Bitcoin Forum
December 09, 2016, 09:39:15 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Poll
Question: Would you pledge a bounty to hire a whitehat attack group to wargame a distributed attack on Bitcoin p2p?
Hell NO!
Hell Yeah!
Bitcoin is too sexy to get attacked...
Satoshi and friends will protect Bitcoin from any "evil doers"...
I am so confused!
Life is a gamble, and then you die...
I would rather rely on prayer and my magic Bitcoin amulet!

Pages: [1]
  Print  
Author Topic: Bitcoin Whitehats  (Read 2097 times)
imanikin
Hero Member
*****
Offline Offline

Activity: 693


¡Sin Salsa no hay paraíso!


View Profile WWW
January 13, 2011, 12:35:08 PM
 #1


Just wanted to see how many Whitehats we have in this community.

We have plenty of visionaries, business people, and pundits, but how many security specialists do we have actually focusing on ways that Bitcoin opponents could try to damage the Bitcoin p2p, the application, etcetera...

Please sound off if you consider yourself a Whitehat, and Bitcoin is under your microscope!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481276355
Hero Member
*
Offline Offline

Posts: 1481276355

View Profile Personal Message (Offline)

Ignore
1481276355
Reply with quote  #2

1481276355
Report to moderator
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
January 13, 2011, 01:48:54 PM
 #2

I considered myself a Whitehat. Just recently I found a security hole in pastecoin which allowed an attacker to upload shells and practically root the server. I  notified the owner of the issue and now it is fixed. Smiley

I am just a newby though. I still need to learn C++ to inspect the main project.

fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
January 13, 2011, 02:47:33 PM
 #3

Well, I like HNN, reddit, slashdot, HTS, and I am part of a gaming community. Tongue

What do you like? What websites do you visit?

ElectricGoat
Jr. Member
*
Offline Offline

Activity: 42


View Profile WWW
January 13, 2011, 03:01:31 PM
 #4

The easiest way to gain the attention of *hats would be to setup a test network with  a dozen generating machines, and dare them to crack it with new methods. There would have to be some kind of prize for those who manage that. And of course, the prize would have to be bigger that what one can expect to gain by exploiting the bugs he finds.

Art experiment with bitcoins: http://greta.electricgoat.net
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
January 13, 2011, 03:07:17 PM
 #5

Well, there is the "if you can find a way to exploit it you keep any coins you make". MtGox made a jump to 0.4 USD per BTC and I am sure you could make at least 5K USD fast enough before someones notices the attack.(A new nice gaming rig <3)

As a matter of fact I am so confident it will resist any attack that I could go taunt the *Hats and SKiddies with botnets to bring their asses here and not be able to exploit it at all. Also, there IS a test network with a separate blockchain than the official one.

ElectricGoat
Jr. Member
*
Offline Offline

Activity: 42


View Profile WWW
January 13, 2011, 03:11:34 PM
 #6

If the test network exists, then there should be a bounty for cracking it.

Art experiment with bitcoins: http://greta.electricgoat.net
Pegasus-Rider
Jr. Member
*
Offline Offline

Activity: 53


View Profile
January 13, 2011, 03:47:44 PM
 #7

I have a contact with a part of the community and even know some of them for a long time so if you're interested, I may ask for their help.
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
January 13, 2011, 04:02:14 PM
 #8

That would be great! Apart, I am sure they would love Bitcoin. Smiley

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
January 13, 2011, 05:09:21 PM
 #9

That would be great! Apart, I am sure they would love Bitcoin. Smiley

Every hacker loves bitcoin. Bitcoin is the ultimate hacker & cyberpunk dream.

Pegasus-Rider
Jr. Member
*
Offline Offline

Activity: 53


View Profile
January 13, 2011, 05:15:21 PM
 #10

Every hacker loves bitcoin. Bitcoin is the ultimate hacker & cyberpunk dream.
Perhaps when coupled to Raindroplet, it's everyone's dream as far as I can tell :-)
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
January 13, 2011, 05:21:17 PM
 #11

If the test network exists, then there should be a bounty for cracking it.
That's pretty stupid... The funds circulating on the actual network *are* the implicit bounty for cracking it...

ElectricGoat
Jr. Member
*
Offline Offline

Activity: 42


View Profile WWW
January 13, 2011, 06:28:21 PM
 #12

By offering some prize if people crack the test network, you give them an incentive to not exploit the real network, but to speak forward and claim the prize. Unless you don't care much for what happens to the real network, there really should be some incentive to report the bugs.

Art experiment with bitcoins: http://greta.electricgoat.net
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
January 13, 2011, 07:13:17 PM
 #13

If there is a vulnerability someone can exploit it. If there is a vulnerability in the protocol the whole blockchain will have to be rebuild!(Even if it is not directly attacked)

If an attacker succeeds then he has enough time to make his hand with about $5k USD before we even realize it.

ElectricGoat
Jr. Member
*
Offline Offline

Activity: 42


View Profile WWW
January 13, 2011, 07:26:41 PM
 #14

- there are vulnerabilities that are easy to exploit on a small network and harder to exploit on larger ones, so discovering a vulnerability on the test network doesn't mean it will reasily work on the real one.

- most of the vulnerabilities are first revealed as a proof-of-concept with no actual implementation, until it gets perfected into a real exploit. Would you rather get the proof-of-concept report early, or just wait for someone to rip you of your bitcoins ?

- I'd rather give bitcoins to someone who reports bugs than lose the same amount to someone who exploited bugs

Art experiment with bitcoins: http://greta.electricgoat.net
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
January 13, 2011, 07:46:31 PM
 #15

If there is a vulnerability in the protocol the whole blockchain will have to be rebuild!(Even if it is not directly attacked)

No way. There was a bug in the protocol that allowed someone to create several billion BTC in the main chain. Everyone agreed to delete that transaction, and everything turned out fine. Not a single legitimate transaction was lost due to that incident.

We'll always be able to come to some agreement about what the block chain should contain. Someone will always have a backup. Some transactions might be lost, but it'll always be a small percentage, as an attacker can only affect coins that he has owned at some point in time (in most cases).

There was a bug that allowed an attacker to crash all running clients, and there was a bug that allowed an attacker to claim transactions that he never owned. I will pay 250 BTC per distinct issue (max 1000 BTC) if you report these critical rule-breaking bugs privately to Satoshi and he confirms they actually work.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
ElectricGoat
Jr. Member
*
Offline Offline

Activity: 42


View Profile WWW
January 13, 2011, 07:53:45 PM
 #16

The number of blocks is irrelevant, what is relevant is the computing power of the network. I don't know a thing about the test network but I suppose it's far easier to reach a sizable portion of its computing power with common hardware.

Art experiment with bitcoins: http://greta.electricgoat.net
Anonymous
Guest

sg
January 13, 2011, 08:23:26 PM
 #17

afd
Ryo
Newbie
*
Offline Offline

Activity: 28


View Profile
January 19, 2011, 07:50:54 PM
 #18

how many security specialists do we have actually focusing on ways that Bitcoin opponents could try to damage the Bitcoin p2p, the application, etcetera...

I don't know if I'm a security specialist, but you can look at my thread: http://bitcointalk.org/index.php?topic=2868.0
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!