Pages:
Author

Topic: [Full Disclosure] More likely MtGox Post-Mortem - page 2. (Read 22240 times)

legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
More full disclosure! More fun!
...

More fun for many happy people!
History will record that MTux from MGox has done a "prove it" transfer of over 424,242BTC, so the original thread title ...More likely MtGox Post-Mortem, will most likely prove to be highly inaccurate.
http://blockexplorer.com/address/1eHhgW6vquBYhwMPhQ668HPjxTtpvZGPC

Great news for Bitcoin and the community.   Smiley
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
Please take your worthless insults and bickering over who has the higher IQ elsewhere.

Thanks.

The only reason I mentioned IQ was due to the nature of his attack,and the way he called me stupid several times, plus he insulted my family in ways only a very sick mind would ever think of.
  • This forum used to be a great place, nobody noticed how ridiculous, and over the top his attack was, and / or bothered to suggest to him he should cool it.
Gee, thanks a lot guys.
newbie
Activity: 67
Merit: 0
Please take your worthless insults and bickering over who has the higher IQ elsewhere.

Thanks.
newbie
Activity: 44
Merit: 0
seriously for every 1 good post, there's like 10-20 retarded ass flame wars going on

IMO I just want some god damned info and a straight story with some evidence to back it up

I feel like MT really hasn't handled this situation in the best manner

All we want are some freaking answers, and because of that and the extremists on either side, you guys just devolve everything into stupid flamewars.  At this point it's like fuck it, what the fuck is the point of arguing, we should be grabbing pitchforks and torches and start marching to MT or MtGox demanding some fucking answers because as a user of MtGox with my personal information leaked to the world and the site going down locking our funds out, the least we should be given is a fucking straight and sensibly answer/explanation.

This shit has gotten ridiculously out of hand
full member
Activity: 140
Merit: 101
Are you guys done?
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:

Quote
IMO, Anyone starting a post like this needs to be able to demonstrate exactly where the attack part of this code is:

If you can show me (us) the "bad parts" and be correct, then thank you for posting this.
If you can't then (at best) you are acting without thinking things through.
Thank you

Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.

My first request was "socially acceptable", and then I escalated.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

Thank you for your feedback finack.


There's a lot of stupid fucks on this forum, but you are probably the worst. My god, you are a dunderheaded buffoon. Every single one of your posts betrays the fact that you're just not very bright.

If you are too stupid and ignorant to understand how things work, then please just stay out of threads discussing them. Leave it to those of us who do understand and don't need to ask for things to be explained in "simple English" like some kind of child or downs syndrome retard, you halfwitted mongoloid fuck.

We're not your mommy or your kindergarden teacher, so don't ask us to explain things slowly and carefully so your tiny little brain can understand them, you dumbass motherfucker.

Have you always been a mongo Bit_Happy? Huh? Have you always been a fucking stupid mongoloid cunt who asks for a retard's simple explanations so he can understand things? Is it some kind of chromosomal abnormality that causes you to be so slow and backwards, or was your mother fucked by a dog when she was pregnant with you, her brother's son? Those are the only two situations I can think of that would explain how fucking stupid you act.

You're so fucking stupid that I'm surprised you remember to breath. I hope you forget and die next time you get distracted by something shiny.

You would be amazed how high my IQ is, plus you need to look in the mirror and keep talking to yourself.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.
newbie
Activity: 67
Merit: 0
Just an update.

18 hours later. Still no response public or private.
full member
Activity: 210
Merit: 100

So according to MT:

1) Kevin logged in at 5:12, just a few minutes before the market started crashing (~5:15 onwards).
2) Since he bought at 0.01 he must have placed that large bid BEFORE the market crashed...thus implicating him (after all who would place a ~$3000 bid at 0.01 unless they knew it was comming).

According to MT this makes Kevin looks suspcious. But there is more useful info to consider:

4) When a BUY order is filled, the only log recorded is the time of the FILL and the time the order was PLACED gets wiped out completely. Thus Tux cannot be sure of anything really.


This proves that MagicalTux is not only incompetent, but an asshole.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:

Quote
IMO, Anyone starting a post like this needs to be able to demonstrate exactly where the attack part of this code is:

If you can show me (us) the "bad parts" and be correct, then thank you for posting this.
If you can't then (at best) you are acting without thinking things through.
Thank you

Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.

My first request was "socially acceptable", and then I escalated.
Please keep in mind we are in a forum with a lot of lies, distortions and BS going around.

Thank you for your feedback finack.
member
Activity: 126
Merit: 10
I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?

Perhaps we live in entirely different worlds, but I can assure you that this excerpt is far from polite:

Quote
IMO, Anyone starting a post like this needs to be able to demonstrate exactly where the attack part of this code is:

If you can show me (us) the "bad parts" and be correct, then thank you for posting this.
If you can't then (at best) you are acting without thinking things through.
Thank you

Imagine how bad things would be if everyone replied to anything they didn't understand in that demanding and accusatory tone.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
Thanks gentakin, around here it's good to establish facts, instead of blindly believing a sensational headline.
...It's reasonable to ask for clarification if you don't understand and want to...

Yes it is reasonable, thank you.


Thanks gentakin, around here it's good to establish facts, instead of blindly believing a sensational headline.
...but that has nothing to do with others "blindly believing a sensational headline".

Misquoting the unfair, inaccurate feedback of someone else, is a waste of time, IMO.

From post #27
No it means I don't blindly believe it.


So in essence we agree, that has nothing to do with *others* "blindly believing a sensational headline"



From post #40
I politely, yet very firmly, asked some simple questions. should it be so hard to get easy answers?
full member
Activity: 140
Merit: 101
Bit_Happy, you might start by learning to audit websites yourself?

Maybe if you offer a 10Btc bounty you can find a nice security professional to help explain it all to you.


At this point I would say Hackers 4   Mtgox 0

I bet MagicTux wishes he could play this card

http://gatherer.wizards.com/Pages/Card/Details.aspx?multiverseid=205022





LOL@!@!
newbie
Activity: 67
Merit: 0
More than 9 hours and still no response.

Classy.

Maybe he finally realised that he needs to seek legal counsel before mouthing off in public forums.
member
Activity: 126
Merit: 10
Thanks gentakin, around here it's good to establish facts, instead of blindly believing a sensational headline.

I have no connection to the poster or anyone else. But you should reconsider your attitude in my opinion. You're complaining that something wasn't explained to you in enough depth so that you could understand it. However, it was perfectly understandably to many of us. It's reasonable to ask for clarification if you don't understand and want to, but that has nothing to do with others "blindly believing a sensational headline".

People provide security disclosures of various types all the time. Some are very, very common. This XSS and the referred to SQL injections are examples of this. That means a very many people already understand the principles behind them. I'm sure you can imagine it would be very tedious to include a full explanation of each attack every time someone discusses one.  You got your explanation, you don't have to be a dick just because you don't understand something.

Also, the post is titled "Full Disclosure" because that is the name of the security mailing list it was sent to. When you send mail to that list, the subject line gets prepended to the subject you send, so that mailing list subscribers can easily identify where it came from. Don't read too much into it. see: http://seclists.org/fulldisclosure/2011/Jun/index.html
newbie
Activity: 30
Merit: 0
I posted this in IRC last night and had some good convo with MagicalTux and various others. Currently i'm at work so don't have the logs in front of me. Please have a look and tell me if you see some error in my analysis or basic understanding! This is not an accusation of any kind, just someone trying to get to the bottom of this thing.

After the claims by MT that Kevin's behaviour was 'suspicous' i started looking at the activity logs on the market when it crashed, specifically what happened right at the turn (i.e. the rise back up from 0.01 after the sell).

MT said many, many things, some in his post and some in IRC chat.

So according to MT:

1) Kevin logged in at 5:12, just a few minutes before the market started crashing (~5:15 onwards).
2) Since he bought at 0.01 he must have placed that large bid BEFORE the market crashed...thus implicating him (after all who would place a ~$3000 bid at 0.01 unless they knew it was comming).

According to MT this makes Kevin looks suspcious. But there is more useful info to consider:

4) When a BUY order is filled, the only log recorded is the time of the FILL and the time the order was PLACED gets wiped out completely. Thus Tux cannot be sure of anything really.
3) Also important to mention from MT we know that you cannot place a buy when a sell is in progress. So Kevin had to have placed that order before or after the sell, but could not have done so during.

Now check:

http://www.youtube.com/watch?v=T1X6qQt9ONg

This is a video of the market crashing live, it shows a ticker. The part we are interested in is at ~5.23 into the vid, right at the turn.

What we see are three things.

1) Orders being filled with a timecode of 13:15:xx

I guess this is the time that the mega sell order was created. Here we are seeing the order book being processed and then finally getting wiped out, 0.01 and then being emptied. This take a long time.

2) Then notice time change. Ticker goes from 13:15:xx to 13:51:xx instantly. More than 30 minute gap!

This is when NEW buy orders start arriving, /after the sell has wiped out the book/

3) The 6th order down from the time change is *the big one* 13:51:16  0.01  261383.76

4) From there the orders start increasing in value, until the market bounces right back to $14 or so fairly sharply/


So some important questions and conclusions really. Looks very plain to me from these logs that Kevin did indeed get very lucky. He watched the market crash, prepared his bid and hit go just at the right time -> managing to get the 6th BUY order after the turn, not the first, the 6th.

>>>>>> Kevin placed the BUY order after the SELL and the crash, not before as he was accused of.

The login time does not proove anything, what is important is the time of the buy order was placed. But we cannot get this from MTGox because of the log issue i've mentioned so we must relly on our own understanding.



If we assume as i now do, that Kevin's really is innocent, then what was the motivation of the Hacker? We all assumed the hacker was trying to crash the markets so he could cash out, but this clearly didn't work if kevin is innocent!!!!

a) placing a large buy just after the crash ....

... the problem with a is that how would anyone be sure he could get the order in at the right time. We all know that mgtox is slow at the best of times and any half descent brain would realise that after a major market event like that, the site was going to be absolutely hammered and thus impossible to reliably connect to - just as many of you here have reported.

So unless Hacker person messed this up badly, or Kevin beat him at his own game, it looks to me like they didn't have any real intention of cashing out like this..


b) placing a large buy before the crash ... (which didn't happen as the market activity ticker seems to show)

A better stratergy would have been to use several other compomised accounts (if guy had DB access, this should have been no problem) to place 0.01 BUY orders before the SELL, just at or under the equivalent $1000 usd limit. They would have been filled and if he had withdrawn the BTC very quickly he may well have gotten away with a much, much, much larger sum.

Why not do that? Was he stupid, a kid or did he just not care about the money that much and doing it for some other purpose.

In any sense Kevin does not look like a guilty party to me but a very lucky guy who now seems to think he should be entitled to keep the profits of a crime. I wonder what his mother would say.


MagicalTux: I appreciate how busy you are trying to bring MTGox back. However, a full, indepdent analysis of these events and the others mentioned in this thread, is the only realistic way to address the concerns of your user base. Diverting attention by blaming others with very sketchy.->zero evidence is absolutely not cool.



hero member
Activity: 686
Merit: 564
... Or its all fabricated to make TradeHill look more secure in the eyes of the members of this forum.

The only reason I say that possibility is because, by their own admission, they checked out all the major bitcoin sites and exchanges for vulnerabilities, and said nothing god or bad about them. Yet, decided to zone in on TradeHill as being the best in terms of security, while neglecting to state why the other did not deserve equal mention.

Why?
Presumably because they all knew about the security issues with the other major sites and didn't feel them to be interesting enough to discuss. Several of them have beeen mentioned on the forum if you know where to look. Tradehill does at least look superficially security-aware for the reasons stated in the log. (I can't confirm all of it but I can confirm that they do appear to be using Django anti-CSRF middleware.)
newbie
Activity: 67
Merit: 0

Mediafire seems to require JavaScript turned on to download the fucking text file.

Someone should paste that to normal pastebin instead of this crap

Both pastebin.com and pastebin.ca were down at the time this was posted and had been for about an hour or it would have been posted there.
member
Activity: 98
Merit: 10
Someone should paste that to normal pastebin instead of this crap

It is. Right there. In the OP's post. (privatepaste. Though I'm not sure if they require JS, as I have it enabled.)
full member
Activity: 196
Merit: 100
We need about a dozen exchanges each with robust security and FDIC insurance.

+1 on more exchanges
+1 on robust security
-10000 on FDIC insurance
member
Activity: 70
Merit: 10

Mediafire seems to require JavaScript turned on to download the fucking text file.

Someone should paste that to normal pastebin instead of this crap
Pages:
Jump to: