Bitcoin Forum
December 08, 2016, 12:33:17 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: How to find "Tom Williams" ...  (Read 7109 times)
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
August 04, 2011, 07:50:57 AM
 #41

"Something went catastrophically" could just be failure to pay for hosting, and having your server shut down.
No, that's not it. The server is still running and routing TOR. Have you read the rest of the topic?

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
August 04, 2011, 07:55:00 AM
 #42

"Something went catastrophically" could just be failure to pay for hosting, and having your server shut down.
No, that's not it. The server is still running and routing TOR. Have you read the rest of the topic?


But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on.  It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??)

(edit: the leaseweb server may have simply been the HTTPD for static content - the dynamic stuff coming from the other end of the tunnel.
The 'failure' - be it payment or whatever, could be on an entirely different system. maybe even a home desktop.
)

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
August 04, 2011, 07:56:36 AM
 #43

But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on.  It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??)
That's true... it could be only a proxy. Though I suspect the site would be very slow if it piped everything though I2P/TOR.

I've never used mybitcoin so I don't know what their speed was.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
August 04, 2011, 08:01:30 AM
 #44

Considering Leaseweb is fairly popular for somewhat more questionable content (including TOR nodes) it is not unlikely there are simply two unrelated TOR nodes on the same physical server
Yeah, right... they are both called Bitcoin*something*, have the same uptime, and the servers have quite a lot of similar properties. Sure there's a small chance they are unrelated, but I wouldn't bet on it.
Being the same uptime and having similar properties is one of the main characteristics of two VMs on the same host machine. If the host machine gets restarted, so will the VMs, meaning they all have the same uptime if they are on the same machine. A lot of similar characteristics would also be logical if they were two VMs on the same host machine. Of course it's possible that they are from the same owner, and my theory may indeed be unlikely - however, unlikely is not the same as impossible. And in my opinion my theory is reasonable enough to at least consider it, and not blindly assume they are from the same owner. I'm not saying I'm right, just that it may be a possibility Smiley
Quote
Quote
, purely by accident. Not to mention that, as far as I am aware, Blutmagie is a fairly well-known TOR node.
The Blutmagie site has a list of TOR nodes (which I linked to). It is completely unrelated to their own TOR node.
Sorry, I should have said 'fairly often used' rather than 'fairly well-known'. I see people connecting to my own IRC network and other places rather often from Blutmagie, along with formlessnetworking and torservers.net. Probably because they have most bandwidth.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
August 04, 2011, 08:11:49 AM
 #45

But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on.  It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??)
That's true... it could be only a proxy. Though I suspect the site would be very slow if it piped everything though I2P/TOR.

I've never used mybitcoin so I don't know what their speed was.


When I tried some i2p services the speed was tolerable - but I also never used mybitcoin, so I don't know if it's plausible that it was at least partly run over a tunnel.

I guess the problem with the conjecture that some site at the remote end just fell over, is that theoretically that wouldn't stop the frontend listening on port 443 - and it appears that it's not.   It could be that the frontend automatically closed that off when the backend disappeared though.

I'd still like to know if there is any way to research the information associated with the CACert certificate for 'www.mybitcoin.com'
They have an organisation assurance policy which states things like:
# The organisation named within is identified.
# The organisation has been verified according to this policy.
# The organisation is within the jurisdiction and can be taken to Arbitration.

If it turns out that they haven't done this properly - and have allowed a truly anonymous use of an organisational certificate - then CACert may have a stain on it's reputation.   Does anyone know how to proceed with this?  I may just email them and ask about it..







@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
August 04, 2011, 08:18:01 AM
 #46

CACert is incorporated in my state - New South Wales, Australia.  I wouldn't count on many of its members being within New south Wales jurisdiction.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
August 04, 2011, 08:19:29 AM
 #47


I guess the problem with the conjecture that some site at the remote end just fell over, is that theoretically that wouldn't stop the frontend listening on port 443 - and it appears that it's not.   It could be that the frontend automatically closed that off when the backend disappeared though.
Unlikely. I have never seen a reverse proxy or tunneling solution that stopped listening on a local port if the backend/network was not reachable. There would also be no reason to do so.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
August 04, 2011, 08:27:30 AM
 #48

CACert is incorporated in my state - New South Wales, Australia.  I wouldn't count on many of its members being within New south Wales jurisdiction.

My understanding is that the 'jurisdiction' here they are talking about is whatever jurisdiction the identified entity has been certified for - not where CACert is based.
I suspect this will just lead us in a circle back to Nevis though Sad


I am also in NSW by the way Smiley


@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
August 04, 2011, 08:32:01 AM
 #49

I've posted to the list cacert@lists.cacert.org

I've pretty much given up my own semi-anonymity now by doing this.. oh well. mtgox leaked my email anyway Tongue


Quote
Hello CaCert community,

Firstly - I'm not particularly well versed in certificate issues - just a
lay-geeks basic knowledge.

How would I go about finding information about a CACert certificate that was
issued to 'www.mybitcoin.com'?

The site is no longer reachable - so I can't directly see the certificate any
more, but I understand from an earlier forum posting that they were using
CACert.

There is currently much speculation about what happened to this site and who
the underlying entity is/was.  (A bit late for people who put trust in the site
to be asking this perhaps - but the fact that a CACert was issued is enough for
some to put some trust in a site, so I'm guessing the community here may have
some interest in helping out.. whether they think the people involved were
foolish or not)

A lot of money is involved so there are many claims of fraud, and questions
about whether the operator has died etc.

I would appreciate any leads...
If you're curious - take a look at the bitcoin forums at bitcointalk.org where
there are many threads related to mybitcoin and the disappearing 'Tom Williams'

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
August 04, 2011, 08:42:39 AM
 #50

CACert is incorporated in my state - New South Wales, Australia.  I wouldn't count on many of its members being within New south Wales jurisdiction.

My understanding is that the 'jurisdiction' here they are talking about is whatever jurisdiction the identified entity has been certified for - not where CACert is based.
I suspect this will just lead us in a circle back to Nevis though Sad


I am also in NSW by the way Smiley



You're probably right, and it will probably just lead back to the Netherlands or Nevis (and I seriously doubt that Tom Williams is located in either).

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
semyazza
Sr. Member
****
Offline Offline

Activity: 339


View Profile
August 04, 2011, 01:24:37 PM
 #51


I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer  - who has simply died.




According to the "from the desk of Tom Williams" statement in June, two technicians have access to the server.

Quote
All disk keys are held off-site and were never generated anywhere near the internet. All server passwords are unique per server and per user, of course. Only two technicians have access to the secure servers. This access is over a VPN and we only use secured workstations running Linux and BSD to access them.

https://bitcointalk.org/index.php?topic=22221.msg279396#msg279396

You'd think that by now one of them would have realised that there's something wrong and that if something dramatic has happened to "Tom" they'd be trying to find a way to communicate with the users of the service.

I wouldn't pay attention to his security procedures much.  He outright lied about hashing passwords in the database. 

Quote from that Thread:
Quote
Yes, we use password encryption. We are currently using SHA-256, but
since the recent Mtgox hack we will be upgrading that to something
stronger. It's surprising how many sites still use MD5, even though it
was broken years ago. It is my personal opinion that MD5 be deprecated
from modern operating systems.

We had a password reset issue months ago in which we needed access to our account.  After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com .  We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
August 04, 2011, 03:55:37 PM
 #52

I wouldn't pay attention to his security procedures much.  He outright lied about hashing passwords in the database. 

Quote from that Thread:
Quote
Yes, we use password encryption. We are currently using SHA-256, but
since the recent Mtgox hack we will be upgrading that to something
stronger. It's surprising how many sites still use MD5, even though it
was broken years ago. It is my personal opinion that MD5 be deprecated
from modern operating systems.

We had a password reset issue months ago in which we needed access to our account.  After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com .  We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.


Now I'm wondering if MyBitcoin was the one that hacked Mt. Gox.

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
bitstarter
Sr. Member
****
Offline Offline

Activity: 301


BitcoinStarter.com Support Account


View Profile WWW
August 04, 2011, 04:29:16 PM
 #53

I wouldn't pay attention to his security procedures much.  He outright lied about hashing passwords in the database. 

Quote from that Thread:
Quote
Yes, we use password encryption. We are currently using SHA-256, but
since the recent Mtgox hack we will be upgrading that to something
stronger. It's surprising how many sites still use MD5, even though it
was broken years ago. It is my personal opinion that MD5 be deprecated
from modern operating systems.

We had a password reset issue months ago in which we needed access to our account.  After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com .  We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.


Now I'm wondering if MyBitcoin was the one that hacked Mt. Gox.


Very good chance this i the case sense everyone used the same username/password between the 2.

Bitcoin Crowd Funding! Bitcoinstarter.com
Johnny Pizza
Newbie
*
Offline Offline

Activity: 28


Taking it one pizza at a time...


View Profile
August 04, 2011, 04:31:13 PM
 #54

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Angry

Johnny B)
kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
August 04, 2011, 05:02:15 PM
 #55

the best chance we got is get a court order to force his domain registrar and hosting company to give up his contact information.

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 04, 2011, 05:09:02 PM
 #56

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Angry

Anyone up for a nice week-long vacation in the tropical island of Nevis?

Newton
Jr. Member
*
Offline Offline

Activity: 56


View Profile
August 04, 2011, 05:14:45 PM
 #57

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Angry

Anyone up for a nice week-long vacation in the tropical island of Nevis?

Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you?


Idle thought here, but has anyone sent a tweet or anything to Anonymous?  They stuck up for Wikileaks out of principal.  And ironically, preventing bitcoin from getting hacked and collapsing protects their potential source of anonymous donations.
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
August 04, 2011, 05:21:41 PM
 #58

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Angry

Anyone up for a nice week-long vacation in the tropical island of Nevis?

Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you?


Idle thought here, but has anyone sent a tweet or anything to Anonymous?  They stuck up for Wikileaks out of principal.  And ironically, preventing bitcoin from getting hacked and collapsing protects their potential source of anonymous donations.

Not a bad idea to see if they could help.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
August 04, 2011, 05:22:06 PM
 #59

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Angry

Anyone up for a nice week-long vacation in the tropical island of Nevis?

Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you?

So... no lounging/tanning by the P.O. box then?  Cry

bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
August 04, 2011, 05:23:54 PM
 #60

Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Angry

Anyone up for a nice week-long vacation in the tropical island of Nevis?

Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you?

So... no lounging/tanning by the P.O. box then?  Cry

We would just set up lawn chairs by the P.O box and wait.
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!