babo (OP)
Legendary
Offline
Activity: 3598
Merit: 4146
|
|
October 22, 2017, 10:13:39 AM |
|
https://bitsonline.com/monero-exploit-threatens-privacy/in github proof of concept of attack we wait a fix open source regnat
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
|
|
|
|
"Your bitcoin is secured in a way that is physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter a majority of miners, no matter what." -- Greg Maxwell
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Smokey Bob
Member
Offline
Activity: 106
Merit: 100
|
|
October 22, 2017, 11:08:37 AM |
|
Well that sucks for Monero. A successfull attack like that should scare the people who use Monero. Not like it doesn't have any competitors one could use.
|
|
|
|
babo (OP)
Legendary
Offline
Activity: 3598
Merit: 4146
|
|
October 22, 2017, 02:21:33 PM |
|
Well that sucks for Monero. A successfull attack like that should scare the people who use Monero. Not like it doesn't have any competitors one could use.
opensource code can be fixed for this reason i wrote "open source regnat" and monero being more secure
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
wordspavovv
|
|
October 22, 2017, 02:27:49 PM |
|
Well, this is very bad... But world of cryptos is very new and new technologies have problems. It is a good thing that we know about this bug now and not later.
|
|
|
|
Febo
Legendary
Offline
Activity: 2730
Merit: 1288
|
|
October 22, 2017, 02:41:13 PM Last edit: October 22, 2017, 02:57:29 PM by Febo |
|
Hiding IP is not an exploit! Those that want to hide their IP they do. Most people that used Monero on darkmarkets uses Tor. Also to access dark market itself. When Kovri will be added to Monero it will be like everyone uses Tor. That should happen in 2018. Eh. Is obvious Verge FUG. I see they immediately shill article as it was posted. They will post here also. Probabyl also on Twitter and reddit. When you dont have much to show you attack others, that was mastered by DASH and now Verge greatly use it.
|
|
|
|
Heye
Member
Offline
Activity: 72
Merit: 10
|
|
October 22, 2017, 02:47:12 PM |
|
Sounds like the exploit only reveals IP addresses that use monero, but can they link the IP with a monero address or a transaction? sorry but I don't get what the big deal is I never assumed that monero was hidding your IP.
One of the comment says "Some of them had web servers running open to path traversal so you could get their wallets because you know where to look for." can someone explain what this means.
|
|
|
|
De Selby
|
|
October 22, 2017, 03:04:31 PM |
|
Yeah, because tax evaders and money launderers are all fucking retarded.
So, so dumb that they broadcast their illegal activities on their clear without recourse to Tor or I2P.
I hear that's how Alexandre Cazes of Alphabay bought his Lambo Aventador. Moved his XMR straight from Alphabay and into a Poloniex account registered under his real name! $900k. Just like that! Easy peasy.</s>
|
|
|
|
vv181
Legendary
Offline
Activity: 1932
Merit: 1273
|
|
October 22, 2017, 03:23:41 PM |
|
This is major concern for monero development teams, because most of us, who use connections straight away is in danger, although if you want privacy should use tor and combining it with trustworthy VPN provider
|
|
|
|
eaLiTy
|
|
October 22, 2017, 03:45:19 PM |
|
This is major concern for monero development teams, because most of us, who use connections straight away is in danger, although if you want privacy should use tor and combining it with trustworthy VPN provider
It is really sad to see that there is an exploit in the network but this was a known exploit that it leaked IP address but it does not correlate to any transactions or the time the transaction is done,so it cannot be connected to any transactions what so ever,but a lot of random IP has being leaked ,but none of the transactions that are made are not in danger and that is what i understood with the situation.
|
|
|
|
beachbummer
|
|
October 22, 2017, 03:49:38 PM |
|
One of the comment says "Some of them had web servers running open to path traversal so you could get their wallets because you know where to look for." can someone explain what this means.
That means that the web server allows you to specify a path to follow from the http document's home directory. Let's say that your web server was set up to serve pages from c:\webpages. You may normally see the file at c:\webpages\index.html (e.g. mywebpage.com/index.html) being served as the home page, but a web server with a very bad configuration may allow you to go to c:\webpages\..\monero_wallet\wallet.file (e.g. mywebpage.com/../monero_wallet/wallet.file). Thus you have access to the wallet file, but do note this is just a very simplified explanation just for quick understanding
|
|
|
|
vv181
Legendary
Offline
Activity: 1932
Merit: 1273
|
|
October 22, 2017, 05:09:35 PM |
|
This is major concern for monero development teams, because most of us, who use connections straight away is in danger, although if you want privacy should use tor and combining it with trustworthy VPN provider
It is really sad to see that there is an exploit in the network but this was a known exploit that it leaked IP address but it does not correlate to any transactions or the time the transaction is done,so it cannot be connected to any transactions what so ever,but a lot of random IP has being leaked ,but none of the transactions that are made are not in danger and that is what i understood with the situation. Well it is a good thing that it only leaked the IP address. But maybe, if the monero team did not fix it fast enough,it could open more possibilities of exploit that can be exploited to gain that information
|
|
|
|
mR.k0fka
Member
Offline
Activity: 210
Merit: 10
|
|
October 22, 2017, 05:18:52 PM |
|
it will keep happening with other coins too a war begins haha
|
|
|
|
|