Bitcoin Forum
April 25, 2024, 03:08:27 PM
Welcome,
Guest
. Please
login
or
register
.
News
: Latest Bitcoin Core release:
27.0
[
Torrent
]
Home
Help
Search
Login
Register
More
Bitcoin Forum
>
Bitcoin
>
Bitcoin Discussion
>
Is the Bitcoin Community Under Attack?
Pages:
«
1
2
[
3
]
All
« previous topic
next topic »
Print
Author
Topic: Is the Bitcoin Community Under Attack? (Read 3962 times)
bittenbob
(OP)
Hero Member
Offline
Activity: 560
Merit: 500
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 05:32:47 AM
#41
Quote from: Maged on January 18, 2012, 05:20:50 AM
Quote from: bittenbob on January 18, 2012, 04:42:00 AM
I haven't googled anything and am going completely by memory. I rarely ever use wikipedia and especially not for technical matters. If you want to fake a handshake you will need to spoof IP and mac addresses. I am afraid it is you who doesn't know WTF you are talking about.
By the way Theymos, this thread is getting out of control and has nothing to do with the OP so feel free to lock it.
Then maybe you should start using Google. First off, just to get past the TCP handshake you need to be able to capture the response. As for the SSL handshake, you need the site's private key, otherwise all you'll get back is gibberish. And without knowing what that gibberish decrypts to, you can't send a response that will make any sense to the client. Since you are apparently good at cracking private keys, why don't you just start taking bitcoins?
Edit: I think my SSL is actually backward, and it's the client that sends their encryption key using the site's pubic key to encrypt it. But, that's just semantics.
This is all irrelevant to the OP once again. It would be possible to fake if someone got the cert from MTGox. They were hacked in the past and stolen certs is part of how the Stuxnet virus worked. I haven't hacked in a while and have no intention to do so any time soon. Stealing Bitcoins is a lot harder than MTIM for MTGox API and if someone could do it, it would have been done by now. I am not a thief either so even if I could I wouldn't out of morality.
It would be nice if MTGox put out a statement directly saying what happened when the API was cycling between 6 and 7 then disappeared. It would also put any speculation to rest.
I was worried while that was happening that the site was being hacked in some way and was shitting my pants about the relatively small amount of money and bitcoins i have on there. I still have them on there if that tells you something.
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 05:39:36 AM
#42
Can anyone say... Certificate Revocation Lists (CRLs)! Hardware-based token storage! Fingerprints! Dedicated SSL appliances!
This is fun, I can go on all day.
Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS]
Dead project is dead, all hail the coming of the mighty ASIC!
kjj
Legendary
Offline
Activity: 1302
Merit: 1024
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 06:49:23 AM
#43
Quote from: bittenbob on January 18, 2012, 01:58:35 AM
Quote from: theymos on January 18, 2012, 01:56:02 AM
MtGox's HTTPS will prevent any MITM attack unless the attacker compromises a CA or something.
Just curious theymos, what is your take on what was going on with all the charts when it was cycling in a loop between 6 and 7? After about 25 minutes those cycles were erased and the market sat at 6 until orders that were placed during the swings on the charts were executed. Anything is possible and I have never seen anything like what happened today.
I will tell you exactly what happened today. Ready?
Quote from: kjj on January 18, 2012, 01:19:55 AM
Actually, gox just uses a queue with timestamps. Their order matcher can fall behind during busy times.
When the queue is busy, everyone sees huge price swings and they try to place orders, but their orders are going to the queue, not the market. The swings you are seeing right now on mtgoxlive.com are at least several minutes old already, possibly much older, and everyone frantically clicking their trade buttons and the bots scrambling to make sense of things are just making it worse.
I gave a much longer answer to (more or less) this same question several months ago. Feel free to dig it out of my post history. And, just to repeat myself:
Quote from: kjj on January 18, 2012, 01:50:40 AM
It must be hell to be alive today with no clue about how anything at all really works.
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
bittenbob
(OP)
Hero Member
Offline
Activity: 560
Merit: 500
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 06:54:52 AM
#44
Quote from: kjj on January 18, 2012, 06:49:23 AM
Quote from: bittenbob on January 18, 2012, 01:58:35 AM
Quote from: theymos on January 18, 2012, 01:56:02 AM
MtGox's HTTPS will prevent any MITM attack unless the attacker compromises a CA or something.
Just curious theymos, what is your take on what was going on with all the charts when it was cycling in a loop between 6 and 7? After about 25 minutes those cycles were erased and the market sat at 6 until orders that were placed during the swings on the charts were executed. Anything is possible and I have never seen anything like what happened today.
I will tell you exactly what happened today. Ready?
Quote from: kjj on January 18, 2012, 01:19:55 AM
Actually, gox just uses a queue with timestamps. Their order matcher can fall behind during busy times.
When the queue is busy, everyone sees huge price swings and they try to place orders, but their orders are going to the queue, not the market. The swings you are seeing right now on mtgoxlive.com are at least several minutes old already, possibly much older, and everyone frantically clicking their trade buttons and the bots scrambling to make sense of things are just making it worse.
I gave a much longer answer to (more or less) this same question several months ago. Feel free to dig it out of my post history. And, just to repeat myself:
Quote from: kjj on January 18, 2012, 01:50:40 AM
It must be hell to be alive today with no clue about how anything at all really works.
Those swings were not real since they did not show up on the chart after. There was something that happened and it wasnt that. If it was simply that they were old the lines from the back and forth would be there. They disappeared as soon as trading became active again.
luv2drnkbr
Hero Member
Offline
Activity: 793
Merit: 1016
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 12:05:04 PM
#45
Quote from: jake262144 on January 18, 2012, 01:36:22 AM
@Eveofwar
Heh, everyone has a panic threshold.
Not too long ago I was at work. Not having enough work to do I checked bitcoinwatch. It showed a ridiculously low number of blocks/hour, something like 2.1
This got me thinking: wtf, better check the forums. Needless to say, the forums were down.
When I realized that MtGox was also down a red light went off and I immediately sent an alarming message to Gavin himself, describing the situation
Heck, when you're not at home you can't just take your time and research the situation carefully.
Why would you bother Gavin? He surely would find out himself anyway. He's done so much, don't pester the poor man!
Contact
|
PGP
(
Verify
) |
WOT
|
1PLzd0NATe2R3dD1TrANd0mAct50fP1zzA
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1127
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 12:46:57 PM
#46
Quote from: bittenbob on January 18, 2012, 04:34:29 AM
SSL is not the be all and end all. Handshakes can be captured and faked quite easily. Spoofing mac addresses is also very easy.
1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG |
PGP: B5797C4F
Tired of annoying signature ads?
Ad block for signatures
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 01:44:48 PM
#47
Quote from: rjk on January 18, 2012, 05:39:36 AM
Can anyone say... Certificate Revocation Lists (CRLs)! Hardware-based token storage! Fingerprints! Dedicated SSL appliances!
This is fun, I can go on all day.
Yeah which is why I asked how one could easily MITM a https site. I guess it was too subtle.
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 05:58:29 PM
#48
Quote from: BadBear on January 18, 2012, 12:46:57 PM
Quote from: bittenbob on January 18, 2012, 04:34:29 AM
SSL is not the be all and end all. Handshakes can be captured and faked quite easily. Spoofing mac addresses is also very easy.
LOL!
bittenbob
(OP)
Hero Member
Offline
Activity: 560
Merit: 500
Re: Is the Bitcoin Community Under Attack?
January 18, 2012, 08:53:22 PM
#49
Quote from: DeathAndTaxes on January 18, 2012, 01:44:48 PM
Quote from: rjk on January 18, 2012, 05:39:36 AM
Can anyone say... Certificate Revocation Lists (CRLs)! Hardware-based token storage! Fingerprints! Dedicated SSL appliances!
This is fun, I can go on all day.
Yeah which is why I asked how one could easily MITM a https site. I guess it was too subtle.
CRL's would only work if they knew it had been hijacked. Kind of like how a 0day exploit will usually only work once since it will be found and patched after it has been used.
Pages:
«
1
2
[
3
]
All
Print
Bitcoin Forum
>
Bitcoin
>
Bitcoin Discussion
>
Is the Bitcoin Community Under Attack?
« previous topic
next topic »
Jump to:
Please select a destination:
-----------------------------
Bitcoin
-----------------------------
=> Bitcoin Discussion
===> Legal
===> Press
===> Meetups
===> Important Announcements
=> Development & Technical Discussion
===> Wallet software
=====> Electrum
=====> Bitcoin Wallet for Android
=====> BitcoinJ
=====> Armory
=====> Mycelium
=====> Hardware wallets
=> Mining
===> Mining support
===> Pools
===> Mining software (miners)
===> Hardware
=====> Group buys
===> Mining speculation
=> Bitcoin Technical Support
=> Project Development
-----------------------------
Economy
-----------------------------
=> Economics
===> Speculation
=> Marketplace
===> Goods
=====> Computer hardware
=====> Digital goods
=======> Invites & Accounts
=====> Collectibles
===> Services
===> Currency exchange
===> Gambling
=====> Games and rounds
=====> Investor-based games
=====> Gambling discussion
===> Lending
=====> Long-term offers
===> Securities
===> Auctions
===> Service Announcements
=====> Micro Earnings
===> Service Discussion
=====> Web Wallets
=====> Exchanges
=> Trading Discussion
===> Scam Accusations
===> Reputation
-----------------------------
Other
-----------------------------
=> Meta
===> New forum software
===> Bitcoin Wiki
=> Politics & Society
=> Beginners & Help
=> Off-topic
=> Serious discussion
===> Ivory Tower
=> Archival
===> Корзина
===> CPU/GPU Bitcoin mining hardware
===> Chinese students
===> Obsolete (buying)
===> Obsolete (selling)
===> MultiBit
-----------------------------
Alternate cryptocurrencies
-----------------------------
=> Altcoin Discussion
=> Announcements (Altcoins)
===> Tokens (Altcoins)
=> Mining (Altcoins)
===> Pools (Altcoins)
=> Marketplace (Altcoins)
===> Service Announcements (Altcoins)
===> Service Discussion (Altcoins)
===> Bounties (Altcoins)
=> Speculation (Altcoins)
-----------------------------
Local
-----------------------------
=> العربية (Arabic)
===> العملات البديلة (Altcoins)
=====> النقاشات
===> إستفسارات و أسئلة المبتدئين
===> التعدين
===> النقاشات الأخرى
===> منصات التبادل
=> Bahasa Indonesia (Indonesian)
===> Marketplace (Bahasa Indonesia)
===> Mining (Bahasa Indonesia)
===> Altcoins (Bahasa Indonesia)
===> Trading dan Spekulasi
===> Ekonomi, Politik, dan Budaya
===> Topik Lainnya
=> Español (Spanish)
===> Mercado y Economía
=====> Servicios
=====> Trading y especulación
===> Hardware y Minería
===> Esquina Libre
===> Mercadillo
=====> Mexico
=====> Argentina
=====> España
=====> Centroamerica y Caribe
===> Primeros pasos y ayuda
===> Altcoins (criptomonedas alternativas)
=====> Minería de altcoins
=====> Servicios
=====> Tokens (Español)
=> 中文 (Chinese)
===> 跳蚤市场
===> 山寨币
===> 媒体
===> 挖矿
===> 离题万里
=> Hrvatski (Croatian)
===> Trgovina
===> Altcoins (Hrvatski)
=====> Announcements (Hrvatski)
===> Off-topic (Hrvatski)
=> Deutsch (German)
===> Anfänger und Hilfe
===> Mining (Deutsch)
===> Trading und Spekulation
===> Projektentwicklung
===> Off-Topic (Deutsch)
===> Treffen
===> Presse
===> Altcoins (Deutsch)
=====> Announcements (Deutsch)
===> Marktplatz
=====> Auktionen
=====> Suche
=====> Biete
=> Ελληνικά (Greek)
===> Αγορά
===> Mining Discussion (Ελληνικά)
===> Altcoins (Ελληνικά)
=====> Altcoin Announcements (Ελληνικά)
=====> Altcoin Mining (Ελληνικά)
=> עברית (Hebrew)
=> Français
===> Actualité et News
===> Débutants
===> Discussions générales et utilisation du Bitcoin
===> Mining et Hardware
===> Économie et spéculation
===> Place de marché
=====> Échanges
=====> Produits et services
=====> Petites annonces
===> Le Bitcoin et la loi
===> Wiki, documentation et traduction
===> Développement et technique
===> Vos sites et projets
===> Hors-sujet
===> Altcoins (Français)
=====> Annonces
=> India
===> Mining (India)
===> Marketplace (India)
===> Regional Languages (India)
===> Press & News from India
===> Alt Coins (India)
===> Buyer/ Seller Reputations (India)
===> Off-Topic (India)
=> Italiano (Italian)
===> Guide (Italiano)
===> Progetti
===> Discussioni avanzate e sviluppo
===> Trading, analisi e speculazione
===> Mercato
=====> Mercato valute
=====> Beni
=====> Servizi
=====> Esercizi commerciali
=====> Hardware/Mining (Italiano)
=====> Gambling (Italiano)
===> Accuse scam/truffe
===> Mining (Italiano)
===> Alt-Currencies (Italiano)
=====> Annunci
===> Raduni/Meeting (Italiano)
===> Crittografia e decentralizzazione
===> Off-Topic (Italiano)
=> 日本語 (Japanese)
===> アルトコイン
=> Nederlands (Dutch)
===> Markt
===> Gokken/lotterijen
===> Mining (Nederlands)
===> Beurzen
===> Alt Coins (Nederlands)
===> Off-topic (Nederlands)
===> Meetings (Nederlands)
=> Nigeria (Naija)
=> 한국어 (Korean)
===> 대체코인 Alt Coins (한국어)
=> Pilipinas
===> Altcoins (Pilipinas)
=====> Altcoin Announcements (Pilipinas)
===> Pamilihan
===> Others (Pilipinas)
=> Polski
===> Tablica ogłoszeń
===> Alternatywne kryptowaluty
=====> Nowe kryptowaluty i tokeny
=====> Tablica ogłoszeń (altcoiny)
=> Português (Portuguese)
===> Primeiros Passos (Iniciantes)
===> Economia & Mercado
===> Mineração em Geral
===> Desenvolvimento & Discussões Técnicas
===> Criptomoedas Alternativas
===> Brasil
===> Portugal
=> Русский (Russian)
===> Новички
===> Бизнес
=====> Барахолка
=====> Обменники
===> Идеи
===> Кодеры
===> Майнеры
===> Политика
===> Трейдеры
===> Альтернативные криптовалюты
=====> Токены
=====> Бayнти и aиpдpoпы
===> Хайпы
===> Работа
===> Разное
===> Oбcyждeниe Bitcoin
=====> Новости
=====> Юристы
=> Română (Romanian)
===> Anunturi importante
===> Offtopic
===> Market
=====> Discutii Servicii
===> Minerit
===> Tutoriale
===> Bine ai venit!
===> Presa
===> Altcoins (Monede Alternative)
=====> Anunturi Monede Alternative
=> Skandinavisk
=> Türkçe (Turkish)
===> Bitcoin Haberleri
===> Pazar Alanı
===> Madencilik
===> Ekonomi
===> Servisler
=====> Fonlar
===> Proje Geliştirme
===> Alternatif Kripto-Paralar
=====> Madencilik (Alternatif Kripto-Paralar)
=====> Duyurular (Alternatif Kripto-Paralar)
===> Konu Dışı
===> Yeni Başlayanlar & Yardım
===> Buluşmalar
=> Other languages/locations
Loading...