SolidCoin Exploited. | Bitcointalksearch.org

Retired

sr. member

Activity: 490

Merit: 250

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.

Oh, Litecoin comes with troyans? Also when I compiled it after reviewing the source code?
Do not blame others without getting your facts right. Please quote the "trojan" part of Litecoin (there is none...) before blaming others, trying to distract attention. That is just a fallacy.

By the way, a single person is the worst warranty you could give for ANY venture. Be it a business or the one who compiles the binaries, there is too much risk in using a single person to do so in a money-related environment.

Take it as free advice, since you don't seem to know what you're trying to achieve.

Ahimoth

sr. member

Activity: 812

Merit: 250

Quote from: cloon on December 27, 2011, 02:42:56 PM

solidcoin sucks!
no way, that this happens:

SolidCoin Block Explorer:
Sorry, an error occurred while processing your request.
all solidcoins lost....

Odd, Block Explorer seems to be working fine from my end, and also appears to be working for many others.

Note: I created and run the SolidCoin block explorer.

cloon

sr. member

Activity: 387

Merit: 250

solidcoin sucks!
no way, that this happens:

SolidCoin Block Explorer:
Sorry, an error occurred while processing your request.
all solidcoins lost....

k9quaint

legendary

Activity: 1190

Merit: 1000

Quote from: sd on December 03, 2011, 01:29:25 PM

Quote from: Bitsky on December 03, 2011, 04:20:41 AM

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

people don't need to worry about Trojans with SolidCoin, only one person makes the binaries

Which requires that people actually trust this one person in the first place.

And that kind of trust goes dead against the whole point of having peer reviewed and publicly readable source. Only a fool would trust SolidCoin but there are plenty of fools in the world.

Maybe that's the real attack vector. CoinHunter will slip people a mandatory binary update with no source that searches for BitCoin wallet.dat's and sends them to him. It won't work against anyone who sets up their systems right but we already established SolidCoin users are fools.

Why would you go for wallet.dat? Install a key-logger via auto-update and go for credit card info, bank website passwords, and the brass ring.

makomk

hero member

Activity: 686

Merit: 564

Quote from: sd on December 03, 2011, 01:29:25 PM

Maybe that's the real attack vector. CoinHunter will slip people a mandatory binary update with no source that searches for BitCoin wallet.dat's and sends them to him. It won't work against anyone who sets up their systems right but we already established SolidCoin users are fools.

It is rather impractical to run any kind of Solidcoin-based service or even just a miner without using some kind of auto-updater at this point, so if he offered the option of one in the client people would probably be quite happy to enable it.

sd

hero member

Activity: 730

Merit: 500

Quote from: Bitsky on December 03, 2011, 04:20:41 AM

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

people don't need to worry about Trojans with SolidCoin, only one person makes the binaries

Which requires that people actually trust this one person in the first place.

And that kind of trust goes dead against the whole point of having peer reviewed and publicly readable source. Only a fool would trust SolidCoin but there are plenty of fools in the world.

Maybe that's the real attack vector. CoinHunter will slip people a mandatory binary update with no source that searches for BitCoin wallet.dat's and sends them to him. It won't work against anyone who sets up their systems right but we already established SolidCoin users are fools.

Bitsky

hero member

Activity: 576

Merit: 514

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

people don't need to worry about Trojans with SolidCoin, only one person makes the binaries

Which requires that people actually trust this one person in the first place.

coblee

donator

Activity: 1654

Merit: 1351

Creator of Litecoin. Cryptocurrency enthusiast.

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

As usual though you're ignorant about many things SolidCoin

Such condescending attitude. Seems like you are also ignorant about many things SolidCoin.

Btw, Litecoin has a track record of 2 years of trojan free releases. Take that! We were in private beta for almost 2 years.

CoinHunter

sr. member

Activity: 252

Merit: 251

Quote from: ?? on ??

Six months, wow your time keeper is off so let me refresh your memory.

SC1 launched on August 21st died on September 10th
SC2 launched October 10th died the instant it was released.

SC1 lived 29 days, SC2 isn't two months old yet.

Where do you get six months?

Thanks, we should promote you to SolidCoin PR, you want that role? You know so much about us

There were private betas before SC1 was launched and of course during our downtime. It's not quite 6 months but nearing on it.

Starlightbreaker

legendary

Activity: 1764

Merit: 1006

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

Coblee I think the difference is people expect SolidCoin to be secure so we work to always achieve that.

always remember one thing.

"assumptions is the mother of fuck-ups"

coblee

donator

Activity: 1654

Merit: 1351

Creator of Litecoin. Cryptocurrency enthusiast.

Quote from: CoinHunter on December 02, 2011, 06:50:56 PM

As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.

LOL. You sound like Bernard Madoff.

CoinHunter

sr. member

Activity: 252

Merit: 251

Quote from: coblee on December 02, 2011, 06:10:23 PM

One hour notice for a mandatory binary-only update. Really?!?

RealSolid constantly attacks Bitcoin saying that businesses will never accept them because of a possible 51% attack. Does he really think businesses will accept solidcoins when he keeps pulling this kind of crap? They would have to upgrade with an hour notice to a binary that could contain trojans. And there's no recourse. No source code to check and compile themselves. If they don't upgrade, they can no longer transact in solidcoins. Awesome.

Coblee I think the difference is people expect SolidCoin to be secure so we work to always achieve that. If the network is slow for a few hours so be it, better that than being attacked. When you have a new code base, new solutions to problems, there are going to be issues that need working out, SolidCoin is still young and we don't have that many businesses yet which are affected by these things. Something like this if we were the size of bitcoin would be unacceptable I would agree with that.

As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.

Ahimoth

sr. member

Activity: 812

Merit: 250

Actually source was posted to github within a couple hours of binary release. Admittedly, it was short notice. However, in this situation I think it was prudent to issue a mandatory release as soon as possible.

coblee

donator

Activity: 1654

Merit: 1351

Creator of Litecoin. Cryptocurrency enthusiast.

Quote from: ?? on ??

Quote from: RealSolid

SolidCoin v2.02 has been released. This is a mandatory release, you will be unable to move past block 91500 without it.

This is the central control that doomed SC 2.0 the moment it was launched.

One hour notice for a mandatory binary-only update. Really?!?

RealSolid constantly attacks Bitcoin saying that businesses will never accept them because of a possible 51% attack. Does he really think businesses will accept solidcoins when he keeps pulling this kind of crap? They would have to upgrade with an hour notice to a binary that could contain trojans. And there's no recourse. No source code to check and compile themselves. If they don't upgrade, they can no longer transact in solidcoins. Awesome.

Gabi

legendary

Activity: 1148

Merit: 1008

If you want to walk on water, get out of the boat

lol scamcoin

wannaBhacker

member

Activity: 96

Merit: 10

Quote from: naypalm on December 01, 2011, 08:38:28 PM

SC's still around!?

ha ha ha

Don't know how but it is. Oh king, what shall your users do now? I thought you made a coin more secure than bitcoin. Ooops, guess not.

makomk

hero member

Activity: 686

Merit: 564

Well, RealSolid has released an update that claims to fix all the issues and given users a whole hour to upgrade before their clients get stuck. Notice that I said "claims to" here; the source code for it hasn't been released so I have no idea whether he actually did what he's claiming to have done.

Quote from: makomk on December 01, 2011, 06:05:21 AM

So in theory not even using the trust nodes to completely shut down Solidcoin would be enough to stop someone from exploiting this to rewrite history. ...

That's a thought actually. If the new version breaks backwards compatibility and some nodes don't upgrade on time it'd require a lot less hashpower to attack those nodes than it normally would.

Apparently it did with not very much time for people to upgrade. If any nodes are still running 2.01 as released an attacker has until they upgrade to build a deep enough history rewrite and double-spend their coins. If they're running RealSolid's non-public upgrade to 2.01 the same may be true depending on what exactly he changed in the upgrade and what happens at 2.02.

kjlimo

legendary

Activity: 2114

Merit: 1031

Quote from: Schwede65 on December 01, 2011, 07:02:29 PM

Quote from: tacotime on December 01, 2011, 06:52:38 PM

Looks like SC was dropped from allchains

this is the end my friends

chart 1: SC is present

chart 2 + 3: very long time no updated data/SC and now its dropped

agreed, charts 2 & 3 were incredibly hard to compare and didn't necessiarly make sense when comparing. It seems these CPU chains are apples & oranges....

naypalm

legendary

Activity: 1272

Merit: 1012

howdy

SC's still around!?

Schwede65

sr. member

Activity: 309

Merit: 250

Quote from: tacotime on December 01, 2011, 06:52:38 PM

Looks like SC was dropped from allchains

this is the end my friends

chart 1: SC is present

chart 2 + 3: very long time no updated data/SC and now its dropped

Topic: SolidCoin Exploited. (Read 3434 times)