Bitcoin Forum
September 23, 2018, 05:35:10 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: [THEORY] Reverse exploiting Bitcoin  (Read 2299 times)
AGD
Legendary
*
Offline Offline

Activity: 1690
Merit: 1025


HODLER SINCE 2013


View Profile
June 07, 2014, 08:06:38 PM
 #21

You're kidding right
One person can't just go into the code and edit it as they place or dump malicious content
it is reviewed, cleaned, edited by other devs before it is completely published


people dont simply dump compiled exe's into the bitcoin dev project area. they put in lins of code, which get reviewed by the other dev's before its then added into the main code area, and then tested to ensure it does not cause other things to fall apart or become exploitable.

so its not 'theoretically' possible to hide a trojan horse in the main bitcoin-core


From my posting #4
I agree, that new implementations are reviewed over and over by expert coders until they are released, but this is not the relevant part of it.
SSL had a flaw that was indeed exploitable until the core devs were convinced, that they had to change the code and release v 0.9.0.
Before that, the guys either didn't know about the Heartbleed bug or they thought it was not necessary to update.  This means, that a code - even after multiple reviews by good programmers - can contain bugs/flaws/exploitable parts, which either still has to be found or - in my example - was already found, but kept secret.





Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
1537680910
Hero Member
*
Offline Offline

Posts: 1537680910

View Profile Personal Message (Offline)

Ignore
1537680910
Reply with quote  #2

1537680910
Report to moderator
1537680910
Hero Member
*
Offline Offline

Posts: 1537680910

View Profile Personal Message (Offline)

Ignore
1537680910
Reply with quote  #2

1537680910
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537680910
Hero Member
*
Offline Offline

Posts: 1537680910

View Profile Personal Message (Offline)

Ignore
1537680910
Reply with quote  #2

1537680910
Report to moderator
1537680910
Hero Member
*
Offline Offline

Posts: 1537680910

View Profile Personal Message (Offline)

Ignore
1537680910
Reply with quote  #2

1537680910
Report to moderator
1537680910
Hero Member
*
Offline Offline

Posts: 1537680910

View Profile Personal Message (Offline)

Ignore
1537680910
Reply with quote  #2

1537680910
Report to moderator
AGD
Legendary
*
Offline Offline

Activity: 1690
Merit: 1025


HODLER SINCE 2013


View Profile
November 29, 2014, 08:52:53 AM
 #22

My idea of a scenario - Swedish military version here: http://cryptome.org/2014/11/heartbleed-cyber-op.pdf

After I read this, I am pretty convinced now, that there are countless possibilities to implement an exploitable code - even into open source software.

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
AGD
Legendary
*
Offline Offline

Activity: 1690
Merit: 1025


HODLER SINCE 2013


View Profile
August 21, 2015, 01:54:16 PM
 #23

+1 because thanks to Gavn, we have a scenario, where exacty this reverse exploit could be implemented. Please core devs: Don't let it happen!

http://blogs.msdn.com/b/vcblog/archive/2014/02/04/challenge-vulnerable-code.aspx
http://www.underhanded-c.org/_p_26.html

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
AGD
Legendary
*
Offline Offline

Activity: 1690
Merit: 1025


HODLER SINCE 2013


View Profile
January 07, 2018, 10:42:02 AM
 #24

+1
Not as weird as it sounded years ago.... Tongue

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
jdbtracker
Hero Member
*****
Offline Offline

Activity: 720
Merit: 500


Minimum Effort/Maximum effect


View Profile
January 07, 2018, 10:50:41 AM
 #25

It is completely possible, I have worked in countless industries and I can tell you no one really cares enough to check... it's sad, but it's true.
 
A lot of the code has insane amounts of bugs and glitches, the best method practices have to be applied by a strict supervisor... an overworked supervisor trying to keep all the shit being submitted to them straight.
there are so many points of vulnerability that can be introduced by an exhausted team eager to perform, look at Intel, they knew about that processor flaw and they kept making them for 25 years... what does that tell you?

The best we can do is resolve the problems we can see now. patch every exploit we find as fast as possible.

If you think my efforts are worth something; I'll keep on keeping on.
I don't believe in IQ, only in Determination.
AGD
Legendary
*
Offline Offline

Activity: 1690
Merit: 1025


HODLER SINCE 2013


View Profile
January 07, 2018, 11:52:38 AM
 #26

It is completely possible, I have worked in countless industries and I can tell you no one really cares enough to check... it's sad, but it's true.
 
A lot of the code has insane amounts of bugs and glitches, the best method practices have to be applied by a strict supervisor... an overworked supervisor trying to keep all the shit being submitted to them straight.
there are so many points of vulnerability that can be introduced by an exhausted team eager to perform, look at Intel, they knew about that processor flaw and they kept making them for 25 years... what does that tell you?

The best we can do is resolve the problems we can see now. patch every exploit we find as fast as possible.

I bet they have developed a lot more of these gimmicks meanwhile.

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
AGD
Legendary
*
Offline Offline

Activity: 1690
Merit: 1025


HODLER SINCE 2013


View Profile
September 22, 2018, 01:10:26 PM
 #27

Just want to bring my old idea up, due to CVE-2018–17144 and a comment I read
https://medium.com/@awemany/600-microseconds-b70f87b0b2a6
Quote
I always feared that someone from the bankster circles, someone injected into the Bitcoin development circles with the sole goal of wreaking unsalvageable havoc, would do exactly what happened. Injecting a silent inflation bug. Because that is what would destroy one of the very core advantages that Bitcoin has over the current status quo.

Still pretty much possible to me to intentionally infiltrate obviously harmless code, that is in reality exploitable.

As a footnote I reapeat this link: http://en.wikipedia.org/wiki/Underhanded_C_Contest

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!