Pages:
Author

Topic: [EMUNIE] Pre-launch stress test...all security experts and hackers *BOUNTIES* - page 2. (Read 2300 times)

legendary
Activity: 1050
Merit: 1016
can you link me to the code, pm or email is fine - I'll review then decide Smiley

Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.

Well now I can't escrow you my family, friends, and brain - but you're welcome to escrow all of my opensource unlicensed code and every idea documented which is all public domain.

Your asset is you brain and those around you, your code will be redundant in some time, as will mine, let us hope our brains and friends are not. I know one thing for sure, my own ideas and creations are better when merged with those of others, I was simply offering the same to you, to give another set of eyes to review your hard work, to help you, not to steal it.

You are writing to me on the web which was given to us free, and mentioning fielding's rest which he gave us free, and about json and ajax also free, can you imagine the state of our world had they all been closed and protected? We wouldn't be speaking, and you wouldn't have a project, nor I.

I digress. If you just have some binaries connecting to a network with no implementation details, then one can't really help, it's kind of impossible to review security by just hitting the thing to see if it breaks, somebody else may have a bigger or better hammer later, or more pertinently a little toothpick which opens it all right up.

I thought you were trolling, as this topic has come up many times regarding eMunie code.  Its unfortunate, but after having so many ideas taken by others, then passed off as theirs with no credit given to me, coupled with the huge amount of time, effort, stress, heart ache and personal money vested in this, I simply refuse to give it out to every Tom, Dick and Harry that requests, or as is usual, demands it.

However, your intelligent reply warrants both an apology from myself for jumping the gun (though I hope you can appreciate why), and a dose of respect.  If you are indeed serious about performing a peer review, and would have no problem in a binding legal agreement of non-disclosure, then I would be happy to provide the code and be happy for you to review and assist making eMunie better.
sr. member
Activity: 294
Merit: 250
Bitmark Developer
can you link me to the code, pm or email is fine - I'll review then decide Smiley

Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.

Well now I can't escrow you my family, friends, and brain - but you're welcome to escrow all of my opensource unlicensed code and every idea documented which is all public domain.

Your asset is you brain and those around you, your code will be redundant in some time, as will mine, let us hope our brains and friends are not. I know one thing for sure, my own ideas and creations are better when merged with those of others, I was simply offering the same to you, to give another set of eyes to review your hard work, to help you, not to steal it.

You are writing to me on the web which was given to us free, and mentioning fielding's rest which he gave us free, and about json and ajax also free, can you imagine the state of our world had they all been closed and protected? We wouldn't be speaking, and you wouldn't have a project, nor I.

I digress. If you just have some binaries connecting to a network with no implementation details, then one can't really help, it's kind of impossible to review security by just hitting the thing to see if it breaks, somebody else may have a bigger or better hammer later, or more pertinently a little toothpick which opens it all right up.
legendary
Activity: 1050
Merit: 1016
F,

I'm unable to access emunie forums via any browser. Any thoughts?

We got a problem with Xenforo atm where unregistered/logged out users cant view threads and stuff.  It's being fixed for the past couple of days trying to figure out whats wrong without screwing the post history.

But you should be able to get to the forum and register if thats what you are trying to do
legendary
Activity: 1498
Merit: 1000
F,

I'm unable to access emunie forums via any browser. Any thoughts?
legendary
Activity: 1050
Merit: 1016
Is it possible to communicate with eMunie via a web-scripting language such as PHP?

Yes there is an extensive REST API which you can call from any number of web platforms via standard AJAX/JSON calls.

Almost all core functions of the client are possible to perform though these APIs, including transactions, messaging, DMP, chat etc etc

can you link me to the code, pm or email is fine - I'll review then decide Smiley

Escrow some of your most valuable assets as security and I'll send you my most valuable asset which is the code.
hero member
Activity: 532
Merit: 500
Is it possible to communicate with eMunie via a web-scripting language such as PHP?
sr. member
Activity: 294
Merit: 250
Bitmark Developer
can you link me to the code, pm or email is fine - I'll review then decide Smiley
full member
Activity: 194
Merit: 100
is this the first coin to do a public test like this? or i'm wrong?

Depends. Do you think this is the first coin? Then you are right.
hero member
Activity: 1666
Merit: 565
is this the first coin to do a public test like this? or i'm wrong?
member
Activity: 96
Merit: 10
This is good to see, I do not have the expertise for the top 3, as I am not a Java coder ... but maybe some of the minor issues...
legendary
Activity: 1050
Merit: 1016
Hey Folks,

This is a call out to all security experts and hackers, inviting you to take part in a pre-launch eMunie network stress and hack test with PRIZES!! Cheesy

We're getting pretty close to our next OB in a couple of weeks, hopefully followed soon after by our V1.0 launch, thus the time has come to weed out any possible exploits or issues with the system before they can cause loss or harm.

I consider myself a good developer, I try to cover all angles of any scenario as much as possible.  That said I'm not naive, nor have a galaxy sized ego which results in thinking my code is the best, most secure, or can never be exploited....I am human after all, humans miss things and make mistakes.  I expect there to be issues, and the purpose of this test is not to prove there aren't any, but to find any that are and fix them!

So, as we tend to do over here, I would like to set another industry first.

I'm inviting anyone that thinks they have the means, to perform attacks on the network in an attempt to cause disruption in a test environment initially, which will be setup for this task, and also in a future open beta.  The date for these tests to start is not yet planned, but should be within the next 4 weeks (depending on how many applicants and furnishing selected candidates with the needed information to perform thorough attacks).

Disruption is anything from an outright DDOS of the entire network, to message sniffing, double spends and everything in between.  I will provide detailed information regarding the packets and data structures sent around the network, the topology, and various other details to assist in any disruption attempts.  Please do not ask for source code, as stated many times before, eMunie is and will remain closed source for at least 6 months post launch.

There will be limited places available for this task, 2 reasons.

1.  I don't want to manage 1000's of egos Smiley
2.  1000's of people cross flooding attacks on the network with only a small number of "honest" nodes will of course cause disruption and make it harder to pinpoint the real exploits.

Those wishing to take part please communicate to me either via PM here, email [email protected] or you can add me to Skype on thengonet   ...   if you are paranoid and would like to communicate via more secure means, please express such in your initial contact, I'm happy to download and install any required software to do so.

A short list of candidates will be constructed, consisting of around 20 or for the initial test environment.  As we plan to do a few of these before launch, these numbers will increase over time and subsequent contests will be held.

Bounties are organized as follows:

  • 5 BTC for most serious disruption
  • 3 BTC for 2nd most serious disruption
  • 1 BTC for 3rd most serious disruption
  • 0.25-0.5 for other disruptions classified as threats

To claim a bounty you must provide proof of your successful attack and provide full details on how it was achieved so that we can replicate it.  If the attack can not be replicated, or sufficient details are not provided then the bounty will not be paid for that threat and the subsequent most serious threat will take that bounty.

Decisions on the severity of discovered exploits will be made by forum members both here and at eMunie in a results thread.  No accounts registered on either forum after 1st September 2014 will be allowed to vote, and those votes will be discounted.

NOTE:  If no disruptions are deemed severe enough to warrant the top 3 bounties, those bounties will be spread around any minor disruptions.

Finally, this is a self-moderated thread as it is a serious topic for a serious project.  I do not want it descending into a cock waving contest, about who's hacked what, and how many chicks you were able to lay because of bragging about it Smiley  Roll Eyes
Pages:
Jump to: