Pages:
Author

Topic: [joe is dead] http://findmeifyoucan.eu - page 2. (Read 7094 times)

hero member
Activity: 616
Merit: 500
Portland Bitcoin Group Organizer
October 29, 2012, 11:22:02 AM
We should do that again some time.
full member
Activity: 238
Merit: 100
October 29, 2012, 11:19:00 AM
Well done MelMan2002! I found a few grammatical errors, but didn't spend much time on them thinking I'd find him going the technical route.


Quote from: joe23
This could well have worked, I didn't protect against that.

I'm not sure how you embedded flash, can you explain? just blah.swf or what?

Do you see 85.17x.xxx.xxx in your logs?
If you use Tor, you should disable JavaScript, and certainly disable plugins (such as Flash, QuickTime, DivX, ActiveX, etc).
I didn't embed the Flash into my post (just a tracking image), I had a link in my post to a blog post (don't know whether you clicked it), and it was that page that hosted the Flash.

I didn't see 85.17.* but there was 85.127,* and 85.28*

I need a life, I spent far too long on this Cheesy
legendary
Activity: 1512
Merit: 1049
Death to enemies!
October 29, 2012, 11:01:44 AM
Quote
I really am the only one who mistypes sr like that.
There is also a user on Silkroad forums that mistypes the SR like that. Cheesy
legendary
Activity: 1512
Merit: 1036
October 29, 2012, 10:51:02 AM
I'll leave this here to freak you out instead:
Very interesting.

Would be more interesting if it showed the IP of the last person that viewed it.
More interesting:
http://amibehindnat.com

If I can get you to follow a similar link to my server, I can see your real IP address regardless of VPS, and I could log it and show it to everybody. That uses Java, which could even send traceroutes out from the user and report back their full IP route to the server. Of course if you have Java and follow a link, you are now PwnD anyway.

I think MelMan2002 should get the full bounty, that was a good job by him.

I'm not really clear from reading the post about what technical issue you were supposed to have missed that wasn't covered by people already.

It was a bulanula-style con trying to claim credit for the previous discovery and get free BTC, posts now deleted.
legendary
Activity: 826
Merit: 1002
amarha
October 29, 2012, 10:40:34 AM
I think MelMan2002 should get the full bounty, that was a good job by him.

I'm not really clear from reading the post about what technical issue you were supposed to have missed that wasn't covered by people already.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
October 29, 2012, 10:11:24 AM
Quote
I am really a registered user in this forum since at least summer 2012.

Quote
Date Registered:   January 26, 2011, 03:23:03 AM

I had a hunch it would not be specifically spring or summer of this year. This thread just goes to prove: Words mean things!

sr. member
Activity: 461
Merit: 251
October 29, 2012, 09:11:44 AM
MelMan2002, would you be ok with splitting the bounty with Sans-EXP if he presents the info on how he caught me?

Like you said before, you make the rules.  I'm perfectly happy with 7btc.

If it makes you happier, it was more than a stab in the dark.  I went through all of joe's posts looking for spelling/grammar oddities and kept searching the forum to look for trends.  It took me a few hours actually.  And when I found a pretty good match with molecular I went through many of his posts to see if anything seemed to convincingly disprove my theory.

I almost gave up a couple hours into it because I wasn't sure that I was getting anywhere...

Anyway - it was a lot of fun.  Thank you very much!
hero member
Activity: 1078
Merit: 502
October 29, 2012, 07:55:52 AM
I'll leave this here to freak you out instead:
Very interesting.

Would be more interesting if it showed the IP of the last person that viewed it.


hero member
Activity: 1078
Merit: 502
October 29, 2012, 07:47:19 AM
This was a great idea..... too bad your damn typing error got ya Smiley


hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
October 29, 2012, 06:37:34 AM
Toldja the way you type will be your undoing Tongue
legendary
Activity: 826
Merit: 1002
amarha
October 29, 2012, 05:49:16 AM
Once again the human element is the softest part...
sr. member
Activity: 440
Merit: 250
October 29, 2012, 05:04:32 AM
I triedthe panopticlick service with a few browsers:

1. standard firefox profile, with tor proxy set (as OP did for this thread [with chrome])
2. torbrowser bundle
3. torified w3m

Results are:

1. unique browser fingerprint (in over 2.5million tested!)
2. 1 in 4400 browsers have the same fingerprint
3. 1 in 500000 browsers have the same fingerprint

So - like I suggested earlier - don't use w3m as an anonymous browser!

edit: just in case it's not clear - torbrowser bundle is the best of the bunch. Can anyone get better?
sr. member
Activity: 440
Merit: 250
October 29, 2012, 04:54:33 AM
#99
I'll leave this here to freak you out instead:
I suppose this is a dynamic image. The server grabs your IP address, writes the text into an image and serves that image. Still wouldn't get you a TOR user's real IP address.
The thing that freaked me out was that I misunderstood OpenYourEyes' post to mean he could embed arbitrary flash or java code into a simple HTML forum post AND make it execute on the victim's computer automatically and so, through these systems' bypassing of proxy settings, learn joe23's real IP. This would be a very serious security flaw, I expect.
Can anyone suggest a web page where the privacy of your web browser is tested? Like one that tries java, js, flash, html, php, other bug exploits to track an IP, even behind tor?  I know panopticlick from the EFF. Anything else?
donator
Activity: 2772
Merit: 1019
October 29, 2012, 02:42:58 AM
#98
It really is quite amazing:



I really am the only one who mistypes sr like that.
newbie
Activity: 14
Merit: 1
October 29, 2012, 02:13:56 AM
#97
Is your IP at all 24.143.xx.xx or 217.114.xx.xx (xx'd for privacy), or are you Smoothie, or someguy123. (Took a few stabs there).

I'm in the process of doing an explanation for my results.

My original intention was to try and use Flash to log your true IP:
Plugins such as Adobe Flash don't normally respect your browsers proxy settings (this must have changed recently, or I went about it the wrong way because it didn't work).

My post above contained a tracking beacon which was logging IPs & useragents; the link in


This could well have worked, I didn't protect against that.

I'm not sure how you embedded flash, can you explain? just blah.swf or what?

Do you see 85.17x.xxx.xxx in your logs?
donator
Activity: 2772
Merit: 1019
October 29, 2012, 01:49:06 AM
#96
you wouldn't have found anything about the "initial funding transaction", I think. I "cleaned" the funds using silkraod, that 10 BTC "initial load" is a silkroad withdrawl.

You are molecular.  He is the only one who mistypes "silkraod" like that.

1FV1BnSMYKDiqYtBtxZEhiT5TKg4TcDAKq

holy FUCK!



We have a winner.

Really, this is not how I thought it would end.

Melman2002 found me. One could argue it was a guess, but I think it was according to the rules (credible story and he wasn't stabbing around a lot).

Why did I only give 7 BTC so far?

Because I would really like to know the flaw Sans-EXP caught me overlooking Wink.

What do you guys think. All 14 BTC to MelMan2002?

MelMan2002, would you be ok with splitting the bounty with Sans-EXP if he presents the info on how he caught me?

I must say, you guys are fucking awesome!

EDIT: a fucking typing quirk of mine got me, I really can't get over it!

EDIT2: domain for sale: findmeifyoucan.eu Wink

EDIT3: too bad I can't ever do this again, it's been so much fun!
newbie
Activity: 14
Merit: 1
October 29, 2012, 01:36:58 AM
#95
So if you ask him and he's ok with it, I will give him my consent to publish anything he has on me in this thread.

[email protected]
188.165.73.235
Ignores BitcoinINV

thanks, theymos.
sr. member
Activity: 477
Merit: 500
October 29, 2012, 01:09:37 AM
#94
Is your IP at all 24.143.xx.xx or 217.114.xx.xx (xx'd for privacy), or are you Smoothie, or someguy123. (Took a few stabs there).

I'm in the process of doing an explanation for my results.

My original intention was to try and use Flash to log your true IP:
Plugins such as Adobe Flash don't normally respect your browsers proxy settings (this must have changed recently, or I went about it the wrong way because it didn't work).


Good idea is to use NoScript and Flashblock on by default (firefox). Did you find my ip: 82.128.xxx.xx?
However, I have enabled javascript in bitocointalk.

sr. member
Activity: 461
Merit: 251
October 28, 2012, 10:22:15 PM
#93
Hey fellow bitcoiners,

I am really a registered user in this forum since at least summer 2012. I set up this secondary, hopefully anonymous identity to give away some free bitcoins by ways of a challenge:

challenge:

I hereby challenge you to find the real me!

I set up a site on the net: http://findmeifyoucan.eu

I hereby promise to pay BTC 14 to anyone who provides one of the following pieces of information identifying the operator of findmeifyoucan.eu or (which is the same) the author of this post:

  • forum account id of 'real me'
  • my real name and (address or phone number or date of birth)
  • any IP-address that could be traced to my real identity by authorities

rules:

  • Rules are to be interpreted by me, in case of dispute, I am right, you are wrong
  • you must post here one of the above infos and a bitcoin address to which the bounty should be sent
  • you must provide a credible story of how you obtained the info
  • a 'hunch' is not enough, no guessing
  • I can change these rules at any time and will do so in OP (Original Post, the one you're reading)
  • the state of the OP at the time of claim is decisive for the rules, so please quote OP when claiming bounty
   
notes:
 
  • I'll give away small amounts of bitcoin to people pointing out flaws/mistakes/possible improvements regarding my anonymity
  • speculation in this thread is encouraged

additional info leaked:
 
  • theymous publishes the IP I use to access bitcointalk: 188.165.73.235
  • theymos publishes PM in which I ask MysteryMiner wether he was one of the german guys wearing masks at the Conference in London.
  • it is discovered that joe uses lastpass
  • "real me"s timezone has leaked: "it indicates timezone somewhere near UTC."

rewards payed for valuable feedback to:

  • MysteryMiner
  • Jasinlee
  • Openyoureyes

feel free to ask any questions... I might be happy to answer... or not.

you wouldn't have found anything about the "initial funding transaction", I think. I "cleaned" the funds using silkraod, that 10 BTC "initial load" is a silkroad withdrawl.

You are molecular.  He is the only one who mistypes "silkraod" like that.

1FV1BnSMYKDiqYtBtxZEhiT5TKg4TcDAKq
hero member
Activity: 742
Merit: 500
Its as easy as 0, 1, 1, 2, 3
October 28, 2012, 08:55:37 PM
#92
Lol thats pretty funny they use a pig lmao
Pages:
Jump to: