Bitcoin Forum
December 06, 2016, 04:04:31 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Defeating MITM attacks through Paypal  (Read 636 times)
Shadowfax
Newbie
*
Offline Offline

Activity: 5


View Profile
July 06, 2011, 06:36:02 AM
 #1

Looks I can only post in the noob forum Sad Reading the funny thread with Foodstamp and the grief he's caused, it surprised me how easy it was to execute a man in the middle (mitm) attack.  In order to overcome this, the seller accepting paypal has to know he is giving his bitcoins to the same address the paypal is coming from, and the mitm succeeds because he doesn't have to provide a paypal account, which may be traced.  So basically my idea is, for every transaction, you get a new receiving address, take the first 10 digits of it, and register that as a one time use email address and associate it with paypal.  So for example you would create y2fQ63m05kPVjohndoe@gmail.com and then email the seller
 "Hey, send me 10btc at address y2fQ63m05kPV........... I just sent you $15 from y2fQ63m05kPVjohndoe@gmail.com"

 If the seller were being scammed, the email he could see in paypal would not match up with the address he was being told to send coins to, and would not complete the transaction, hopefully refunding the paypal to the unknown victim, or emailing the victim directly.  The buyer would then transfer the 10btc to a new wallet and get a new email address for the next transaction.  If he kept the same one, an attacker could register y2fQ63m05kPVjohndoe@yahoo.com and use it for a future attack.  Thoughts?
1481040271
Hero Member
*
Offline Offline

Posts: 1481040271

View Profile Personal Message (Offline)

Ignore
1481040271
Reply with quote  #2

1481040271
Report to moderator
1481040271
Hero Member
*
Offline Offline

Posts: 1481040271

View Profile Personal Message (Offline)

Ignore
1481040271
Reply with quote  #2

1481040271
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481040271
Hero Member
*
Offline Offline

Posts: 1481040271

View Profile Personal Message (Offline)

Ignore
1481040271
Reply with quote  #2

1481040271
Report to moderator
1481040271
Hero Member
*
Offline Offline

Posts: 1481040271

View Profile Personal Message (Offline)

Ignore
1481040271
Reply with quote  #2

1481040271
Report to moderator
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
July 06, 2011, 07:38:08 AM
 #2

Seems unnecessarily complicated when both side could simply email each other for verification.

Shadowfax
Newbie
*
Offline Offline

Activity: 5


View Profile
July 11, 2011, 11:02:03 PM
 #3

If it's just a regular email, the man in the middle will be able to impersonate the buyer perfectly.  He can use a throwaway email and never look back, no info about him to trace.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!