Bitcoin Forum
December 03, 2016, 01:57:16 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 ... 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201482 times)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 11, 2012, 05:16:46 PM
 #181

This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info?

18,000 BTC was withdrawn. If you had a custom interface you could make it piss red flags when it sees a transaction with such a large amount.
When someone steals the actual keys, there is nothing you can do about that.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
1480773436
Hero Member
*
Offline Offline

Posts: 1480773436

View Profile Personal Message (Offline)

Ignore
1480773436
Reply with quote  #2

1480773436
Report to moderator
1480773436
Hero Member
*
Offline Offline

Posts: 1480773436

View Profile Personal Message (Offline)

Ignore
1480773436
Reply with quote  #2

1480773436
Report to moderator
1480773436
Hero Member
*
Offline Offline

Posts: 1480773436

View Profile Personal Message (Offline)

Ignore
1480773436
Reply with quote  #2

1480773436
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
May 11, 2012, 05:17:14 PM
 #182

Quote
lame comment is lame

Huh
In other words, you sir are a fool.

yet, right  Grin
Carlos L.
Legendary
*
Offline Offline

Activity: 952


View Profile
May 11, 2012, 05:17:18 PM
 #183

He's still 17? People don't age in Asia?

I lol'd
terrytibbs
Hero Member
*****
Offline Offline

Activity: 560



View Profile
May 11, 2012, 05:20:39 PM
 #184

He's still 17? People don't age in Asia?
Well, they most certainly don't grow. Tongue
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
May 11, 2012, 05:21:25 PM
 #185

He's still 17? People don't age in Asia?
Well, they most certainly don't grow. Tongue

we call them "little people" .....lol
Tuxavant
Hero Member
*****
Offline Offline

Activity: 756


Bitcoin Mayor of Las Vegas


View Profile WWW
May 11, 2012, 05:25:32 PM
 #186


we call them "little people" .....lol

So do their girlfriends.

Damn, I can feel the fires of hell roasting my toes already.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 11, 2012, 05:26:38 PM
 #187

This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info?

18,000 BTC was withdrawn. If you had a custom interface you could make it piss red flags when it sees a transaction with such a large amount.

Which does nothing since Bitcoin is irreversible.

Quote
ALERT ALERT ALERT You have already been robbed.  Have a nice day. Smiley

The most likely attack vector was
a) gain access to rackspace admin console
b) reset root password
c) login as root
d) steal private keys

Speculation I know but we do know that just prior to the "cashout" tx hitting blockchain all the admins were notified of a password change.

So what exactly would a custom RPC do about that?
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 11, 2012, 05:28:29 PM
 #188

This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info?

18,000 BTC was withdrawn. If you had a custom interface you could make it piss red flags when it sees a transaction with such a large amount.

Which does nothing since Bitcoin is irreversible. Smiley

The most likely attack vector was
a) gain access to rackspace admin console
b) reset root password
c) login as root
d) steal private keys

So what exactly would a custom RPC do about that?
And to add more flames to this raging inferno, Rackspace maintains backdoor root accounts on their managed servers to perform backups and maintenance. I'm not sure whether this applies to the cloud servers or not.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
gusti
Legendary
*
Offline Offline

Activity: 1102


View Profile
May 11, 2012, 05:32:15 PM
 #189

This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info?

18,000 BTC was withdrawn. If you had a custom interface you could make it piss red flags when it sees a transaction with such a large amount.

Which does nothing since Bitcoin is irreversible. Smiley

The most likely attack vector was
a) gain access to rackspace admin console
b) reset root password
c) login as root
d) steal private keys

So what exactly would a custom RPC do about that?
And to add more flames to this raging inferno, Rackspace maintains backdoor root accounts on their managed servers to perform backups and maintenance. I'm not sure whether this applies to the cloud servers or not.

Anything less than an isolated dedicated, unmanaged server, is simply suicide.

If you don't own the private keys, you don't own the coins.
bbulker
Full Member
***
Offline Offline

Activity: 127


View Profile
May 11, 2012, 05:33:14 PM
 #190

This could have been avoided by not using the standard bitcoind rpc interface. If you have your own custom interface in between you can add large amounts of security measures such as withdraw verification and grace time. The hacker will also not be able to look up how your interface works by going to Google.
How do you know? From what we have heard, it has nothing whatsoever to do with the cracking that took place. Or do you have some inside info?

18,000 BTC was withdrawn. If you had a custom interface you could make it piss red flags when it sees a transaction with such a large amount.

Which does nothing since Bitcoin is irreversible.

Quote
ALERT ALERT ALERT You have already been robbed.  Have a nice day. Smiley

The most likely attack vector was
a) gain access to rackspace admin console
b) reset root password
c) login as root
d) steal private keys

Speculation I know but we do know that just prior to the "cashout" tx hitting blockchain all the admins were notified of a password change.

So what exactly would a custom RPC do about that?


There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 11, 2012, 05:35:04 PM
 #191

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.
If the keys are stolen, ANY bitcoind can make the transaction, doesn't have to be on the compromised server.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 1946


Poor impulse control.


View Profile WWW
May 11, 2012, 05:35:09 PM
 #192

He's still 17? People don't age in Asia?
Well, they most certainly don't grow. Tongue

we call them "little people" .....lol

I always wondered where Loompaland was, but I knew that green hair colour was fake.

So, that chocolate factory was one of the first sweat shops, eh?

/offtopicsilliness

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 11, 2012, 05:36:18 PM
 #193

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind.

Let me make it simple
Nobody is going to use the grace period.  
Nobody is going to use the locked down bitcoind to send a tx.

They are just going to steal the private keys.  No grace period on stolen keys.

Quote
There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Bitcoind has to be somewhere.  If you have access to the server you have access to the keys.  Period.*

It appear the attackers gained access to the server.  Ergo they had access to the private keys.


* Well in theory maybe not with a HSM or TPM.  But even then if the attacker has gained access to the wallet server your security model has already failed, it is just you could get lucky and avoid losing a lot of funds.
MelMan2002
Sr. Member
****
Offline Offline

Activity: 434



View Profile
May 11, 2012, 05:43:56 PM
 #194

So...any news on this yet?  What is Zhou's twitter handle?
bbulker
Full Member
***
Offline Offline

Activity: 127


View Profile
May 11, 2012, 05:44:19 PM
 #195

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?
Blitz­
Donator
Legendary
*
Offline Offline

Activity: 1596


"Cut Your Loose"


View Profile
May 11, 2012, 05:45:59 PM
 #196

This is why. You guys completely ignore the magnitude of this, and completely ignore that Bitcoin is an unestablished currency. Being an unestablished currency, it needs a positive sum game far greater than those of established ones to ever hope to compete. Systematically allocating wealth from wealth creators to wealth destroyers as is being done in the Bitcoin world is unsustainable if Bitcoin is to have any value, since it represents a negative sum game in which wealth is continuosly destroyed.

Relax. It is geek currency, hackers are geeks. So they get their share one way or another. In long run it is utterly immaterial for Bitcoin how initial distribution/emission of money is done and who are "early adopters". Actually, the quicker "early adopter" lion share of Bitcoin is diluted, the better.


Vladimir, I have the biggest respect for you and cypherdoc, and because of this it amazes me how you guys only can be so oblivious to the social dynamics at play here. If Bitcoin keeps destroying value instead of creating value, the market will simply drop it. Not even to mention the image problems Bitcoin already has with anyone who is not already a Bitcoiner (couple ten k guys). We cannot continue at this rate and transfer hard earned Bitcoins from market participants to hackers, scammers and leeches forever expecting Bitcoin to have any value.

You say it is transferred from early adopters to geeks, but this has not at all been true lately. The only example I know of would be allinvain with his 25k coins if his report was true.

Consider also the cost of securing Bitcoins (this substracts from BTC value) and the barrier of entry it creates. I say these continuous gigantic (in terms of money supply %) thefts from large Bitcoin sites do hurt Bitcoin over the long run.

I am even thinking that this could be a similar attack to what happened with MtGox and all the other sites in summer/fall because MtGox and GLBSE were also targeted the past week. Which $$$ oriented hacker would redirect the site to Meatspin instead of a wallet.dat stealer or other malware? Ie possibly a coordinated attack on all infrastructure by someone who doesn’t like Bitcoin.

Disclosure: I hold Bitcoins and had no funds at Bitcoinica.

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
"these people don't seem to want to stop till Bitcoin is completely destroyed and left like an old cum rag in the corner of the room." - ShroomsKit
MrTeal
Legendary
*
Offline Offline

Activity: 1246


View Profile
May 11, 2012, 05:47:26 PM
 #197

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

Are you intentionally missing their point?
bbulker
Full Member
***
Offline Offline

Activity: 127


View Profile
May 11, 2012, 05:49:00 PM
 #198

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

Are you intentionally missing their point?

Are they implying the hacker would have physical access to the machine? I thought computers could only communicate through ports.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 11, 2012, 05:51:25 PM
 #199

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

Are you intentionally missing their point?

Are they implying the hacker had physical access to the machine?
Yes, close enough when the machine is a VM on a cloud somewhere.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bbulker
Full Member
***
Offline Offline

Activity: 127


View Profile
May 11, 2012, 05:55:49 PM
 #200

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

Are you intentionally missing their point?

Are they implying the hacker had physical access to the machine?
Yes, close enough when the machine is a VM on a cloud somewhere.

I don't keep my real wallet in a lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 ... 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!