Bitcoin Forum
December 10, 2016, 06:49:55 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [59] 60 61 62 63 64 65 66 67 68 »
  Print  
Author Topic: Presseberichte / Bedeutsame Erwähnungen  (Read 150399 times)
bjack0815
Full Member
***
Offline Offline

Activity: 132


View Profile
August 08, 2014, 09:44:18 AM
 #1161

War's das jetzt mit dem Dax und den FIAT-Währungen?  Cheesy
Ist nun die grosse Chance für den Bitcoin gekommen?

http://www.handelsblatt.com/finanzen/boerse-maerkte/boerse-inside/dax-im-tiefenrausch-die-grosse-angst-der-deutschen-anleger/10209126.html

Work hard, play hard.
1481395795
Hero Member
*
Offline Offline

Posts: 1481395795

View Profile Personal Message (Offline)

Ignore
1481395795
Reply with quote  #2

1481395795
Report to moderator
1481395795
Hero Member
*
Offline Offline

Posts: 1481395795

View Profile Personal Message (Offline)

Ignore
1481395795
Reply with quote  #2

1481395795
Report to moderator
1481395795
Hero Member
*
Offline Offline

Posts: 1481395795

View Profile Personal Message (Offline)

Ignore
1481395795
Reply with quote  #2

1481395795
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481395795
Hero Member
*
Offline Offline

Posts: 1481395795

View Profile Personal Message (Offline)

Ignore
1481395795
Reply with quote  #2

1481395795
Report to moderator
1481395795
Hero Member
*
Offline Offline

Posts: 1481395795

View Profile Personal Message (Offline)

Ignore
1481395795
Reply with quote  #2

1481395795
Report to moderator
1481395795
Hero Member
*
Offline Offline

Posts: 1481395795

View Profile Personal Message (Offline)

Ignore
1481395795
Reply with quote  #2

1481395795
Report to moderator
dewdeded
Legendary
*
Offline Offline

Activity: 826


Monero Evangelist


View Profile WWW
August 12, 2014, 05:26:24 AM
 #1162

---
BGP Hijacking for Cryptocurrency Profit
Author: Pat Litke and Joe Stewart, Dell SecureWorks Counter Threat Unit

Date: 7 August 2014

Overview

The Dell SecureWorks Counter Threat Unit™ (CTU) research team discovered an unknown entity repeatedly hijacking networks belonging to Amazon, Digital Ocean, OVH, and other large hosting companies between February and May 2014. In total, CTU researchers documented 51 compromised networks from 19 different Internet service providers (ISPs). The hijacker redirected cryptocurrency miners' connections to a hijacker-controlled mining pool and collected the miners' profit, earning an estimated $83,000 in slightly more than four months.

Mining fundamentals

In cryptocurrency, "mining" is the act of validating transactions listed in the public ledger (also known as the block chain). When a transaction is initiated, it is placed in a queue where it is prioritized based on the date and time of submission, and the size of the affixed transaction "fee." Working from the top of the queue, miners cryptographically attempt to "find a block," which entails crunching numbers to satisfy a particular formula while simultaneously agreeing as network that the calculated results are valid. Mining is a generic activity; the mining pool dictates which cryptocurrency is mined.

Each time a miner finds a block, new bitcoins are created. The number of new coins that are created varies; as of this publication, 25 new coins are minted for every block found. The miners who contributed to finding the block are awarded a percentage of a "block reward," which amounts to the sum of the 25 newly created bitcoins plus the total of all fees from transactions in the block. The percentage is based on the miner's individual contribution to the discovery. This process allows miners to make money by using their computing resources to verify transactions for other users.

Addresses

Addresses are "accounts" that can receive funds. In cryptocurrency, these addresses are long strings of numbers and letters that correlate to a "private key." The private key is first used to generate the address, and subsequently allows a user to transfer or "spend" currency. A user may receive currency without a private key, but must have the private key to spend the cryptocurrency.

Stratum

Miners begin the mining process by contacting a pool server, which sends information to the miner, tracks individual miners' work, and pays rewards accordingly. The pool server can send commands with the work to have a miner perform various tasks, such as reconnecting elsewhere for load balancing. Miners communicate with the network using the Stratum protocol, which is a JSON-based TCP connection. Once a TCP connection is established, JSON is transferred between the miner and the pool server, allowing communications to be easily monitored.

Hijacking discovery

On March 22, 2014, a user named "caution" posted a message in the bitcointalk.org forum indicating that suspicious activity was occurring on mining systems connected to the wafflepool.com mining pool (see Figure 1).

Figure 1. Bitcointalk.org forum message indicating suspicious activity. (Source: bitcointalk.org)


Several users in this forum and other cryptocurrency forums noticed similar activity — mining systems mysteriously redirected to an unknown IP address that answered with the Stratum protocol. Once connected to this IP address, miners continued to receive work but no longer received block rewards for their mining efforts. Hijackers harnessed miners' hashing power by redirecting legitimate mining traffic destined for well-known pools to a malicious server masquerading as the legitimate pool: Miners continuously connect to a legitimate pool for tasks.

The hijacker begins an attack
When miners attempt to connect to the legitimate pool, a new BGP route directs their traffic to a pool maintained by the hijacker.
This malicious pool sends each rerouted miner a client.reconnect command, instructing them to connect to a second pool maintained by the hijacker. By convincing the miners to connect to this second malicious pool rather than the original malicious pool, the hijacker filters out traffic that has already been hijacked so it is not hijacked again.
The hijacker ceases the attack. Miners that were redirected to the hijackers pool continue to see tasks and perform work, but are not compensated. Miners who were not redirected remain unaffected.
The hijacker repeats the process in short bursts, allowing the activity to continue unimpeded for months.
BGP fundamentals

Border Gateway Protocol (BGP) is an external routing protocol that connects networks on the Internet. Networks use BGP peering to become aware of other networks' existence. Unlike network routing protocols that can automatically initiate a connection from one network, both ends of BGP-connected networks (also known as a "peers") must be manually configured to communicate. This requirement ensures malicious networks cannot hijack traffic without human intervention from a legitimate network.

Figures 2, 3, and 4 show how threat actors used bogus BGP broadcasts to redirect traffic to the hijacker's server.

Figure 2. A broadcast of the malicious route in progress. Because AS3 is 'peered' with AS4, the malicious broadcast is accepted. AS3's broadcast is more specific than AS2's broadcast, so BGP prioritizes it above the AS2 broadcast. (Source: Dell SecureWorks)


Figure 3. Route to legitimate pool server before hijacking. (Source: Dell SecureWorks)


Figure 4. Route to malicious pool server after hijacking. (Source: Dell SecureWorks)


Timeline of hijacker's BGP announcements

Although public reports of hijacked miners began on March 22, 2014, CTU research into historical BGP route announcement data indicates that the hijacking attempts began on February 3. In total, CTU researchers documented 51 compromised networks at 19 different Internet service providers, including Amazon, Digital Ocean, OVH, and other large hosting companies. Appendix A contains a complete list of route hijacking incidents by date.

The data shows that the hijacker attempted to broadcast illegitimate routes for an entire week in February. That activity was apparently unnoticed in the cryptocurrency mining communities, which may suggest that the initial hijacks were not successful.

CTU researchers contacted a hijacked miner who lost profits over a period of a few weeks. Figure 5 charts the output of his mining activity over the time period in question. CTU researchers observed the correlation of hijacking events and the payouts normally received from his mining pool (called Hashfaster). The threat actor hijacked the mining pool, so many cryptocurrencies were impacted. The protocols make it impossible to identify exactly which ones, but CTU researchers have mapped activity to certain addresses.

Figure 5. Dogecoins earned by hijacked Hashfaster miner. The miner did not immediately notice the hijacks at the end of March, leading to a long gap in earnings. The hijacks in April were caught faster. (Source: Dell SecureWorks)


By adding a firewall rule to block traffic destined to the hijacker's mining server, the miner was able to reject the hijack on April 11. His payouts then resumed their regularity. Although the 8000 lost Dogecoins amounted to a few dollars, hijacking hundreds or thousands of small miners can be very lucrative.

Estimating the hijacker's earnings

The hijacker earned an estimated $83,000 in slightly more than four months. The graph in Figure 6 represents the estimated earnings for the five cryptocurrency addresses associated with the hijacker. This graph is incomplete due to a lack of data from March 29 to April 11, 2014. While Figure 6 does not prove that other payout addresses exist, it does strongly indicate that other currencies were being mined.

Figure 6. Estimated earnings for hijacker-controlled cryptocurrency addresses. No data was available between March 29 and April 11, 2014. (Source: Dell SecureWorks)


Dogecoin, HoboNickels, and Worldcoin

These three currencies were easy to extrapolate from the datasets because a central authority communicates with the clients. Correlating payouts to hijack events strongly suggests that the addresses in question belonged to the pool operator, who in this case happens to be the hijacker.

Bitcoin

Determining the Bitcoin address was challenging due to the nature of the peer-to-peer protocol used by the decentralized P2Pool Bitcoin mining pool. CTU researchers examined all addresses from the respective pool server and compared them to addresses in the Stratum traffic. Matching hijack events with payouts revealed one address, charted in Figure 6.

Attribution

All malicious BGP announcements were traced to a single router at an ISP in Canada. The hijacker likely fits one of the following descriptions:

- A rogue employee of the ISP
- A rogue ex-employee of the ISP with an unchanged router password
- A malicious hacker

On May 9, 2014, the CTU research team provided the BGP evidence to the upstream ISP closest to the origin of the malicious activity. The malicious BGP announcements stopped three days later and have not resumed as of this publication. However, the ISP did not disclose details about the source of the malicious changes to the router's configuration.

Route hijacking mitigation

An estimated $2.6 million in cryptocurrency mining activity occurs each day. Every network administrator should prepare for the risk of narrowly-focused, malicious BGP hijacking incidents. ISPs should opt-in to the Resource Public Key Infrastructure (RPKI) service, which leverages the power of encryption to ensure that IP prefixes belonging to an ISP can only originate from specified ASNs.

From a cryptocurrency perspective, the easiest option for pool servers is to require miners to use the Secure Socket Layer (SSL) protocol. SSL prevents a system from being redirected to a different server, even if the IP address is the same. Miners should also implement server certificate validation. This validation ensures that the certificate the pool server sends when establishing the connection is valid and authorized for use with the connected domain, even if the domain's IP address changes.

Conclusion

BGP peering requires that both networks be manually configured and aware of one another. Requiring human interaction for proper configuration makes BGP peering reasonably secure, as ISPs will not peer with anyone without a legitimate reason. These hijacks and miner redirections would not have been possible without peer-to-broadcast routes. Although BGP hijacking is possible, the overall threat is minimal.

Additional information

Litke, Pat and Stewart, Joe. "Enterprise Best Practices for Cryptocurrency Adoption." Dell SecureWorks. January 27, 2014. http://www.secureworks.com/resources/articles/featured_articles/enterprise-best-practices-for-cryptocurrency-adoption

Litke, Pat; Stewart, Joe; and Small, Ben. "Cryptocurrency-Stealing Malware Landscape." Dell SecureWorks. February 26, 2014. http://www.secureworks.com/cyber-threat-intelligence/threats/cryptocurrency-stealing-malware-landscape/
---

Quelle: http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/
bjack0815
Full Member
***
Offline Offline

Activity: 132


View Profile
August 12, 2014, 07:10:43 AM
 #1163

US-Verbraucherschützer warnen vor Bitcoins

http://www.gaeubote.de/gb_27_110664289-1-_US-Verbraucherschuetzer-warnen-vor-Bitcoins.html

Und wer warnt uns vor den FIAT-Währungen?

