[THEORY] Reverse exploiting Bitcoin

[AGD]

You're kidding right
One person can't just go into the code and edit it as they place or dump malicious content
it is reviewed, cleaned, edited by other devs before it is completely published

people dont simply dump compiled exe's into the bitcoin dev project area. they put in lins of code, which get reviewed by the other dev's before its then added into the main code area, and then tested to ensure it does not cause other things to fall apart or become exploitable.

so its not 'theoretically' possible to hide a trojan horse in the main bitcoin-core

From my posting #4
I agree, that new implementations are reviewed over and over by expert coders until they are released, but this is not the relevant part of it.
SSL had a flaw that was indeed exploitable until the core devs were convinced, that they had to change the code and release v 0.9.0.
Before that, the guys either didn't know about the Heartbleed bug or they thought it was not necessary to update.  This means, that a code - even after multiple reviews by good programmers - can contain bugs/flaws/exploitable parts, which either still has to be found or - in my example - was already found, but kept secret.

[1715052346]

1715052346

[1715052346]

1715052346

[1715052346]

1715052346

[AGD]

My idea of a scenario - Swedish military version here: http://cryptome.org/2014/11/heartbleed-cyber-op.pdf

After I read this, I am pretty convinced now, that there are countless possibilities to implement an exploitable code - even into open source software.

[AGD]

+1 because thanks to Gavn, we have a scenario, where exacty this reverse exploit could be implemented. Please core devs: Don't let it happen!

http://blogs.msdn.com/b/vcblog/archive/2014/02/04/challenge-vulnerable-code.aspx
http://www.underhanded-c.org/_p_26.html

[AGD]

+1
Not as weird as it sounded years ago....

[jdbtracker]

It is completely possible, I have worked in countless industries and I can tell you no one really cares enough to check... it's sad, but it's true.
 
A lot of the code has insane amounts of bugs and glitches, the best method practices have to be applied by a strict supervisor... an overworked supervisor trying to keep all the shit being submitted to them straight.
there are so many points of vulnerability that can be introduced by an exhausted team eager to perform, look at Intel, they knew about that processor flaw and they kept making them for 25 years... what does that tell you?

The best we can do is resolve the problems we can see now. patch every exploit we find as fast as possible.

[AGD]

It is completely possible, I have worked in countless industries and I can tell you no one really cares enough to check... it's sad, but it's true.
 
A lot of the code has insane amounts of bugs and glitches, the best method practices have to be applied by a strict supervisor... an overworked supervisor trying to keep all the shit being submitted to them straight.
there are so many points of vulnerability that can be introduced by an exhausted team eager to perform, look at Intel, they knew about that processor flaw and they kept making them for 25 years... what does that tell you?

The best we can do is resolve the problems we can see now. patch every exploit we find as fast as possible.

I bet they have developed a lot more of these gimmicks meanwhile.

[AGD]

Just want to bring my old idea up, due to CVE-2018–17144 and a comment I read
https://medium.com/@awemany/600-microseconds-b70f87b0b2a6

I always feared that someone from the bankster circles, someone injected into the Bitcoin development circles with the sole goal of wreaking unsalvageable havoc, would do exactly what happened. Injecting a silent inflation bug. Because that is what would destroy one of the very core advantages that Bitcoin has over the current status quo.

Still pretty much possible to me to intentionally infiltrate obviously harmless code, that is in reality exploitable.

As a footnote I reapeat this link: http://en.wikipedia.org/wiki/Underhanded_C_Contest