Topic: BFL's site is incredibly amateur... (Read 2853 times)

Yes I certainly agree its a tough call between protecting the innocent, and tarring and feathering incompetent admins into taking action.

I think the way that guy did it was better, "you register, ill show you I can get your pw hash" a good mix of publicly outing them, without actually posting the vulnerability itself letter by letter.

(also sorry for MPOE typo on my previous post... autocorrect :/  )

Maybe my opinion is coloured by me having an outstanding order with BFL, but I'm still giving them the benefit of the doubt, in that I understand what they are doing is hard. Maybe that makes me a sucker, time will tell, and if I do lose that money well that will be another one to chalk up to experience. I'm not so naive as to think that every btc 'investment' I make is gonna pay out. Anyway I think thats a different subject!

Me I'd have contacted them at first, and *then* when they didn't do anything start escalating.

The guy claims to do everything, but denies being the Project Manager, even though BFL doesn't officially have one, with him being the COO taking up that role.

I fed your chicken, Jody.
Sonny, I let the gardener go home early, therefore I'll finish planting the flowers.
I'll get that pallet, Dave.
This is the way we mop the floors, mop the floors, mop the floors...
"Cocksucker!" I love answering the emails.
"Any questions, folks, before we end the daily tour at BFL?"
"Acme Components? Yes, we would like to double our order. Make that 40 resisters, 10 power packs..."
So many anniversaries this month, luckily they have me in charge of the party supplies.
"Therefore, Bob, if you cancel your order, you'll lose your place in the queue. Do you really want to cancel, for we is about to ship. Honest Abe! Fine, and for not canceling we're sending you a 10% off coupon to offset the next price increase." Click! "Fuckin' cocksucker!"
Note to self: Make sure there's no known anomalies on the website today.
"One, two, three, four, five... I love counting fans in the warehouse."
Shoutbox: I confirm that bet.
Twitter: I AND BFL confirm our bets.
BT: It's a bet.
BFL Forum: That is why we bet...
Bum on the street: Sorry, bud. I gave my last real money at CES to some dude with a camera.
All my bags are pack, and I'm on the road again, (different song-->) https://www.youtube.com/watch?v=-cfc3rCQOuU

Everything? Oh you mean like those half-assed updates that have no substance? Rrrrright lol

Dont make me laugh Joshy-boy.

I can appreciate the theoretical outlook you're coming from. Here's what happens when you try to contact idiots first: http://www.google.com/search?q=bitdaytrade+reddit

Look through the posts there, you have actually competent people trying to talk the guy into safety and some strutting imbecile puffing a lot of smoke about the imaginary experts he's hired, the imaginary expertise he has and on and on.

Thus I can certainly appreciate the practical outlook of warning the community first. I guess in the end it all comes down to a judgement call. Did the OP think the failed site is administered by sane people likely to take appropiate measures in a timely and effective manner, or did the OP think the failed site is a scam run by patent liars (Vleisides, Zerlan etc)?

Here's something interesting: http://webcache.googleusercontent.com/search?q=cache:V2NAhB0iUlwJ:butterflylabs.com/images/users/000/003/366/066/imageGallery/+&cd=2&hl=en&ct=clnk&gl=us


I only know of one pilot associated with Butterfly Labs, and that person wouldn't have had access to BFL's computer at that time because https://bitcointalksearch.org/topic/m.1071218

It's a shame that image is no longer available. Or is it?

sense disagree with mope-pr. ALERT! seek clarification?

are you saying its good practice to out people's security vulnerabilities without contacting them first?

At first I wanted to mention Aaron Swartz as counter argument, but realized that MPOE-PR is right. Mostly shithole noncountries like Iran, USA or China are affected
edit: to be a little positive +1 for Inaba's reaction.

Pretty lulzy stuff.


Yeah, right. In you know...Iran. Or whatever other shithole noncountry.

You posted it because you wanted to flex your e-peen.

I'm sure everyone is glad that you decided there time was best spent fixing this.

At least you guys responded to this quick and got it fixed. There was a lot more that could have been done with malicious intent.

Say what you will about Josh's usual responses, but this IMO was the perfect reaction to this situation.

Crack the whip!

I agree, it's the responsibility of the designer/programmer.  I am displeased with this and will be investigating it going forward.  Sometimes it feels like I have to do everything myself.

Agreed hackers like exploring architecture and systems its a natural instinct and curiosity just make a good defense so we can learn
Sides we always say evil hackers we mean evil crackers lol (Evil soda crackers since they are the new overlords XD

Well said.

Which is ridiculous. We need people to focus on security if they are coding something especially a website. Sometimes I think that all that some programmers think while they are coding is that it has to work during their 10sec testing and if someone breaks into their system they say: "It wasn't my fault it's always these evil hackers who have nothing better to do than destroying my hard work".
Breaking into systems and therefore exposing ppl to the laugh of the public must be legalized to improve security. There are way to many amateurs running big projects. We need a way to legally knock them out.

Not the right directory I believe

It's fine and dandy to believe that, except by outing this, you've put other people's information at risk. Let's say somebody does get into BFL's systems, what kind of information do you think they have stored on their servers? Information that somebody who has a vendetta against bitcoin could put to good use, such as the mailing addresses of tens of thousands of people. Not to mention any related payment information.

That's weak coding nice infiltration do that myself sometimes
http://www.butterflylabs.com/images/admin/butterfly-admin.jpg

The fastest way to get anything fixed is public outing.

Agree with mustyoshi. People go to jail for a *long* time for doing what n4ru just did.