Bitcoin Forum
December 11, 2016, 02:42:01 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Bitcoin is a magnet for hackers and crooks  (Read 7229 times)
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 1960


Poor impulse control.


View Profile WWW
February 27, 2012, 10:22:44 AM
 #61

Just going off-topic here and injecting a bit of levity, but did anyone notice that if you spoonerise "hackers and crooks" you get:

"Bitcoin is a magnet for crack and hookers"

I wonder how the security at Silk Road is?

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
1481424121
Hero Member
*
Offline Offline

Posts: 1481424121

View Profile Personal Message (Offline)

Ignore
1481424121
Reply with quote  #2

1481424121
Report to moderator
1481424121
Hero Member
*
Offline Offline

Posts: 1481424121

View Profile Personal Message (Offline)

Ignore
1481424121
Reply with quote  #2

1481424121
Report to moderator
1481424121
Hero Member
*
Offline Offline

Posts: 1481424121

View Profile Personal Message (Offline)

Ignore
1481424121
Reply with quote  #2

1481424121
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481424121
Hero Member
*
Offline Offline

Posts: 1481424121

View Profile Personal Message (Offline)

Ignore
1481424121
Reply with quote  #2

1481424121
Report to moderator
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
February 27, 2012, 02:28:57 PM
 #62

A victim is not expected to be armed or prepared.
A business is.

The audacity of businesses thinking they are victims amazes me. Don't leave the safe open and don't fail to use a time lock.
You are responsible for the safety of your business.

Wait...
So, according to you, being the victim of a crime depends on whether you were engaging in business? If my personal car gets stolen, I'm a victim, but if it's my function car while I'm working, I'm responsible for being robbed? If a woman is raped, she's a victim, unless it was a prostitute during her business, then she's responsible for being raped?

Please. Of course people would better be prudent and protect themselves from criminals, but your notion of ethics is completely twisted if you really believe "business are not victims". Being the victim or the responsible of a crime has absolutely nothing to do with whether you were engaging in business, pleasure or whatever.

Quote
Sometimes you can. The local restaurant website where I often order my meals is quite lame. I know, for ex., that they don't hash passwords, it's stored as clear text. There are probably other security vulnerabilities. Judging by the web design, they probably had a very limited budget for building that site. If they had to have the level of security a site needs to have to exist safely in the bitcoin world, maybe they wouldn't even have a site at all, or their meals would be more expensive just to account for that.
Hashing passwords is standard practice expected. Fix your website. There's plenty of high schoolers out of work who could do it for nearly nothing or even a few BTC.

Stop avoiding responsibility.

It's not "my website". But it is a good example. Why should they even care about spending money on a high schooler to have a decent site? All they want is to deliver sandwiches and meals. The only reason they've probably done a site at all was because they work in a "geek area", and have many clients that prefer ordering by clicking instead of using the phone.
They don't really care about having a good, secure site, and it's fine enough for them, as long as they keep delivering good meals at an affordable price.
But that's only because they don't accept bitcoin (or any other digital means of payment, for that matter). If they ever consider the possibility, their site will be completely rapped by the crooks OP talks about. So, summarizing, OP has a point. The high level of "cyberviolence" we are submitted to (and also the fact we can't even try to punish these hackers as we may do with meatspace criminals) makes life harder for honest people, unfortunately.

But maybe a better comparison would be to compare the level of security needed to safely maintain a bitcoin wallet in a site, and the level of security needed to safely store credit card numbers. I have no idea which kind of site is more attacked.
I goes both ways. Sure, you're still a victim, but on the flip side, you should secure your site.  And that goes for any site, not just a bitcoin-related site.

If you don't want to be a victim, secure you site. Smiley

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
February 27, 2012, 06:09:29 PM
 #63

'Crooks' are already using existing payment methods to move multi millions in laundered funds they don't need bitcoin. They need fake ID, social engineering and some socks proxies. There isn't enough bitcoins in the world to satisfy the daily laundering requirements of a typical mexican cartel or even most nigerian scams
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
February 27, 2012, 09:28:18 PM
 #64

There isn't enough bitcoins in the world to satisfy the daily laundering requirements of a typical mexican cartel or even most nigerian scams

so, how many bitcoins would be enough?
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
February 27, 2012, 09:37:02 PM
 #65

There isn't enough bitcoins in the world to satisfy the daily laundering requirements of a typical mexican cartel or even most nigerian scams

so, how many bitcoins would be enough?

One bitcoin would be enough. You could probably even do it with a half a bitcoin Wink

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
February 28, 2012, 12:01:10 AM
 #66

This is why mt advice is if you cant code for shit dont go bringing out bitcoin sites.


kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
February 28, 2012, 01:28:22 AM
 #67

I've had a couple of ideas for bitcoin sites that I haven't bothered doing because I don't want the hassle.

Of course, I've had similar ideas for non-bitcoin sites too, and I usually don't bother with them either, because of the hassles that come with other payment systems.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
February 28, 2012, 04:31:00 AM
 #68

Quote from: kjj link=topic=33391.msg620332#msg620332
Here are some of the methods he tried:
[list
[li]Tried to access boot information[/li]
[li]Tried to access file system (ie /etc/passwd)[/li]
[li]Various SQL injection techniques[/li]
[li]javascript injection[/li]
[li]Tried executing system commands with buffer over-runs [/li]
[/list]

It's kinda funny that they never tried to find my wallet.dat file :-)

He's almost certainly using a program that does all that stuff automatically for him.  I've seen the same pattern of attacks myself.  If you look in the logs closely, you'll see the same word coming up over and over.  Google it - it's the name of the hacking tool he's using.

That's what I found, anyway.  I don't remember the name now though sorry.

dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
February 28, 2012, 05:06:21 AM
 #69

"Pangolin".  That was it.

Strophon
Newbie
*
Offline Offline

Activity: 21


View Profile
February 28, 2012, 09:16:55 PM
 #70

RSantana: I don't understand; why are you keeping your wallet on your server? Shouldn't it be kept on a different machine? As a retailer, you only need to collect payment except for the occasional refund (which you can do manually), which means your wallet doesn't have to be on the server at all, right? Or am I missing something here? I thought only exchanges like Mt.Gox that have to pay Bitcoins out in addition to accepting them had to worry that much about security, because they have to actually have a wallet file on a machine connected to the server. I mean, a hacker could still put up a fake BTC address on your site if it got compromised, but that's not the same degree of problem as losing your whole wallet...
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!