
 #217

2) I never said you need BSD for bitcoind. You need BSD to expose your services.

I do run all my bitcoind's on FreeBSD, works great!

3) I never said I have any software ready yet.

it's in /usr/ports/*/bitcoin , easy...


And again... it is not the choice of OS which makes a system secure, it is how sysadmin's hands are attached...


-
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 10:28:01 AM
 #218



I'm not trying to hate but you're making it pretty easy ....

I think it mostly depends on the barrier language and the fact that some people started hating a lot, building a hating spree.

Quote
before claiming expertise maybe you should try building bitcoind on a system, any system will do, run some tests, get some data .....

Expertise in what? I never stated expertise in Bitcoin.

I have anyhow a strong expertise with credit cards and ATMs. I think I might know a few things about secure financial transaction.

Quote
i mean really how are we meant to take your expert opinion on anything bitcoin related if you don't know jack about bitcoind??

By discussing about facts and sources. I'm more than happy to discuss and even being criticized.

Anyhow I invite you to read again the first two pages of this discussion, and tell me if you see even one constructive critic.


Quote
that would be just wrong. Roll your sleeves up, do a little learning and doing and then come and spout off as much as you please otherwise you're just whacking off in public, not pretty.


Let's analyze a  few facts:

1) Most of the people here want Bitcoin to have a broader adoption.

2) If Bitcoin scams starts to spread out, then both its adoption by people and businesses will slow down

3) Recently a huge sum of money, whose amount can be only speculated about, but which is very consistent, has been stolen by Mt. Gox

4) Mt. Gox and other exchanges share a VERY WEAK authorization model

5) Most people use the same weak password multiple times


I think that by considering all these facts, it is clear we should push the Bitcoin community, both as exchanges or final users, to much stricter security measures.

The only way to do this is to spread awareness, and put public pressure on exchanges.
muad_dib (OP)
Member
**
Offline Offline

Activity: 140
Merit: 10


View Profile
June 23, 2011, 10:29:22 AM
 #219




And again... it is not the choice of OS which makes a system secure, it is how sysadmin's hands are attached...



Are you telling me that an IIS+Windows machine can be made as safe as a FreeBSD+Apache one?

I'm sorry but I disagree with you.
Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 23, 2011, 10:44:35 AM
 #220

And again... it is not the choice of OS which makes a system secure, it is how sysadmin's hands are attached...

Are you telling me that an IIS+Windows machine can be made as safe as a FreeBSD+Apache one?

I'm sorry but I disagree with you.

Well... I personally do not know any sysadmins with "correctly attached hands" who run windows servers, but surely there are some out there... I guess that windows+apache can be made as safe as whatever+apache. (let's get IIS out of the picture for simplicity).  This probably would involve a server version of windows and some severe balls cutting. Not that I am an expert on this to be sure.

I do not mind if you disagree. Maybe a few decades from now you'll be less categorical and more tolerant.

-
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!