BitPappa
|
|
December 22, 2014, 08:47:43 PM |
|
Hey Johoe, would you consider publishing a tipping address in this thread, so people can send you tips?
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
December 22, 2014, 09:03:13 PM |
|
Hey Johoe, would you consider publishing a tipping address in this thread, so people can send you tips? I think the btc address is in his signature : Hello,
thanks for all the warm words. I very much appreciated them. ...snip....
If you still want to donate I added one of my bitcoin addresses to the signature.
...snip....
|
|
|
|
johoe (OP)
|
|
December 22, 2014, 11:13:44 PM |
|
@vivalibre: if your address still has money in it, then it was not exposed by this bug I'm sure that I have found all transactions with R values that were vulnerable due to the bc.i bug. The only vulnerable addresses I may have missed are *new* weak addresses that didn't have money in it on Wednesday last week (when I did a complete search). A few of these still pop up. Also there are still a few transactions from the buggy version; last night there were two of them. 1Wo2SJhHbAXYGhQPv4BT7acMvdA5Rmo8i 1Bcch6KBW9P88JgCo7WUkC9dYnnTuotLhc The first address shows that there is a bot that immediately breaks the key and sweeps the address. It's not clear whether it used the repeated R value or broke the RNG, both would be possible here.
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3696
Merit: 10357
#1 VIP Crypto Casino
|
|
December 22, 2014, 11:19:08 PM |
|
johoe can we start using bc.i again now?
Are their issues resolved?
|
|
|
|
JorgeStolfi
|
|
December 22, 2014, 11:34:39 PM |
|
Has BCI given any explanation about what went wrong with the humanware? Did the programmer violate any internal protocols by updating the patch without checking it? What are they doing to prevent similar problems in the future?
|
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
johoe (OP)
|
|
December 23, 2014, 12:50:10 AM |
|
johoe can we start using bc.i again now?
Are their issues resolved?
This particular issue is resolved. The few bad transactions can be explained by people keeping a browser tab open for over a week. Make sure you reload the page. If you created any new address since Dec. 7 that you didn't use so far, you should archive it and never use it, just to be sure. I'm reluctant to say whether Blockchain's MyWallet is safe or unsafe to use now. This problem may have been a glitch or it may have revealed a bigger problem with their current development scheme. I would not recommend storing larger sums in this wallet. Has BCI given any explanation about what went wrong with the humanware? Did the programmer violate any internal protocols by updating the patch without checking it? What are they doing to prevent similar problems in the future?
Sorry, I don't know why the patch went through without enough checking. I don't know their protocols, so I cannot comment on this.
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
Melty Melty
Newbie
Offline
Activity: 8
Merit: 0
|
|
December 23, 2014, 12:55:45 PM |
|
Has BCI given any explanation about what went wrong with the humanware? Did the programmer violate any internal protocols by updating the patch without checking it? What are they doing to prevent similar problems in the future?
There's a single developer, no controls, no testing.
|
|
|
|
newIndia
Legendary
Offline
Activity: 2226
Merit: 1052
|
|
December 23, 2014, 03:24:55 PM |
|
Has BCI given any explanation about what went wrong with the humanware? Did the programmer violate any internal protocols by updating the patch without checking it? What are they doing to prevent similar problems in the future?
There's a single developer, no controls, no testing. Single developer ? How do you know ? They are running a million dollar business !!!
|
|
|
|
BitPappa
|
|
December 23, 2014, 03:28:42 PM |
|
I think the btc address is in his signature :
Thanks for pointing out what I had overlooked! Not much there yet. Hopefully Blockchain.info tipped him well!
|
|
|
|
Newar
Legendary
Offline
Activity: 1358
Merit: 1001
https://gliph.me/hUF
|
|
December 23, 2014, 03:29:37 PM |
|
Has BCI given any explanation about what went wrong with the humanware? Did the programmer violate any internal protocols by updating the patch without checking it? What are they doing to prevent similar problems in the future?
