This message was too old and has been purged

[Evil-Knievel]

This message was too old and has been purged

[1715141712]

1715141712

[1715141712]

1715141712

[1715141712]

1715141712

[1715141712]

1715141712

[instagibbs]

I totally believe you. Dang it where's my sarcasm font?

[Evil-Knievel]

This message was too old and has been purged

[entertainment]

You should use https://www.vinumeris.com/lighthouse

 

[ncsupanda]

You should use https://www.vinumeris.com/lighthouse

 

I agree. I follow a lot of the projects you are working on Evil and I could see a Lighthouse writeup doing well if you are able to prove what you're claiming here.

I would give BTC for this. Thanks!

Edit: For some projects and people who stumble here, this may be interesting:
https://tip4commit.com/projects

[Evil-Knievel]

This message was too old and has been purged

[cr1776]

Hello,

I was just curious if there is any sort of bitcoin bug bounty?
I have discovered a serious bug in all previous (and current) bitcoin reference clients which would allow a denial of service on an arbitrary number of bitcoind nodes (as run by exchanges for example).
While this bug may not leak any private data, it allows you to shoot down bitcoin nodes that you are directly connected to. Arbitrary code execution may be possible (but was not tested).

The denial of service works, tested locally in Bitcoin 0.9 and 0.10 branches.
Newspapers or Journalists may ask me for a demonstration in private.

If anyone is intrested in a disclosure, I am asking 10 BTC for my time doing a write-up
including detailed explanations: 1LaV9xQvmd1gR4fYYWgFMpPXEgAwBYCQN1

If the balance will not reach 10 BTC, I will pay all amounts back. I will also cover the transaction costs myself.

Hi,
A question: DOS vs " shoot down" vs "arbitrary code execution may be possible". Can you explain more? Are you crashing bitcoind "merely" DOSing the server while connected?

Down thread you said "make your node connect to mine".  Did you mean any node that connects to your node will crash bitcoind?

[Evil-Knievel]

This message was too old and has been purged

[cr1776]

Hi,
A question: DOS vs " shoot down" vs "arbitrary code execution may be possible". Can you explain more? Are you crashing bitcoind "merely" DOSing the server while connected?

Down thread you said "make your node connect to mine".  Did you mean any node that connects to your node will crash bitcoind?

Well, the only thing that is required to "shoot down" a node, is that the node is somehow connected to you. It does not matter who initiated the connection.
The handshake must have already occured (basically the version message sent and accepted) so it does not work on nodes that block you. Usually that should not be the case anyway.

Now, shooting down means that the bitcoind server completely stops. It can be restarted by hand, but until someone physically walks up to the server and resets the application it will remain in an infinite loop and stop working at all.

Thanks.  I was just curious as to what you were seeing. ;-)   

btw, one thing I was clear about was whether your node is set to do this automatically to anyone who connects to it or you have to trigger it.

I'd ask you to share the details, but given the first post, I presume that is pointless.   

[entertainment]

Someone published the link to this thread on reddit: http://www.reddit.com/r/Bitcoin/comments/2ukp87/researcher_discovers_major_dos_vulnerability_in/

[Blazr]

You can't seriously expect people to pay you UPFRONT for such a disclosure?!

If you actually know of such an exploit, contact the devs privately and responsibly disclose it ASAP. Then you can ask for your bounty, and you'll probably get more than 10BTC.

[cr1776]

You can't seriously expect people to pay you UPFRONT for such a disclosure?!

If you actually know of such an exploit, contact the devs privately and responsibly disclose it ASAP. Then you can ask for your bounty, and you'll probably get more than 10BTC.

It is much more likely there is a bug in the software as compared to the odds there is a 'bug' in the math. :-)

Some reading on the ECDSA claims:
https://bitcointalk.org/index.php?topic=437220.msg4808560#msg4808560
https://bitcointalk.org/index.php?topic=421842.0

[bassguitarman]

Hello,

I was just curious if there is any sort of bitcoin bug bounty?
I have discovered a serious bug in all previous (and current) bitcoin reference clients which would allow a denial of service on an arbitrary number of bitcoind nodes (as run by exchanges for example).
While this bug may not leak any private data, it allows you to shoot down bitcoin nodes that you are directly connected to. Arbitrary code execution may be possible (but was not tested).

