From: naman naman <namanhd@gmail.com>
To: Vocatus Gate <vocatus.gate@gmail.com>
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] MtGox blames bitcoin
Date: Wed, 12 Feb 2014 02:12:02 +0530 [thread overview]
Message-ID: <CA+SxJWBM0USWETNeDh-oRgOfrU64GiPbL_Qt5hrFN53C42yNxg@mail.gmail.com> (raw)
In-Reply-To: <52F9377D.9010405@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3717 bytes --]
I was talking about a DOS attack in
https://bitcointalk.org/index.php?topic=458608.0 (ofcourse only applicable
to entitys doing the tracking with txids).
Amazing how I did not get a response from any of the devs (except Greg's
response
https://bitcointalk.org/index.php?topic=458608.msg5063789#msg5063789 but
that too was short and not concerning the attack scenario plausibiity as I
replied to him).
Today they are apparently at work here
https://github.com/bitcoin/bitcoin/pull/3651
Amazing how nobody acknowledges it until later when the attack already
happens. The devs need to show some greater level of responsibility.
Don't get me wrong - I am not trying to claim credit for the attack scheme
described (though I do not know of any other place where this was mentioned
earlier as an attack scheme), but I am trying to make the point that people
should just be around and at least make others feel that their concerns are
being read. Now putting this on some place like reddit will only give the
community a bad name.
On a lighter note I messaged some of the devs (as my previous mail says)
saying the attack should be called "thenoblebot" attack (after my handle,
which would inspire me to pursue crypto studies further). It was meant to
be a lame joke. But I had no idea how it would start causing so much
disruption in the ecosystem.
Regards
thenoblebot
On Tue, Feb 11, 2014 at 2:03 AM, Vocatus Gate <vocatus.gate@gmail.com>wrote:
> It's quite simple, really:
>
> Unique transaction == (Inputs+Outputs+ReceivingAddress)
>
> Problem solved. Simply don't rely on TxID for tracking. Can we put this
> issue to rest and move on?
>
>
>
>
> On 2014-02-10 12:40 PM, Peter Todd wrote:
>
> On Tue, Feb 11, 2014 at 01:00:21AM +0530, naman naman wrote:
>
> Hi guys,
>
> Please check this threadhttps://bitcointalk.org/index.php?topic=458608.0for a possible attack
> scenario.
>
> Already mailed Gavin, Mike Hearn and Adam about this :
>
> See if it makes sense.
>
> That's basically what appears to have happened with Mt. Gox.
>
> Preventing the attack is as simple as training your customer service
> people to ask the customer if their wallet software shows a payment to a
> specific address of a specific amount at some approximate time. Making
> exact payment amounts unique - add a few satoshis - is a trivial if
> slightly ugly way of making sure payments can be identified uniquely
> over the phone. That the procedure at Mt. Gox let front-line customer
> service reps manually send funds to customers without a proper
> investigation of why the funds didn't arrive was a serious mistake on
> their part.
>
> Ultimately this is more of a social engineering attack than a technical
> one, and a good example of why well-thought-out payment protocols are
> helpful. Though the BIP70 payment protocol doesn't yet handle busines to
> individual, or individual to indivudal, payments a future iteration can
> and this kind of problem will be less of an issue.
>
> Similarly stealth addresses have an inherent per-tx unique identifier,
> the derived pubkey, which a UI might be able to take advantage of.
>
>
>
>
> ------------------------------------------------------------------------------
> Androi apps run on BlackBerry 10
> Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
> Now with support for Jelly Bean, Bluetooth, Mapview and more.
> Get your Android app in front of a whole new audience. Start now.http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Bitcoin-development mailing listBitcoin-development@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
>
[-- Attachment #2: Type: text/html, Size: 5315 bytes --]
next prev parent reply other threads:[~2014-02-11 20:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-10 11:28 [Bitcoin-development] MtGox blames bitcoin Drak
2014-02-10 11:54 ` sickpig
2014-02-10 12:25 ` Gregory Maxwell
2014-02-10 14:40 ` Isidor Zeuner
2014-02-10 16:30 ` Troy Benjegerdes
2014-02-10 16:45 ` Gregory Maxwell
2014-02-10 18:25 ` Troy Benjegerdes
2014-02-10 18:45 ` Jameson Lopp
2014-02-10 18:53 ` Gavin Andresen
2014-02-10 19:07 ` Troy Benjegerdes
2014-02-10 19:23 ` Peter Todd
2014-02-10 19:30 ` naman naman
2014-02-10 19:40 ` Peter Todd
[not found] ` <52F9377D.9010405@gmail.com>
2014-02-11 20:42 ` naman naman [this message]
2014-02-11 20:49 ` Gregory Maxwell
2014-02-11 20:56 ` naman naman
2014-02-13 12:20 ` naman naman
2014-02-10 16:49 ` Drak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+SxJWBM0USWETNeDh-oRgOfrU64GiPbL_Qt5hrFN53C42yNxg@mail.gmail.com \
--to=namanhd@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=vocatus.gate@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox