Topic: This message was too old and has been purged - page 5. (Read 9288 times)

Mining pools hide their private mining nodes from the network, so it's not quite so simple.

If it's really as simple as send a few messages and crash a node and effects 0.10 then I agree it needs to be fixed right away... You'd be credited in the commit for the fix (and likely a CVE, if its an outright crash), like anyone else who has reported a similar issue. This is the reasonable and customary way things are handled in open source projects, and the only reasonably scalable one (even if you put in 'a lot' of time, it pales in comparison to the thousands of hours put in by others; besides who do you think can afford that? non-technical people don't give a crap about this stuff... they think the software is magic).  I'd also remove the negative trust I have against you here on the forum, since you made good; and not harass you in the future about initial asking for a huge out-of-the-norm bounty in this case. Thats all I can offer.  Otherwise, if something exists here that is unknown, it'll have to wait until someone else rediscovers it.

This message was too old and has been purged

Why use year old software? I'm not sure what a video is supposed to prove. The bogus ECDSA "cracker" had a proof video too.

This message was too old and has been purged

Immediate? Only your continued deceptive behavior earned you that negative trust. Your post was on January 18th, the down rating was on March 18th, in between there there was a half dozen posts by me. You never even backed out your deceptive claims.

This message was too old and has been purged

I guess you didn't learn after your prior stunts resulting in negative trust?  (For some context Evil-Knievel incorrectly (and seemingly dishonestly) claimed to have compromises for ECDSA in the past and tried charging for them; conduct which he currently bears negative trust for.)

If you believe you have some DOS attack please report it responsibly to [email protected]  (or feel free to report it encrypted privately to any of the Bitcoin core committers if you think its super critical), just like anyone else does. We consider DOS attacks to be important, but fundamentally you cannot prevent DOS because an attacker can just exhaust your bandwidth, instead DOS is prevented by not exposing your critical infrastructure to the public network directly.  We usually fix several DOS-ish issues in each release, it may also be that anything you know about is already known and a coordinated fix is in progress. In any case, you'll be credited for your contribution.  Demanding an enormous bounty for what sounds like something that is not terribly concerning is unreasonable and isn't likely to happen (it would be incredibly counterproductive to pay you when other people have done _far_ more work and found far more serious issues in the past).

If your actions caused foreseeable and preventable harm to others you may find yourself subject to civil litigation by the harmed parties. I would strongly encourage you to behave responsibly.

I'm also a developer, and if you're interested, i can verify your claims if needed

It is much more likely there is a bug in the software as compared to the odds there is a 'bug' in the math. :-)

Some reading on the ECDSA claims:
https://bitcointalksearch.org/topic/m.4808560
https://bitcointalksearch.org/topic/this-message-was-too-old-and-has-been-purged-421842

You can't seriously expect people to pay you UPFRONT for such a disclosure?!

If you actually know of such an exploit, contact the devs privately and responsibly disclose it ASAP. Then you can ask for your bounty, and you'll probably get more than 10BTC.

Someone published the link to this thread on reddit: http://www.reddit.com/r/Bitcoin/comments/2ukp87/researcher_discovers_major_dos_vulnerability_in/

Thanks.  I was just curious as to what you were seeing. ;-)   

btw, one thing I was clear about was whether your node is set to do this automatically to anyone who connects to it or you have to trigger it.

I'd ask you to share the details, but given the first post, I presume that is pointless.   

This message was too old and has been purged

Hi,
A question: DOS vs " shoot down" vs "arbitrary code execution may be possible". Can you explain more? Are you crashing bitcoind "merely" DOSing the server while connected?

Down thread you said "make your node connect to mine".  Did you mean any node that connects to your node will crash bitcoind?

This message was too old and has been purged

I agree. I follow a lot of the projects you are working on Evil and I could see a Lighthouse writeup doing well if you are able to prove what you're claiming here.

I would give BTC for this. Thanks!

Edit: For some projects and people who stumble here, this may be interesting:
https://tip4commit.com/projects

You should use https://www.vinumeris.com/lighthouse

 

This message was too old and has been purged

I totally believe you. Dang it where's my sarcasm font?

This message was too old and has been purged