wumpus
|
|
August 04, 2011, 07:50:57 AM |
|
"Something went catastrophically" could just be failure to pay for hosting, and having your server shut down.
No, that's not it. The server is still running and routing TOR. Have you read the rest of the topic?
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
August 04, 2011, 07:55:00 AM |
|
"Something went catastrophically" could just be failure to pay for hosting, and having your server shut down.
No, that's not it. The server is still running and routing TOR. Have you read the rest of the topic? But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on. It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??) (edit: the leaseweb server may have simply been the HTTPD for static content - the dynamic stuff coming from the other end of the tunnel. The 'failure' - be it payment or whatever, could be on an entirely different system. maybe even a home desktop. )
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
wumpus
|
|
August 04, 2011, 07:56:36 AM |
|
But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on. It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??)
That's true... it could be only a proxy. Though I suspect the site would be very slow if it piped everything though I2P/TOR. I've never used mybitcoin so I don't know what their speed was.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
joepie91
|
|
August 04, 2011, 08:01:30 AM |
|
Considering Leaseweb is fairly popular for somewhat more questionable content (including TOR nodes) it is not unlikely there are simply two unrelated TOR nodes on the same physical server
Yeah, right... they are both called Bitcoin*something*, have the same uptime, and the servers have quite a lot of similar properties. Sure there's a small chance they are unrelated, but I wouldn't bet on it. Being the same uptime and having similar properties is one of the main characteristics of two VMs on the same host machine. If the host machine gets restarted, so will the VMs, meaning they all have the same uptime if they are on the same machine. A lot of similar characteristics would also be logical if they were two VMs on the same host machine. Of course it's possible that they are from the same owner, and my theory may indeed be unlikely - however, unlikely is not the same as impossible. And in my opinion my theory is reasonable enough to at least consider it, and not blindly assume they are from the same owner. I'm not saying I'm right, just that it may be a possibility , purely by accident. Not to mention that, as far as I am aware, Blutmagie is a fairly well-known TOR node.
The Blutmagie site has a list of TOR nodes (which I linked to). It is completely unrelated to their own TOR node. Sorry, I should have said 'fairly often used' rather than 'fairly well-known'. I see people connecting to my own IRC network and other places rather often from Blutmagie, along with formlessnetworking and torservers.net. Probably because they have most bandwidth.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
August 04, 2011, 08:11:49 AM |
|
But you don't know which server the underlying HTTPD service (let alone the wallet/database) was on. It's highly likely to have been a tor hidden service, or an i2p 'eepsite' running who-knows-where. That the leaseweb server has some TOR stuff on it doesn't tell us it was the HTTPD (does it??)
That's true... it could be only a proxy. Though I suspect the site would be very slow if it piped everything though I2P/TOR. I've never used mybitcoin so I don't know what their speed was. When I tried some i2p services the speed was tolerable - but I also never used mybitcoin, so I don't know if it's plausible that it was at least partly run over a tunnel. I guess the problem with the conjecture that some site at the remote end just fell over, is that theoretically that wouldn't stop the frontend listening on port 443 - and it appears that it's not. It could be that the frontend automatically closed that off when the backend disappeared though. I'd still like to know if there is any way to research the information associated with the CACert certificate for ' www.mybitcoin.com' They have an organisation assurance policy which states things like: # The organisation named within is identified. # The organisation has been verified according to this policy. # The organisation is within the jurisdiction and can be taken to Arbitration. If it turns out that they haven't done this properly - and have allowed a truly anonymous use of an organisational certificate - then CACert may have a stain on it's reputation. Does anyone know how to proceed with this? I may just email them and ask about it..
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
repentance
|
|
August 04, 2011, 08:18:01 AM |
|
CACert is incorporated in my state - New South Wales, Australia. I wouldn't count on many of its members being within New south Wales jurisdiction.
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
joepie91
|
|
August 04, 2011, 08:19:29 AM |
|
I guess the problem with the conjecture that some site at the remote end just fell over, is that theoretically that wouldn't stop the frontend listening on port 443 - and it appears that it's not. It could be that the frontend automatically closed that off when the backend disappeared though.
Unlikely. I have never seen a reverse proxy or tunneling solution that stopped listening on a local port if the backend/network was not reachable. There would also be no reason to do so.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
August 04, 2011, 08:27:30 AM |
|
CACert is incorporated in my state - New South Wales, Australia. I wouldn't count on many of its members being within New south Wales jurisdiction.
My understanding is that the 'jurisdiction' here they are talking about is whatever jurisdiction the identified entity has been certified for - not where CACert is based. I suspect this will just lead us in a circle back to Nevis though I am also in NSW by the way
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
julz
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
August 04, 2011, 08:32:01 AM |
|
I've posted to the list cacert@lists.cacert.orgI've pretty much given up my own semi-anonymity now by doing this.. oh well. mtgox leaked my email anyway Hello CaCert community, Firstly - I'm not particularly well versed in certificate issues - just a lay-geeks basic knowledge. How would I go about finding information about a CACert certificate that was issued to ' www.mybitcoin.com'? The site is no longer reachable - so I can't directly see the certificate any more, but I understand from an earlier forum posting that they were using CACert. There is currently much speculation about what happened to this site and who the underlying entity is/was. (A bit late for people who put trust in the site to be asking this perhaps - but the fact that a CACert was issued is enough for some to put some trust in a site, so I'm guessing the community here may have some interest in helping out.. whether they think the people involved were foolish or not) A lot of money is involved so there are many claims of fraud, and questions about whether the operator has died etc. I would appreciate any leads... If you're curious - take a look at the bitcoin forums at bitcointalk.org where there are many threads related to mybitcoin and the disappearing 'Tom Williams'
|
@electricwings BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
|
|
|
repentance
|
|
August 04, 2011, 08:42:39 AM |
|
CACert is incorporated in my state - New South Wales, Australia. I wouldn't count on many of its members being within New south Wales jurisdiction.
