Reused R values again

[itod]

Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.

Theft under BTC 1000 doesn't get you into the first 30:
https://bitcointalk.org/index.php?topic=83794.0

BC.i is still to small to make it to the list.

This wasn't about number of bitcoins lost, but number of people who lost coins one way or another.

How many people lost coins in this? Weren't they refunded? Even if they weren't , look how many people lost BTC and how much in fresh thefts like MintPal. By any criteria BC.i is very small, far away from #1 place.

[1714949260]

1714949260

[goosoodude]

They were lucky johoe saved them.

Not only johoe actually.

I'm the security researched who "caused" all of this by reporting a related bug to blockchain.info, which is why they were touching this critical code in the first place. The broken changes (there were multiple, only one is public knowledge) was pushed into production at midnight on Sunday in the UK. I caught the change and was able to get an emergency message to them in order to get them to pull the plug. Had I not had a script watching for changes like this on their site (previous experience has shown they love pushing broken code and then hiding it in git), it might have been a full 8 hours of sleep later that they could have taken down the website. Unsung hero and all that, but people would have lost a lot more money had it not been for that.

Their RNG was broken at least 4 times before this incident as well, it just didn't get any publicity.

So don't go go patting them on the back for their upstanding security, there's still piles of broken shit I've responsibly reported they haven't patched yet.

Thank you too.

Have they offered to hire you as a consultant or on a bounty to keep checking for bugs?

[nogf]

Have they offered to hire you as a consultant or on a bounty to keep checking for bugs?

No. Their response to responsible disclosure is deeply belittling.

https://i.imgur.com/z8mW9DJ.png

a bounty to keep checking for bugs?

• You have to nag them to even pay out. Some of the reports I have made could have been leveraged to steal millions of dollars worth of Bitcoin directly from their users, such as a plaintext websocket fallback in the wallet communication, SSL not being enforced at all, HSTS not being enforced, and a logical bypass for their Tor exit node blocking which amplified MITM attacks. The bounty for these bugs was lumped together at 1.9 BTC total, which I found to be astonishing low given their profile and the probable impact.

• Their security "team" does not know how to use GPG properly, when reporting an insanely critical bug that could still result in the thefts of Bitcoin they responded to a GPG encrypted email in plaintext acknowledging and quoting the security sensitive information.

• High risk bugs that affect the integrity of their service are told to be in scope, partially fixed, encouragement given and then all further reports are ignored for weeks. As it currently stands, the statement that if you use their browser extension or application you are safe from remote attack is completely false.

It is for these reasons I will not be attempting to responsibly disclose bugs to blockchain.info in the future, and I do not suggest other researchers attempt it either.

[goosoodude]

Have they offered to hire you as a consultant or on a bounty to keep checking for bugs?

No. Their response to responsible disclosure is deeply belittling.

a bounty to keep checking for bugs?

• You have to nag them to even pay out. Some of the reports I have made could have been leveraged to steal millions of dollars worth of Bitcoin directly from their users, such as a plaintext websocket fallback in the wallet communication, SSL not being enforced at all, HSTS not being enforced, and a logical bypass for their Tor exit node blocking which amplified MITM attacks. The bounty for these bugs was lumped together at 1.9 BTC total, which I found to be astonishing low given their profile and the probable impact.

• Their security "team" does not know how to use GPG properly, when reporting an insanely critical bug that could still result in the thefts of Bitcoin they responded to a GPG encrypted email in plaintext acknowledging and quoting the security sensitive information.

• High risk bugs that affect the integrity of their service are told to be in scope, partially fixed, encouragement given and then all further reports are ignored for weeks. As it currently stands, the statement that if you use their browser extension or application you are safe from remote attack is completely false.

It is for these reasons I will not be attempting to responsibly disclose bugs to blockchain.info in the future, and I do not suggest other researchers attempt it either.

Next time you should exploit a vulnerability, remove the coins and make it public. It will let you collect a good bounty, increase your profile and get hired as a consultant by some company and expose blockchain which will keep the public warned about using it.

You should not stop looking for vulnerability, youre doing a good service to Bitcoin and the general user who is unaware of Blockchain.info's incompetence.

[nogf]

Next time you should exploit a vulnerability, remove the coins and make it public. It will let you collect a good bounty, increase your profile and get hired as a consultant by some company and expose blockchain which will keep the public warned about using it.

That would be gray hat. I am white hat.

I had the opportunity to take all of the money johoe did significantly before he even realized it was an issue. It wasn't my place to go saving anybodies coins, it was if anybodies it was blockchain.info's. I don't know the legality of what joehoe did, as far as I could justify in my head at the time even though it was a "good" act, it would still be breaking my countries law. During the event I asked blockchain.info for permission to sweep the money and return it to the company, but they didn't respond in time.

You should not stop looking for vulnerability, youre doing a good service to Bitcoin and the general user who is unaware of Blockchain.info's incompetence.

Responsibly reporting even ridiculously critical bugs isn't financially sensible for me with this company.

How many people lost coins in this? Weren't they refunded? Even if they weren't , look how many people lost BTC and how much in fresh thefts like MintPal. By any criteria BC.i is very small, far away from #1 place.

You would do well to look at potential for disaster. Blockchain.info likely holds high double digit percentages of all Bitcoin in existence. It's possible they own some of the most valuable servers in the world as unlike an exchange they can't use a cold/hot storage system. It's all hot, all internet connected, all the time.

[goosoodude]

You should not stop looking for vulnerability, youre doing a good service to Bitcoin and the general user who is unaware of Blockchain.info's incompetence.

Responsibly reporting even ridiculously critical bugs isn't financially sensible for me with this company.

You should ask them for a proper bounty and if they refuse or dont respond report the vulnerability in public. I dont think it will count as blackmail, youre not sure they are competent enough to handle it so you posted here where others can check and suggest fixes.

Once it happens, Blockchain wont be so careless again, but then they were about to lose 1000BTC so if they have not become wiser now they will never be.

[goosoodude]

johoe says he got a reasonable reward.

You should report any vulnerability here, it will at least get you known and may get you contract with other firms.

I have to say, I already got a reasonable reward from bc.i.

[nogf]

You should ask them for a proper bounty and if they refuse or dont respond report the vulnerability in public. I dont think it will count as blackmail, youre not sure they are competent enough to handle it so you posted here where others can check and suggest fixes.

Full disclosure gets the job done but it doesn't pay my bills.

Responsible disclosure pays my bills, if it's anybody other than blockchain.info.

[goosoodude]

Full disclosure gets the job done but it doesn't pay my bills.

It also leaves you with no gf (just realised what the username means)

It will make you known and get you hired. There are a lot of start ups running various types of services which use some kind of online wallet and they may be interested in you if you show value.

[amaclin]

It will make you known and get you hired. There are a lot of start ups running various types of services which use some kind of online wallet and they may be interested in you if you show value.

Are you sure that a persons like johoe or nogf are interested in bitcoin-related startups ? 

[goosoodude]

It will make you known and get you hired. There are a lot of start ups running various types of services which use some kind of online wallet and they may be interested in you if you show value.

Are you sure that a persons like johoe or nogf are interested in bitcoin-related startups ?  

Just realised 'yo hoe' too

They will be interested in the money provided by the start ups to get the hoe or gf

[amaclin]

They will be interested in the money provided by the start ups to get the hoe or gf

Are you sure that bitcoin-related startups will be able to pay salary on a distance of several months?
(My point of view: no)

[bcearl]

That would be gray hat. I am white hat.

But when the first reused R values appear, everybody knows that the RNG is flawed anyway. And then fixed RNG code does not help you much to protect transactions that were created with the flawed RNG. Let alone the whole problem of users and their browsers' cache, still executing the broken code.

[nogf]

But when the first reused R values appear, everybody knows that the RNG is flawed anyway. And then fixed RNG code does not help you much to protect transactions that were created with the flawed RNG. Let alone the whole problem of users and their browsers' cache, still executing the broken code.

You can't justify stealing a car because "it was going to be stolen anyway".

Are you sure that bitcoin-related startups will be able to pay salary on a distance of several months?
(My point of view: no)

If you had $30M USD in your pocket and $400,000 a month in revenue resting entirely on your security, no doubt you'd be making that your first priority.

