Topic: [ATTN!!] Bitcoin Security nearly Breached - page 2. (Read 6751 times)

That's proof of the botnet that Deepbit "doesn't have the ethics to block" for people who like to make damning statements without doing any research.

Very nice to see they are doing something. Ouch that it apparently is capable of snagging legitimate users as well.  Maybe the ip limit is too low verse period of time multiples connect? How many IP's did you have connected, if I may ask?

So this whole supposedly decentralized, resilient crypto-currency comes down to this?  "We trust this one guy.  Why would he want to screw us over?"  Why not just use E-Gold or something and quit wasting electricity?

Also, remember that you're not just trusting Tycho.  You're trusting anyone capable of compromising his systems, or of performing a rubber-hose attack against Tycho himself.  You think he's going to side with us if the Russian mob starts threatening his family?


What good would that do?  I've been watching Deepbit's hashrate hover above and below 50% of the total network this morning.  Most of the miners are probably asleep right now.  As for the rest, if they can't get their shit together to keep things balanced, what makes you think they would do anything about an attack in progress?  It would only take about 2 hours to pull off.

Cuddlefish had a much better idea to solve this problem, but it doesn't seem like anyone's working on that either.  No posts in that thread for a month now.

The chart just pulls hashrate numbers from the pool websites, then divides by the overall network hashrate to get the percentages.

During an attack, the total network hashrate would drop, but the attacking pool would probably continue to report its usual numbers (unless the attacker intentionally changed them).  The "other" category might even go negative, since it just represents the portion not accounted for by the reported pool hashrates, though I'm not sure how that would show up on the chart.

As with all things in life, time will tell what's on whose face... 

Deepbit blocked it then it was shopped over to BTCGuild who caught it and blocked it, then bitcoin.lc who blocked it so far.

You got a little prejudice on your face there.

Well, since you don't speak Russian, perhaps you should use GoogleTranslate and spend some time in the Russian parts of this forum and the internet, before making your own "idiotic posts" about Deepbit... 

As a Russian: "Just saying..." 

You'll note I didn't say it was better - ever.  What I said was "they like DeepBit better than others".

The quality of a product has nothing to do with whether or not people like it better.  It's a contributing factor for some, but Dodge will always sell a ton of Dodge Neons because some people don't care about quality, as long as there are readily available coffee can mufflers and plastic spinner hubcaps for it.

Microsoft's dominance hasn't changed, but it certainly has less of a margin with both OS's and browsers, with browsers slowly sliding towards no longer being dominant.

Microsoft became the predominant OS for several reasons:

-They made the personal computer affordable versus IBM PCs with IBM DOS
-They made deals with computer manufacturers that incentivized them to sell Windows and not OS/2 or Mac or Linux
-Even with less than perfect and sometimes terrible implementation of ideas, they eventually "Get it right" and give people what they want.

The difference with Mac is, they invent something new and its either a.) very useful or b.) they use hype to convince people its a NEED.  Microsoft combines innovation with immitation.

That being said:

I have an apple phone
an apple desktop
an apple laptop
a windows computer
a windows notebook
a windows NETbook
a linux server
and an android tablet.

Each has its own purpose.

Unfortunately I don't speak Russian, so I can't really understand the youtube video, but I'm sure to you and the other 9,000 viewers it was epic

  Right. And Micro$oft Windows became the predominant OS because it was better than all the rest... 
http://www.youtube.com/watch?v=Xda4mZK4wpM  

cheers, m8. Glad you understood my not so carefully drawn out thought there. My main point being the amount of hash power from such a small botnet. The usual assumption I have seen echoed here is that botnets would produce much lower hash per zombie than what was seen from the recent one. Scale it up and it = scary shit.

There are nearly 50% of pool miners there for one reason - they like DeepBit better than the others.

When other sites are more reliable, cheaper, produce more coins, have a nicer interface, whatever the reasoning people are choosing deepbit - they will switch to someone else.

It's not about hacking or stealing coins or any of this other nonsense.  3% commissions on 50% of 154 blocks a day... lets see... excluding the "change", and neglecting the 10% fees on the share miners:

77 * 50 BTC = 5775 BTC per day * 2% = BTC 115.5 per day, or $1732.50 USD at $15/BTC...

Now tell me, when you're already making $52,000.00 a month, or $623k a year conservatively, why are you going to muck around?

People need to stop and think before making these idiotic posts.

Word! Testify!!! Amen!  

If the BtcGuild story is true, BIG UP to them, for having the ethics to do what Deepbit probably doesn't...  

which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.

Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......

Graph doesn't have a title.

Botnets simply cannot contribute that much. The average computer could only hash pathetically. Even tens of thousands of average computers would probably only be 50-100 gh/s.

What i think would be useful is if someone with the right set of skills and resources would monitor Deepbit and Slush, and figure out how much of their power comes from botnet participation... 

BtcGuild was big until they supposedly decided to ditch a botnet and got DDOS'd. It will be interesting what size it will be once it comes back.

Perhaps, on basis of that, we'll be able to make some wild guesses regarding how much of Deepbit is actually botnet power being stolen from unsuspecting internet users... 

Why risk taking a whole block every now and then when you get 3% of each block anyway?

And it isn't risk free, the miner could have software that informs him he has found a block, and if it isn't later reported, it could arouse suspicion.

It's the miner's job to verify the block chain. This is the main nerve of Bitcoin, and it's not affected by locally encrypted files or auditing of services.

If the motive of a pool operator is to discredit Bitcoin rather than profit, this attack would do much more damage than a few exchange rate swings. We've seen how BTC Guild usage recently exploded, so it's not unthinkable that future pools will be able to gain mass network share. If profit is the motive I guess it would be a lot easier to just keep a few blocks now and then without announcing it to the users. And I suspect this is already happening.