My understanding is that the 'jurisdiction' here they are talking about is whatever jurisdiction the identified entity has been certified for - not where CACert is based. I suspect this will just lead us in a circle back to Nevis though I am also in NSW by the way You're probably right, and it will probably just lead back to the Netherlands or Nevis (and I seriously doubt that Tom Williams is located in either).
|
All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
|
|
|
semyazza
|
|
August 04, 2011, 01:24:37 PM |
|
I still consider it a reasonably likely scenario that the site was run by a privacy-advocate/cryptographer - who has simply died.
According to the "from the desk of Tom Williams" statement in June, two technicians have access to the server. All disk keys are held off-site and were never generated anywhere near the internet. All server passwords are unique per server and per user, of course. Only two technicians have access to the secure servers. This access is over a VPN and we only use secured workstations running Linux and BSD to access them. https://bitcointalk.org/index.php?topic=22221.msg279396#msg279396You'd think that by now one of them would have realised that there's something wrong and that if something dramatic has happened to "Tom" they'd be trying to find a way to communicate with the users of the service. I wouldn't pay attention to his security procedures much. He outright lied about hashing passwords in the database. Quote from that Thread: Yes, we use password encryption. We are currently using SHA-256, but since the recent Mtgox hack we will be upgrading that to something stronger. It's surprising how many sites still use MD5, even though it was broken years ago. It is my personal opinion that MD5 be deprecated from modern operating systems. We had a password reset issue months ago in which we needed access to our account. After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com . We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
August 04, 2011, 03:55:37 PM |
|
I wouldn't pay attention to his security procedures much. He outright lied about hashing passwords in the database. Quote from that Thread: Yes, we use password encryption. We are currently using SHA-256, but since the recent Mtgox hack we will be upgrading that to something stronger. It's surprising how many sites still use MD5, even though it was broken years ago. It is my personal opinion that MD5 be deprecated from modern operating systems. We had a password reset issue months ago in which we needed access to our account. After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com . We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.Now I'm wondering if MyBitcoin was the one that hacked Mt. Gox.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
bitstarter
|
|
August 04, 2011, 04:29:16 PM |
|
I wouldn't pay attention to his security procedures much. He outright lied about hashing passwords in the database. Quote from that Thread: Yes, we use password encryption. We are currently using SHA-256, but since the recent Mtgox hack we will be upgrading that to something stronger. It's surprising how many sites still use MD5, even though it was broken years ago. It is my personal opinion that MD5 be deprecated from modern operating systems. We had a password reset issue months ago in which we needed access to our account. After about a month of lack of communication we finally received access to our account through the original password that was sent to us in plain text from mybitcoin.com . We "remembered" the password after seeing it again and were shocked that mybitcoin stored passwords in plain text.Now I'm wondering if MyBitcoin was the one that hacked Mt. Gox. Very good chance this i the case sense everyone used the same username/password between the 2.
|
|
|
|
Johnny Pizza
Newbie
Offline
Activity: 28
Merit: 0
|
|
August 04, 2011, 04:31:13 PM |
|
Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls.
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
August 04, 2011, 05:02:15 PM |
|
the best chance we got is get a court order to force his domain registrar and hosting company to give up his contact information.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
August 04, 2011, 05:09:02 PM |
|
Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Anyone up for a nice week-long vacation in the tropical island of Nevis?
|
|
|
|
Newton
Newbie
Offline
Activity: 56
Merit: 0
|
|
August 04, 2011, 05:14:45 PM |
|
Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Anyone up for a nice week-long vacation in the tropical island of Nevis? Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you? Idle thought here, but has anyone sent a tweet or anything to Anonymous? They stuck up for Wikileaks out of principal. And ironically, preventing bitcoin from getting hacked and collapsing protects their potential source of anonymous donations.
|
|
|
|
bbit (OP)
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
August 04, 2011, 05:21:41 PM |
|
Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Anyone up for a nice week-long vacation in the tropical island of Nevis? Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you? Idle thought here, but has anyone sent a tweet or anything to Anonymous? They stuck up for Wikileaks out of principal. And ironically, preventing bitcoin from getting hacked and collapsing protects their potential source of anonymous donations. Not a bad idea to see if they could help.
|
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
August 04, 2011, 05:22:06 PM |
|
Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Anyone up for a nice week-long vacation in the tropical island of Nevis? Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you? So... no lounging/tanning by the P.O. box then?
|
|
|
|
bbit (OP)
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
August 04, 2011, 05:23:54 PM |
|
Alright, I've had enough of al this nerd bullshit. Let's just go and find this guy and lynch him up by the balls. Anyone up for a nice week-long vacation in the tropical island of Nevis? Umm... You know the shell company is in Nevis, and not the actual perpetrator, don't you? So... no lounging/tanning by the P.O. box then? We would just set up lawn chairs by the P.O box and wait.
|
|
|
|
|