[Newar]

But when the first reused R values appear, everybody knows that the RNG is flawed anyway. And then fixed RNG code does not help you much to protect transactions that were created with the flawed RNG. Let alone the whole problem of users and their browsers' cache, still executing the broken code.

You can't justify stealing a car because "it was going to be stolen anyway".

That car IMO has in that case become more like a wallet you forgot on a bench in the park. I, as the owner of the car/wallet would appreciate it, if somebody takes it in to safe-keep and leaves a message at the location they took it, how to contact them. Sort of what johoe did.



Also, by posting that there are more flaws to be found at bc.i you just gave the black hats a motivational boost.

[smoothie]

Of all thefts and errors that have occurred with Bitcoin, bc.i holds the #1 spot in theft related issues.

Theft under BTC 1000 doesn't get you into the first 30:
https://bitcointalk.org/index.php?topic=83794.0

BC.i is still to small to make it to the list.

This wasn't about number of bitcoins lost, but number of people who lost coins one way or another.

Oh really how did you make that conclusion when mtgox had over several hundred thousand accounts and then went belly up?

Your assertion that it is the #1 theft in number of affected people is so far off.

Please do your research before talking.

Merry Christmas!

[nogf]

if somebody takes it in to safe-keep and leaves a message at the location they took it, how to contact them. Sort of what johoe did.

There's no method of doing that in Bitcoin.

Also, by posting that there are more flaws to be found at bc.i you just gave the black hats a motivational boost.

There's existing incentive of being able to steal millions of dollars worth of Bitcoin. Do you really think some terse comments confirming that there are issues will make even the slightest difference? It's very much public knowledge that there's huge problems with their management of security, else this thread wouldn't be 20 pages long and I wouldn't be posting here.

[Newar]

if somebody takes it in to safe-keep and leaves a message at the location they took it, how to contact them. Sort of what johoe did.

There's no method of doing that in Bitcoin.

Of course there is. The blockchain is a public ledger. Sweeping coins to an address and then posting about it and the address is exactly that. The word will spread quick enough, as was shown in johoe's case.

Also, by posting that there are more flaws to be found at bc.i you just gave the black hats a motivational boost.

There's existing incentive of being able to steal millions of dollars worth of Bitcoin. Do you really think some terse comments confirming that there are issues will make even the slightest difference? It's very much public knowledge that there's huge problems with their management of security, else this thread wouldn't be 20 pages long and I wouldn't be posting here.

Yes, I think it makes a difference. This thread is about the R values. You claim that there are more flaws to be found. This could be motivation to poke around some more.

[nogf]

Of course there is. The blockchain is a public ledger. Sweeping coins to an address and then posting about it and the address is exactly that. The word will spread quick enough, as was shown in johoe's case.

Not everybody reads this little pit on the side of the internet. Not everybody speaks English. Unless it's a very high profile event "saving" someones money will just be theft with no positive identification. Especially in the cases here, the private key was exposed so it could never be proved who owned it in the first place.

Yes, I think it makes a difference. This thread is about the R values. You claim that there are more flaws to be found. This could be motivation to poke around some more.

Lay off playing the concerned. There's a balance that needs to be struck no matter how you look at it. If people don't voice concern about the security practice of a company, there's an assumption that everything is just fine. I've given no information that could aid anybody in finding vulnerabilities in their code.

[LFC_Bitcoin]

Of course there is. The blockchain is a public ledger. Sweeping coins to an address and then posting about it and the address is exactly that. The word will spread quick enough, as was shown in johoe's case.

Not everybody reads this little pit on the side of the internet. Not everybody speaks English. Unless it's a very high profile event "saving" someones money will just be theft with no positive identification. Especially in the cases here, the private key was exposed so it could never be proved who owned it in the first place.

Yes, I think it makes a difference. This thread is about the R values. You claim that there are more flaws to be found. This could be motivation to poke around some more.

Lay off playing the concerned. There's a balance that needs to be struck no matter how you look at it. If people don't voice concern about the security practice of a company, there's an assumption that everything is just fine. I've given no information that could aid anybody in finding vulnerabilities in their code.

This is important.
Please refrain from giving a step by step instruction on how to hack people's addresses.

I highly respect what johoe did but I think he got carried away with his new 'fame' by telling everybody how he did it.
Not cool.