The denial of service works, tested locally in Bitcoin 0.9 and 0.10 branches.
Newspapers or Journalists may ask me for a demonstration in private.

If anyone is intrested in a disclosure, I am asking 10 BTC for my time doing a write-up
including detailed explanations: 1LaV9xQvmd1gR4fYYWgFMpPXEgAwBYCQN1

If the balance will not reach 10 BTC, I will pay all amounts back. I will also cover the transaction costs myself.

I'm also a developer, and if you're interested, i can verify your claims if needed

[gmaxwell]

I guess you didn't learn after your prior stunts resulting in negative trust?  (For some context Evil-Knievel incorrectly (and seemingly dishonestly) claimed to have compromises for ECDSA in the past and tried charging for them; conduct which he currently bears negative trust for.)

If you believe you have some DOS attack please report it responsibly to bitcoin-security@lists.sourceforge.net  (or feel free to report it encrypted privately to any of the Bitcoin core committers if you think its super critical), just like anyone else does. We consider DOS attacks to be important, but fundamentally you cannot prevent DOS because an attacker can just exhaust your bandwidth, instead DOS is prevented by not exposing your critical infrastructure to the public network directly.  We usually fix several DOS-ish issues in each release, it may also be that anything you know about is already known and a coordinated fix is in progress. In any case, you'll be credited for your contribution.  Demanding an enormous bounty for what sounds like something that is not terribly concerning is unreasonable and isn't likely to happen (it would be incredibly counterproductive to pay you when other people have done _far_ more work and found far more serious issues in the past).

If your actions caused foreseeable and preventable harm to others you may find yourself subject to civil litigation by the harmed parties. I would strongly encourage you to behave responsibly.

[Evil-Knievel]

This message was too old and has been purged

[gmaxwell]

Maybe I would have acted differently if you would have reacted differently back then, meaning facing my ideas with interest (even if they were wrong, as you correctly pointed out) instead of immediate negative trust.

Immediate? Only your continued deceptive behavior earned you that negative trust. Your post was on January 18th, the down rating was on March 18th, in between there there was a half dozen posts by me. You never even backed out your deceptive claims.

[Evil-Knievel]

This message was too old and has been purged

[gmaxwell]

You are right, I was not always transparent, not always right, and not very communicative. But I was working day and night to understand every single part of the software and the protocol, sometimes I was right sometimes I was wrong.Anyways ... I am preparing a video for you right now demonstrating the DOS on a stock Bitcoin 0.9 node (of mine) and send it to you in private.

Why use year old software? I'm not sure what a video is supposed to prove. The bogus ECDSA "cracker" had a proof video too.

[Evil-Knievel]

This message was too old and has been purged

[gmaxwell]

A possible attack scenario would be to shoot down mining pools so that others are favourized. Also netsplits are being a lot easier now, this is a serious bug in my humble opinion.

Mining pools hide their private mining nodes from the network, so it's not quite so simple.

I am just thinking on how to disclose it, because I would like to have my time honored in some manner.
If someone would promise me, to honor my time in a proper way in case the bug really works, I would disclose it (to you privately if preferred) immediately.
I would be also willing to donate all my bitcoins to the bitcoin foundation in case my DOS is not working ;-)

I have a proof of concept script, that will shoot down your local (or any other node that you can reach by its ip) in a manner of microseconds. Ready when you are.

If it's really as simple as send a few messages and crash a node and effects 0.10 then I agree it needs to be fixed right away... You'd be credited in the commit for the fix (and likely a CVE, if its an outright crash), like anyone else who has reported a similar issue. This is the reasonable and customary way things are handled in open source projects, and the only reasonably scalable one (even if you put in 'a lot' of time, it pales in comparison to the thousands of hours put in by others; besides who do you think can afford that? non-technical people don't give a crap about this stuff... they think the software is magic).  I'd also remove the negative trust I have against you here on the forum, since you made good; and not harass you in the future about initial asking for a huge out-of-the-norm bounty in this case. Thats all I can offer.  Otherwise, if something exists here that is unknown, it'll have to wait until someone else rediscovers it.