There's a single developer, no controls, no testing. Single developer ? How do you know ? They are running a million dollar business !!! More than one according to: https://blockchain.info/about
|
|
|
|
Melty Melty
Newbie
Offline
Activity: 8
Merit: 0
|
|
December 23, 2014, 05:31:25 PM |
|
Has BCI given any explanation about what went wrong with the humanware? Did the programmer violate any internal protocols by updating the patch without checking it? What are they doing to prevent similar problems in the future?
There's a single developer, no controls, no testing. Single developer ? How do you know ? They are running a million dollar business !!! More than one according to: https://blockchain.info/aboutNo, Ben Reeves is the only person who regularly commits any code and looks to be doing it with no peer review. There's no way you can pretend the change that caused this was done with any oversight by anybody. It can't be attributed to mismanagement because well, he is management. He's the guy who started the website, and miraculously the one who caused the 900 BTC loss here as well.
|
|
|
|
sparkster
|
|
December 24, 2014, 06:15:21 PM |
|
Oh no, scapegoat is found. This poor guy gonna be lynched.
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
December 24, 2014, 10:41:00 PM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
windpath
Legendary
Offline
Activity: 1258
Merit: 1027
|
|
December 24, 2014, 11:01:57 PM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
Not by a long shot, Mt. Gox is certainly #1.... And at least bc.i is doing what they can to make it right. It was a mistake, and they are fixing it.
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
|
|
December 24, 2014, 11:56:35 PM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
Theft under BTC 1000 doesn't get you into the first 30: https://bitcointalk.org/index.php?topic=83794.0BC.i is still to small to make it to the list.
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
December 25, 2014, 12:33:30 AM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
Theft under BTC 1000 doesn't get you into the first 30: https://bitcointalk.org/index.php?topic=83794.0BC.i is still to small to make it to the list. This wasn't about number of bitcoins lost, but number of people who lost coins one way or another.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
goosoodude
|
|
December 25, 2014, 12:54:17 AM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
Theft under BTC 1000 doesn't get you into the first 30: https://bitcointalk.org/index.php?topic=83794.0BC.i is still to small to make it to the list. They were lucky johoe saved them. It wouldve been over 1000 BTC if he was not here to sweep. Technically, the number lost temporarily is above 1000 BTC, so it should get in.
|
|
|
|
windpath
Legendary
Offline
Activity: 1258
Merit: 1027
|
|
December 25, 2014, 01:23:14 AM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
Theft under BTC 1000 doesn't get you into the first 30: https://bitcointalk.org/index.php?topic=83794.0BC.i is still to small to make it to the list. This wasn't about number of bitcoins lost, but number of people who lost coins one way or another. Other then Bc.i who lost coins? I believe they were all returned..
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
December 25, 2014, 07:36:55 AM |
|
Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.
Uh no there are at least a handful of bigger thefts that occurred far before this.
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
nogf
Newbie
Offline
Activity: 10
Merit: 0
|
|
December 25, 2014, 08:14:09 AM |
|
They were lucky johoe saved them.
Not only johoe actually. I'm the security researched who "caused" all of this by reporting a related bug to blockchain.info, which is why they were touching this critical code in the first place. The broken changes (there were multiple, only one is public knowledge) was pushed into production at midnight on Sunday in the UK. I caught the change and was able to get an emergency message to them in order to get them to pull the plug. Had I not had a script watching for changes like this on their site (previous experience has shown they love pushing broken code and then hiding it in git), it might have been a full 8 hours of sleep later that they could have taken down the website. Unsung hero and all that, but people would have lost a lot more money had it not been for that. Their RNG was broken at least 4 times before this incident as well, it just didn't get any publicity. So don't go go patting them on the back for their upstanding security, there's still piles of broken shit I've responsibly reported they haven't patched yet.
|
|
|
|
|