Work hard, play hard.
bjack0815
Full Member
***
Offline Offline

Activity: 132


View Profile
August 15, 2014, 07:42:09 AM
 #1164

Bitcoins: Ebay könnte virtuelle Währung einführen

http://www.tagesspiegel.de/wirtschaft/bitcoins-ebay-koennte-virtuelle-waehrung-einfuehren/10337120.html

Work hard, play hard.
herzmeister
Legendary
*
Offline Offline

Activity: 1764



View Profile WWW
August 22, 2014, 12:18:30 PM
 #1165

https://netzpolitik.org/2014/der-kopf-hinter-bitcoin-gavin-andresen/

https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
weglaufbürger
Sr. Member
****
Offline Offline

Activity: 351


guckguck...hallöle


View Profile
August 22, 2014, 03:17:27 PM
 #1166


ebenso:  http://www.heise.de/newsticker/meldung/Der-wahre-Mann-hinter-Bitcoin-2298538.html


Zwei Monologe, die sich gegenseitig immer und immer wieder unterbrechen, nennt man Diskussion.
600watt
Legendary
*
Offline Offline

Activity: 1316


View Profile
August 28, 2014, 01:16:49 PM
 #1167

http://www.faz.net/aktuell/finanzen/devisen-rohstoffe/die-schwierigkeiten-der-bitcoin-produzenten-13116632.html


Quote
Als Zahlungsmittel wurden Bitcoins aber seit jeher von sehr wenigen Menschen behandelt. Schon im Internet gibt es nur wenige Unternehmen, bei denen man mit der digitalen Währung zahlen kann. Im realen Leben sind es noch weniger. Die Suche nach solchen Läden gleicht der nach einer Nadel im Heuhaufen.
herzmeister
Legendary
*
Offline Offline

Activity: 1764



View Profile WWW
August 28, 2014, 01:33:04 PM
 #1168

die FAZ immer mit ihrem
Quote from: FAZ
/devisen-rohstoffe/

https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
weglaufbürger
Sr. Member
****
Offline Offline

Activity: 351


guckguck...hallöle


View Profile
August 28, 2014, 10:32:08 PM
 #1169

Das dürfte dann wohl der nächste Sargnagel für den Euro und für Euroland sein:

Banken galten ja als "to big to fail", sodaß deren Rettung immer dem unbeteiligten Bürger auferlegt wurde und die eigentlichen Gläubiger der Pleitebank wurden somit immer mit Steuergeld gerettet. Das Bundesland Kärnten in Östereich macht hier jetzt einen Rückzieher. Ursprünglich hatte Kärnten für die Hypo Alpe Adria gebürgt, sodaß z.B. die Bayrische Landesbank ihr schlappe 2 Milliarden Euro geliehen hatte. Nunmehr plant Kärnten wortbrüchig zu werden und weigert sich, der Bayrischen Landesbank die 2 Mrd. € zu erstatten, die die Hypo Alpe Adria nicht mehr zahlen kann:

http://www.spiegel.de/wirtschaft/soziales/hypo-alpe-adria-oesterreich-kippt-garantien-fuer-glaeubiger-a-974636.html

Die vollmundigen Garantieversprechen von Dragi dürften jetzt weiter erodieren und andere Euroteilnehmer werden sich u.U. Östereich anschließen: http://www.foonds.com/article/32025//fullstory

Und Ja, unsere 2 Mrd. €, die Seehofer damals hat springen lassen, sind damit auch futsch..... jaja, der Horscht.... der wird`s scho richten....


Zwei Monologe, die sich gegenseitig immer und immer wieder unterbrechen, nennt man Diskussion.
herzmeister
Legendary
*
Offline Offline

Activity: 1764



View Profile WWW
August 29, 2014, 08:35:03 AM
 #1170

fefe rantet mal wieder  Grin

https://blog.fefe.de/?ts=ad015250

https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
Zephir
Hero Member
*****
Offline Offline

Activity: 533



View Profile
August 29, 2014, 09:40:17 AM
 #1171

fefe rantet mal wieder  Grin

https://blog.fefe.de/?ts=ad015250

Dein Link führt zu einem SSL Fehler.
Ohne dem s bei http: funzt der link.

Er rantet diesmal gar nicht so sehr übern btc sondern über den Monero und dessen von Anfang an mit Absicht eingebauten "Fehlern".
Als ob es bei den meisten Altcoins nicht so zugehen würde.

Lässt sich auch so vergleichen: Btc ist ein hochqualitatives Produkt, bei dem penibelst auf Fehler geachtet wird und diese nach Möglichkeit auch sofort ausgebessert werden, während 99% aller Altcoins billige Kopien sind, die von seriösen Programmierern und Entwicklern nicht mal beachtet werden.

Mich wundert ja, warum er sich immer wieder damit beschäftigt, wenn es ihn "überhaupt nicht interessiert".
Bekommt er sonst zuwenige Klicks?

Signatures lead to paid signature programs which leads to spam!

Clearly we must eliminate the signatures... or ban the paid sig programs
weglaufbürger
Sr. Member
****
Offline Offline

Activity: 351


guckguck...hallöle


View Profile
August 29, 2014, 09:45:02 AM
 #1172

fefe rantet mal wieder 
Toller Spagat....Fefe macht sich über Sozialkanibalismus lustig und refinanziert sich selbst über ein schuldbasiertes Flattrsystem, das diesen fördert.


Mich wundert ja, warum er sich immer wieder damit beschäftigt, wenn es ihn "überhaupt nicht interessiert".
Grin..... das ging mir auch durch den Kopf als ich las:   "....und eigentlich interessieren mich diese ganzen Krypto-Currencies alle überhaupt gar nicht"


Zwei Monologe, die sich gegenseitig immer und immer wieder unterbrechen, nennt man Diskussion.
herzmeister
Legendary
*
Offline Offline

Activity: 1764



View Profile WWW
August 29, 2014, 09:55:39 AM
 #1173

er rantet (wie schon so oft) halt über die umweltaspekte allgemein, und wegen dem monero versteht er in der tat nicht, dass es eher mal wieder beweist, was die meisten altcoin-anbieter für dampfplauderer sind. man kann sowas wie absichtlich schlechte performance (vermutlich wg. besserer asic-resistenz) ja schließlich nicht in einem protokoll festlegen.

Dein Link führt zu einem SSL Fehler.
Ohne dem s bei http: funzt der link.

youmustbenewhere.png

fefe, ccc, einige piraten-sites und viele andere aus dem dunstkreis benutzen self-signed zertifikate (oder solche von einem verein, der von vielen browsern per default nicht eingetragen ist; du musst das zertifikat manuell eintragen, im "club" ist das quasi initiationsritus)

haben sie schon recht damit, es gab schon immer grobe Design-Fehler in der Architektur von https (eine verschlüsselte End-zu-End-Verbindung ist ein ganz anderes Bedürfnis als die Bestätigung der Echtheit der Identitäten von Website-Anbietern durch dritte Vertrauensträger, aber man hat das alles in einen Topf geworfen), wahrscheinlich absichtlich, um von wenigen Anbietern abhängig zu werden, wo NSA & co ja dann leicht Hintertürchen platzieren können.


https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
ionication
Full Member
***
Offline Offline

Activity: 151


View Profile
August 29, 2014, 08:42:44 PM
 #1174


Der Artikel ist in großen Teilen ein unglaublich haarsträubendes Sammelsurium von amateurhaften Spekulationen über mögliche Ursachen des BTC-Kursverlaufs. Was für eine miese Qualität von der FAZ.
600watt
Legendary
*
Offline Offline

Activity: 1316


View Profile
August 30, 2014, 09:23:05 PM
 #1175

http://www.taz.de/Online-Waehrung-Bitcoin/!144634/


Quote
Für Nutzer, die Bitcoins nicht als Spekulationsobjekt, sondern als Währung sehen, spricht dennoch gerade in Zeiten weitgehender Überwachung ein nicht zu unterschätzendes Argument für Bitcoins: Wer mit ihnen zahlt, hinterlässt deutlich weniger Datenspuren als mit Kreditkarte oder Paypal.
Geben sich Nutzer ein bisschen Mühe, ist selbst mit geheimdienstlichen Mitteln nicht immer herauszufinden, wer hinter einer Zahlung steckt. Das ist nicht nur für illegale Zwecke interessant: Auch wer ein E-Book oder einen Film ersteht, will vielleicht nicht in jedem Fall, dass das Unternehmen oder Geheimdienste über bestimmte Vorlieben Bescheid wissen. Die wachsende Anhängerschaft führt dazu, dass auch Unternehmen zunehmend darüber nachdenken, Bitcoins zu akzeptieren. Etwa die französische Supermarktkette Monoprix, die in Aussicht stellte, dass Kunden ab Jahresende in Bitcoins zahlen können. Oder Ebay, wo derzeit Berichten zufolge über erste Testläufe verhandelt werden soll.

gar nicht übel, dieser teil  Smiley
yxt
Legendary
*
Offline Offline

Activity: 1848



View Profile WWW
August 31, 2014, 11:10:24 AM
 #1176

fixed: http://www.taz.de/Online-Waehrung-Bitcoin/!144634/

Xer0
Hero Member
*****
Offline Offline

Activity: 826


°^°


View Profile
September 03, 2014, 06:54:12 PM
 #1177

http://www.heise.de/newsticker/meldung/Uni-Zuerich-Bitcoin-App-Coinblesk-im-Mensatest-2319324.html

mal endlich real-use cases Cheesy
Lincoln6Echo
Legendary
*
Offline Offline

Activity: 1470



View Profile
September 03, 2014, 06:59:18 PM
 #1178


Da wäre so gut, wenn es dass auch an deutschen Universitäten/Hochschulen gäbe! *Träum*


             ▄████████████████████████████████████████████████████████████▄
            ██                          ▄▄▄▄▄▄                           ██
           ██  ██████                ▄██████████▄     ████████████████████▀
          ██  ████████             ▄████▀   ▀████▄    ████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
         ██  ████  ████           ████▀       ▀██▀    ████
        ██  ████    ████        ▄███▀                 ████

       ██  ████      ████       ███▀                  ████▄▄▄▄▄▄▄▄▄▄
      ██  ████        ████      ███                   ██████████████
     ██  ████          ████     ███▄                  ████▀▀▀▀▀▀▀▀▀▀

    ██  ████████████████████    ▀████                 ████
   ██  ██████████████████████    ▀████▄        ▄██▄   ████

  ██  ████                ████     ▀████▄   ▄████▀    ████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ██  ████                  ████      ▀██████████▀     ████████████████████▄
  ██                                    ▀▀▀▀▀▀                           ██
   ▀█████████████████████████████████████████████████████████████████████▀

║║
║║
║║
yxt
Legendary
*
Offline Offline

Activity: 1848



View Profile WWW
September 03, 2014, 08:28:51 PM
 #1179

cool

herzmeister
Legendary
*
Offline Offline

Activity: 1764



View Profile WWW
September 09, 2014, 03:10:08 PM
 #1180

http://www.heise.de/newsticker/meldung/Bitcoin-Erfinder-Satoshi-Nakamoto-Hacker-will-Mail-Account-gekapert-haben-2373445.html

https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
Pages: « 1 ... 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [59] 60 61 62 63 64 65 66 67 68 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!