Bitcoin Forum
December 07, 2016, 04:33:31 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: [Full Disclosure] More likely MtGox Post-Mortem  (Read 21294 times)
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 21, 2011, 09:04:29 AM
 #41

To the gentlemen in the OP:


Thank you for laying this out so simply. Everything you said makes sense and you even go out of your way to authenticate and digitally sign all your statements. I can't thank you guys enough, because without you on our side, we'd still be clueless to how stupid magical tux's code was.

That said. I have a question.

I really want to get in on the fall of mt gox when it opens. How long will it take to hear from you to let us know if it passes an initial inspection?

1481128411
Hero Member
*
Offline Offline

Posts: 1481128411

View Profile Personal Message (Offline)

Ignore
1481128411
Reply with quote  #2

1481128411
Report to moderator
1481128411
Hero Member
*
Offline Offline

Posts: 1481128411

View Profile Personal Message (Offline)

Ignore
1481128411
Reply with quote  #2

1481128411
Report to moderator
1481128411
Hero Member
*
Offline Offline

Posts: 1481128411

View Profile Personal Message (Offline)

Ignore
1481128411
Reply with quote  #2

1481128411
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 21, 2011, 10:38:38 AM
 #42


Mediafire seems to require JavaScript turned on to download the fucking text file.

Someone should paste that to normal pastebin instead of this crap
frozen
Full Member
***
Offline Offline

Activity: 196



View Profile WWW
June 21, 2011, 10:46:24 AM
 #43

We need about a dozen exchanges each with robust security and FDIC insurance.

+1 on more exchanges
+1 on robust security
-10000 on FDIC insurance

gentakin
Member
**
Offline Offline

Activity: 98


View Profile
June 21, 2011, 10:53:03 AM
 #44

Someone should paste that to normal pastebin instead of this crap

It is. Right there. In the OP's post. (privatepaste. Though I'm not sure if they require JS, as I have it enabled.)

1HNjbHnpu7S3UUNMF6J9yWTD597LgtUCxb
jrmithdobbs
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 21, 2011, 12:35:55 PM
 #45


Mediafire seems to require JavaScript turned on to download the fucking text file.

Someone should paste that to normal pastebin instead of this crap

Both pastebin.com and pastebin.ca were down at the time this was posted and had been for about an hour or it would have been posted there.

1B8TSDzXdyTRX5eF77gWQoXujBaDtKFE6H
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
June 21, 2011, 12:51:16 PM
 #46

... Or its all fabricated to make TradeHill look more secure in the eyes of the members of this forum.

The only reason I say that possibility is because, by their own admission, they checked out all the major bitcoin sites and exchanges for vulnerabilities, and said nothing god or bad about them. Yet, decided to zone in on TradeHill as being the best in terms of security, while neglecting to state why the other did not deserve equal mention.

Why?
Presumably because they all knew about the security issues with the other major sites and didn't feel them to be interesting enough to discuss. Several of them have beeen mentioned on the forum if you know where to look. Tradehill does at least look superficially security-aware for the reasons stated in the log. (I can't confirm all of it but I can confirm that they do appear to be using Django anti-CSRF middleware.)

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
ukbitco.in
Jr. Member
*
Offline Offline

Activity: 30


View Profile
June 21, 2011, 01:13:25 PM
 #47

I posted this in IRC last night and had some good convo with MagicalTux and various others. Currently i'm at work so don't have the logs in front of me. Please have a look and tell me if you see some error in my analysis or basic understanding! This is not an accusation of any kind, just someone trying to get to the bottom of this thing.

After the claims by MT that Kevin's behaviour was 'suspicous' i started looking at the activity logs on the market when it crashed, specifically what happened right at the turn (i.e. the rise back up from 0.01 after the sell).

MT said many, many things, some in his post and some in IRC chat.

So according to MT:

1) Kevin logged in at 5:12, just a few minutes before the market started crashing (~5:15 onwards).
2) Since he bought at 0.01 he must have placed that large bid BEFORE the market crashed...thus implicating him (after all who would place a ~$3000 bid at 0.01 unless they knew it was comming).

According to MT this makes Kevin looks suspcious. But there is more useful info to consider:

4) When a BUY order is filled, the only log recorded is the time of the FILL and the time the order was PLACED gets wiped out completely. Thus Tux cannot be sure of anything really.
3) Also important to mention from MT we know that you cannot place a buy when a sell is in progress. So Kevin had to have placed that order before or after the sell, but could not have done so during.

Now check:

http://www.youtube.com/watch?v=T1X6qQt9ONg

This is a video of the market crashing live, it shows a ticker. The part we are interested in is at ~5.23 into the vid, right at the turn.

What we see are three things.

1) Orders being filled with a timecode of 13:15:xx

I guess this is the time that the mega sell order was created. Here we are seeing the order book being processed and then finally getting wiped out, 0.01 and then being emptied. This take a long time.

2) Then notice time change. Ticker goes from 13:15:xx to 13:51:xx instantly. More than 30 minute gap!

This is when NEW buy orders start arriving, /after the sell has wiped out the book/

3) The 6th order down from the time change is *the big one* 13:51:16  0.01  261383.76

4) From there the orders start increasing in value, until the market bounces right back to $14 or so fairly sharply/


So some important questions and conclusions really. Looks very plain to me from these logs that Kevin did indeed get very lucky. He watched the market crash, prepared his bid and hit go just at the right time -> managing to get the 6th BUY order after the turn, not the first, the 6th.

>>>>>> Kevin placed the BUY order after the SELL and the crash, not before as he was accused of.

The login time does not proove anything, what is important is the time of the buy order was placed. But we cannot get this from MTGox because of the log issue i've mentioned so we must relly on our own understanding.



If we assume as i now do, that Kevin's really is innocent, then what was the motivation of the Hacker? We all assumed the hacker was trying to crash the markets so he could cash out, but this clearly didn't work if kevin is innocent!!!!

a) placing a large buy just after the crash ....

... the problem with a is that how would anyone be sure he could get the order in at the right time. We all know that mgtox is slow at the best of times and any half descent brain would realise that after a major market event like that, the site was going to be absolutely hammered and thus impossible to reliably connect to - just as many of you here have reported.

So unless Hacker person messed this up badly, or Kevin beat him at his own game, it looks to me like they didn't have any real intention of cashing out like this..


b) placing a large buy before the crash ... (which didn't happen as the market activity ticker seems to show)

A better stratergy would have been to use several other compomised accounts (if guy had DB access, this should have been no problem) to place 0.01 BUY orders before the SELL, just at or under the equivalent $1000 usd limit. They would have been filled and if he had withdrawn the BTC very quickly he may well have gotten away with a much, much, much larger sum.

Why not do that? Was he stupid, a kid or did he just not care about the money that much and doing it for some other purpose.

In any sense Kevin does not look like a guilty party to me but a very lucky guy who now seems to think he should be entitled to keep the profits of a crime. I wonder what his mother would say.


MagicalTux: I appreciate how busy you are trying to bring MTGox back. However, a full, indepdent analysis of these events and the others mentioned in this thread, is the only realistic way to address the concerns of your user base. Diverting attention by blaming others with very sketchy.->zero evidence is absolutely not cool.



finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 01:37:26 PM
 #48

Thanks gentakin, around here it's good to establish facts, instead of blindly believing a sensational headline.

I have no connection to the poster or anyone else. But you should reconsider your attitude in my opinion. You're complaining that something wasn't explained to you in enough depth so that you could understand it. However, it was perfectly understandably to many of us. It's reasonable to ask for clarification if you don't understand and want to, but that has nothing to do with others "blindly believing a sensational headline".

People provide security disclosures of various types all the time. Some are very, very common. This XSS and the referred to SQL injections are examples of this. That means a very many people already understand the principles behind them. I'm sure you can imagine it would be very tedious to include a full explanation of each attack every time someone discusses one.  You got your explanation, you don't have to be a dick just because you don't understand something.

Also, the post is titled "Full Disclosure" because that is the name of the security mailing list it was sent to. When you send mail to that list, the subject line gets prepended to the subject you send, so that mailing list subscribers can easily identify where it came from. Don't read too much into it. see: http://seclists.org/fulldisclosure/2011/Jun/index.html
jrmithdobbs
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 21, 2011, 02:38:37 PM
 #49

More than 9 hours and still no response.

Classy.

Maybe he finally realised that he needs to seek legal counsel before mouthing off in public forums.

1B8TSDzXdyTRX5eF77gWQoXujBaDtKFE6H
finnthecelt
Full Member
***
Offline Offline

Activity: 140


View Profile
June 21, 2011, 04:38:27 PM
 #50

Bit_Happy, you might start by learning to audit websites yourself?

Maybe if you offer a 10Btc bounty you can find a nice security professional to help explain it all to you.


At this point I would say Hackers 4   Mtgox 0

I bet MagicTux wishes he could play this card

http://gatherer.wizards.com/Pages/Card/Details.aspx?multiverseid=205022





LOL@!@!
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 05:25:14 PM
 #51

Thanks gentakin, around here it's good to establish facts, instead of blindly believing a sensational headline.
...It's reasonable to ask for clarification if you don't understand and want to...

Yes it is reasonable, thank you.


Thanks gentakin, around here it's good to establish facts, instead of blindly believing a sensational headline.
...but that has nothing to do with others "blindly believing a sensational headline".

Misquoting the unfair, inaccurate feedback of someone else, is a waste of time, IMO.

From post #27
No it means I don't blindly believe it.


So in essence we agree, that has nothing to do with *others* "blindly believing a sensational headline"



From post #40
I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 06:34:42 PM
 #52

I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:

Quote
IMO, Anyone starting a post like this needs to be able to demonstrate exactly where the attack part of this code is:

If you can show me (us) the "bad parts" and be correct, then thank you for posting this.
If you can't then (at best) you are acting without thinking things through.
Thank you

Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 09:11:22 PM
 #53

I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:

Quote
IMO, Anyone starting a post like this needs to be able to demonstrate exactly where the attack part of this code is:

If you can show me (us) the "bad parts" and be correct, then thank you for posting this.
If you can't then (at best) you are acting without thinking things through.
Thank you

Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.

My first request was "socially acceptable", and then I escalated.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

Thank you for your feedback finack.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
CharlieContent
Full Member
***
Offline Offline

Activity: 210


View Profile
June 21, 2011, 09:30:12 PM
 #54


So according to MT:

1) Kevin logged in at 5:12, just a few minutes before the market started crashing (~5:15 onwards).
2) Since he bought at 0.01 he must have placed that large bid BEFORE the market crashed...thus implicating him (after all who would place a ~$3000 bid at 0.01 unless they knew it was comming).

According to MT this makes Kevin looks suspcious. But there is more useful info to consider:

4) When a BUY order is filled, the only log recorded is the time of the FILL and the time the order was PLACED gets wiped out completely. Thus Tux cannot be sure of anything really.


This proves that MagicalTux is not only incompetent, but an asshole.
jrmithdobbs
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 21, 2011, 10:12:37 PM
 #55

Just an update.

18 hours later. Still no response public or private.

1B8TSDzXdyTRX5eF77gWQoXujBaDtKFE6H
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 22, 2011, 01:50:09 AM
 #56

I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:

Quote
IMO, Anyone starting a post like this needs to be able to demonstrate exactly where the attack part of this code is:

If you can show me (us) the "bad parts" and be correct, then thank you for posting this.
If you can't then (at best) you are acting without thinking things through.
Thank you

Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.

My first request was "socially acceptable", and then I escalated.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

Thank you for your feedback finack.


There's a lot of stupid fucks on this forum, but you are probably the worst. My god, you are a dunderheaded buffoon. Every single one of your posts betrays the fact that you're just not very bright.

If you are too stupid and ignorant to understand how things work, then please just stay out of threads discussing them. Leave it to those of us who do understand and don't need to ask for things to be explained in "simple English" like some kind of child or downs syndrome retard, you halfwitted mongoloid fuck.

We're not your mommy or your kindergarden teacher, so don't ask us to explain things slowly and carefully so your tiny little brain can understand them, you dumbass motherfucker.

Have you always been a mongo Bit_Happy? Huh? Have you always been a fucking stupid mongoloid cunt who asks for a retard's simple explanations so he can understand things? Is it some kind of chromosomal abnormality that causes you to be so slow and backwards, or was your mother fucked by a dog when she was pregnant with you, her brother's son? Those are the only two situations I can think of that would explain how fucking stupid you act.

You're so fucking stupid that I'm surprised you remember to breath. I hope you forget and die next time you get distracted by something shiny.

You would be amazed how high my IQ is, plus you need to look in the mirror and keep talking to yourself.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
finnthecelt
Full Member
***
Offline Offline

Activity: 140


View Profile
June 22, 2011, 02:45:18 AM
 #57

Are you guys done?
magik
Jr. Member
*
Offline Offline

Activity: 44


View Profile
June 22, 2011, 04:51:33 AM
 #58

seriously for every 1 good post, there's like 10-20 retarded ass flame wars going on

IMO I just want some god damned info and a straight story with some evidence to back it up

I feel like MT really hasn't handled this situation in the best manner

All we want are some freaking answers, and because of that and the extremists on either side, you guys just devolve everything into stupid flamewars.  At this point it's like fuck it, what the fuck is the point of arguing, we should be grabbing pitchforks and torches and start marching to MT or MtGox demanding some fucking answers because as a user of MtGox with my personal information leaked to the world and the site going down locking our funds out, the least we should be given is a fucking straight and sensibly answer/explanation.

This shit has gotten ridiculously out of hand
jrmithdobbs
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 22, 2011, 01:08:15 PM
 #59

Please take your worthless insults and bickering over who has the higher IQ elsewhere.

Thanks.

1B8TSDzXdyTRX5eF77gWQoXujBaDtKFE6H
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 23, 2011, 07:38:26 AM
 #60

Please take your worthless insults and bickering over who has the higher IQ elsewhere.

Thanks.

The only reason I mentioned IQ was due to the nature of his attack,and the way he called me stupid several times, plus he insulted my family in ways only a very sick mind would ever think of.
  • This forum used to be a great place, nobody noticed how ridiculous, and over the top his attack was, and / or bothered to suggest to him he should cool it.
Gee, thanks a lot guys.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!