What would hackers benefit from hacking that site? There is no use of that bitcoin.org except more information about bitcoin, which can be done using many platforms.
Bitcoin does not need an official page or account documentation.
Bitcoin.org and bitcoin.com has no difference between them? Its words can be used by scammers, but everyone will still trust bitcoin with red logo.
it is a waste of 70000 dollar
Topic: bitcoin.org , in danger of being compromised?? (Read 698 times)
I agree with Amishmanish. The issue here is that we have no idea what is stated in the contract between involved parties (if there is any sort of contract at all). Also, we dont have enough information to figure out what is Cobra`s intention here. Right?
Strong encryption is strong. Weak encryption is weak.
*All* SSL is extremely weak, on the borderline of snake oil.Anyone who can MITM a HTTP request coming from almost any public CA to the target domain in question can obtain a valid certificate. The only thing SSL provides meaningful protection against is MITM who are near the end user (e.g. their ISP or open hotspot, etc).
I haven't looked into detail of the above report, but generally you need to be careful with these auditing tools, because they often ding fairly harmless settings differences which are necessary for compatibility with older browsers and which don't make a practical difference for security. Sometimes following them too aggressively can actually lower the security in practice by forcing some users off HTTPS.
Given the generally low security of HTTPS, stuff like 4096 bit RSA vs 2048 bit is mostly security theatre. Sure, why not, google doesn't ding sites as much anymore for having a slower connection due to HTTPS. ... but it's not something that is worth basically any attention.
~
posting this comment multiple places on this forum doesn't help anyone. you should open an issue here if you want it to be seen by those who can change this: https://github.com/bitcoin-dot-org/bitcoin.org/issues
also i am curious whether this is even needed for a site like bitcoin.org. the current certificate is already secure and good enough. not to mention that there is no sensitive data being communicated between the user and the site to want encryption in first place.
the most important thing is downloading bitcoin core which doesn't matter even if you download it over http (without SSL) because you have to verify its signature anyways.
It helps everyone, it helps to ascertain who really cares ...
Strong encryption is strong. Weak encryption is weak.
~
posting this comment multiple places on this forum doesn't help anyone. you should open an issue here if you want it to be seen by those who can change this: https://github.com/bitcoin-dot-org/bitcoin.org/issues
also i am curious whether this is even needed for a site like bitcoin.org. the current certificate is already secure and good enough. not to mention that there is no sensitive data being communicated between the user and the site to want encryption in first place.
the most important thing is downloading bitcoin core which doesn't matter even if you download it over http (without SSL) because you have to verify its signature anyways.
@Cøbra (others?)
Wakey wakey!
Notification - Kindly fix up your Lets Encrypt SSL Certificate ... it is currently capped to a grade B ...
- https://www.ssllabs.com/ssltest/analyze.html?d=bitcoin.org&hideResults=on
SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols ...
- https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols
Has insecure cypher suites ...
- https://en.wikipedia.org/wiki/Cipher_suite
Is therefore vulnerable to the BEAST attack ...
- https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat
Your also using an RSA 2048 bits publickey certificate despite Lets Encrypt supporting RSA 4096 bits publickey certificates, out-of-the box ...
...
How to Guide ...
See: https://ssl-config.mozilla.org/
Example;
You need to update the # intermediate configuration ssl_protocols and ssl_ciphers .
Then use certbot to upgrade your certificate publickey to RSA 4096 bit
Cheers!
EDIT: also bitcointalk.org ...
- https://bitcointalksearch.org/topic/m.54643075
Wakey wakey!
Notification - Kindly fix up your Lets Encrypt SSL Certificate ... it is currently capped to a grade B ...
- https://www.ssllabs.com/ssltest/analyze.html?d=bitcoin.org&hideResults=on
SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols ...
- https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols
Has insecure cypher suites ...
- https://en.wikipedia.org/wiki/Cipher_suite
Is therefore vulnerable to the BEAST attack ...
- https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat
Your also using an RSA 2048 bits publickey certificate despite Lets Encrypt supporting RSA 4096 bits publickey certificates, out-of-the box ...
...
How to Guide ...
See: https://ssl-config.mozilla.org/
Example;
Code:
# generated 2020-06-18, Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.4
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /path/to/dhparam;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# replace with the IP address of your resolver
resolver 127.0.0.1;
}
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.4
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /path/to/dhparam;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# replace with the IP address of your resolver
resolver 127.0.0.1;
}
You need to update the # intermediate configuration ssl_protocols and ssl_ciphers .
Then use certbot to upgrade your certificate publickey to RSA 4096 bit
Code:
sudo certbot --nginx -d bitcoin.org -d www.bitcoin.org --rsa-key-size 4096
Cheers!
EDIT: also bitcointalk.org ...
- https://bitcointalksearch.org/topic/m.54643075
...
Kasabian - eez-eh ...
- https://youtu.be/ST6nEvIEY4s
There must also be a lot more behind this, I do not think Cobra will just fire him for one incident. The aftermath of this will most probably generate a lot more controversy, with both sides "washing dirty clothes" in public and possibly a competitor site popping up in the future that are owned by Binns. 
Let's pop the popcorn and sit back to watch the show.
I think it is unnecessary and even counter-productive to assign any kind of "controversy" to this topic. The whole thing was quite maturely and amicably settled by Cobra as well as Binns. If you read their discussion, cobra had no intention of trying to portray bitcoin.org as some sort of "sole source on bitcoin", so the question of a competitive site does not arise.Let's pop the popcorn and sit back to watch the show.
Plus, the way Bitcoin functions, nobody should need to trust the site anyways. You simply verify it for yourself. It is just that despite there no being a single central authority, there will always be some sort of trustworthy figures that bitcoin community will look up to. Legacy and continuity of commitment is what matters then. Cobra has that and that is the reason he had the last word in this despite Binn being pretty confident that he can represent the site by himself.
Cobra was 100% correct to act in the way he did, you cannot be a site admin and claim to have ownership in the site. A site like that is also very valuable and it has historical significance.
Exactly mate,and how can He claim such thing when there are million of people that already Know His position and he cannot even prove this in long run. A site like that is also very valuable and it has historical significance. And this claim is very valuable for Him to take part.
Quote
There must also be a lot more behind this, I do not think Cobra will just fire him for one incident. The aftermath of this will most probably generate a lot more controversy, with both sides "washing dirty clothes" in public and possibly a competitor site popping up in the future that are owned by Binns.
Cobra will do it of course because this is a clear violation of being a site manager to get involved in this kind of issue.Quote
Let's pop the popcorn and sit back to watch the show.
Watching as well here with Big Popcorn on my lap.
Cobra was 100% correct to act in the way he did, you cannot be a site admin and claim to have ownership in the site. A site like that is also very valuable and it has historical significance.
There must also be a lot more behind this, I do not think Cobra will just fire him for one incident. The aftermath of this will most probably generate a lot more controversy, with both sides "washing dirty clothes" in public and possibly a competitor site popping up in the future that are owned by Binns.
Let's pop the popcorn and sit back to watch the show.
A site like that is also very valuable and it has historical significance. There must also be a lot more behind this, I do not think Cobra will just fire him for one incident. The aftermath of this will most probably generate a lot more controversy, with both sides "washing dirty clothes" in public and possibly a competitor site popping up in the future that are owned by Binns.
Let's pop the popcorn and sit back to watch the show.
The post by Cobra where he showed all the DM screenshots convincingly show that Binns assumed he had right over the domain as he had been working on the site for sometime. He is the one who mentioned at one point, "Maybe we should talk about this with an attorney?".
It may have come to him as a rude shock that Cobra was not willing to let him play the role of bitcoin.org representatives to Mozilla and other organisations. Cobra clearly told him that he can accept the grant in his own name as "Mozilla supports Will Binn's work on bitcoin.org". He did not want the media spin to be "Mozilla invests in bitcoin.org". That is in line with his repeatedly shown desire to not corporatize bitcoin.org.
He devotedly stuck to his stand and explained it to Binns. At the end of which, Binn seem to have shown a desire to assert his ownership by talking about bringing attorneys. On his rights being revoked, he took over the treasury funds which, seemingly, was a coercive measure. To Binn's credit, he realized that it'll only harm his image and Cobra still has community's trust on this. He sent back the 9.8 BTC on the treasury and for the moment, all seems to have settled.
That doesn't change the fact that Cobra was and is still looking to handover the reins to someone trustworthy. (He talked about a developer which i think could be Greg.) Nothing is compromised and Cobra may have in fact, just warded off another takeover attempt.
It may have come to him as a rude shock that Cobra was not willing to let him play the role of bitcoin.org representatives to Mozilla and other organisations. Cobra clearly told him that he can accept the grant in his own name as "Mozilla supports Will Binn's work on bitcoin.org". He did not want the media spin to be "Mozilla invests in bitcoin.org". That is in line with his repeatedly shown desire to not corporatize bitcoin.org.
He devotedly stuck to his stand and explained it to Binns. At the end of which, Binn seem to have shown a desire to assert his ownership by talking about bringing attorneys. On his rights being revoked, he took over the treasury funds which, seemingly, was a coercive measure. To Binn's credit, he realized that it'll only harm his image and Cobra still has community's trust on this. He sent back the 9.8 BTC on the treasury and for the moment, all seems to have settled.
That doesn't change the fact that Cobra was and is still looking to handover the reins to someone trustworthy. (He talked about a developer which i think could be Greg.) Nothing is compromised and Cobra may have in fact, just warded off another takeover attempt.
The site is originally being maintained by Cobra, and that puts in the position of being the leader over the site and he’s in the rightful position to remove Binns if he thinks that he’s not doing something right. I don’t really see the reason why Binns will be trying to take legal actions against him lolz, when it’s clear that he was just contracted to be maintaining the website.
Since, the original person in charge has said he doesn’t want him to be involved any longer, then he should pack his things and leave for good. There is really no reason here to be taking legal actions against Cobra. And moreover I don’t see why Binns would try to involve Mozilla and claim ownership in something that doesn’t belong to him just because of money.
Since, the original person in charge has said he doesn’t want him to be involved any longer, then he should pack his things and leave for good. There is really no reason here to be taking legal actions against Cobra. And moreover I don’t see why Binns would try to involve Mozilla and claim ownership in something that doesn’t belong to him just because of money.
People like to point out that Cobra has been doing flip-flops recently. In his defense, he has only had a bit of occasional falling out with the maximalist crowd. In some of his tweets, he expressed a kind of desire to have healthy competition between the two communities rather than constant trolling. Yet, he loves bitcoin and its legacy too much to not be able to judge someone like Roger Ver for what that twat is.
Like everyone pointed out, Bitcoin.org is as clean and trustworthy as can be. The stuff is ONLY about bitcoin. He could have long went for a more commercial look but he hasn't. That alone speaks of his credibility. Yet, we can all agree that times are changing. Nobody knows who Cobra is. Maybe he is just another young man undergoing change of circumstances and evolving his own ideologies. Or he is an old man who wants to handover the reins. He is graceful enough to accept in that post that he wants the successor to not be as drama prone as he someone was. In my opinion, any man who has that level of self-reflection is a trustworthy person. Unlike some of the psychos out here who just can never be wrong. (People arguing with StonerStanley, this guy is Techy level convinced, no use engaging).
Even if the ownership passes on, it'll always have to be another bunch of people who run it with certain basic tenets of not compromising on Bitcoin's values. Rest depends on a lot of other dynamics.
Like everyone pointed out, Bitcoin.org is as clean and trustworthy as can be. The stuff is ONLY about bitcoin. He could have long went for a more commercial look but he hasn't. That alone speaks of his credibility. Yet, we can all agree that times are changing. Nobody knows who Cobra is. Maybe he is just another young man undergoing change of circumstances and evolving his own ideologies. Or he is an old man who wants to handover the reins. He is graceful enough to accept in that post that he wants the successor to not be as drama prone as he someone was. In my opinion, any man who has that level of self-reflection is a trustworthy person. Unlike some of the psychos out here who just can never be wrong. (People arguing with StonerStanley, this guy is Techy level convinced, no use engaging).
Even if the ownership passes on, it'll always have to be another bunch of people who run it with certain basic tenets of not compromising on Bitcoin's values. Rest depends on a lot of other dynamics.
This is not the first time that the bitcoin.org website has sparked controversy
For me, this is an inverted reflection of the Bitcoin movement as a whole: the authoritative view is that of the overall Bitcoin economy/"ecosystem", not of one website that has an easy-to-remember name
In short, bitcoin.org is not and never will be Bitcoin itself, so this latest soap-opera is big on drama, but low on substance
For me, this is an inverted reflection of the Bitcoin movement as a whole: the authoritative view is that of the overall Bitcoin economy/"ecosystem", not of one website that has an easy-to-remember name
In short, bitcoin.org is not and never will be Bitcoin itself, so this latest soap-opera is big on drama, but low on substance
That's why they say with big game comes the big challenges and greed of hunting the stuff. With today's date bitcoin has gone very far from initial stages and website like bitcoin.org is now most hit by crypto users. May be this has led the owners (real, pseudo) anyone to have cold wars over this ownership stuff.
They know very its value is huge and being owner of such domain means a lot to them. These things can happen over ownership when something is getting way to popular.
It feels like Beatles separating because they were getting more or less huge popularity and had disputes over who will be the owner of band.
Nothing new with this drama.
What are the chances of a malicious version of Bitcoin Core to ever be on there? I think my worst nightmare is upgrading my node/wallet to the latest version of Bitcoin Core & upon opening Core my balance is 0BTC
then you should learn how to build clients from their source codes that are already available on GitHub and can be reviewed. or at the very least you should learn how to verify digital signatures of binaries you download.
this has nothing to do with who controls bitcoin.org though!
Cobra is mysterious and Theymos is not? 
How about satoshi? 
Well, yeah, theymos is mysterious too, but at least we know his stance and that he is pro-Bitcoin, while there is more questions about Cobra. How about satoshi? just because someone has a different opinion than you, it is not a reason to not-trust them even if that opinion were wrong.
conversely having the same opinion as you doesn't make someone trustworthy (wolf in sheep clothing).
[/quote]
You're right. But when owner of Bitcoin.org website makes pro BCH tweets, it gives some doubts about that personality
The thing though, is that it isn't. It doesn't matter whether Cobra or theymos has ownership, you can never write off the possibility that it becomes compromised. I get that it can suck to have no "official" Bitcoin resource, but that's probably for the best -- look at @Bitcoin on twitter and how much drama that used to cause (well it still does but on the opposite camp now lol).
And since it seems like you're lobbying for theymos, it may be relevant to show his insight on a similar matter:
Very good point! Words "official" and "Bitcoin" probably shouldn't be used in same sentence. There is no thing like official Bitcoin website, forum, wallet or Twitter account. Such things is just impossible when we talk about decentralized currency. The problem is that people consider these resources as official websites and they 100% trust in information that they found there.And since it seems like you're lobbying for theymos, it may be relevant to show his insight on a similar matter:
And I wouldn't call it as lobbying. I just used theymos as example, who would be more suitable to run Bitcoin.org in my opinion in hypotetical situation
What are the chances of a malicious version of Bitcoin Core to ever be on there? I think my worst nightmare is upgrading my node/wallet to the latest version of Bitcoin Core & upon opening Core my balance is 0BTC
I am much sadder from Bitcoin.com website. When I was there for the first time I was really upset, that they are mostly prioritizing Bitcoin Cash and I think, that at Bitcoin.com they are using Bitcoin's name for casino or exchange which is not nice.
Bitcoin.org is mostly community made website and they are also having donation wallet so they can even have profit from that site.
Bitcoin.org is mostly community made website and they are also having donation wallet so they can even have profit from that site.
Cobra is mysterious person and I don't have big trust in him. Especially after these tweets mentioned above in past.
just because someone has a different opinion than you, it is not a reason to not-trust them even if that opinion were wrong.
conversely having the same opinion as you doesn't make someone trustworthy (wolf in sheep clothing).
This is why cobra isn't trustable, he fired and "not-trust" someone just because this person had a different opinion on something that isn't relevant.
I would never believe or work with a person like that, he his full of pretention like his words on the Mozilla's intention which aren't even proved. What a dumb... and this little guy is the administrator of Bitcoin.org ?Well, it's just a little guy with a SSH access on a server and a bit of skill in programming
Cobra is litteraly nobody and bring nothing to the community. I will never share a "bitcoin.org" link on my future plateforms. I hate that kind of persons who are abusing their power.But i'm right with the comment bellow, we don't give a fk about decentralizing Bitcoin.org. That doesn't change the fact that the ownership still untrustable and disgustable.
EDIT: And what about the fact that cobra is using bitcoin.org to ask donations and also that he put a new bitcoin address since June ? this guy look more like a scammer and a very untrustable person according to multiple facts. Bitcoin.org should not be used to ask donations.
no, he fired him because he was overstepping his position to the point that it was turning into abuse. i don't know why you suddenly came here to bash Cobra so much though. and sure his actions could be considered rash. but what about the actions of the other party?
speaking of donations why in the world was Binns trying to raise funds from centralized companies using bitcoin.org name? bitcoin.org has always been running on donations and the wallet seemed to have $80000 in it already, so what was the need?
and what's up with the childish FUD after he was fired?
Whoever owns the domain owns it all the contents may not matter anymore including that forum they were about to close. There is just not decentralization of owning a website especially because a domain has to be registered by someone. The word "decentralization" had always been tricking everyone.
2 members of this forum are trolling me because there is written "Legendary" below their pseudonymes, so they think that they are real legends
Fortunately they have no life and no skill, they are not even useful on this planet not even to bring the cryptocurrencies to the large public
(so they have the time to troll)
Thankfully it also increases a bit my activity/messages counter (and like that i'll become another kind of legendary, on a forum... ) otherwise it would be useless to reply, and it improves a bit my english skill since i'm always trying to make my best.... All that while they are improving their trolling skill. In this world, everybody should be satisfied.
Anyway i have some real work to do, like a real legend.....
Fortunately they have no life and no skill, they are not even useful on this planet not even to bring the cryptocurrencies to the large public
(so they have the time to troll)Thankfully it also increases a bit my activity/messages counter (and like that i'll become another kind of legendary, on a forum... ) otherwise it would be useless to reply, and it improves a bit my english skill since i'm always trying to make my best.... All that while they are improving their trolling skill. In this world, everybody should be satisfied.
Anyway i have some real work to do, like a real legend.....
Jump to: